last executing test programs: 19.79648567s ago: executing program 1 (id=2363): r0 = openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bluetooth/hci1/rfkill6\x00', 0x10242, 0x0) r1 = openat$auto_proc_oom_score_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/oom_score_adj\x00', 0x800, 0x0) ioctl$auto_BTRFS_IOC_SNAP_CREATE_V2(r0, 0x50009417, &(0x7f0000000100)={@inferred=r1, 0x3db, 0x2, @btrfs_ioctl_vol_args_v2_3_0={0x0, &(0x7f0000000080)={0x8, 0x5, 0x100000001, 0x5, {0x1, 0x6, 0xc6000000000, 0xb7, 0x4cd8}, [0x6, 0x2, 0x0, 0x100, 0x3b, 0x7]}}, @name="dcf6ff0d5cd7703f0fd5f1597b79a04605a325f2eab9e2cd7137d78bdd9ee11ad3690d065fee29d733611b96b0fb18dfba90a4cfbcfa209b256c154fd261e0e9ae13dc0d34791fc64ea7178514e52ebd3c0ba927a62e9f93b164d545be03d7044e9b2702748935fff41d5980910e222f78a1ff909207930defdd34dc64df14cc4da9f955f11c8ccd919ee263bfa7cdb4701a545f7ec14408a7331bc719285eb4e68f8b95887f95299c1ba98960bef447ccd50e14abc4d1e89c998aa4792df719d3e5e0bf502dedcbe8f1be3c1a3cc9a027dbb76662abdc8592932e155b6e14ed847422e998f9fb7997882e1a074500167adb7e59516d5c45613caea2497459641eb16422cc1832317480e121861d1c2beceebefffdc2e66169e68dc29e5f7a4d3a09e2b2cb86f2b868e00f145910415fc79b3e2fd13d12bbb7cc6420f652398e438cc319659245f0adab85715b14c3d3cf723b95d247fff557be0dfa01bbe8590ca6a7a28400c83c647bc78486b993be09ae68316a9af4ae7f09c67c65ae669648a94dd0b7d57c583c8bea44fcd35e2a3fc3e530234cf289faf86ec2f3e9279ef8a6337d219612320c6b07efd4e205102472feb3107bf8acc10b757b1ed13e29d118baa3c24c501b32ebb588b00725e2fb65051286e39573a8cc57855f462d6f3c62b4484896153bd133726a46ab1df831b38460754adc80d3a1dc933082c0c99235313acb783d2ff6716aade28bb192eee7bbaece8401022cdb05898c34f216aa9fb89a36305b8d127aa7eb65c3184d6d5b5b9d527da0983a193415f6b77bb5df634845b957c3e0d3d124e5aa6a2d08ab9359d743aaa6a2443afe53d6ab54a0c9cf7f976d43870ecb48178974a101eefc3299925c67cd39743c06a52368d4662716b4c720947127109a9f76777d8d2127ed7809cbd871a1c552dabca6dcbd0d3e1cd01aa942124131117d82a822a664aaa2cddaabc02ac397e2b0c5f2ace653ab4b74723c457aedca1b8c07894000b7cad1a94caa565a40f966c81968c4d3728bf5baf72f12b027128a30172d2dfb9d8990c232098c9fbc6fecfa8c92a4600488bd490ce00a74789c7c2b3c5224ca8d9fa04addfe9d61d9c98116e3dbdaa58478cea70bdcbc4fe9f3eb181fc556d41af262051a4513b5ed214190025a79b09dc18f45f3964df6382068333b5af6cdf6905dbd9ab3169d251c81736d5903ce4cb90fb625f075db1a23265c8470f2d6408e88cf7d5a53a4f0f4580ab5e8eeef3cf7dfe565194e1f361983505fb565c79b0166468605324f29f474ba96c9b10bd1aeea06de9b10c91e4d4ac336d06aaf8d7f79b1a362a83869ff3e0c7f3e907bb30b514451da73fc8e3e5f67377f866aef02147ddf0c31f4faf69098f1b5f0d7496017a2602226af96cbe3abc4ecc6ee12367125dd43219caa1f804d240055ccf443bc0ee3c91bbfab2776dbce6e97b5847686705988d8b7358311f84a0e914e9ca659430c294fb893c57e09c6ea00bca1e97de12dee7230f7b64b717866f2c6107da7aa4db15a4f872093abd6ad7771e25146f0ba3d72cec9dafdfc64be1bc0602bc2988812f0459396872f56f90a96bd3475be85aaf17808f628afe9b8630980df472206adb5e1b76b9b446f79013c5d98527c37e2bae75a4f4d994717301aa7ff4aacffddc81322fa185a6500f6b9b76507c24a8841b30d594c9e9ae1250a795cff111fe7e9b603b216c78020407f77e5a5e4a1b9a8ad70ca45048aa053ec9106b7dc9d737e5904959607106f4311fe37d9216e3993c875e8a6a051a0aad42c2e068bce205563cebc9c03f546a7ba76961196baa3f3de568ed83cce7a55eb60d0ebf8ad9f02c581500f18828a0e48196e4fa5ee63838fb2fa8d97728abd734796a37510409f994281e6629ea562904fa13fdab3da5016bf731b203d7a0d7cf99f9a53d0c5b1eb6a46063a4e8889a85f00759f962673ca0f14ac6a0a309e8f0e8cdc819a41f9db6bf30e4875408d7efce3e461681a63a302f9fb9e9ee82a9efeeddd451285d8f308c38389f33ee427aa04bce45f167aed30a46e86b368cf4373c61b2db2c0645cd634b6d00e8cb76599022c7c6c728bd9ab5cbcccb06f0f7c7656cb0afeefd9dec6f41ba4b9ef68eeeef84c3de1d0c2a74d78502cd0c17b15c0e93eb8bc7f02b216bfacdd71bc503754a6e0aaed7758bf620dc91b4286c15ac6c8db63712ea0821db5f610bb54e545ee754eca04de93fdbc12e901ce726258a93110b0c814121a5b96a551843978d0a9b9bb81b832dd4ab8c3ce0a62f47156d40caf22a3ce99fc3e364fe98ed53092f28010f4dba97de76e7c3e5048dfd7254eb84482c9e6de078f8d1e72550bec3f788c6d09700c72f091b66486af67069efba38d3213c269eac496a4d24b165a0cf044dd97838553a2cd05bfe7480efe44526d9d45f64f5c0e84b7d3c47fbefe8c78e884a0d7a4386c52fee3a08972963845e025322a2254434546a02b45b1ab6c14c8d302ecb8d7332e148d63bbea0a0fee38a44c1baae4e5a266d3b52dc77a327ac7ab8840fe32100c625e46be96c6c99453b8ff91d62e5c7179d4493c820538406bac7c1c19db114d62b980b00f41764ba552ec3e83379792521af9711184618f82527fe95bdd87030136f7f22e0da5feb04489a10e96ab0755c7c3500aaee7ede5a369c697adef8b16721e64e4c09063de78bd94de6fff387e95c0db5728f0949d5e32e54c7591011d2591fc127e34d51c017e4a0fa6b5727818032c11f856403b7e410d64d9295edfb6e14d599254ac8a97ae5d3570bee8d33f0e70d1b65d45c80c346b6a196b233021ddf51e4d0d1954691ee2d07fa35f604758e017f1921b29428d4c8dc5563c40e43e147050a959f20ee687c5abdff6b19d81a1a011b514aa1c03629698148910ed871dfc0bedf995f45d48a45a0844c2336dd376fb60cbc0d025721db0d9b82d4685b94bff7b8f0b75aa6cf5f8a1066907737018fe2f6e97e333bc012a8510e27febbaec26444acd3a0ffeeb0ef447afdea8b34266614cdf5a3101facdf8b8d0710949126474afc94814986619cba581262e734929ae06b1a97c9b27db2c11218063333dafd122a54d2647f867d127a76fa9ca75e327ed909dbab027595e7840827bf79d68cc62f05e2110a760175fadc945b67deb85d4bc7f7258da1cdf3b272487ee47f705168a4ad51a4a72a9f842a376e9e25dc699865ed92b54c1115ac4e7f6c0e7b6ed36a95c5650b6778aede01330556f7c40ed3789916bdb6879e5b699e58f9fe56422b1ef1353bea41ccb5dd56d451c8983d67d36cc018111ad072762bddf69af4041f0f2fa47c661f52059598c3664b81444620d6263442827b593ccc35d7a28ec6813e4fedea0e6cdece497acb3351fa00cf5557b0d30fb1a57a5f59d3e790bfab505deec082f563f728d1aad8c4f4aa5df5c46642e7377672e5e02d73eb4c07453589de700d3bf6d7f2c1af175b89f3e5474243682257f6ad25e9e61d8d71ae1d8321a3fc847d261b44004d385a58556b1055924b9be97eb2ed2cc2e29770e4f634d791350c8da555ed0e7ffde16388ca275bd302290db73c61dd39f89671633e29b04a8e9d109348972c71308b83df628b4ea6aba29dfd66aa4c26089e7c428cb84e6e7c7dc9a504c24c409b746fd2b2c2fe55a7d6d2ac84ced3bca8c9329a2d83f9c189d8124710e4e7f43d5d1fccb6a837e3e880d1d9d3604976efc870e1206534895280e241fd953156d636f2f3c968416469476b570ddd96bb5a9be23183601529e20683940dc8a12c9133adad7ba852a5109b9080f6db812d3f98ccadab05507b35a27157dd036d172f03ce42f0c378c5ae82a58d050fe17d5de9bfde90b8e832222901ac719b10651a33f3967c132641b3a96408b31264a4ee5ea193520f91af18ad3893c6c54013f78532514000cca153b2cf4eb76de341b3d8de85a31f09b05288961031a36c79d156c8f04c38055b5cf433082740beebeb17185a0e686d6fa111a413f8333ea79dd756c99e44bf73ec2e3bcd57771acb351af4c14b5770400a5f016220af06424ace95ac3293619c76d5e927e35f5453f2a8bbe3274c7d9cef400970a7e4935edde78c7fc4990e5b471908809d57239a40d49d352ed86976a05399281cdb347b0d13342f9966ccd541f311540673f48f232c37b1bc8ac8071176aae2868c7444938b2a00f3dbeb86af7834eca119cf92fed18284c42f0356afbcff845b4e7abca0afe3c09de610a91531eaa716c0f4e45cbaf39ee6ca01f6c4a91d5b2184bd4d69d308ff992675e4965023ab89b6e2c3ff438c7796d9df4cae8fb9a731891d0a9d3dccc3cce55271e2aa8f33462b997a075304e6737ddc01dfca1a4e4c378df736436c736a640aa90b8a9066f114f6113f1ecc4d0e65e5e48069c381aa65f708ac9893bee8972a727918063dd40dd8fee8bc31c3d5e2ede029977921bf1fd094df86782e7e75f3194f8d4d601af41aabfd4a2a192813078ac900be1d42d9a7cf0eb0a740081d3e015d72f02df6e097dd344fad61a3932856ad544a3238fe7831dc32e8ee69f46eb087e3508e52d003640d046c4a7628553e0791ca2271e26095d9f1d54bfd15937cae1b040d51e1f9c55892d17720a31002af98c5e87fc7fd8627fa587f37396f1282652a0436b2b1fcd63670a3f4f991bb8707a800aee6ce11c7cd868d3b1f9f8ddf541ccea713066af45d1c5d8cb527849ae446f0de5690a3bdfae97109a9bf9fab43c2cd50a0dc7c45e7e6ce830c032356342e573c4138fd9671700c5ddb0739a74fa88aff9da7bae18b1e36cdf2577cfb1f2847e13087ba55b1bc8e0beb4e3ad46c9fa0727dfbcbabe7d07696dbe5943af39135a3599bb8735413c86dd786e3a904de15946da4ecda0371f297785d38605ed520ccfd22d2abd9fbd005153faf2c967c3d919d527ada9826103ad7914e009163f872e62ed14b998420e38483ac5710125789a57cb16a6736f424568c43d0473310e8966d06d89cc27addfd885205c0fcdc6c744720b25fac14fa0f4070993d47b090aaf745780047748fe0704133bbe4592a6e79cce35a425abc4e664f3aced8681d21dfa71ae81daa439d5e3cb6859b5dc1d34aed6eb189c03b0b908438b89ef4521dee464f4ed78fe4f8e0997389dfa80e1f05283122e916e63d17a5b950f6ea040ca844f8ae4edb2c20643a278a527e737aba8f0d5a982ffbe7ed1e04feaaebd80065321f186b4aea9184e12ecb5a825a997adac74fa1122e43cc175d6c86787b9b6641756db26a89c1ead640769cb93ea5fc1b9eddadc1c2e2f56936a5c83b5d622221f152b694962df0d0cb4df18efc9d922c2b75b2bc43eb0f4cbd052d653131648b7211a73f015267e9b6d0653a017073a15685fe761df65425b65ff335dad4a62353ab4e060958bfc863e9cbaa80a40f0459d45abdace52e87e2fdde563b9b0453ceb8963f605fcb145a3ecc3a5a16e72849fc5f4e5d53affdd57c6e1b25bf6972d7c720c109aa2e22e962ccc5a7040ac47ccff2dc7986a467a12b9a8e9edc30dce5c7b0242675bae6f9c62f9dfd0a77ac92050bdb9043a50f2e7e7b20d5042e6889f6cba1c9ab778851d7cc0b9ca47cbb19f5d6ee46edc4eb155d2286c38397014c374bfefd357d7366f5f78616234657dc93a4806cd14ee5e578be7de9b"}) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) (async) r2 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffeff8, 0x0, 0x0, 0x6c5c0c6c, 0x50b301c, 0xe4, 0x2c, 0x9, 0x5}) 19.499892878s ago: executing program 1 (id=2365): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x96141, 0x0) r0 = socket(0x1b, 0x3, 0x76) madvise$auto(0x0, 0x2000040080000004, 0x200000e) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r1, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getsockopt$auto_SO_RCVPRIORITY(r0, 0x2, 0x52, 0x0, &(0x7f0000000240)=0x7) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x121900, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0) readv$auto(0x3, 0x0, 0x1) mmap$auto(0x3, 0x400008, 0x3, 0x8000000000000011, r3, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000001c0), r0) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000600)=ANY=[], 0x1ac}}, 0x24048871) sendmsg$auto_NL802154_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000780)=ANY=[], 0xf5c}, 0x1, 0x0, 0x0, 0x4044055}, 0x20008811) recvmmsg$auto(r4, &(0x7f0000000180)={{0x0, 0xf240, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x50}, 0x80000}, 0x10c, 0x8, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000e40)='/sys/devices/pci0000:00/0000:00:01.3/config\x00', 0x2, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000000)=""/226, 0xe2) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000e80)=""/193, 0xc1) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) r6 = socket$nl_generic(0x10, 0x3, 0x10) readahead$auto(r6, 0xcc7f, 0x6) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HWSIM_CMD_GET_RADIO(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24044845}, 0x10) bpf$auto(0x7, &(0x7f0000000280)=@bpf_attr_7={@prog_id=0xffffffff, 0x8, 0x4, r2}, 0x90) 15.071996054s ago: executing program 1 (id=2370): openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) io_uring_setup$auto(0x4, 0x0) openat$auto_fops_blob_file(0xffffffffffffff9c, &(0x7f0000011500), 0x40002, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video63\x00', 0x80800, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x20c40, 0x0) openat$auto_proc_mounts_operations_mnt_namespace(0xffffffffffffff9c, 0x0, 0x121080, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0xa200, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x880, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/tty17\x00', 0x0, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptys3\x00', 0x101880, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto(0x3, 0x80047437, 0xfffffffffffff4e0) 13.775647007s ago: executing program 1 (id=2372): r0 = socket(0x2a, 0x2, 0x1) connect$auto(r0, &(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0xfffffffe}, 0x55) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x7fff) write$auto(0x3, 0x0, 0x5c8) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = socket(0x2, 0x1, 0x0) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/036/001\x00', 0xa901, 0x0) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x5, 0x311) timer_settime$auto(0x66c8ece6, 0x617e, &(0x7f0000000000)={{0x9, 0xc}, {0xa, 0x3ff}}, 0x0) lseek$auto(0xffffffffffffffff, 0x0, 0x0) ioctl$auto(0x3, 0x8108551b, 0x1) ioctl$auto_USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000240)={0x1, 0x81, 0x5b, 0x4, &(0x7f0000000000), 0x9, 0xeb90, 0x2, @stream_id=0x100, 0x7, 0x476, 0x0}) close_range$auto(0x2, 0x8, 0x0) bind$auto(0x3, 0x0, 0x6a) close_range$auto(r0, r1, 0x10001) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) name_to_handle_at$auto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1, 0xb}, 0x800009}, 0x5, 0x2000fdff) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x800, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x8002, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/dummy_hcd.5/usb6/power/wakeup_active\x00', 0x0, 0x0) mmap$auto(0x0, 0x9, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) adjtimex$auto(&(0x7f00000006c0)={0x7, 0x0, 0x0, 0x8, 0x3, 0x7, 0x9, 0x0, 0x10001, 0x1, 0x7, {0x1, 0x10000}, 0x4, 0xe, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000005, 0x83, 0xffffffffffff628e, 0xa74a, 0x5, 0x1800}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r3 = openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/buffer_size_kb\x00', 0x40, 0x0) readv$auto(r3, &(0x7f0000000100)={0x0, 0x3}, 0x1) 13.017583371s ago: executing program 1 (id=2374): openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi18\x00', 0xc0400, 0x0) (async) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) (async) r0 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) (async) write$auto(0x4, 0x0, 0x100082) (async) recvfrom$auto(r0, 0x0, 0x800000000e, 0x7, 0x0, 0xfffffffffffffffd) (async) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS0\x00', 0x1, 0x0) ioctl$auto(r1, 0x5408, r1) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x48041, 0x0) write$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000240), 0x0) unshare$auto(0x40000080) (async) socket(0xa, 0x1, 0x84) (async) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x82802, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x2203, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/ipv6_route\x00', 0x101000, 0x0) pread64$auto(r3, 0x0, 0x8, 0x5) mmap$auto(0x0, 0x80000001, 0x0, 0x16, 0x2, 0x8000) r4 = open(&(0x7f0000000140)='./file0\x00', 0x40, 0xa2) (async) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) write$auto(r2, 0x0, 0x480) (async) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) (async, rerun: 64) unshare$auto(0x40000080) (async, rerun: 64) socket(0xa, 0x2, 0x3a) (async) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) (async) fanotify_init$auto(0x2208, 0x42) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) write$auto_proc_reg_file_ops_compat_inode(r4, &(0x7f0000000280)="29c6edef6f30dccd80037d03edbadd4fbba30601a37082c4b5a219adbc94363a990bb1e24833c91c5c16fb0806ecfc79794ba8bf6c2ef5751767f61a10b287c6d6377794b350db66d28fc92a84ebacf5317352a770051433134ec9cea37090c5c12003b5fc04a7453b1f91612f09b6e8145d9db8e627f33168359fc3a3159dd939ebaf86b790ade6566806a1001ab0dd3963c0db2cda463e2542a769f843a4c6c1f45b312bf1ed5208a5366fae34095906b7b34a08ef1f1f1c137bafc7092f1e1c8433291991f6011ffb4e8e", 0xcc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000003000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80c3}, 0x4004800) 9.65665862s ago: executing program 1 (id=2380): unshare$auto(0x200) rseq$auto(&(0x7f0000000340)={0xe, 0x401, 0x0, 0x806, 0xffffffff, 0x2}, 0x8000, 0x0, 0x8000006) gettid() mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) mmap$auto(0x8, 0x3a02, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000180)={{0x0, 0x1, &(0x7f0000000100)={0x0}, 0x9, 0x0, 0x4000000000005, 0x42}, 0x800}, 0x4, 0x4008) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)=ANY=[], 0x1ac}}, 0x4c041) setsockopt$auto(0xffffffffffffffff, 0x6, 0xc, 0x0, 0x7fffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xebf, 0x401, 0x5) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D3\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_NLBL_UNLABEL_C_STATICADD(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000080)={&(0x7f0000001500)=ANY=[], 0x1094}, 0x1, 0x0, 0x0, 0x4081}, 0xc000) ioctl$auto(r1, 0x57, r0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) execve$auto(0x0, 0x0, 0x0) execve$auto(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)=&(0x7f0000000300)='#\xdc\xfe\xd8E\xc8\x8bu4\xd9n\xcb\xca\xc7zw \x96\x9ejh\xad\x9eEc\xae\x1e\x89\x92\x9a\xbbP[B\xae\x9cf)\x15\xac\x90)l\x06\xf0\t\x12\x05zz\xa6\xb3\xce=\x00\x00\x00\xf20/\xc4T\x1f\xe5P\xff\xb4\xb7s0\x02\xc5\x81\x93\xc6\xc8\xb6Sp\x1a{8\xfc\xe0,X\xc7BU\xd0\x97\x7f1\x16\x99\x04\xabu/a0\x02\x7f\xbb\xbd\x906\xa8\xce\xee\xcd\xd7\t\x00\xfb\x83\xc8\x8aO\xe9\xbe=\xf7\xf4\x84,\x06\xd3j\x99b\xe6\xf6Y3A\xbb\xa4\xb2\f\x1b\xc3\x8a,g\xc6\xe8[\xdf\x88\x01\x9f7\xb5\x19m\xd8\xc0\f-6\xfe\xa8\xed/u\x81_G\xfeR\xbb\x12|\x97\xabB4J\xed+-\xf8u0/n\xcf\x8b\x95\x9d\xab\xa8\xc47\xa6\x0e\xdeOq\\\xc3\'{\b\xd3m\x94\xc2\xdd{\xeaO\x0e\xe4\xe0\xb9N:\xd60\x17,\x06\xc7B#Y0\x99\xeb\x02\xfe\xd3k\xd5\xdcZ\xdcP\x8e+\xd8\xc7C\xcb\x15\x13c\xbf\xe8\xbd\"\x8f3\"\x14\xf8(\xda\x19\xcd\xec\x03.\xd9^\xc3A\xda\r[\x1a\xda\\#/\xd4\xaf\xd0\xe8\xa2\xdd\xc5{\xfa\xe0\x90\x8f\x99lQ\xec\x84h^\x11+\x93\b\xe0c\xe6\xd22\xf9\xa5\x94\xd0\xf5\xe7\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00') ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = ioctl$auto_UDMABUF_CREATE_LIST(r1, 0x40087543, &(0x7f00000004c0)={0x1, 0x80}) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000200)='/dev/audio1\x00', 0x20040, 0x0) mmap$auto(0x9, 0x402000c, 0xdf, 0xeb1, r2, 0x108000) sysfs$auto(0x2, 0x11, 0x0) r3 = fsopen$auto(0x0, 0x1) fsconfig$auto(r3, 0x8, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) 8.387577494s ago: executing program 0 (id=2383): r0 = open$auto(&(0x7f0000000040)='./file0\x00', 0x2, 0x3) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000340), r2) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000001580)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_DEL_TX_TS(r1, &(0x7f0000002b40)={0x0, 0x0, &(0x7f0000002b00)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c000000dc7ecd712175c92a67bc610ef6fdfa19bde6a2e26d542bcc470713a47068c26ae37cafdec5edc8e018e0d78f44ecb398fbd623e7b4cc78c618af06c385ae88a8b9c7902d681173adf47132f54341eb68d8817cc43ffe5c4acf71ea72f22c92da14f28e5a5d5e0eb9b9b645219c093684b11b8463d5ad31b2ba4ec748576328f353634bae8347e4422223cb65e435379253315be95b967f07a953b9b6d808282494bfe3fef26171b09785375fad50102512f6525c96f1df4172c1fc2ebdb118941c4c01899aefd2507d9ecd3a69e44fb4151d3afb75fe8a049d2e8c86264606b32665c4ec2b97a8cabbf9ed30e1676ac8035857bdbd00e331fdfa9c5d2de8fda96c4a09cbd33c85a21cc07a4e347cb523530cf4b5c54d57f5ceffab82d3b6f7642ef23a83a9a0e63accd491176836c0cf636a7d014f248c6149ef12a6da0b4c8cd980dd0387c5a92fb4035ed0ad7d92696eb35fa56e000000000000000000", @ANYRES16=r3, @ANYBLOB="010028bd7000fcdbdf256a00000008000300", @ANYRES32=r4, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x4004010) sendmsg$auto_NL80211_CMD_SET_HW_TIMESTAMP(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b8010085519c892dcc4007ccdbb090dc3600cd5656267a24be59afeec112d57284f47c5799147bdb3a66bae58b55bc0609a1b0dd6355800992f18e8c6c03a9e8d842cd6442829e37240d729ab26096871d811ffdd07376fd", @ANYRES16=r3, @ANYBLOB="00022abd7000fbdbdf2599000000690043003003fd32cbc14da6d9bd8467dc6b985611bd56a506b712ac8424e9daea4aa38c2e7d6e9426a5b77e9e9a786a24937df36cece1d41d435166e34095a2a0abe27684744c9ef02ac4bce239b72b67c7d8280898e3015b8cb0430bdc688c1ae7c9de8072915e820000000400cc002c015080e6673e03b6e9d382c88e5c2cc253edd3ee4cc0fb6a663d8ab6936894f265527031df7b6571215dbec3db516007d4ab9e04850a14f9c14516f6baac90915756066fef518a82d2c03fbc698bed0fa34e881de0f7d426904eb628b63e623b462d14f39c8615fb2e7ade0ce19f869a4c5cff882037786f1eb9067644ac47ea813b4595d8236e6eb5c3828d592b3c1a5b3f9e6d784089111ebf862e7c3eb912a36bd7737d79bf7478879d88d2b41fd30e4137019a8d4a098cdb421e52a993fb03947332e6ac040c832d977249bdb1eb02e3d0720dba2f27ddb6545fd77b65f06ca8ee8ad3fc4c87bb0d39f02ca2de8a0f774740fb5b4d48afa51d6bed015961f2d51a1b609d039116cc7711108c536d451f541fcfecacaaa68a42f32737ea85e8942eeb5acbeb95bdc8d60800690007000000"], 0x1b8}, 0x1, 0x0, 0x0, 0x20048881}, 0x40) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/dev_snmp6/team_slave_1\x00', 0x86fb16d8bb90233e, 0x0) pread64$auto(r6, 0x0, 0x8100000041, 0x413e) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) rseq$auto(&(0x7f0000000000)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x7ffe, 0x0, 0x6) mmap$auto(0x0, 0x20009, 0x386, 0xeb1, 0x401, 0x8000) nanosleep$auto(0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0xe0742, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, r5) syz_genetlink_get_family_id$auto_ovs_vport(0xfffffffffffffffe, 0xffffffffffffffff) unshare$auto(0x40000080) mmap$auto(0x80000001, 0x580f, 0x112f4a02, 0x8000000008011, 0x3, 0x1) madvise$auto(0x0, 0x2003f0, 0x15) getresgid$auto(0x0, &(0x7f0000000a40)=0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x9, 0x80000000eb1, 0xffffffffffffffff, 0x8000000000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) write$auto_proc_pid_attr_operations_base(0xffffffffffffffff, &(0x7f0000000240)="c837b82802749ee4f24b4e9af6634e3353e6", 0x12) socket$nl_generic(0x10, 0x3, 0x10) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/mac80211_hwsim/hwsim1/net/wlan1/type\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r7, &(0x7f0000000040)=""/116, 0x74) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x282840, 0x0) socket(0xa, 0x1, 0x100) socket(0x2, 0x1, 0x0) 6.687329936s ago: executing program 2 (id=2347): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x60, 0x0, 0x0, 0x70bd26, 0x25dfdbfe, {}, [@HSR_A_IF1_SEQ={0x6, 0x6, 0x81}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x8000}, @HSR_A_IF1_SEQ={0x6, 0x6, 0xe}, @HSR_A_NODE_ADDR_B={0xa}, @HSR_A_NODE_ADDR={0xa, 0x1, @local}, @HSR_A_NODE_ADDR_B={0xa, 0x5, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x40}}, @HSR_A_IF1_AGE={0x8, 0x3, 0x40}, @HSR_A_IFINDEX={0x8}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000084}, 0x44098) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) r0 = socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(r0, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioperm$auto(0x3, 0x8001, 0x2000000000000149) kexec_load$auto(0x6, 0x0, 0x0, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) shmctl$auto(0xa0000000, 0x6, &(0x7f00000002c0)={{0x3, 0x0, 0x0, 0x0, 0x7, 0xd, 0xff}, 0x2, 0xffffffff80000001, 0x3ff, 0x800, @raw=0x61a, @inferred=0xffffffffffffffff, 0x7, 0x0, 0x0, &(0x7f00000001c0)}) sendmsg$auto_IPVS_CMD_GET_DAEMON(r0, 0x0, 0x20000000) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) io_setup$auto(0x7ffe, &(0x7f0000000000)) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffff7fffffffffd, 0xd1, 0x3, 0x6, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x31, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) sendmsg$auto_ILA_CMD_ADD(r1, &(0x7f0000003fc0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000003f80)={0x0}}, 0x4000010) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x109002, 0x0) read$auto_proc_pid_maps_operations_internal(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000100)={0x1ff, 0xfff, 0x1000}) socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r2, 0x4, 0xffffffffffffffff) 5.679199483s ago: executing program 2 (id=2389): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) r0 = openat$auto_cgwb_debug_stats_fops_(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/kernel/debug/bdi/1:15/wb_stats\x00', 0x40, 0x0) read$auto(r0, 0x0, 0x9e7) close_range$auto(0x2, 0x8, 0x0) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyc2\x00', 0x800, 0x0) (async, rerun: 32) syz_open_procfs$namespace(0x0, &(0x7f0000000040)) (async, rerun: 32) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) (async, rerun: 32) socket(0x11, 0x2, 0x73) (async, rerun: 32) pipe2$auto(0x0, 0x0) (async, rerun: 32) io_uring_setup$auto(0x7e1b, 0x0) (async, rerun: 32) socket(0x2, 0x5, 0x0) socket(0x11, 0x2, 0x14) (async, rerun: 32) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) (async, rerun: 32) close_range$auto(0x2, 0x8, 0x0) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) (async) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto(0x3, 0x80000541b, 0x38) (async, rerun: 32) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x2, 0x4, 0x3, 0x2, 0x8, 0xc, 0xe3, 0x400000000a, 0x3}, 0x6f6) (async, rerun: 32) mmap$auto(0x0, 0x4000005, 0xfffffffffffffe01, 0x8051, 0x3, 0x10000000008000) (async) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) (async) ioctl$auto(0x3, 0x40246f4c, 0x38) 4.889091222s ago: executing program 0 (id=2391): socket$nl_generic(0x10, 0x3, 0x10) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x2000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f00000000c0)={0x0, 0xffffffff}, 0x6) ioctl$auto_RTC_WKALM_SET(0xffffffffffffffff, 0x4028700f, 0x0) close_range$auto(0x2, 0x8, 0x0) 4.343946813s ago: executing program 2 (id=2393): socket(0xa, 0x3, 0x3b) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) ioctl$auto_USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f00000000c0)={0x23, 0x3, 0x18, 0x10, 0x8, 0x7fb, &(0x7f00000000c0)}) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/net/rpc/nfs4.nametoid/channel\x00', 0x8f3b7a51b8162d21, 0x0) write$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000040)="5cedd9d1027e0dc0023af10e9bfa1babfa3a3753ca9aee370a", 0x19) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) keyctl$auto(0x2000000000000016, 0x0, 0xfffffffe, 0x400040, 0xa8) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0) mmap$auto(0x4, 0x20009, 0x2df, 0xeb1, 0x40000000000a5, 0x9) ioctl$auto(r2, 0x402c542d, 0x38) getpid() mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_DEBUG_GET(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x14, r4, 0x309, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x24008800}, 0x20044840) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x3, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r5, 0x0, 0x100000a3d9) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r6, 0x4, 0x7ff) ptrace$auto_PTRACE_SINGLEBLOCK(0x21, r6, 0x7, 0x7) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x4, 0x400008, 0xdf, 0x9b32, r0, 0x8001) socket(0xa, 0x2, 0x0) 3.972196451s ago: executing program 0 (id=2394): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x0) r0 = io_uring_setup$auto(0x40000002c55, 0x0) socket(0x10, 0x2, 0x0) socket(0x2, 0x80002, 0x73) close_range$auto(0x0, 0xfffffffffffff000, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000480)={'macvlan1\x00'}) bpf$auto(0x20000, &(0x7f00000004c0)=@query={@target_fd=r0, 0x1, 0x6, 0x1, 0x6, @count=0x9c4b, 0x0, 0x82000003, 0x7fffffff, 0xffffffffffffffff, 0x7a7c}, 0x10) bpf$auto(0x1b, &(0x7f0000000380)=@task_fd_query={0x0, 0xffffffffffffffff, 0x2, 0x5, 0x4, 0x8, 0xffffffffffffffff, 0x8}, 0x92) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000062c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bond_slave_0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f00000000c0)={0xfffffffffffffffd, 0x0, &(0x7f0000006340)={&(0x7f0000000100)={0x28, r2, 0x38f, 0x70bd29, 0x25dfdbfb, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4044040}, 0x4000) r4 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000006400)={0x2e20, 0x0, 0x1, 0x51bd2e, 0x25dfcbfb, {}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x4}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x2e07}]}, 0x2e20}, 0x1, 0x0, 0x0, 0x2000c040}, 0x4) openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, 0x0, 0x42a120, 0x0) r6 = getpid() r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(r7, &(0x7f0000003480)={0x0, 0x0, &(0x7f0000003440)={&(0x7f00000009c0)={0x38, r8, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x4}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x20, 0x1, 0x0, 0x1, [@nested={0x1c, 0x2f, 0x0, 0x1, [@typed={0x14, 0x42, 0x0, 0x0, @ipv6=@local}, @nested={0x4, 0xf7}]}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x40c4}, 0xc000) process_vm_readv$auto(r6, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) sendmsg$auto_NL802154_CMD_SET_CCA_ED_LEVEL(r1, &(0x7f0000000440)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f00000001c0)={0x228, 0x0, 0x20, 0x70bd25, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_OUT_LEVEL={0x8, 0x2a, 0x8}, @NL802154_ATTR_MAX_BE={0x5, 0x10, 0x7}, @NL802154_ATTR_TX_POWER={0x8, 0xb, 0x1a9}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x7}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0xff}, @NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5, 0x12, 0x33}, @NL802154_ATTR_SCAN_TYPE={0x5, 0x1f, 0x3}, @NL802154_ATTR_PEER={0x1db, 0x28, 0x0, 0x1, [@generic="096b7d0a413fbd36df40a42af1bdf59ca32d7d33a4caa72411081ef7ab98de96bbe2389aac219fa4c53707d1e210173410958f0cd47f67ba019fa0405845eefe2a790eb23603d66a4d4401404f2f9e2dcfd70953bc05ffe1ef", @nested={0x99, 0xb0, 0x0, 0x1, [@generic="337a3befab116ae3ce14f2c7f67f345d19a334d736070effd31074ffb407df10dc8835f0715fc998e02912eafb2b1baba8db98057882bd43c50b1342cea8f51e00b90eaa4b82e0ba8867a6a40919df240727c9303642d07e4c65e3bb9edd38001b1e36011938164b668ddff67fff9d39df23c17b9b14c76ee8930abe6ba885842cb4f9d44c571bb021f07259f0dc96df9d6917a505"]}, @typed={0x8, 0x7a, 0x0, 0x0, @ipv4=@multicast1}, @generic="be79328d460d4eb055115811819887da795d168b9dcdfafb4ca991c29d73d6cedb214f1eb70dc267c2d03783d49b44ded2ddb7d4a5ba9dcce85957cf7320288eaac270cb43e16a94d94c76fbfac20a4069ae161f481a2764545c8cd85411dede9da4b074954a10ef9752373f5c8536c855965e2f2523c1a5d7df6324f307b2eee4c5a813dc6747bbae6cf75d78d861060917a912da0b5fd0ef8ee0963f2756960b1574528ab96d06eb1988a2f639c400f8a31cec3d4a44c08a7c0a12122f49d0ef397b3e7fc0", @typed={0x8, 0x126, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x22}}, @generic="a608c0f703cefc641cac059b"]}]}, 0x228}, 0x1, 0x0, 0x0, 0x85}, 0x80c1) r9 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000bc0)='/dev/dsp\x00', 0x1, 0x0) ioctl$auto_SNDCTL_DSP_GETODELAY(r9, 0x80045017, &(0x7f0000000c00)) socket(0x11, 0xa, 0x300) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x89\x06s\x1cJ\x99\x8a>c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) ioctl$auto(0x3, 0x400454ca, 0x38) r10 = openat$auto_safesetid_uid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000b00), 0x40042, 0x0) read$auto(r10, 0x0, 0x4) ioctl$auto_TUNSETTXFILTER(r4, 0x400454d1, 0x0) 3.818605021s ago: executing program 3 (id=2395): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x5, 0x6, 0xa, 0x7fffffff, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c4b, 0x4, 0x100, 0x7ffffffb, 0x101, 0x800, 0x3}, {0x8, 0x0, 0x52, 0x5, 0x0, 0x42, 0x76c5, 0x8, 0x100000000}}) bpf$auto(0x10, &(0x7f00000000c0)=@link_detach, 0x40) r0 = socket(0x11, 0x3, 0x1) mmap$auto(0x1000, 0x400005, 0x4, 0x9b72, r0, 0x8000) mremap$auto(0x10001, 0x4, 0x4, 0x7, 0xfffffffc) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r1, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) socket(0xa, 0x2, 0x0) sendmsg$auto_NCSI_CMD_SET_PACKAGE_MASK(r2, &(0x7f0000001500)={0x0, 0x0, &(0x7f00000014c0)={0x0, 0x64}, 0x1, 0x0, 0x0, 0x894}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000100), r3) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000f40)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_SET_MESH(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010027bd7040f9dbdf250f00000008000300", @ANYRES32=r6, @ANYBLOB="d9f439a0abd5dc65339d72e7403fb70b0355e1d8d536c23164094035507592157b5a340b6e611075bbb70cd4dba4f1eb40c24c546ce009c015397c866d83ba262d329cd0af8041a716ae51d00c08c63d554d04c53450d46f"], 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x20044000) read$auto(0x3, 0x0, 0xfdef) shutdown$auto(0x200000003, 0x2) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, 0x0, 0x8000, 0x0) bpf$auto(0x5, &(0x7f0000000100)=@task_fd_query={0x2, 0x2, 0x4, 0x0, 0x8, 0x7, 0xffffffffffffffff, 0x6, 0x8001}, 0x101) 3.123038907s ago: executing program 0 (id=2396): mmap$auto(0x1000000000000, 0x6885, 0x1f4, 0xfa31, 0x400, 0x8) mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$dir(0xffffffffffffff9c, 0x0, 0x40000, 0x0) bind$auto(0x3, 0x0, 0x6a) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x65, 0x8000001f, 0x1000, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0) msync$auto(0x2, 0x9, 0x40) select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x6, 0x3, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, &(0x7f0000000280)={0x6, 0xcb}) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0xfffffdef) ioctl$auto(0xffffffffffffffff, 0x900064b5, 0xc14) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sda1\x00', 0x4040, 0x0) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x10}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) 3.109523767s ago: executing program 2 (id=2397): mmap$auto(0x0, 0x1, 0xd, 0x19, 0xffffffffffffffff, 0x7fe) (async) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) (async) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) (async) write$auto(0x1, 0x0, 0x80000000) (async, rerun: 64) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x1, 0x5) (async, rerun: 64) r0 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) (rerun: 64) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="1b0026bd7500fddbdf25033dd60810515df0104d88800c00068008000180040033000100898771f1c19f17790485908286dd0000040002807fd694b12fe23e70f483870fdb38a146ce3a2246431e222d7fb6a777601cef7fd3df02227f78533dad6cf8fecabcb543c9ae857e9459a8877233abdad1ad707a1e5fb7b68126e961000fc5541b"], 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) (async) newfstatat$auto(0xffffffffffffffff, 0x0, 0x0, 0x1) (async, rerun: 64) openat$auto_nsim_dev_max_vfs_fops_dev(0xffffffffffffff9c, &(0x7f00000089c0)='/sys/kernel/debug/netdevsim/netdevsim0/max_vfs\x00', 0x101000, 0x0) (async, rerun: 64) socket(0x15, 0x5, 0xb) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = socketpair$auto(0x1, 0x8, 0x80009, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/au\x87*o1\x00', 0x5) (async) openat$auto_sync_info_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x101100, 0x0) (async) ioctl$auto_XFS_IOC_ALLOCSP(r3, 0x4030580a, &(0x7f0000000040)={0x40, 0x843, 0x5, 0x0, 0x100, 0x0}) ioctl$auto_XFS_IOC_FREESP(r3, 0x4030580b, &(0x7f0000000100)={0x568b, 0x1, 0x9, 0x8002, 0x9, r4}) (async) mmap$auto(0x0, 0x3ff, 0xb3, 0x9b7f, 0xffffffffffffffff, 0x28000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0xe07c2, 0x0) (async) write$auto(0x3, 0x0, 0x7fffffff) (async) statmount$auto(0x0, 0x0, 0x10, 0xd) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) mmap$auto(0x0, 0x4, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x2, 0x0) (async) unshare$auto(0x40000080) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0x8208ae63, 0x38) 2.790841936s ago: executing program 3 (id=2398): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty53\x00', 0x200, 0x0) select$auto(0x7, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x2, 0x3, 0x95f4da0a, 0xefffffffffffffff, 0x3, 0x62, 0x80000001, 0x10000000000004, 0x6d40, 0x1, 0x2, 0xfffffffffffffffe]}, 0x0) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendmsg$auto_NL80211_CMD_DISCONNECT(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="000125bc7000fcdbdf25300000000500d2000700000084f3c090f1940ed22e18271ec28972d8ab45f9fa946f362a99a679a23b9db4"], 0x1c}, 0x1, 0x0, 0x0, 0x8040}, 0x1) 2.023864959s ago: executing program 2 (id=2399): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x82080, 0x0) socket(0xa, 0x1, 0x100) (async) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0x8) socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) (async) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) r3 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC1D1p\x00', 0x0, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_HWSYNC(r3, 0x4122, 0x0) sendmsg$auto_TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000002500)={&(0x7f0000000280)={0x1c, r2, 0x9ec6579d452c1f15, 0x70bd2c, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0x1}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc000}, 0x20000080) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, 0x0, 0x88600, 0x0) io_uring_setup$auto(0x6, 0x0) (async) io_uring_setup$auto(0x6, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x15) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_GTP_CMD_DELPDP(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x14, r5, 0x1, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x0) ioctl$auto_TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, 0x0) process_mrelease$auto(0xffffffffffffffff, 0x0) (async) process_mrelease$auto(0xffffffffffffffff, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x7ffe) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x7ffe) 1.834960428s ago: executing program 0 (id=2400): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) nanosleep$auto(&(0x7f0000000180)={0x0, 0x44d4}, 0x0) getpid() clock_nanosleep$auto(0x9, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000080)={0x2, 0x0, [{0xd90, 0x400, 0x9}]}) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) socket(0xa, 0x2, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) 1.804045264s ago: executing program 3 (id=2401): syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram8/dev\x00', 0x6a8800, 0x0) prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x800000000001, 0xfffffffffffffffe) write$auto(0xffffffffffffffff, &(0x7f00000005c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D_#\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc^:\xd1\xe3\xf1@\xc0\x93^:Mn#Oi\xaa[X\x93)\x8f\x03K\xe6\xa4\x11?\xf1\x02+\\\xf9\x8b\xe5l5\x11\x006c\x907E\xeb\x81\fB\xe3\xf8n\x8f\x94V\xbcB\x9cm\x9f\x15\x00Q\xf8\x8fFW#?\xd5Z~\xa51\x832\xbd|\x19\xda\x8e\xff\x17\r\x96\xa3\xcc+\xf4a\xffN\xd2_\xe5\\\xf8Lzc\xd4\xa0\x1f\x04_\xf1\xc6\fO\xbe?)Q\xc7\\B\xdb\xeaI\xde\xe9m\xf5\xf9\x19\xd3@IK\xe3c\x0ek\x8drZ\xad\xdc\xbb\xfc\xd4\x1f\xdaOW\x87\xb6Fm\x12\xadw(z\\j\xcc0P\xaeC\x9f\xbf\xd5\xf9\xe3\x85~cG\f\x85\xd6\x84ma\xfd\xdayNj\x80\xdd3^\x87,\x14\x8e\xbe$\x05\x8a\xb0 M\xf6$B TCs\xa9\x91dil[\xfc\a\xbfD\xd9\x8d(F\x1e\f\xec\xe9K|h\xf5\xcaUI\x18#\xbed\xa8C\x8a\xbb\fE\xe6\xa3|\xf7\xa8\xbb\xd3\x97l.V/uc\xb5Q\x1eY\xe0\x03\xa1\xc1\xc8\xe2=RK\x7fWV;\xe4\xccTsf\xa7[\xdd\x9cR\xab\xf81s\xbc\x9c\xaaSGH\x9al\xb9%u\v\xb4\x9d\x95\x16\x01\xbbT\x99S\xf8A\xcd\bRC\xf4\xb0\x1a%\xdd+1\x81\x9d6\x90\xe8\xc6\xc1\x1e\xf0~\xaf\x10g&\xd6\x01l::V\xdbJiVW\xab4G\x97\x9cl', 0x100000a3d9) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r1, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r1, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) r2 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000900)='/sys/kernel/debug/block/nbd0/hctx0/sched_tags\x00', 0x60100, 0x0) read$auto(r2, &(0x7f0000000040)='\x00', 0x3) mmap$auto(0x0, 0x400008, 0x7d3, 0x9b72, 0xffffffffffffffff, 0x5cd) madvise$auto(0x0, 0xffffffffffff0001, 0x15) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/rxrpc/peers\x00', 0x101000, 0x0) pread64$auto(r3, 0x0, 0x8, 0xffff) r4 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dri/card1\x00', 0x0, 0x0) ioctl$auto(r4, 0x92106409, 0xffffffffffffffff) madvise$auto(0x0, 0x200007, 0x8) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000180)='/dev/usbmon9\x00', 0x80000, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x630001, 0x0) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/pagemap\x00', 0xee90ce37eb497475, 0x0) syz_clone3(&(0x7f00000004c0)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) sendmsg$auto_WG_CMD_GET_DEVICE(r0, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000425bd7000fedbdf2500000000060006004e2400003400088008000800640101000c00ba00ffffffffffffffff1c00a0800800e600", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="eaff438004804680b4a4cfe6336c30fd02c8d375d1cb8fbd2c953dca0694438d989c6d91472be1df804bb295df289a3557d6a35d545e65544a84b3a07e331bb4c0aaa95e57aa5a0a41ce38fa89ae5884991f886fc77afdff80dbd269f678424c2148ea2f"], 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x4011) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x4) sysfs$auto(0x2, 0x4b, 0x0) r5 = fsopen$auto(0x0, 0x1) fsconfig$auto(r5, 0x8, 0x0, 0x0, 0x0) 1.664061096s ago: executing program 2 (id=2402): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) r1 = socketcall$auto(0x8000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0xae80, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xaa102, 0x0) write$auto(r3, &(0x7f0000000100)='\x00\x00\x00\x00\x00\x00\x00x \xec(\x1d\x98\xe9\xc4\xe8\xfc@6=\xab\xf4\x89\x01\x93\xdc\x19\xffv\'\xa1\xd5\x14\x06S\xae\xadB}\xdf]\x99\xc9\x9f4\xbb\xc5\x81\x9d\x8ak\xdeB\xcbd\xd3\x05\xe4P\x84\xcb\xb8#\x13\nYU\'\x95R\xc8\x9d\xb7*\xe0.\xd2\xdf\x1b\x88D\x8c{k\xcec\xe1\xa2j\xec\xc9\xd2\x98\x94I\x102h\x06\x8c\xa2\xc8\x8a7\xb7t', 0x7ef) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0xc) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x7, 0xd) close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x0) socket(0x2, 0x1, 0x106) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x5, 0x0) shutdown$auto(0x200000003, 0x2) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) r4 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r4, 0x0, 0x7ff, 0x400) socket(0x2, 0x1, 0x0) 1.314137543s ago: executing program 3 (id=2403): mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x8000) r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x40040, 0x0) (async) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async, rerun: 64) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (rerun: 64) write$auto(r0, &(0x7f0000000040)='{\x00', 0xfff) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) (async, rerun: 64) r2 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/snd/pcmC0D0p\x00', 0x80200, 0x0) (async, rerun: 64) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) ioctl$auto_BTRFS_IOC_SNAP_CREATE(0xffffffffffffffff, 0x50009401, &(0x7f0000000440)={@inferred=r2, "8a31eaf62d6d6afdaa8b0822caf140739777f83abc6a30315dcc60b24ad2e7859b331881bf687e2148b77685431ec90c7ace1ff986bb9d53f3a86b258d2e3bc7b7e3f39cabe0064ffcf2708ee158ee4f66fa4443b8ac2432982e2c085d3b3ea8dcaa66524d7267648568d02def887fb91c5ac4ac8f20c8a90bb4d14a8e81f31728e53a81082e1b4d16528a061a459e06012d135bbe67a5845f2510e530869cdd07b345c70f5455693e6fbe0b9e211035288e168c67ac29fe3f64ab37d24ef2163aaa90cef9580f73c009d7bbf32a97fdd98fb0ce4c503bcb4c8b1d771d492e86cc27af13995f014aa428b0c9e8db0cbe189cb793df51e5106fef9e42a2106b8a423446277a6ecd7fa9cb0bf73cc85b6f8caff99538e30d95c8eec61252ea4881c9baaafad0182add425f498240bb3df2aa8d6bd0ff865a52286165c200dac430f91e66ba81a7e50db8fcfac441d1da9448fbf521f4f63765c78c1393e9c0261c494e4cf6ee0e168729bbf19963702b3fa96e69456702ac79954f933be5b41c0187ed0ad863ade42819a254a97cb13fcaa14e0207314b4ea2d05dee8249f2456a2005f4d5d4ffa410fc66a60cf89dbf559776a7754686b406ff91acff3bf74e86f1bc569881849c3d42efe73c77379cd9788a463b24679fa01795ce0d5428731fda1ee126d0e4f53f10828f5c1b20d6335030f524291647e453ffa40ae79b08a278f5343532366763fb380d1e2b87f1254b33d666a398967e5450c3b2abfa555846af966df5fc0dae371db75c2e49a8e29bba4a1ebaf85a6c85f88c6894d818083cd45a49612892a77f50f61bd58445bb160e9de55fcf36005e7a2958884cef64c633f2238f5ef4e2f0cfaedd842a34be93418909611e407454896e3c6b4af5c673c2ef29ade623f5300cd5d759afc196d0a7e691940101d7d085c8e2d7b879f6ae94ebade7379b4a9441eccfdb3741ab646448ac81f8323d3e286f034737459bfffec9f5e7adea396fcfbe9c88bab16ae0b569e6b9492da8f2133a75bd6b4ec4bfb20c4e6a40b4b5f2a29ce952f22f744ced7a9f8d756955652167c0e2b7fedee795f804797e7f8554120a432cf8d131318e819be25b34a7c8a66fdf6d1d9d2ccfdc01cfbfb20c56872b0cb6dd43f82ee7f67ee3bd30c8593a5595d5a55cd075094bcee37dbb43ff9535c17443a09730a4f4683a9b473801961e93992b410f88f05c3517532d4edfcb6a726620e4bc7c14c0c82a069cf4bcd0b7e201c7cdabfd783e3c5a218bfc82d39d0baef7a83da054df92efb007384c5796cfd5b11edfbbb437616738790fbad3ca4a0ab4b14dc2f2a4b6dfa31f9c62d6a7d4d69002548afab05b36bb98805bf830c1d2747377ef0a694330f794278089030ba450a4bc3958eb8dcc939d71474b47bcb727fd36ef13c1ba3d9ab8e28513e025e5db975c507a41c34f9f328665bb0b2d605da10c95558f0a3f8b2d857f160012453b7a7ec2ed8727031f7f997696b0e3e71609f715b7151825365e5324eb563860df5062d24dc91d4ec8b270d9dcc9b1b0f67c9020a6ff6ff7fac5a096fe3940a9104c430f26d82a9a7002aa3339a33cbe201d675bbbc6c3d9afe9aba2308e1c1e61753d032baa2dbd26144a2bd98814104b70af47b8c25cf7537bf8817b5f059f8610b17a75af28f41742aeb79d4db1a55af6daf5c9511cc0376e796e35fd22d256a41613f5e4c7453d98018d3285845900c4c0e8cc83b9bc55fb0cd4e4666c2d1d6a3aeab1fa93f0171b89578d5eda6454123a8de03e7c22ce957442cc132a946fa1f4e483fe6fa275350376c600b0011c1d43c1b5c2ed4547d16fc58e2a0f7598a23d0c931e85f2ed7566f54ed59d9affece55f77566de04d4d278c8ad126a15265ceb7c8c3648266eb1445c7873f8a530fc4afbfc868abc43107d5fa44899368f45a78b59f04e876794af4a9087d6da2e17d749da8730cf6a5a973daa982aadbbe493637bc96838cbc4033ce3d45fa6259a425faa98deaeeef6d84816e5eb96d1be5b99286a6dab2967a8db73dd349401e40556fdde9c43b504444d630e7dde6697eca52ff6970ee854e44d8a76442b613202ad3be0fcee23154d24514874c26acc2382608dedb47517ddf71f01564d65b0b8ec944ea43f84f67e0ed5d348b8333cdefc441a6b49bde4f480c161dde45bc63e7883ade13c11298da1e9bd6400371a73d7210f9a9ddc82c68f650fd84e80f914776d74f7c8614f6f0f9597aee3ebc263d4b0523017dbf9472d347884d9e8954e2788201fe3b49702826ec6c1b22b05f3ff0821708dd4b96c3e127a5e634748ab007c0de8f15fcf861f4bb4eb8e821a36bfbc4ab938b901c4023be9099b4d3d4004c4fe2cde2dfe02b8a069d244ac42bf1ee17f7569d5ec84a4e321f5436fd3b8cb8017ea09f532d79c7f8e6e496832e672d997859c6e6837de813ee07fa4dc5399116d8195a9a287fd3f5c5c5b8f3164bd5007c36e22c5d2e5b5925d2bdd6f37bfb8300315740d3f83f778f9c7487d5803df2380185a607042e9f028e825d299741e002dd23154c84452fe874825cd059cc507f1cabc39fca60a3f4d705c45974c12ccd4fa4ea9c11cf627e1bee22f9434109c866970f6c834ed4bece007949067cc827f296f2016086fedbf7ef936dd8e1e82476343fbf3728d7ee893865711401dec75fd94d1025eef09d3d8971811ece8db2cc057cf2473792554ea5cd811bc269a5f9e0b31ca612495fe3ff838a9cc4b1d249b8f724a7b3ca91f1340f74ebba56c2bc87a534c28ed7c587499175f12bbceaf51aea47d681446589c513f7cb0fa1a56fff70595e266bbdcac64484fdf6279a65d59acdf6bc18ef271f5c1810f563eb6b2550b1de9dba1392eda38f8501a25eb3c7d2cd8a3513c0cfbab5dd445e27b67452caebdd34157ce9f800277c96aa51f0637159252ba9719f87a386a418db1e614d0096e5dfe7ef1b83c8fd807c9f0715a022ca0d02e4c65477f9b1c3882c4cc0b5fff059e082604101ce690d48237dc3d0e53a0e76a3dc21b4537af612bffce688cc19ded2ff18f2fae0a3e424fb87a52706b60676ec75854c1bb9f7f51e0a38e0fb6ceba1b180940acb0bcc21e56a23b87426f0ee9a97fe6c5465031fc5af0e92291f4b9420e5b4a1934e656ed25ea0071e6915ea33befafcd3417db10a4bfff1134c3c92d0fc4daa697ff290ba3531ff1bb17d1cb704729d9a44d14cd9f47c44b5c657fd593d39ec4b4e0728edb989caed9a0011bc0e498f292f48878043fe06f54b94821cf75652e81c0aded6817d5bd547d3f0231d7637bd3ab9926fc4ab8a8bf02d1af16f2a939eee5ca59512018eab2ef13e04baacf17743f8037dd05e55731a098592813bdc4c7aefb6c02dd267bd031ff9e310e29f2b65aaee4a00a0d81c6a803d5f185f7d84ac464692dba7a928977981c7d61db654546510f14a2c8fc3188669f40864a8465ffb00bd84a2484c7fbbc0607f800e53d1879549d80115bad5aceeca928691d92c47eb443be44d5160482282aa1e1a13a75043363138ee184358068770486c7df1100a63d6507ce45a83cee81ea11a2b84415c36b415e51cc2c3c67b9a04f5273708831f22ad73695c79218f4a71496036085deaa9402efeb028d7d64357db051a5a0472755de94dcccdd8e8a6bc6a4ab42bac834580edb5346e3faeede3babcba30e02dd499465882ac460a188e86acafe4c090003751408acbab5196a74f81fd459b6230983022fe501c45623cf0b991d8166c35809c539a383575cc09e3c6a7fc553f3b641232419529afffa0020429c52265f429a73f0d766170e25ae6b3d4d1041806eb4e59d11a6b30497f5e5909e7274d7e3aa139a6603d20a2814e776119ab120ca8e750c84c50cbeb47d90cd03f06e72ac4b0662f32473a75a5ffbdf7cb4bcbdb593fa41fb9447b0dbd632574e62e149cb74ce9d0fc344e7c286d26f8a527c6596c8a0c0db05e5d7906585b2a56ce322db4d693b4f09a0743ec0597c5a4dabc8bb15f97149a5c96d13f2b1c82cc655072677035895e9dd5355125e93c45e6e1b5459b9f32502544208b7eff8d070ad5a9194e0cb08006844405d9d4b3d7d17919ca25ec409b87ba9b26d17fc985c5de60368e7cb7806d139cb5250cc46faf97ea9155e4278b5b53ec03c61d803a6c19eac6f0035f5c8698d9923ef161ce5a346682d5d6314c7b1b1dd4d229acd84ed5775b5f696356acec6b25ccd848bfa8551fe6f7a559a0434e0341adb4224f64abb2e4c551d006ac692a69cc865316d2e28fd4ec48e0b1fa1e582bf9542308bd96f76b1d572a88ae4ddfb503c22175a4b3b6e404cba4905cb4cf8b7c3eae8defffc86f2760b9fb7af0e30be085a2169b09177a0636dbd77344265dfface709db0bf579c9a3f01a22ccde3dbd1c2d8d2f3ba1ee4bcbb85846bb77507caa2b987b9af79b615d62f9cbc04816b3b50810272c821d82ab85d20f51f68d6510dc11c27bba48c8d6141872cb12762becdacef73b3c49835a49906814d006ffd93870f3f418d7478953663a4937a6bf814e606741b3301e72afa6669f27603eedd5215e5a6cb8c35fa1dd9e12c36d56cf6e473a7e6ea77e5eba7f9c0e285cdf5eb15f2cddd5bc3991dd8e151057e60855b0788e9f10c51706e7fab5ab092d6ef54b757cc60c3714fabf4221dd783edfce252720c48245c5ee7295b9f7cd3d0f0ca948c223ed581eab2ce1b0fe361e02dd5859a0fba7afbfefac09c76637bd18b0c4a9fec6cdc8e136692212e8e9251bf77833d5b665341ee85c35962f89416332035ba1cbf2eed71bc7eda7c3e4e5767550525fd40782a76e0ec05745c6a071dd0cd64354e058b1369c1fd9523dfb252bb5b7cd4d2c19e0dd7171ae430b3d93adb83f1f69a2ad7e0db9e6659e65f6f03b1f1f52a93ab3767ada79aa5bd4b5a64d895835115a023ccef2b62aaba40034f2c5a79b782592a403fa29983a3894ec1f5434269bb4fd2335de279339c34d69a3ce60f6166f2ba1611d39e201141e03888f1c92786500c877636e938f3d471ed0c3a6a9e249e10d45473a5d3fb14b688ca674fd9720e2af28451e82251c9a1657cc519ee209e4fd774b702fb33fe3d3252dbd0452e06c0090f55872f1d004436bc7978b8d9aba10c2e763406a14e3793eff35cacd22828c48710b8276e58c0484a7a80e58b0f6ba7cac24a1774e612324033f5227442ee2606a89b13a51a72513f4a7e05bcfe68f8c0d0f64ffb03da70c3590c3c3c7f5bcd0f7933d8d80c85ac03ae77ac157ee793766ffa2ddefe2a01cd49aba49459b11d973a639f271876bae5eb084b82fdcadc2a1010720380a111103882255c0ee68b91b6cf4abb06480c6ee4b6f63e538576dc5473c633fc327a114c1550eeeb6b5f4c7578219a8d49f52e8f75e45a98472781dca0ebbef7c35f4f12201169b0c40af23e54d20ac071ad7d3e1f36c3f9e4069a7e22daa81fbf8c7b6f92f739f4276da056080879a4738839dbb5c1518f773e88bab047c1f3ff98ee0435d97c5afb5d0040940b9a9f3b19f6620fa4d13e771fede2a0250b4f499aecd6acbfcb0cea2e65d5d22d895513f7c7da33bf9d7041e8f6a31f0e9f86a58eabcf26dae23b11cf8af20f84d25cc3520400a4728f7e5de19058ec3c7cfe4fb5d1cdcb36daf2f0941240dc387c26557f16e346fc1ccec0a2099caec0093e2657785a2056510e0134ae27a54451c5d36c6c8d1d54e6fa1cbd92bcab0ffe9441238050db41210644610542b"}) (async) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram4\x00', 0xdd01, 0x0) (async) open(0x0, 0x40000, 0xb0) msync$auto(0x1ffff000, 0x1800000ff010000, 0x400000004) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x9, 0x2, 0xfffffff7, 0x0) (async) bind$auto(r2, 0x0, 0xcb1) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x4000804) (async) lstat$auto(0x0, &(0x7f0000000180)={0xe, 0x2, 0x100000001, 0x1000, 0x0, 0x0, 0x0, 0xfa98, 0x8, 0x7fffffffffffffff, 0x8000000004, 0x100000007fffffff, 0x5, 0x0, 0x7, 0x4, 0x3}) (async, rerun: 64) r4 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) ioctl$sock_SIOCGIFINDEX(r4, 0x89fc, &(0x7f0000000040)={'vlan1\x00'}) (async) setsockopt$auto(0x3, 0x10000000084, 0xc2d4, 0x0, 0x4602) (async) mmap$auto(0x0, 0x20000000a0009, 0xe2, 0x13, r3, 0x6) (async) mmap$auto(0x0, 0x20009, 0x4000000000002, 0x14, 0x401, 0x108002) (async) io_uring_setup$auto(0x83d3, 0x0) io_uring_register$auto(r2, 0x15, 0x0, 0x7fff) (async, rerun: 64) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 64) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) setuid$auto(0xe) (async, rerun: 32) select$auto(0x7, 0x0, &(0x7f0000000080)={[0x209c, 0xe9e, 0x4, 0x15, 0x1000, 0x47, 0xc, 0xf, 0x0, 0x0, 0xe, 0xd59, 0x101, 0xff, 0x2, 0x3]}, 0x0, 0x0) (async, rerun: 32) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) 542.518409ms ago: executing program 3 (id=2404): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x34, 0x65f, 0x7fffffff, 0x2, 0x3, 0x20000002, 0x9, 0x3, 0x4, 0x4, 0xb4, 0x9, 0xa, 0x10003, 0x80, 0x4, 0x1, 0x7, 0x1002000, 0x203, 0x8, 0x84}, 0x3, 0xd) pwrite64$auto(0xc8, &(0x7f0000000040)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/231, 0xfdf2, 0x3a) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_stats_fops_2(0xffffffffffffff9c, &(0x7f0000000000), 0x4c041, 0x0) pread64$auto(r0, &(0x7f000000b040)='\x00', 0x7, 0x6) madvise$auto(0x108000, 0x800034, 0x0) io_uring_setup$auto(0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x1, 0x0) socket(0x2, 0x5, 0x0) sysfs$auto(0x2, 0x0, 0x0) epoll_create$auto(0x7) r1 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(0x5, 0x1, r1, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) epoll_wait$auto(r0, 0x0, 0xe00b, 0x1) 49.81473ms ago: executing program 0 (id=2405): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x401, &(0x7f00000001c0)={0x403, 0x2, 0x7, 0x10001, 0xc, 0xc05, 0xffffffffffffffff, [0x7fd, 0x1001, 0x8], {0x9, 0xfffffffd, 0x8, 0x0, 0x420, 0x7, 0x3fdc, 0x3, 0x1000000000005}, {0x0, 0x140, 0x7, 0x9, 0x101, 0xff, 0x7, 0xa, 0x100000001}}) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x1a1000, 0x0) ioctl$auto_PROCMAP_QUERY(r1, 0xc0686611, &(0x7f0000000080)={0x67, 0x0, 0x7fff, 0x5, 0x80000000007, 0x1, 0x80000001, 0xff, 0x5, 0x7, 0xfbfffffe, 0x5, 0x7fb, 0x7, 0x9}) fremovexattr$auto(r0, &(0x7f0000000000)='\x00') socket(0xf, 0x6, 0x4800008) socket(0x2, 0x3, 0x6) setresuid$auto(0x8, 0x8, 0x0) getpriority$auto(0x0, 0x9a) rt_sigaction$auto(0xfffffffe, 0xfffffffffffffffd, 0xfffffffffffffffc, 0xc) openat$auto_nsim_psample_enable_fops_psample(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim0/psample/enable\x00', 0x2, 0x0) openat$auto_proc_pid_set_timerslack_ns_operations_base(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/time\x00') openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x580000000) write$auto(0x3, 0x0, 0xfffffdef) socket(0x2, 0xa, 0x106) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) socket(0x2, 0x1, 0x0) epoll_create$auto(0x4) io_uring_setup$auto(0x85, 0x0) socket(0x2, 0x3, 0xa) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmsg$auto_WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x400c810}, 0x200448c0) 0s ago: executing program 3 (id=2406): mmap$auto(0x0, 0x2020009, 0x2, 0xf8, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(0x5, 0x1, r0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0) read$auto(r1, 0x0, 0x20) mmap$auto(0x0, 0xff, 0xdf, 0x14, r1, 0x8000) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x3, 0x810004, 0xffa, 0x8000000008011, r0, 0xfffffffffffffffc) r3 = socketpair$auto(0x1e, 0x4, 0x9, 0x0) preadv2$auto(r3, &(0x7f0000000180)={0x0}, 0xe, 0xffffffffffffffff, 0x8004, 0x6) ioctl$auto_BLKFLSBUF(r2, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r4 = socket(0x1e, 0x6, 0x0) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r6 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/admmidi2\x00', 0x48ad03, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r5, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccW\x1c\x94t\x98\xc6\xd7\x9dh\xdf\x91\xd9\x1ew\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5,\xcc\xfa`\xfa\x90\xf0C\xdc\xbebBW\x8a\x95\xf4\x14\xc7\x90V\xe7a\xfb*\xcc6\xba\x9ef\x19R\xff\xd2\xd8\x98\xa8\x17\xcb\x84\xe8\xfb\x00`\xc2\xce~U\xca\\\xc1\xb7\xf1\n\xb9\xbfk\x1e\xdb\xed\x81{\x1f\x18j\x16\rk\x0eO\xe3\xa78&Z\x9e\xbf\x84\xd6\x1f\xe8\x88\x1f\xbc\x1eT\xa6{9hb\xbc\x1a\\\xb3\x846&\x1a\xbb\x9c:e\x9c\x18\x11\xf0\x8eQ\xd8\x8a3^?\x13\x00\xcbx\xb2\x18e\x95$\x9d\x804', 0x100000a3d9) sendmsg$auto_HSR_C_GET_NODE_STATUS(r4, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000480)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000) mmap$auto(0x0, 0x2020009, 0x8000000007, 0x11, 0xfffffffffffffffa, 0x8000) getdents$auto(0xffffffffffffffff, 0x0, 0xfff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/loop15/queue/discard_granularity\x00', 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioperm$auto(0xefdd, 0x4, 0xfffffffa) unshare$auto(0x40000080) semctl$auto_SETVAL(0x0, 0x7, 0x10, 0xfff) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x1fffffe, 0x4, 0x1b85, 0x80000011, r6, 0x7e) fsopen$auto(&(0x7f0000000100)='/sys/kernel/irq/12/hwirq\x00', 0x10001) kernel console output (not intermixed with test programs): entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 662.552624][T14796] RIP: 0033:0x7f4e9e78d33c [ 662.552645][T14796] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 662.552670][T14796] RSP: 002b:00007f4e9f668030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 662.552696][T14796] RAX: ffffffffffffffda RBX: 00007f4e9e9b5fa0 RCX: 00007f4e9e78d33c [ 662.552714][T14796] RDX: 000000000000000f RSI: 00007f4e9f6680a0 RDI: 0000000000000004 [ 662.552731][T14796] RBP: 00007f4e9f668090 R08: 0000000000000000 R09: 0000000000000000 [ 662.552747][T14796] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 662.552763][T14796] R13: 0000000000000000 R14: 00007f4e9e9b5fa0 R15: 00007ffdc42e58c8 [ 662.552800][T14796] [ 662.754553][ C0] vkms_vblank_simulate: vblank timer overrun [ 663.066399][T14790] FAULT_INJECTION: forcing a failure. [ 663.066399][T14790] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 663.162690][T14790] CPU: 0 UID: 0 PID: 14790 Comm: syz.1.1772 Tainted: G S U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 663.162724][T14790] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER [ 663.162731][T14790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 663.162741][T14790] Call Trace: [ 663.162747][T14790] [ 663.162753][T14790] dump_stack_lvl+0x16c/0x1f0 [ 663.162785][T14790] should_fail_ex+0x512/0x640 [ 663.162813][T14790] _copy_to_user+0x32/0xd0 [ 663.162842][T14790] simple_read_from_buffer+0xcb/0x170 [ 663.162865][T14790] proc_fail_nth_read+0x197/0x270 [ 663.162887][T14790] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 663.162908][T14790] ? rw_verify_area+0xcf/0x680 [ 663.162929][T14790] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 663.162949][T14790] vfs_read+0x1e4/0xc60 [ 663.162975][T14790] ? __pfx___mutex_lock+0x10/0x10 [ 663.163002][T14790] ? __pfx_vfs_read+0x10/0x10 [ 663.163031][T14790] ? __fget_files+0x20e/0x3c0 [ 663.163060][T14790] ksys_read+0x12a/0x250 [ 663.163083][T14790] ? __pfx_ksys_read+0x10/0x10 [ 663.163113][T14790] do_syscall_64+0xcd/0x490 [ 663.163130][T14790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 663.163147][T14790] RIP: 0033:0x7f327ef8d33c [ 663.163162][T14790] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 663.163179][T14790] RSP: 002b:00007f327fd90030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 663.163196][T14790] RAX: ffffffffffffffda RBX: 00007f327f1b5fa0 RCX: 00007f327ef8d33c [ 663.163207][T14790] RDX: 000000000000000f RSI: 00007f327fd900a0 RDI: 0000000000000008 [ 663.163217][T14790] RBP: 00007f327fd90090 R08: 0000000000000000 R09: 0000000000000000 [ 663.163226][T14790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 663.163236][T14790] R13: 0000000000000000 R14: 00007f327f1b5fa0 R15: 00007ffe3a728368 [ 663.163257][T14790] [ 663.352693][ C0] vkms_vblank_simulate: vblank timer overrun [ 664.235226][T14819] ERROR: Out of memory at tomoyo_memory_ok. [ 664.259166][T14820] ERROR: Out of memory at tomoyo_memory_ok. [ 664.293595][T14816] ERROR: Out of memory at tomoyo_memory_ok. [ 664.808095][T14833] [U]  [ 664.810983][T14833] [U] [ 664.813741][T14833] [U] [ 664.816592][T14833] [U] [ 664.848678][T14833] [U] [ 664.851477][T14833] [U] [ 664.854241][T14833] [U] [ 664.856998][T14833] [U] [ 664.922083][T14833] [U] [ 664.924873][T14833] [U] [ 664.927619][T14833] [U] [ 664.930370][T14833] [U] [ 664.954095][T14833] [U] [ 664.956901][T14833] [U] [ 664.959655][T14833] [U] [ 664.962410][T14833] [U] [ 664.996085][T14833] [U] [ 664.998878][T14833] [U] [ 665.001623][T14833] [U] [ 665.004378][T14833] [U] [ 665.033673][T14833] [U] [ 665.036457][T14833] [U] [ 665.039211][T14833] [U] [ 665.041970][T14833] [U] [ 665.076215][T14833] [U] [ 665.079013][T14833] [U] [ 665.081763][T14833] [U] [ 665.084513][T14833] [U] [ 665.107374][T14833] [U] [ 665.110173][T14833] [U] [ 665.113018][T14833] [U] [ 665.115774][T14833] [U] [ 665.156174][T14833] [U] [ 665.158970][T14833] [U] [ 665.161710][T14833] [U] [ 665.164467][T14833] [U] [ 665.177629][T14833] [U] [ 665.180419][T14833] [U] [ 665.183175][T14833] [U] [ 665.185926][T14833] [U] [ 665.199194][T14833] [U] [ 665.201986][T14833] [U] [ 665.204738][T14833] [U] [ 665.207501][T14833] [U] [ 665.242886][T14833] [U] [ 665.245672][T14833] [U] [ 665.248429][T14833] [U] [ 665.251172][T14833] [U] [ 665.271901][T14833] [U] [ 665.274690][T14833] [U] [ 665.277435][T14833] [U] [ 665.280190][T14833] [U] [ 665.301726][T14842] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1783'. [ 665.310966][T14840] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1783'. [ 665.331870][T14833] [U] [ 665.334752][T14833] [U] [ 665.337507][T14833] [U] [ 665.341870][T14833] [U] [ 665.352577][T14842] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1783'. [ 665.361955][T14833] [U] [ 666.312074][T14850] vcan0: tx drop: invalid da for name 0x000000000000003f [ 667.028610][T14870] FAULT_INJECTION: forcing a failure. [ 667.028610][T14870] name failslab, interval 1, probability 0, space 0, times 0 [ 667.058553][T14870] CPU: 0 UID: 0 PID: 14870 Comm: syz.3.1791 Tainted: G S U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 667.058602][T14870] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER [ 667.058613][T14870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 667.058628][T14870] Call Trace: [ 667.058638][T14870] [ 667.058649][T14870] dump_stack_lvl+0x16c/0x1f0 [ 667.058696][T14870] should_fail_ex+0x512/0x640 [ 667.058738][T14870] should_failslab+0xc2/0x120 [ 667.058767][T14870] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 667.058807][T14870] ? skb_clone+0x190/0x3f0 [ 667.058837][T14870] skb_clone+0x190/0x3f0 [ 667.058863][T14870] netlink_deliver_tap+0xabd/0xd30 [ 667.058901][T14870] netlink_unicast+0x5df/0x7f0 [ 667.058936][T14870] ? __pfx_netlink_unicast+0x10/0x10 [ 667.058979][T14870] netlink_sendmsg+0x8d1/0xdd0 [ 667.059018][T14870] ? __pfx_netlink_sendmsg+0x10/0x10 [ 667.059064][T14870] ____sys_sendmsg+0xa95/0xc70 [ 667.059099][T14870] ? copy_msghdr_from_user+0x10a/0x160 [ 667.059141][T14870] ? __pfx_____sys_sendmsg+0x10/0x10 [ 667.059179][T14870] ? kfree+0x24f/0x4d0 [ 667.059209][T14870] ? __pfx__kstrtoull+0x10/0x10 [ 667.059247][T14870] ___sys_sendmsg+0x134/0x1d0 [ 667.059290][T14870] ? __pfx____sys_sendmsg+0x10/0x10 [ 667.059372][T14870] ? __pfx___might_resched+0x10/0x10 [ 667.059412][T14870] __sys_sendmmsg+0x200/0x420 [ 667.059470][T14870] ? __pfx___sys_sendmmsg+0x10/0x10 [ 667.059532][T14870] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 667.059595][T14870] ? fput+0x70/0xf0 [ 667.059622][T14870] ? ksys_write+0x1ac/0x250 [ 667.059657][T14870] ? __pfx_ksys_write+0x10/0x10 [ 667.059700][T14870] __x64_sys_sendmmsg+0x9c/0x100 [ 667.059737][T14870] ? lockdep_hardirqs_on+0x7c/0x110 [ 667.059775][T14870] do_syscall_64+0xcd/0x490 [ 667.059804][T14870] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.059831][T14870] RIP: 0033:0x7fc5cad8e929 [ 667.059855][T14870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 667.059880][T14870] RSP: 002b:00007fc5cbbc5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 667.059905][T14870] RAX: ffffffffffffffda RBX: 00007fc5cafb5fa0 RCX: 00007fc5cad8e929 [ 667.059922][T14870] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000004 [ 667.059938][T14870] RBP: 00007fc5cbbc5090 R08: 0000000000000000 R09: 0000000000000000 [ 667.059954][T14870] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000002 [ 667.059969][T14870] R13: 0000000000000000 R14: 00007fc5cafb5fa0 R15: 00007fffd926d478 [ 667.060009][T14870] [ 667.060803][T14870] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1791'. [ 667.871769][T14885] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1794'. [ 667.923821][ T5834] Bluetooth: hci3: unexpected event 0x3c length: 728 > 7 [ 668.107509][T14889] FAULT_INJECTION: forcing a failure. [ 668.107509][T14889] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 668.231799][T14889] CPU: 1 UID: 0 PID: 14889 Comm: syz.1.1795 Tainted: G S U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 668.231852][T14889] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER [ 668.231864][T14889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 668.231880][T14889] Call Trace: [ 668.231889][T14889] [ 668.231900][T14889] dump_stack_lvl+0x16c/0x1f0 [ 668.231949][T14889] should_fail_ex+0x512/0x640 [ 668.231995][T14889] _copy_to_user+0x32/0xd0 [ 668.232042][T14889] simple_read_from_buffer+0xcb/0x170 [ 668.232083][T14889] proc_fail_nth_read+0x197/0x270 [ 668.232118][T14889] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 668.232153][T14889] ? rw_verify_area+0xcf/0x680 [ 668.232186][T14889] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 668.232217][T14889] vfs_read+0x1e4/0xc60 [ 668.232257][T14889] ? do_raw_spin_unlock+0x172/0x230 [ 668.232302][T14889] ? __pfx_vfs_read+0x10/0x10 [ 668.232337][T14889] ? ptrace_may_access+0x3e/0x50 [ 668.232372][T14889] ? pidfd_ioctl+0xde/0x26a0 [ 668.232419][T14889] ? __pfx_pidfd_ioctl+0x10/0x10 [ 668.232454][T14889] ? hook_file_ioctl_common+0x145/0x410 [ 668.232502][T14889] ksys_read+0x12a/0x250 [ 668.232541][T14889] ? __pfx_ksys_read+0x10/0x10 [ 668.232579][T14889] ? __pfx_pidfd_ioctl+0x10/0x10 [ 668.232620][T14889] do_syscall_64+0xcd/0x490 [ 668.232651][T14889] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 668.232680][T14889] RIP: 0033:0x7f327ef8d33c [ 668.232704][T14889] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 668.232731][T14889] RSP: 002b:00007f327fd90030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 668.232758][T14889] RAX: ffffffffffffffda RBX: 00007f327f1b5fa0 RCX: 00007f327ef8d33c [ 668.232777][T14889] RDX: 000000000000000f RSI: 00007f327fd900a0 RDI: 0000000000000004 [ 668.232795][T14889] RBP: 00007f327fd90090 R08: 0000000000000000 R09: 0000000000000000 [ 668.232812][T14889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 668.232828][T14889] R13: 0000000000000000 R14: 00007f327f1b5fa0 R15: 00007ffe3a728368 [ 668.232866][T14889] [ 668.581542][T14873] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 668.643690][T14873] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 668.649893][T14873] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 668.683539][T14873] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 669.087440][T14904] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1799'. [ 669.431815][ T5151] Bluetooth: hci0: command 0x0c1a tx timeout [ 670.093855][T14916] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1803'. [ 670.309655][T14929] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1806'. [ 670.718289][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout [ 670.721674][T14666] Bluetooth: hci1: command 0x0c1a tx timeout [ 670.725268][ T5151] Bluetooth: hci3: command 0x0c1a tx timeout [ 670.796020][T14941] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input213 [ 671.597834][T14953] FAULT_INJECTION: forcing a failure. [ 671.597834][T14953] name failslab, interval 1, probability 0, space 0, times 0 [ 671.645313][T14953] CPU: 0 UID: 0 PID: 14953 Comm: syz.2.1811 Tainted: G S U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 671.645368][T14953] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER [ 671.645378][T14953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 671.645395][T14953] Call Trace: [ 671.645404][T14953] [ 671.645416][T14953] dump_stack_lvl+0x16c/0x1f0 [ 671.645467][T14953] should_fail_ex+0x512/0x640 [ 671.645506][T14953] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 671.645553][T14953] should_failslab+0xc2/0x120 [ 671.645581][T14953] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 671.645624][T14953] ? alloc_empty_file+0x55/0x1e0 [ 671.645659][T14953] alloc_empty_file+0x55/0x1e0 [ 671.645692][T14953] path_openat+0xda/0x2cb0 [ 671.645729][T14953] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 671.645774][T14953] ? __pfx_path_openat+0x10/0x10 [ 671.645817][T14953] ? __lock_acquire+0xb8a/0x1c90 [ 671.645860][T14953] do_filp_open+0x20b/0x470 [ 671.645902][T14953] ? __pfx_do_filp_open+0x10/0x10 [ 671.645973][T14953] ? alloc_fd+0x471/0x7d0 [ 671.646022][T14953] do_sys_openat2+0x11b/0x1d0 [ 671.646052][T14953] ? __pfx_do_sys_openat2+0x10/0x10 [ 671.646085][T14953] ? __fget_files+0x20e/0x3c0 [ 671.646138][T14953] __x64_sys_openat+0x174/0x210 [ 671.646169][T14953] ? __pfx___x64_sys_openat+0x10/0x10 [ 671.646197][T14953] ? ksys_write+0x1ac/0x250 [ 671.646255][T14953] do_syscall_64+0xcd/0x490 [ 671.646283][T14953] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 671.646309][T14953] RIP: 0033:0x7f4e9e78e929 [ 671.646331][T14953] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 671.646356][T14953] RSP: 002b:00007f4e9f668038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 671.646381][T14953] RAX: ffffffffffffffda RBX: 00007f4e9e9b5fa0 RCX: 00007f4e9e78e929 [ 671.646398][T14953] RDX: 0000000000000200 RSI: 00002000000003c0 RDI: ffffffffffffff9c [ 671.646415][T14953] RBP: 00007f4e9f668090 R08: 0000000000000000 R09: 0000000000000000 [ 671.646431][T14953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 671.646447][T14953] R13: 0000000000000000 R14: 00007f4e9e9b5fa0 R15: 00007ffdc42e58c8 [ 671.646483][T14953] [ 671.871331][ C0] vkms_vblank_simulate: vblank timer overrun [ 672.429119][T14943] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input214 [ 672.990420][T14942] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 672.997480][T14942] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 673.004683][T14942] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 673.018632][T14942] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 673.271990][ T5151] Bluetooth: hci0: command 0x0c1a tx timeout [ 673.671806][T14969] FAULT_INJECTION: forcing a failure. [ 673.671806][T14969] name fail_futex, interval 1, probability 0, space 0, times 0 [ 673.720324][T14969] CPU: 1 UID: 0 PID: 14969 Comm: syz.0.1815 Tainted: G S U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 673.720378][T14969] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER [ 673.720388][T14969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 673.720403][T14969] Call Trace: [ 673.720412][T14969] [ 673.720423][T14969] dump_stack_lvl+0x16c/0x1f0 [ 673.720468][T14969] should_fail_ex+0x512/0x640 [ 673.720511][T14969] get_futex_key+0x1d0/0x1540 [ 673.720547][T14969] ? __pfx_get_futex_key+0x10/0x10 [ 673.720578][T14969] ? __pfx___schedule+0x10/0x10 [ 673.720612][T14969] ? do_raw_spin_unlock+0x172/0x230 [ 673.720657][T14969] futex_wait_setup+0x9d/0x550 [ 673.720704][T14969] __futex_wait+0x194/0x2f0 [ 673.720741][T14969] ? __pfx___futex_wait+0x10/0x10 [ 673.720782][T14969] ? __pfx_futex_wake_mark+0x10/0x10 [ 673.720840][T14969] futex_wait+0xe8/0x380 [ 673.720876][T14969] ? __pfx_futex_wait+0x10/0x10 [ 673.720921][T14969] ? vfs_write+0x15d/0x1150 [ 673.720962][T14969] ? __pfx_sock_write_iter+0x10/0x10 [ 673.721001][T14969] do_futex+0x229/0x350 [ 673.721033][T14969] ? __pfx_do_futex+0x10/0x10 [ 673.721078][T14969] __x64_sys_futex+0x1e0/0x4c0 [ 673.721113][T14969] ? fput+0x70/0xf0 [ 673.721137][T14969] ? __pfx___x64_sys_futex+0x10/0x10 [ 673.721183][T14969] ? xfd_validate_state+0x61/0x180 [ 673.721218][T14969] ? __pfx_ksys_write+0x10/0x10 [ 673.721267][T14969] do_syscall_64+0xcd/0x490 [ 673.721296][T14969] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 673.721324][T14969] RIP: 0033:0x7f610c38e929 [ 673.721346][T14969] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 673.721372][T14969] RSP: 002b:00007f610d13b0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 673.721398][T14969] RAX: ffffffffffffffda RBX: 00007f610c5b5fa8 RCX: 00007f610c38e929 [ 673.721416][T14969] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f610c5b5fa8 [ 673.721431][T14969] RBP: 00007f610c5b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 673.721448][T14969] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f610c5b5fac [ 673.721465][T14969] R13: 0000000000000000 R14: 00007ffd55f1a920 R15: 00007ffd55f1aa08 [ 673.721503][T14969] [ 674.588745][ T30] audit: type=1800 audit(4294967404.917:13): pid=14985 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1818" name="features" dev="configfs" ino=46292 res=0 errno=0 [ 674.626168][T14978] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1816'. [ 675.046978][ T5151] Bluetooth: hci3: command 0x0c1a tx timeout [ 675.053927][ T5151] Bluetooth: hci2: command 0x0c1a tx timeout [ 675.057248][T14666] Bluetooth: hci1: command 0x0c1a tx timeout [ 675.658262][T14978] bond0: (slave bond_slave_1): Releasing backup interface [ 676.211885][T15000] can: request_module (can-proto-0) failed. [ 676.587840][T15007] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input215 [ 678.719321][T15038] ERROR: Out of memory at tomoyo_memory_ok. [ 679.810763][T15045] input: 00 [ 679.810763][T15045] as /devices/virtual/input/input216 [ 679.874801][T15045] FAULT_INJECTION: forcing a failure. [ 679.874801][T15045] name failslab, interval 1, probability 0, space 0, times 0 [ 680.014274][T15045] CPU: 0 UID: 0 PID: 15045 Comm: syz.2.1829 Tainted: G S U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 680.014329][T15045] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER [ 680.014341][T15045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 680.014359][T15045] Call Trace: [ 680.014368][T15045] [ 680.014388][T15045] dump_stack_lvl+0x16c/0x1f0 [ 680.014439][T15045] should_fail_ex+0x512/0x640 [ 680.014480][T15045] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 680.014532][T15045] should_failslab+0xc2/0x120 [ 680.014560][T15045] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 680.014605][T15045] ? kasprintf+0xc7/0x100 [ 680.014638][T15045] kvasprintf+0xbc/0x160 [ 680.014664][T15045] ? __pfx_kvasprintf+0x10/0x10 [ 680.014713][T15045] kasprintf+0xc7/0x100 [ 680.014739][T15045] ? __pfx_kasprintf+0x10/0x10 [ 680.014782][T15045] ? __pfx_input_devnode+0x10/0x10 [ 680.014814][T15045] device_get_devnode+0x163/0x2c0 [ 680.014849][T15045] devtmpfs_create_node+0xf1/0x230 [ 680.014892][T15045] ? __pfx_devtmpfs_create_node+0x10/0x10 [ 680.014939][T15045] ? up_write+0x1b2/0x520 [ 680.014995][T15045] ? kernfs_create_link+0x1bd/0x240 [ 680.015031][T15045] ? kernfs_put+0x35/0x60 [ 680.015071][T15045] ? sysfs_do_create_link_sd+0xbb/0x140 [ 680.015113][T15045] device_add+0x10bd/0x1a70 [ 680.015145][T15045] ? __pfx_device_add+0x10/0x10 [ 680.015174][T15045] ? __pfx_exact_lock+0x10/0x10 [ 680.015223][T15045] ? kobject_get+0xbb/0x150 [ 680.015256][T15045] cdev_device_add+0xc2/0x1e0 [ 680.015303][T15045] evdev_connect+0x3a4/0x4c0 [ 680.015350][T15045] input_attach_handler.isra.0+0x181/0x260 [ 680.015406][T15045] input_register_device+0xa84/0x1130 [ 680.015452][T15045] uinput_ioctl_handler.isra.0+0x1357/0x1df0 [ 680.015487][T15045] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 680.015525][T15045] ? find_held_lock+0x2b/0x80 [ 680.015573][T15045] ? __pfx_uinput_ioctl+0x10/0x10 [ 680.015604][T15045] __x64_sys_ioctl+0x18b/0x210 [ 680.015642][T15045] do_syscall_64+0xcd/0x490 [ 680.015673][T15045] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 680.015703][T15045] RIP: 0033:0x7f4e9e78e929 [ 680.015727][T15045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 680.015756][T15045] RSP: 002b:00007f4e9f668038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 680.015786][T15045] RAX: ffffffffffffffda RBX: 00007f4e9e9b5fa0 RCX: 00007f4e9e78e929 [ 680.015806][T15045] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000007 [ 680.015824][T15045] RBP: 00007f4e9e810b39 R08: 0000000000000000 R09: 0000000000000000 [ 680.015841][T15045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 680.015858][T15045] R13: 0000000000000000 R14: 00007f4e9e9b5fa0 R15: 00007ffdc42e58c8 [ 680.015899][T15045] [ 680.792626][T15050] can: request_module (can-proto-0) failed. [ 681.036258][T15053] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input217 [ 681.306546][T15060] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1833'. [ 681.839856][T15060] hub 8-0:1.0: USB hub found [ 681.890099][T15062] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1833'. [ 681.899574][T15060] hub 8-0:1.0: 1 port detected [ 682.401403][T15074] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input218 [ 683.007830][T15078] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input219 [ 685.114185][T15089] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 685.120884][T15089] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 685.127212][T15089] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 685.133451][T15089] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 685.591774][T14666] Bluetooth: hci0: command 0x0c1a tx timeout [ 686.167236][T15117] filter_write: 1 callbacks suppressed [ 686.167256][T15117] msr: Write to unrecognized MSR 0x6 by syz.2.1846 (pid: 15117). [ 686.206510][T15117] msr: See https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/about for details. [ 686.574090][T15127] can: request_module (can-proto-0) failed. [ 687.192103][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 687.198519][ T5151] Bluetooth: hci2: command 0x0c1a tx timeout [ 687.204971][T14666] Bluetooth: hci1: command 0x0c1a tx timeout [ 687.794243][T15144] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input220 [ 687.868092][T15146] ERROR: Out of memory at tomoyo_memory_ok. [ 688.657755][T15147] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input221 [ 689.278143][T15141] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 689.310443][T15141] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 689.321683][T15141] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 689.327767][T15141] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 689.663810][T15168] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1860'. [ 689.746776][T15170] can: request_module (can-proto-0) failed. [ 689.971536][T15176] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input222 [ 690.029388][T15177] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input223 [ 690.081888][ T5834] Bluetooth: hci0: command 0x0c1a tx timeout [ 690.643634][T15185] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input224 [ 691.046050][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.055915][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.351856][T14666] Bluetooth: hci2: command 0x0c1a tx timeout [ 691.358043][ T5151] Bluetooth: hci1: command 0x0c1a tx timeout [ 691.364252][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 692.316964][T15206] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1869'. [ 693.423192][T15211] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 693.450013][T15211] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 693.489982][T15211] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 693.521002][T15211] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 693.683720][T15227] can: request_module (can-proto-0) failed. [ 693.818991][T15233] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input225 [ 694.245648][T15235] FAULT_INJECTION: forcing a failure. [ 694.245648][T15235] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 694.331927][T15235] CPU: 0 UID: 0 PID: 15235 Comm: syz.1.1877 Tainted: G S U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 694.331990][T15235] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER [ 694.332004][T15235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 694.332022][T15235] Call Trace: [ 694.332033][T15235] [ 694.332045][T15235] dump_stack_lvl+0x16c/0x1f0 [ 694.332099][T15235] should_fail_ex+0x512/0x640 [ 694.332151][T15235] should_fail_alloc_page+0xe7/0x130 [ 694.332184][T15235] prepare_alloc_pages+0x3c2/0x610 [ 694.332219][T15235] ? rcu_is_watching+0x12/0xc0 [ 694.332252][T15235] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 694.332296][T15235] ? __lock_acquire+0xb8a/0x1c90 [ 694.332354][T15235] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 694.332400][T15235] ? do_raw_spin_lock+0x12c/0x2b0 [ 694.332446][T15235] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 694.332491][T15235] ? find_held_lock+0x2b/0x80 [ 694.332533][T15235] ? __lock_acquire+0xb8a/0x1c90 [ 694.332571][T15235] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 694.332619][T15235] ? policy_nodemask+0xea/0x4e0 [ 694.332673][T15235] alloc_pages_mpol+0x1fb/0x550 [ 694.332704][T15235] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 694.332747][T15235] folio_alloc_mpol_noprof+0x36/0x2f0 [ 694.332784][T15235] shmem_alloc_folio+0x135/0x160 [ 694.332829][T15235] shmem_alloc_and_add_folio+0x499/0xc20 [ 694.332882][T15235] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 694.332931][T15235] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 694.332992][T15235] shmem_get_folio_gfp+0x67f/0x1600 [ 694.333048][T15235] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 694.333098][T15235] ? filemap_map_pages+0xf6f/0x1680 [ 694.333149][T15235] shmem_fault+0x1fe/0xa30 [ 694.333198][T15235] ? __pfx_shmem_fault+0x10/0x10 [ 694.333248][T15235] ? __pfx_filemap_map_pages+0x10/0x10 [ 694.333309][T15235] __do_fault+0x10a/0x490 [ 694.333359][T15235] __handle_mm_fault+0x3c2a/0x5490 [ 694.333415][T15235] ? __pfx___handle_mm_fault+0x10/0x10 [ 694.333451][T15235] ? __pfx_mt_find+0x10/0x10 [ 694.333515][T15235] ? find_vma+0xbf/0x140 [ 694.333545][T15235] ? __pfx_find_vma+0x10/0x10 [ 694.333581][T15235] handle_mm_fault+0x589/0xd10 [ 694.333623][T15235] ? __pkru_allows_pkey+0x41/0xb0 [ 694.333666][T15235] do_user_addr_fault+0x7a6/0x1370 [ 694.333712][T15235] ? rcu_is_watching+0x12/0xc0 [ 694.333747][T15235] exc_page_fault+0x5c/0xb0 [ 694.333792][T15235] asm_exc_page_fault+0x26/0x30 [ 694.333821][T15235] RIP: 0010:__get_user_1+0x14/0x30 [ 694.333859][T15235] Code: cc cc cc cc 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <0f> b6 10 31 c0 0f 01 ca c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 [ 694.333887][T15235] RSP: 0018:ffffc9000b4b7c00 EFLAGS: 00050287 [ 694.333913][T15235] RAX: 0000000000006000 RBX: 0000000000008000 RCX: 000000000000fdef [ 694.333932][T15235] RDX: 00007ffffffff000 RSI: ffffffff848ea471 RDI: ffffffff8c156360 [ 694.333951][T15235] RBP: ffff88805cc2c800 R08: e413ae451c1b1443 R09: 0000000000000000 [ 694.333969][T15235] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000009def [ 694.333998][T15235] R13: 0000000000005e18 R14: ffffed100b985961 R15: 0000000000007fff [ 694.334034][T15235] ? tomoyo_write_control+0x321/0x1430 [ 694.334090][T15235] tomoyo_write_control+0x336/0x1430 [ 694.334158][T15235] ? __pfx_tomoyo_write_control+0x10/0x10 [ 694.334219][T15235] ? __pfx_tomoyo_write+0x10/0x10 [ 694.334258][T15235] vfs_write+0x29d/0x1150 [ 694.334308][T15235] ? __pfx___mutex_lock+0x10/0x10 [ 694.334355][T15235] ? __pfx_vfs_write+0x10/0x10 [ 694.334410][T15235] ? __fget_files+0x20e/0x3c0 [ 694.334463][T15235] ksys_write+0x12a/0x250 [ 694.334504][T15235] ? __pfx_ksys_write+0x10/0x10 [ 694.334559][T15235] do_syscall_64+0xcd/0x490 [ 694.334591][T15235] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 694.334621][T15235] RIP: 0033:0x7f327ef8e929 [ 694.334645][T15235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 694.334673][T15235] RSP: 002b:00007f327fd90038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 694.334698][T15235] RAX: ffffffffffffffda RBX: 00007f327f1b5fa0 RCX: 00007f327ef8e929 [ 694.334716][T15235] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 694.334730][T15235] RBP: 00007f327f010b39 R08: 0000000000000000 R09: 0000000000000000 [ 694.334739][T15235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 694.334749][T15235] R13: 0000000000000000 R14: 00007f327f1b5fa0 R15: 00007ffe3a728368 [ 694.334772][T15235] [ 695.265209][ T5834] Bluetooth: hci0: command 0x0c1a tx timeout [ 695.511868][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout [ 695.513621][ T5151] Bluetooth: hci1: command 0x0c1a tx timeout [ 695.595627][ T5151] Bluetooth: hci3: command 0x0c1a tx timeout [ 695.815460][T15248] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1880'. [ 696.971066][T15268] could not allocate digest TFM handle [ 697.544725][T15245] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 697.551058][T15245] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 697.557442][T15245] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 697.563834][T15245] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 697.752662][ T5151] Bluetooth: hci0: command 0x0c1a tx timeout [ 697.992826][T15285] ERROR: Out of memory at tomoyo_memory_ok. [ 698.483337][T15286] ERROR: Out of memory at tomoyo_memory_ok. [ 698.492505][T15294] ERROR: Out of memory at tomoyo_memory_ok. [ 698.513440][T15297] ERROR: Out of memory at tomoyo_memory_ok. [ 698.830231][T15289] FAULT_INJECTION: forcing a failure. [ 698.830231][T15289] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 699.053122][T15289] CPU: 0 UID: 0 PID: 15289 Comm: syz.0.1889 Tainted: G S U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 699.053175][T15289] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER [ 699.053187][T15289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 699.053204][T15289] Call Trace: [ 699.053214][T15289] [ 699.053235][T15289] dump_stack_lvl+0x16c/0x1f0 [ 699.053285][T15289] should_fail_ex+0x512/0x640 [ 699.053335][T15289] should_fail_alloc_page+0xe7/0x130 [ 699.053367][T15289] prepare_alloc_pages+0x3c2/0x610 [ 699.053401][T15289] ? rcu_is_watching+0x12/0xc0 [ 699.053434][T15289] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 699.053479][T15289] ? __lock_acquire+0xb8a/0x1c90 [ 699.053523][T15289] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 699.053567][T15289] ? do_raw_spin_lock+0x12c/0x2b0 [ 699.053612][T15289] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 699.053656][T15289] ? find_held_lock+0x2b/0x80 [ 699.053695][T15289] ? __lock_acquire+0xb8a/0x1c90 [ 699.053730][T15289] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 699.053774][T15289] ? policy_nodemask+0xea/0x4e0 [ 699.053819][T15289] alloc_pages_mpol+0x1fb/0x550 [ 699.053847][T15289] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 699.053886][T15289] folio_alloc_mpol_noprof+0x36/0x2f0 [ 699.053922][T15289] shmem_alloc_folio+0x135/0x160 [ 699.053958][T15289] shmem_alloc_and_add_folio+0x499/0xc20 [ 699.054008][T15289] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 699.054056][T15289] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 699.054106][T15289] shmem_get_folio_gfp+0x67f/0x1600 [ 699.054158][T15289] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 699.054207][T15289] ? filemap_map_pages+0xf6f/0x1680 [ 699.054266][T15289] shmem_fault+0x1fe/0xa30 [ 699.054313][T15289] ? __pfx_shmem_fault+0x10/0x10 [ 699.054366][T15289] ? __pfx_filemap_map_pages+0x10/0x10 [ 699.054426][T15289] __do_fault+0x10a/0x490 [ 699.054476][T15289] __handle_mm_fault+0x3c2a/0x5490 [ 699.054532][T15289] ? __pfx___handle_mm_fault+0x10/0x10 [ 699.054568][T15289] ? __pfx_mt_find+0x10/0x10 [ 699.054631][T15289] ? find_vma+0xbf/0x140 [ 699.054660][T15289] ? __pfx_find_vma+0x10/0x10 [ 699.054697][T15289] handle_mm_fault+0x589/0xd10 [ 699.054738][T15289] ? __pkru_allows_pkey+0x41/0xb0 [ 699.054780][T15289] do_user_addr_fault+0x7a6/0x1370 [ 699.054826][T15289] ? rcu_is_watching+0x12/0xc0 [ 699.054861][T15289] exc_page_fault+0x5c/0xb0 [ 699.054908][T15289] asm_exc_page_fault+0x26/0x30 [ 699.054936][T15289] RIP: 0010:__get_user_1+0x14/0x30 [ 699.054974][T15289] Code: cc cc cc cc 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <0f> b6 10 31 c0 0f 01 ca c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 [ 699.055002][T15289] RSP: 0018:ffffc9000b9f7c00 EFLAGS: 00050287 [ 699.055027][T15289] RAX: 0000000000008000 RBX: 0000000000008000 RCX: 000000000000fdef [ 699.055046][T15289] RDX: 00007ffffffff000 RSI: ffffffff848ea471 RDI: ffffffff8c156360 [ 699.055065][T15289] RBP: ffff88805c8b6000 R08: e413ae451c1b1443 R09: 0000000000000000 [ 699.055084][T15289] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000007def [ 699.055102][T15289] R13: 0000000000007e18 R14: ffffed100b916c61 R15: 0000000000007fff [ 699.055138][T15289] ? tomoyo_write_control+0x321/0x1430 [ 699.055194][T15289] tomoyo_write_control+0x336/0x1430 [ 699.055272][T15289] ? __pfx_tomoyo_write_control+0x10/0x10 [ 699.055335][T15289] ? __pfx_tomoyo_write+0x10/0x10 [ 699.055376][T15289] vfs_write+0x29d/0x1150 [ 699.055427][T15289] ? __pfx___mutex_lock+0x10/0x10 [ 699.055474][T15289] ? __pfx_vfs_write+0x10/0x10 [ 699.055532][T15289] ? __fget_files+0x20e/0x3c0 [ 699.055589][T15289] ksys_write+0x12a/0x250 [ 699.055631][T15289] ? __pfx_ksys_write+0x10/0x10 [ 699.055690][T15289] do_syscall_64+0xcd/0x490 [ 699.055722][T15289] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 699.055751][T15289] RIP: 0033:0x7f610c38e929 [ 699.055775][T15289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 699.055802][T15289] RSP: 002b:00007f610d13b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 699.055828][T15289] RAX: ffffffffffffffda RBX: 00007f610c5b5fa0 RCX: 00007f610c38e929 [ 699.055847][T15289] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 699.055863][T15289] RBP: 00007f610c410b39 R08: 0000000000000000 R09: 0000000000000000 [ 699.055881][T15289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 699.055898][T15289] R13: 0000000000000000 R14: 00007f610c5b5fa0 R15: 00007ffd55f1aa08 [ 699.055941][T15289] [ 699.842805][ T5151] Bluetooth: hci3: command 0x0c1a tx timeout [ 699.842832][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout [ 699.848906][ T5151] Bluetooth: hci1: command 0x0c1a tx timeout [ 700.935466][T15322] netlink: 122 bytes leftover after parsing attributes in process `syz.0.1896'. [ 701.816599][T15336] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1899'. [ 701.841767][T15336] bridge0: entered promiscuous mode [ 702.951916][T14666] Bluetooth: hci2: command 0x0c1a tx timeout [ 702.959325][ T5837] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 705.449855][T15366] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1908'. [ 705.513881][T15356] FAULT_INJECTION: forcing a failure. [ 705.513881][T15356] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 705.661742][T15356] CPU: 1 UID: 0 PID: 15356 Comm: syz.1.1904 Tainted: G S U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 705.661791][T15356] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER [ 705.661803][T15356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 705.661818][T15356] Call Trace: [ 705.661828][T15356] [ 705.661839][T15356] dump_stack_lvl+0x16c/0x1f0 [ 705.661893][T15356] should_fail_ex+0x512/0x640 [ 705.661937][T15356] should_fail_alloc_page+0xe7/0x130 [ 705.661968][T15356] prepare_alloc_pages+0x3c2/0x610 [ 705.662003][T15356] ? rcu_is_watching+0x12/0xc0 [ 705.662040][T15356] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 705.662087][T15356] ? __lock_acquire+0xb8a/0x1c90 [ 705.662146][T15356] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 705.662192][T15356] ? do_raw_spin_lock+0x12c/0x2b0 [ 705.662242][T15356] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 705.662288][T15356] ? find_held_lock+0x2b/0x80 [ 705.662337][T15356] ? __lock_acquire+0xb8a/0x1c90 [ 705.662376][T15356] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 705.662426][T15356] ? policy_nodemask+0xea/0x4e0 [ 705.662479][T15356] alloc_pages_mpol+0x1fb/0x550 [ 705.662511][T15356] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 705.662554][T15356] folio_alloc_mpol_noprof+0x36/0x2f0 [ 705.662592][T15356] shmem_alloc_folio+0x135/0x160 [ 705.662632][T15356] shmem_alloc_and_add_folio+0x499/0xc20 [ 705.662685][T15356] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 705.662733][T15356] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 705.662786][T15356] shmem_get_folio_gfp+0x67f/0x1600 [ 705.662839][T15356] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 705.662886][T15356] ? filemap_map_pages+0xf6f/0x1680 [ 705.662938][T15356] shmem_fault+0x1fe/0xa30 [ 705.662980][T15356] ? __pfx_shmem_fault+0x10/0x10 [ 705.663029][T15356] ? __pfx_filemap_map_pages+0x10/0x10 [ 705.663087][T15356] __do_fault+0x10a/0x490 [ 705.663134][T15356] __handle_mm_fault+0x3c2a/0x5490 [ 705.663187][T15356] ? __pfx___handle_mm_fault+0x10/0x10 [ 705.663231][T15356] ? __pfx_mt_find+0x10/0x10 [ 705.663291][T15356] ? find_vma+0xbf/0x140 [ 705.663321][T15356] ? __pfx_find_vma+0x10/0x10 [ 705.663355][T15356] handle_mm_fault+0x589/0xd10 [ 705.663397][T15356] ? __pkru_allows_pkey+0x41/0xb0 [ 705.663441][T15356] do_user_addr_fault+0x7a6/0x1370 [ 705.663487][T15356] ? rcu_is_watching+0x12/0xc0 [ 705.663522][T15356] exc_page_fault+0x5c/0xb0 [ 705.663568][T15356] asm_exc_page_fault+0x26/0x30 [ 705.663596][T15356] RIP: 0010:__get_user_1+0x14/0x30 [ 705.663632][T15356] Code: cc cc cc cc 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <0f> b6 10 31 c0 0f 01 ca c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 [ 705.663660][T15356] RSP: 0018:ffffc9000b897c00 EFLAGS: 00050287 [ 705.663684][T15356] RAX: 0000000000007000 RBX: 0000000000008000 RCX: 000000000000fdef [ 705.663703][T15356] RDX: 00007ffffffff000 RSI: ffffffff848ea471 RDI: ffffffff8c156360 [ 705.663722][T15356] RBP: ffff88802bd71800 R08: e413ae451c1b1443 R09: 0000000000000000 [ 705.663739][T15356] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000008def [ 705.663756][T15356] R13: 0000000000006e18 R14: ffffed10057ae361 R15: 0000000000007fff [ 705.663791][T15356] ? tomoyo_write_control+0x321/0x1430 [ 705.663846][T15356] tomoyo_write_control+0x336/0x1430 [ 705.663914][T15356] ? __pfx_tomoyo_write_control+0x10/0x10 [ 705.663975][T15356] ? __pfx_tomoyo_write+0x10/0x10 [ 705.664014][T15356] vfs_write+0x29d/0x1150 [ 705.664062][T15356] ? __pfx___mutex_lock+0x10/0x10 [ 705.664108][T15356] ? __pfx_vfs_write+0x10/0x10 [ 705.664163][T15356] ? __fget_files+0x20e/0x3c0 [ 705.664229][T15356] ksys_write+0x12a/0x250 [ 705.664270][T15356] ? __pfx_ksys_write+0x10/0x10 [ 705.664327][T15356] do_syscall_64+0xcd/0x490 [ 705.664359][T15356] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 705.664388][T15356] RIP: 0033:0x7f327ef8e929 [ 705.664412][T15356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 705.664437][T15356] RSP: 002b:00007f327fd90038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 705.664464][T15356] RAX: ffffffffffffffda RBX: 00007f327f1b5fa0 RCX: 00007f327ef8e929 [ 705.664484][T15356] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 705.664502][T15356] RBP: 00007f327f010b39 R08: 0000000000000000 R09: 0000000000000000 [ 705.664520][T15356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 705.664539][T15356] R13: 0000000000000000 R14: 00007f327f1b5fa0 R15: 00007ffe3a728368 [ 705.664582][T15356] [ 707.213521][T15377] can: request_module (can-proto-0) failed. [ 707.446423][T15373] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1909'. [ 708.010375][T15379] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input226 [ 708.097955][T15391] input: 00 [ 708.097955][T15391] as /devices/virtual/input/input227 [ 708.180677][T15391] FAULT_INJECTION: forcing a failure. [ 708.180677][T15391] name failslab, interval 1, probability 0, space 0, times 0 [ 708.229468][T15391] CPU: 1 UID: 0 PID: 15391 Comm: syz.2.1912 Tainted: G S U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 708.229523][T15391] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER [ 708.229536][T15391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 708.229553][T15391] Call Trace: [ 708.229563][T15391] [ 708.229575][T15391] dump_stack_lvl+0x16c/0x1f0 [ 708.229627][T15391] should_fail_ex+0x512/0x640 [ 708.229669][T15391] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 708.229718][T15391] should_failslab+0xc2/0x120 [ 708.229745][T15391] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 708.229790][T15391] ? __alloc_skb+0x2b2/0x380 [ 708.229839][T15391] __alloc_skb+0x2b2/0x380 [ 708.229881][T15391] ? __pfx___alloc_skb+0x10/0x10 [ 708.229933][T15391] ? netlink_has_listeners+0x20f/0x430 [ 708.229971][T15391] alloc_uevent_skb+0x7d/0x210 [ 708.230008][T15391] kobject_uevent_env+0xca4/0x1870 [ 708.230048][T15391] ? kernfs_put+0x35/0x60 [ 708.230088][T15391] ? sysfs_do_create_link_sd+0xbb/0x140 [ 708.230135][T15391] ? bus_to_subsys+0x131/0x160 [ 708.230175][T15391] device_add+0x10dd/0x1a70 [ 708.230209][T15391] ? __pfx_device_add+0x10/0x10 [ 708.230243][T15391] ? __pfx_exact_lock+0x10/0x10 [ 708.230295][T15391] ? kobject_get+0xbb/0x150 [ 708.230328][T15391] cdev_device_add+0xc2/0x1e0 [ 708.230371][T15391] evdev_connect+0x3a4/0x4c0 [ 708.230416][T15391] input_attach_handler.isra.0+0x181/0x260 [ 708.230461][T15391] input_register_device+0xa84/0x1130 [ 708.230507][T15391] uinput_ioctl_handler.isra.0+0x1357/0x1df0 [ 708.230542][T15391] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 708.230583][T15391] ? find_held_lock+0x2b/0x80 [ 708.230639][T15391] ? __pfx_uinput_ioctl+0x10/0x10 [ 708.230670][T15391] __x64_sys_ioctl+0x18b/0x210 [ 708.230709][T15391] do_syscall_64+0xcd/0x490 [ 708.230761][T15391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 708.230792][T15391] RIP: 0033:0x7f4e9e78e929 [ 708.230817][T15391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 708.230845][T15391] RSP: 002b:00007f4e9f668038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 708.230873][T15391] RAX: ffffffffffffffda RBX: 00007f4e9e9b5fa0 RCX: 00007f4e9e78e929 [ 708.230890][T15391] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000007 [ 708.230916][T15391] RBP: 00007f4e9e810b39 R08: 0000000000000000 R09: 0000000000000000 [ 708.230933][T15391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 708.230950][T15391] R13: 0000000000000000 R14: 00007f4e9e9b5fa0 R15: 00007ffdc42e58c8 [ 708.230995][T15391] [ 712.365550][T15441] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1924'. [ 712.422599][T15441] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1924'. [ 713.032282][T14666] Bluetooth: hci0: command 0x0c1a tx timeout [ 713.043694][T15424] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 713.325950][T15424] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 713.343080][T15424] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 713.819629][T15461] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1928'. [ 715.121767][T14666] Bluetooth: hci1: command 0x0c1a tx timeout [ 715.351844][T14666] Bluetooth: hci3: command 0x0c1a tx timeout [ 716.089561][T15480] random: crng reseeded on system resumption [ 717.220945][T15504] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1937'. [ 717.255851][T15504] ipvlan1: entered allmulticast mode [ 717.350716][T15504] veth0_vlan: entered allmulticast mode [ 718.205274][T15524] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input228 [ 718.338654][T15513] vivid-003: ================= START STATUS ================= [ 718.355626][T15513] vivid-003: Radio HW Seek Mode: Bounded [ 718.361383][T15513] vivid-003: Radio Programmable HW Seek: false [ 718.441941][T15513] vivid-003: RDS Rx I/O Mode: Block I/O [ 718.447683][T15513] vivid-003: Generate RBDS Instead of RDS: false [ 718.455910][T15513] vivid-003: RDS Reception: true [ 718.461967][T15513] vivid-003: RDS Program Type: 0 inactive [ 718.467745][T15513] vivid-003: RDS PS Name: inactive [ 718.475381][T15513] vivid-003: RDS Radio Text: inactive [ 718.480893][T15513] vivid-003: RDS Traffic Announcement: false inactive [ 718.488052][T15513] vivid-003: RDS Traffic Program: false inactive [ 718.494573][T15513] vivid-003: RDS Music: false inactive [ 718.511805][T15513] vivid-003: ================== END STATUS ================== [ 719.610841][T15536] could not allocate digest TFM handle binfmt_misc [ 719.667366][T15527] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input229 [ 719.876929][T15549] ERROR: Out of memory at tomoyo_memory_ok. [ 721.099645][T15559] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1950'. [ 721.129825][T15557] can: request_module (can-proto-0) failed. [ 721.245918][T15557] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input230 [ 722.253771][T15571] can: request_module (can-proto-0) failed. [ 722.389081][T15574] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input231 [ 722.697591][T15577] ERROR: Out of memory at tomoyo_memory_ok. [ 723.251335][T15583] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input232 [ 724.015827][T15584] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input234 [ 725.053295][T15601] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 725.075098][T15601] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 725.091961][T15601] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 725.099780][T15601] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 725.976726][T15621] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input235 [ 726.194997][T15630] ERROR: Out of memory at tomoyo_memory_ok. [ 727.111749][T14666] Bluetooth: hci3: command 0x0c1a tx timeout [ 727.111827][ T5151] Bluetooth: hci2: command 0x0c1a tx timeout [ 727.117845][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 727.343650][T15641] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 727.367677][T15619] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 727.374389][T15619] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 727.381728][T15619] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 727.387955][T15619] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 728.071710][ T5834] Bluetooth: hci0: command 0x0c1a tx timeout [ 728.110785][T15638] netlink: zone id is out of range [ 728.117070][T15638] netlink: zone id is out of range [ 728.128568][T15638] netlink: zone id is out of range [ 728.135195][T15638] netlink: zone id is out of range [ 728.140955][T15638] netlink: del zone limit has 8 unknown bytes [ 729.448123][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 729.454274][T14666] Bluetooth: hci2: command 0x0c1a tx timeout [ 729.454291][ T5151] Bluetooth: hci1: command 0x0c1a tx timeout [ 730.405268][T15687] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 730.462552][T15687] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 730.469303][T15687] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 730.505808][T15687] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 731.276687][T15729] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input236 [ 731.671884][ T5151] Bluetooth: hci0: command 0x0c1a tx timeout [ 732.413333][T15738] FAULT_INJECTION: forcing a failure. [ 732.413333][T15738] name failslab, interval 1, probability 0, space 0, times 0 [ 732.471775][ T5151] Bluetooth: hci2: command 0x0c1a tx timeout [ 732.471785][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 732.557702][ T5151] Bluetooth: hci3: command 0x0c1a tx timeout [ 732.622030][T15738] CPU: 0 UID: 0 PID: 15738 Comm: syz.0.1987 Tainted: G S U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 732.622088][T15738] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER [ 732.622100][T15738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 732.622117][T15738] Call Trace: [ 732.622127][T15738] [ 732.622139][T15738] dump_stack_lvl+0x16c/0x1f0 [ 732.622190][T15738] should_fail_ex+0x512/0x640 [ 732.622231][T15738] ? __kmalloc_noprof+0xbf/0x510 [ 732.622276][T15738] ? sk_prot_alloc+0x1a8/0x2a0 [ 732.622307][T15738] should_failslab+0xc2/0x120 [ 732.622335][T15738] __kmalloc_noprof+0xd2/0x510 [ 732.622385][T15738] sk_prot_alloc+0x1a8/0x2a0 [ 732.622421][T15738] sk_alloc+0x36/0xc20 [ 732.622465][T15738] __netlink_create+0x5e/0x2c0 [ 732.622507][T15738] ? __wake_up+0x3f/0x60 [ 732.622542][T15738] netlink_create+0x39e/0x620 [ 732.622567][T15738] ? __pfx_genl_bind+0x10/0x10 [ 732.622599][T15738] ? __pfx_genl_unbind+0x10/0x10 [ 732.622631][T15738] ? __pfx_genl_release+0x10/0x10 [ 732.622667][T15738] __sock_create+0x338/0x8d0 [ 732.622711][T15738] __sys_socket+0x14d/0x260 [ 732.622743][T15738] ? __x64_sys_openat+0x174/0x210 [ 732.622773][T15738] ? __pfx___sys_socket+0x10/0x10 [ 732.622808][T15738] ? xfd_validate_state+0x61/0x180 [ 732.622854][T15738] __x64_sys_socket+0x72/0xb0 [ 732.622889][T15738] ? lockdep_hardirqs_on+0x7c/0x110 [ 732.622940][T15738] do_syscall_64+0xcd/0x490 [ 732.622970][T15738] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 732.623001][T15738] RIP: 0033:0x7f610c38e929 [ 732.623023][T15738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 732.623051][T15738] RSP: 002b:00007f610d13b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 732.623078][T15738] RAX: ffffffffffffffda RBX: 00007f610c5b5fa0 RCX: 00007f610c38e929 [ 732.623098][T15738] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 732.623115][T15738] RBP: 00007f610c410b39 R08: 0000000000000000 R09: 0000000000000000 [ 732.623132][T15738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 732.623149][T15738] R13: 0000000000000000 R14: 00007f610c5b5fa0 R15: 00007ffd55f1aa08 [ 732.623187][T15738] [ 733.336102][T15748] can: request_module (can-proto-0) failed. [ 733.398152][T15751] can: request_module (can-proto-0) failed. [ 733.497921][T15758] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input237 [ 734.184885][T15761] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input238 [ 735.378100][T15782] FAULT_INJECTION: forcing a failure. [ 735.378100][T15782] name failslab, interval 1, probability 0, space 0, times 0 [ 735.411754][T15782] CPU: 1 UID: 0 PID: 15782 Comm: syz.1.1996 Tainted: G S U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 735.411805][T15782] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER [ 735.411816][T15782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 735.411831][T15782] Call Trace: [ 735.411841][T15782] [ 735.411852][T15782] dump_stack_lvl+0x16c/0x1f0 [ 735.411901][T15782] should_fail_ex+0x512/0x640 [ 735.411949][T15782] should_failslab+0xc2/0x120 [ 735.411978][T15782] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 735.412023][T15782] ? dst_alloc+0x99/0x1a0 [ 735.412077][T15782] ? __pfx_ip6_dst_gc+0x10/0x10 [ 735.412116][T15782] dst_alloc+0x99/0x1a0 [ 735.412160][T15782] ip6_rt_cache_alloc+0x1f6/0x8c0 [ 735.412199][T15782] ? __pfx_ip6_rt_cache_alloc+0x10/0x10 [ 735.412247][T15782] ip6_pol_route+0xd7b/0x1230 [ 735.412289][T15782] ? __pfx_ip6_pol_route+0x10/0x10 [ 735.412326][T15782] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 735.412364][T15782] ? kernel_text_address+0x8d/0x100 [ 735.412420][T15782] ? unwind_get_return_address+0x59/0xa0 [ 735.412465][T15782] ? arch_stack_walk+0xa6/0x100 [ 735.412518][T15782] ? __pfx_ip6_pol_route_output+0x10/0x10 [ 735.412554][T15782] fib6_rule_lookup+0x24c/0x720 [ 735.412593][T15782] ? __pfx_fib6_rule_lookup+0x10/0x10 [ 735.412624][T15782] ? stack_trace_save+0x8e/0xc0 [ 735.412681][T15782] ? kasan_save_stack+0x42/0x60 [ 735.412721][T15782] ? kasan_save_stack+0x33/0x60 [ 735.412759][T15782] ? kasan_record_aux_stack+0xa7/0xc0 [ 735.412792][T15782] ? __call_rcu_common.constprop.0+0x9a/0x9f0 [ 735.412843][T15782] ip6_route_output_flags+0x1d0/0x640 [ 735.412881][T15782] ip6_dst_lookup_tail.constprop.0+0x115a/0x2140 [ 735.412935][T15782] ? __pfx_ip6_dst_lookup_tail.constprop.0+0x10/0x10 [ 735.412981][T15782] ? __lock_acquire+0x622/0x1c90 [ 735.413034][T15782] ip6_dst_lookup_flow+0x99/0x1d0 [ 735.413072][T15782] ? __pfx_ip6_dst_lookup_flow+0x10/0x10 [ 735.413106][T15782] ? find_held_lock+0x2b/0x80 [ 735.413135][T15782] ? rawv6_sendmsg+0xb73/0x47a0 [ 735.413172][T15782] rawv6_sendmsg+0xe8a/0x47a0 [ 735.413222][T15782] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 735.413265][T15782] ? __up_read+0x1f8/0x750 [ 735.413309][T15782] ? __pfx___up_read+0x10/0x10 [ 735.413373][T15782] ? __lock_acquire+0xb8a/0x1c90 [ 735.413417][T15782] ? __pfx___might_resched+0x10/0x10 [ 735.413467][T15782] ? __pfx_aa_sk_perm+0x10/0x10 [ 735.413501][T15782] ? __import_iovec+0x1dd/0x650 [ 735.413527][T15782] ? __might_fault+0xe3/0x190 [ 735.413563][T15782] ? __might_fault+0x13b/0x190 [ 735.413603][T15782] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 735.413645][T15782] ? inet_sendmsg+0x119/0x140 [ 735.413684][T15782] inet_sendmsg+0x119/0x140 [ 735.413726][T15782] ____sys_sendmsg+0x973/0xc70 [ 735.413762][T15782] ? copy_msghdr_from_user+0x10a/0x160 [ 735.413806][T15782] ? __pfx_____sys_sendmsg+0x10/0x10 [ 735.413847][T15782] ? kfree+0x24f/0x4d0 [ 735.413877][T15782] ? __pfx__kstrtoull+0x10/0x10 [ 735.413916][T15782] ___sys_sendmsg+0x134/0x1d0 [ 735.413956][T15782] ? __pfx____sys_sendmsg+0x10/0x10 [ 735.414020][T15782] ? __pfx___might_resched+0x10/0x10 [ 735.414049][T15782] __sys_sendmmsg+0x200/0x420 [ 735.414087][T15782] ? __pfx___sys_sendmmsg+0x10/0x10 [ 735.414131][T15782] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 735.414180][T15782] ? fput+0x70/0xf0 [ 735.414200][T15782] ? ksys_write+0x1ac/0x250 [ 735.414229][T15782] ? __pfx_ksys_write+0x10/0x10 [ 735.414265][T15782] __x64_sys_sendmmsg+0x9c/0x100 [ 735.414297][T15782] ? lockdep_hardirqs_on+0x7c/0x110 [ 735.414329][T15782] do_syscall_64+0xcd/0x490 [ 735.414350][T15782] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 735.414372][T15782] RIP: 0033:0x7f327ef8e929 [ 735.414392][T15782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 735.414413][T15782] RSP: 002b:00007f327fd90038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 735.414435][T15782] RAX: ffffffffffffffda RBX: 00007f327f1b5fa0 RCX: 00007f327ef8e929 [ 735.414449][T15782] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 735.414462][T15782] RBP: 00007f327fd90090 R08: 0000000000000000 R09: 0000000000000000 [ 735.414475][T15782] R10: 0000000007fffffe R11: 0000000000000246 R12: 0000000000000002 [ 735.414488][T15782] R13: 0000000000000000 R14: 00007f327f1b5fa0 R15: 00007ffe3a728368 [ 735.414518][T15782] [ 735.846831][ C1] vkms_vblank_simulate: vblank timer overrun [ 736.534720][T15774] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 736.542459][T15774] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 736.549437][T15774] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 736.556111][T15774] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 737.040714][ T5151] Bluetooth: hci0: command 0x0c1a tx timeout [ 737.444060][T15811] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2002'. [ 737.448762][T15807] could not allocate digest TFM handle [ 737.474490][T15798] ERROR: Out of memory at tomoyo_memory_ok. [ 738.134738][T15828] ubi0: attaching mtd0 [ 738.143518][T15828] ubi0: scanning is finished [ 738.151821][T15828] ubi0: empty MTD device detected [ 738.174972][T15832] ERROR: Out of memory at tomoyo_memory_ok. [ 738.551748][ T5151] Bluetooth: hci1: command 0x0c1a tx timeout [ 738.641846][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout [ 738.648042][ T5151] Bluetooth: hci3: command 0x0c1a tx timeout [ 739.153926][T15828] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 739.201814][T15828] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 739.254728][T15828] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 739.290216][T15828] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 739.352036][T15828] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 739.372064][T15828] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 739.430193][T15828] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2307537950 [ 739.501697][T15828] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 739.813781][T15840] ubi0: background thread "ubi_bgt0d" started, PID 15840 [ 741.178382][T15873] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2016'. [ 741.918975][T15885] ERROR: Out of memory at tomoyo_memory_ok. [ 742.062140][T15892] ERROR: Out of memory at tomoyo_memory_ok. [ 743.379140][T15907] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input239 [ 743.406412][T15906] can: request_module (can-proto-0) failed. [ 743.853067][T15918] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input240 [ 745.274029][T15915] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input241 [ 746.595070][T15948] can: request_module (can-proto-0) failed. [ 746.849972][T15958] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input242 [ 747.366108][T15963] can: request_module (can-proto-3) failed. [ 747.676785][T15971] can: request_module (can-proto-0) failed. [ 748.083035][T15980] FAULT_INJECTION: forcing a failure. [ 748.083035][T15980] name failslab, interval 1, probability 0, space 0, times 0 [ 748.165461][T15980] CPU: 0 UID: 0 PID: 15980 Comm: syz.0.2037 Tainted: G S U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 748.165518][T15980] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER [ 748.165530][T15980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 748.165647][T15980] Call Trace: [ 748.165657][T15980] [ 748.165669][T15980] dump_stack_lvl+0x16c/0x1f0 [ 748.165718][T15980] should_fail_ex+0x512/0x640 [ 748.165755][T15980] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 748.165796][T15980] should_failslab+0xc2/0x120 [ 748.165825][T15980] __kmalloc_cache_noprof+0x6a/0x3e0 [ 748.165860][T15980] ? fuse_dev_alloc+0x48/0x280 [ 748.165905][T15980] fuse_dev_alloc+0x48/0x280 [ 748.165947][T15980] fuse_dev_alloc_install+0x13/0x40 [ 748.165990][T15980] cuse_channel_open+0x100/0x7f0 [ 748.166027][T15980] ? __pfx_cuse_channel_open+0x10/0x10 [ 748.166067][T15980] misc_open+0x35d/0x420 [ 748.166105][T15980] ? __pfx_misc_open+0x10/0x10 [ 748.166141][T15980] chrdev_open+0x231/0x6a0 [ 748.166193][T15980] ? __pfx_apparmor_file_open+0x10/0x10 [ 748.166233][T15980] ? __pfx_chrdev_open+0x10/0x10 [ 748.166283][T15980] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 748.166333][T15980] do_dentry_open+0x744/0x1c10 [ 748.166378][T15980] ? __pfx_chrdev_open+0x10/0x10 [ 748.166435][T15980] vfs_open+0x82/0x3f0 [ 748.166475][T15980] path_openat+0x1de4/0x2cb0 [ 748.166546][T15980] ? __pfx_path_openat+0x10/0x10 [ 748.166593][T15980] ? __lock_acquire+0xb8a/0x1c90 [ 748.166640][T15980] do_filp_open+0x20b/0x470 [ 748.166685][T15980] ? __pfx_do_filp_open+0x10/0x10 [ 748.166769][T15980] ? alloc_fd+0x471/0x7d0 [ 748.166824][T15980] do_sys_openat2+0x11b/0x1d0 [ 748.166857][T15980] ? __pfx_do_sys_openat2+0x10/0x10 [ 748.166913][T15980] __x64_sys_openat+0x174/0x210 [ 748.166948][T15980] ? __pfx___x64_sys_openat+0x10/0x10 [ 748.167004][T15980] do_syscall_64+0xcd/0x490 [ 748.167036][T15980] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 748.167066][T15980] RIP: 0033:0x7f610c38e929 [ 748.167092][T15980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 748.167122][T15980] RSP: 002b:00007f610d11a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 748.167151][T15980] RAX: ffffffffffffffda RBX: 00007f610c5b6080 RCX: 00007f610c38e929 [ 748.167171][T15980] RDX: 00000000001c1041 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 748.167190][T15980] RBP: 00007f610c410b39 R08: 0000000000000000 R09: 0000000000000000 [ 748.167209][T15980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 748.167226][T15980] R13: 0000000000000000 R14: 00007f610c5b6080 R15: 00007ffd55f1aa08 [ 748.167267][T15980] [ 748.741360][T15988] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input243 [ 749.511158][T15994] could not allocate digest TFM handle binfmt_misc [ 749.605576][T15991] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input244 [ 751.789856][T16034] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2049'. [ 752.479449][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.493929][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 752.651215][T16045] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2053'. [ 753.273677][T16051] usb usb8: usbfs: interface 0 claimed by hub while 'syz.0.2054' sets config #0 [ 754.434439][T16073] cgroup: fork rejected by pids controller in /syz1 [ 755.096310][T16123] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2061'. [ 755.328885][T16123] hub 8-0:1.0: USB hub found [ 755.349669][T16126] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2061'. [ 755.392092][T16123] hub 8-0:1.0: 1 port detected [ 756.120947][T16142] ERROR: Out of memory at tomoyo_memory_ok. [ 756.550242][T16143] snd_aloop snd_aloop.0: control 16781581:65535:512:'?F/zF˷fC:1037 is already present [ 756.599738][T16143] ERROR: Out of memory at tomoyo_memory_ok. [ 757.832263][T16159] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2067'. [ 758.960588][T16176] can: request_module (can-proto-0) failed. [ 759.153396][T16182] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input245 [ 760.123846][T16200] ERROR: Out of memory at tomoyo_memory_ok. [ 760.186832][T16204] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input246 [ 760.392399][T16189] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 760.398705][T16189] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 760.404898][T16189] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 760.411685][T16189] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 760.811380][T16205] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input247 [ 762.472072][ T5151] Bluetooth: hci3: command 0x0c1a tx timeout [ 762.472124][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout [ 762.478682][T14666] Bluetooth: hci1: command 0x0c1a tx timeout [ 762.484980][ T5834] Bluetooth: hci0: command 0x0c1a tx timeout [ 762.510108][T16244] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input248 [ 762.825398][T16245] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input249 [ 763.432673][T16261] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 763.638720][T16256] Invalid ELF header magic: != ELF [ 763.739686][T16268] input: 00 [ 763.739686][T16268] as /devices/virtual/input/input250 [ 763.951768][T16268] FAULT_INJECTION: forcing a failure. [ 763.951768][T16268] name failslab, interval 1, probability 0, space 0, times 0 [ 763.982609][T16268] CPU: 1 UID: 0 PID: 16268 Comm: syz.0.2091 Tainted: G S U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 763.982673][T16268] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER [ 763.982685][T16268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 763.982702][T16268] Call Trace: [ 763.982712][T16268] [ 763.982723][T16268] dump_stack_lvl+0x16c/0x1f0 [ 763.982773][T16268] should_fail_ex+0x512/0x640 [ 763.982815][T16268] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 763.982863][T16268] should_failslab+0xc2/0x120 [ 763.982889][T16268] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 763.982931][T16268] ? __asan_memcpy+0x3c/0x60 [ 763.982968][T16268] ? __kernfs_new_node+0xd2/0x8e0 [ 763.983014][T16268] __kernfs_new_node+0xd2/0x8e0 [ 763.983059][T16268] ? __pfx___kernfs_new_node+0x10/0x10 [ 763.983109][T16268] ? find_held_lock+0x2b/0x80 [ 763.983138][T16268] ? kernfs_root+0xee/0x2a0 [ 763.983185][T16268] kernfs_new_node+0x13c/0x1e0 [ 763.983238][T16268] kernfs_create_link+0xcc/0x240 [ 763.983273][T16268] sysfs_do_create_link_sd+0x90/0x140 [ 763.983315][T16268] sysfs_create_link+0x61/0xc0 [ 763.983354][T16268] device_add+0xb14/0x1a70 [ 763.983388][T16268] ? __pfx_device_add+0x10/0x10 [ 763.983416][T16268] ? __pfx_exact_lock+0x10/0x10 [ 763.983462][T16268] ? kobject_get+0xbb/0x150 [ 763.983493][T16268] cdev_device_add+0xc2/0x1e0 [ 763.983539][T16268] evdev_connect+0x3a4/0x4c0 [ 763.983583][T16268] input_attach_handler.isra.0+0x181/0x260 [ 763.983628][T16268] input_register_device+0xa84/0x1130 [ 763.983688][T16268] uinput_ioctl_handler.isra.0+0x1357/0x1df0 [ 763.983723][T16268] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 763.983766][T16268] ? find_held_lock+0x2b/0x80 [ 763.983817][T16268] ? __pfx_uinput_ioctl+0x10/0x10 [ 763.983847][T16268] __x64_sys_ioctl+0x18b/0x210 [ 763.983885][T16268] do_syscall_64+0xcd/0x490 [ 763.983914][T16268] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 763.983943][T16268] RIP: 0033:0x7f610c38e929 [ 763.983965][T16268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 763.983993][T16268] RSP: 002b:00007f610d13b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 763.984020][T16268] RAX: ffffffffffffffda RBX: 00007f610c5b5fa0 RCX: 00007f610c38e929 [ 763.984039][T16268] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000007 [ 763.984055][T16268] RBP: 00007f610c410b39 R08: 0000000000000000 R09: 0000000000000000 [ 763.984072][T16268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 763.984089][T16268] R13: 0000000000000000 R14: 00007f610c5b5fa0 R15: 00007ffd55f1aa08 [ 763.984128][T16268] [ 764.253435][ C1] vkms_vblank_simulate: vblank timer overrun [ 764.631886][T16268] input: failed to attach handler evdev to device input250, error: -12 [ 764.890733][T16273] can: request_module (can-proto-0) failed. [ 767.003378][T16289] ERROR: Out of memory at tomoyo_memory_ok. [ 767.692846][T16299] sd 0:0:1:0: PR command failed: 1026 [ 767.698363][T16299] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 767.721755][T16299] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 768.176411][ T30] audit: type=1804 audit(4294967498.507:14): pid=16315 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2100" name="/newroot/507/file0" dev="tmpfs" ino=2646 res=1 errno=0 [ 768.411892][ T30] audit: type=1800 audit(4294967498.507:15): pid=16315 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2100" name="file0" dev="tmpfs" ino=2646 res=0 errno=0 [ 768.432634][ C1] vkms_vblank_simulate: vblank timer overrun [ 769.623619][T16308] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 769.645453][T16328] ERROR: Out of memory at tomoyo_memory_ok. [ 769.697307][T16308] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 769.714288][T16308] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 769.732027][T16308] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 770.683204][T16340] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2104'. [ 770.713630][T16243] Bluetooth: hci0: command 0x0c1a tx timeout [ 770.721844][T16343] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2104'. [ 771.752187][T16243] Bluetooth: hci3: command 0x0c1a tx timeout [ 771.752706][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout [ 771.758519][ T5830] Bluetooth: hci1: command 0x0c1a tx timeout [ 771.979100][T16356] Invalid ELF header magic: != ELF [ 772.852001][T16381] device-mapper: ioctl: Invalid ioctl structure: name , dev 7f00010002 [ 773.830408][T16386] can: request_module (can-proto-0) failed. [ 773.985110][T16395] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2117'. [ 774.070192][T16399] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2117'. [ 774.119643][T16400] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input251 [ 774.497718][T16405] input: 00 [ 774.497718][T16405] as /devices/virtual/input/input252 [ 774.613600][T16380] syz.1.2114(16380): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 774.730062][T16405] FAULT_INJECTION: forcing a failure. [ 774.730062][T16405] name failslab, interval 1, probability 0, space 0, times 0 [ 774.778888][T16405] CPU: 1 UID: 0 PID: 16405 Comm: syz.0.2119 Tainted: G S U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 774.778940][T16405] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER [ 774.778949][T16405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 774.778964][T16405] Call Trace: [ 774.778973][T16405] [ 774.778983][T16405] dump_stack_lvl+0x16c/0x1f0 [ 774.779031][T16405] should_fail_ex+0x512/0x640 [ 774.779068][T16405] ? __kmalloc_noprof+0xbf/0x510 [ 774.779110][T16405] ? kobject_get_path+0xd2/0x2a0 [ 774.779135][T16405] should_failslab+0xc2/0x120 [ 774.779162][T16405] __kmalloc_noprof+0xd2/0x510 [ 774.779212][T16405] kobject_get_path+0xd2/0x2a0 [ 774.779248][T16405] kobject_uevent_env+0x289/0x1870 [ 774.779281][T16405] ? __pfx_dev_uevent_name+0x10/0x10 [ 774.779322][T16405] ? kernfs_put+0x35/0x60 [ 774.779362][T16405] ? sysfs_do_create_link_sd+0xbb/0x140 [ 774.779399][T16405] ? bus_to_subsys+0x131/0x160 [ 774.779437][T16405] device_add+0x10dd/0x1a70 [ 774.779472][T16405] ? __pfx_device_add+0x10/0x10 [ 774.779501][T16405] ? __pfx_exact_lock+0x10/0x10 [ 774.779547][T16405] ? kobject_get+0xbb/0x150 [ 774.779578][T16405] cdev_device_add+0xc2/0x1e0 [ 774.779620][T16405] evdev_connect+0x3a4/0x4c0 [ 774.779663][T16405] input_attach_handler.isra.0+0x181/0x260 [ 774.779719][T16405] input_register_device+0xa84/0x1130 [ 774.779764][T16405] uinput_ioctl_handler.isra.0+0x1357/0x1df0 [ 774.779800][T16405] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 774.779838][T16405] ? find_held_lock+0x2b/0x80 [ 774.779886][T16405] ? __pfx_uinput_ioctl+0x10/0x10 [ 774.779923][T16405] __x64_sys_ioctl+0x18b/0x210 [ 774.779959][T16405] do_syscall_64+0xcd/0x490 [ 774.779989][T16405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 774.780015][T16405] RIP: 0033:0x7f610c38e929 [ 774.780039][T16405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 774.780069][T16405] RSP: 002b:00007f610d13b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 774.780099][T16405] RAX: ffffffffffffffda RBX: 00007f610c5b5fa0 RCX: 00007f610c38e929 [ 774.780119][T16405] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000007 [ 774.780136][T16405] RBP: 00007f610c410b39 R08: 0000000000000000 R09: 0000000000000000 [ 774.780154][T16405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 774.780172][T16405] R13: 0000000000000000 R14: 00007f610c5b5fa0 R15: 00007ffd55f1aa08 [ 774.780213][T16405] [ 776.225957][T16429] Invalid ELF header magic: != ELF [ 777.423852][T16443] can: request_module (can-proto-0) failed. [ 777.453325][T16448] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2131'. [ 777.842057][T16448] hub 8-0:1.0: USB hub found [ 777.868678][T16448] hub 8-0:1.0: 1 port detected [ 777.874852][T16449] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2131'. [ 778.737211][T16463] input: 00 [ 778.737211][T16463] as /devices/virtual/input/input253 [ 778.752696][T16463] FAULT_INJECTION: forcing a failure. [ 778.752696][T16463] name failslab, interval 1, probability 0, space 0, times 0 [ 778.780127][T16463] CPU: 0 UID: 0 PID: 16463 Comm: syz.1.2133 Tainted: G S U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 778.780183][T16463] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER [ 778.780195][T16463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 778.780212][T16463] Call Trace: [ 778.780221][T16463] [ 778.780232][T16463] dump_stack_lvl+0x16c/0x1f0 [ 778.780284][T16463] should_fail_ex+0x512/0x640 [ 778.780323][T16463] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 778.780371][T16463] should_failslab+0xc2/0x120 [ 778.780399][T16463] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 778.780445][T16463] ? kasprintf+0xc7/0x100 [ 778.780477][T16463] kvasprintf+0xbc/0x160 [ 778.780503][T16463] ? __pfx_kvasprintf+0x10/0x10 [ 778.780547][T16463] kasprintf+0xc7/0x100 [ 778.780574][T16463] ? __pfx_kasprintf+0x10/0x10 [ 778.780618][T16463] ? __pfx_input_devnode+0x10/0x10 [ 778.780660][T16463] device_get_devnode+0x163/0x2c0 [ 778.780697][T16463] devtmpfs_create_node+0xf1/0x230 [ 778.780743][T16463] ? __pfx_devtmpfs_create_node+0x10/0x10 [ 778.780789][T16463] ? up_write+0x1b2/0x520 [ 778.780848][T16463] ? kernfs_create_link+0x1bd/0x240 [ 778.780882][T16463] ? kernfs_put+0x35/0x60 [ 778.780921][T16463] ? sysfs_do_create_link_sd+0xbb/0x140 [ 778.780967][T16463] device_add+0x10bd/0x1a70 [ 778.781000][T16463] ? __pfx_device_add+0x10/0x10 [ 778.781030][T16463] ? __pfx_exact_lock+0x10/0x10 [ 778.781074][T16463] ? kobject_get+0xbb/0x150 [ 778.781105][T16463] cdev_device_add+0xc2/0x1e0 [ 778.781159][T16463] evdev_connect+0x3a4/0x4c0 [ 778.781203][T16463] input_attach_handler.isra.0+0x181/0x260 [ 778.781249][T16463] input_register_device+0xa84/0x1130 [ 778.781292][T16463] uinput_ioctl_handler.isra.0+0x1357/0x1df0 [ 778.781328][T16463] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 778.781370][T16463] ? find_held_lock+0x2b/0x80 [ 778.781418][T16463] ? __pfx_uinput_ioctl+0x10/0x10 [ 778.781447][T16463] __x64_sys_ioctl+0x18b/0x210 [ 778.781484][T16463] do_syscall_64+0xcd/0x490 [ 778.781519][T16463] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 778.781545][T16463] RIP: 0033:0x7f327ef8e929 [ 778.781571][T16463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 778.781598][T16463] RSP: 002b:00007f327fd90038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 778.781635][T16463] RAX: ffffffffffffffda RBX: 00007f327f1b5fa0 RCX: 00007f327ef8e929 [ 778.781655][T16463] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000007 [ 778.781672][T16463] RBP: 00007f327f010b39 R08: 0000000000000000 R09: 0000000000000000 [ 778.781688][T16463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 778.781704][T16463] R13: 0000000000000000 R14: 00007f327f1b5fa0 R15: 00007ffe3a728368 [ 778.781744][T16463] [ 780.367083][T16478] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input254 [ 780.847239][T16485] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2139'. [ 780.898120][T16481] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input255 [ 781.909369][T16494] ERROR: Out of memory at tomoyo_memory_ok. [ 782.893500][T16485] team0 (unregistering): Port device team_slave_0 removed [ 783.004359][T16485] team0 (unregistering): Port device team_slave_1 removed [ 783.410926][T16504] ima: policy update failed [ 783.426200][ T30] audit: type=1802 audit(4294967513.767:16): pid=16504 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.2142" res=0 errno=0 [ 783.556499][T16515] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2145'. [ 783.704565][T16515] hub 8-0:1.0: USB hub found [ 783.719059][T16515] hub 8-0:1.0: 1 port detected [ 783.760869][T16520] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2145'. [ 789.453328][T16603] ERROR: Out of memory at tomoyo_memory_ok. [ 789.498374][T16603] HfR: entered promiscuous mode [ 789.721792][T16585] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 789.728391][T16585] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 789.745915][T16585] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 789.769669][T16585] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 789.876313][T16607] Invalid ELF header magic: != ELF [ 789.894835][T16607] netlink: zone id is out of range [ 789.913950][T16607] netlink: zone id is out of range [ 789.928467][T16607] netlink: zone id is out of range [ 789.938247][T16607] netlink: zone id is out of range [ 789.966511][T16607] netlink: zone id is out of range [ 790.417110][T16616] FAULT_INJECTION: forcing a failure. [ 790.417110][T16616] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 790.454932][T16616] CPU: 1 UID: 0 PID: 16616 Comm: syz.1.2169 Tainted: G S U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 790.454989][T16616] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER [ 790.455001][T16616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 790.455018][T16616] Call Trace: [ 790.455029][T16616] [ 790.455040][T16616] dump_stack_lvl+0x16c/0x1f0 [ 790.455091][T16616] should_fail_ex+0x512/0x640 [ 790.455159][T16616] should_fail_alloc_page+0xe7/0x130 [ 790.455192][T16616] prepare_alloc_pages+0x3c2/0x610 [ 790.455228][T16616] ? rcu_is_watching+0x12/0xc0 [ 790.455264][T16616] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 790.455305][T16616] ? css_rstat_updated+0x9d/0xd30 [ 790.455353][T16616] ? __lock_acquire+0x622/0x1c90 [ 790.455393][T16616] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 790.455443][T16616] ? __lock_acquire+0x622/0x1c90 [ 790.455545][T16616] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 790.455592][T16616] ? policy_nodemask+0xea/0x4e0 [ 790.455643][T16616] alloc_pages_mpol+0x1fb/0x550 [ 790.455674][T16616] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 790.455701][T16616] ? unwind_get_return_address+0x59/0xa0 [ 790.455754][T16616] folio_alloc_mpol_noprof+0x36/0x2f0 [ 790.455787][T16616] shmem_alloc_folio+0x135/0x160 [ 790.455825][T16616] shmem_alloc_and_add_folio+0x499/0xc20 [ 790.455878][T16616] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 790.455926][T16616] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 790.455976][T16616] shmem_get_folio_gfp+0x67f/0x1600 [ 790.456029][T16616] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 790.456075][T16616] ? __lock_acquire+0x622/0x1c90 [ 790.456116][T16616] shmem_fault+0x1fe/0xa30 [ 790.456161][T16616] ? __pfx_shmem_fault+0x10/0x10 [ 790.456244][T16616] __do_fault+0x10a/0x490 [ 790.456289][T16616] ? __pfx_filemap_map_pages+0x10/0x10 [ 790.456335][T16616] __handle_mm_fault+0x3c2a/0x5490 [ 790.456387][T16616] ? __pfx___handle_mm_fault+0x10/0x10 [ 790.456423][T16616] ? __pfx_mt_find+0x10/0x10 [ 790.456476][T16616] ? find_vma+0xbf/0x140 [ 790.456513][T16616] ? __pfx_find_vma+0x10/0x10 [ 790.456545][T16616] handle_mm_fault+0x589/0xd10 [ 790.456583][T16616] ? __pkru_allows_pkey+0x41/0xb0 [ 790.456626][T16616] do_user_addr_fault+0x7a6/0x1370 [ 790.456672][T16616] ? rcu_is_watching+0x12/0xc0 [ 790.456707][T16616] exc_page_fault+0x5c/0xb0 [ 790.456751][T16616] asm_exc_page_fault+0x26/0x30 [ 790.456778][T16616] RIP: 0010:__get_user_1+0x14/0x30 [ 790.456815][T16616] Code: cc cc cc cc 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <0f> b6 10 31 c0 0f 01 ca c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 [ 790.456840][T16616] RSP: 0018:ffffc90002e57c00 EFLAGS: 00050287 [ 790.456864][T16616] RAX: 0000000000003000 RBX: 0000000000004000 RCX: 000000000000fdef [ 790.456882][T16616] RDX: 00007ffffffff000 RSI: ffffffff848ea471 RDI: ffffffff8c156360 [ 790.456900][T16616] RBP: ffff888025576800 R08: e413ae451c1b1443 R09: 0000000000000000 [ 790.456919][T16616] R10: 0000000000000000 R11: 0000000000000001 R12: 000000000000cdef [ 790.456936][T16616] R13: 0000000000002e18 R14: ffffed1004aaed61 R15: 0000000000003fff [ 790.456972][T16616] ? tomoyo_write_control+0x321/0x1430 [ 790.457024][T16616] tomoyo_write_control+0x336/0x1430 [ 790.457092][T16616] ? __pfx_tomoyo_write_control+0x10/0x10 [ 790.457153][T16616] ? __pfx_tomoyo_write+0x10/0x10 [ 790.457192][T16616] vfs_write+0x29d/0x1150 [ 790.457243][T16616] ? __pfx___mutex_lock+0x10/0x10 [ 790.457287][T16616] ? __pfx_vfs_write+0x10/0x10 [ 790.457350][T16616] ? __fget_files+0x20e/0x3c0 [ 790.457408][T16616] ksys_write+0x12a/0x250 [ 790.457449][T16616] ? __pfx_ksys_write+0x10/0x10 [ 790.457514][T16616] do_syscall_64+0xcd/0x490 [ 790.457545][T16616] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 790.457574][T16616] RIP: 0033:0x7f327ef8e929 [ 790.457597][T16616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 790.457624][T16616] RSP: 002b:00007f327fd90038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 790.457652][T16616] RAX: ffffffffffffffda RBX: 00007f327f1b5fa0 RCX: 00007f327ef8e929 [ 790.457670][T16616] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 790.457687][T16616] RBP: 00007f327f010b39 R08: 0000000000000000 R09: 0000000000000000 [ 790.457704][T16616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 790.457720][T16616] R13: 0000000000000000 R14: 00007f327f1b5fa0 R15: 00007ffe3a728368 [ 790.457761][T16616] [ 790.561604][T16243] Bluetooth: hci0: command 0x0c1a tx timeout [ 791.751674][ T5830] Bluetooth: hci2: command 0x0c1a tx timeout [ 791.758522][ T5830] Bluetooth: hci1: command 0x0c1a tx timeout [ 791.831624][ T5830] Bluetooth: hci3: command 0x0c1a tx timeout [ 793.728461][T16660] can: request_module (can-proto-0) failed. [ 795.413392][T16681] ERROR: Out of memory at tomoyo_memory_ok. [ 795.420810][T16685] ERROR: Out of memory at tomoyo_memory_ok. [ 795.440704][T16683] ERROR: Out of memory at tomoyo_memory_ok. [ 796.210768][T16691] netlink: 'syz.3.2182': attribute type 1 has an invalid length. [ 797.043957][T16699] ERROR: Out of memory at tomoyo_memory_ok. [ 797.593080][T16706] FAULT_INJECTION: forcing a failure. [ 797.593080][T16706] name failslab, interval 1, probability 0, space 0, times 0 [ 797.682922][T16706] CPU: 0 UID: 0 PID: 16706 Comm: syz.0.2186 Tainted: G S U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 797.682970][T16706] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER [ 797.682982][T16706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 797.682998][T16706] Call Trace: [ 797.683008][T16706] [ 797.683019][T16706] dump_stack_lvl+0x16c/0x1f0 [ 797.683068][T16706] should_fail_ex+0x512/0x640 [ 797.683117][T16706] ? __kvmalloc_node_noprof+0x124/0x620 [ 797.683165][T16706] should_failslab+0xc2/0x120 [ 797.683200][T16706] __kvmalloc_node_noprof+0x137/0x620 [ 797.683228][T16706] ? seq_read_iter+0x826/0x12c0 [ 797.683253][T16706] ? seq_read_iter+0x826/0x12c0 [ 797.683272][T16706] seq_read_iter+0x826/0x12c0 [ 797.683294][T16706] ? aa_file_perm+0x4d6/0xfb0 [ 797.683324][T16706] seq_read+0x39e/0x4e0 [ 797.683345][T16706] ? __pfx_seq_read+0x10/0x10 [ 797.683364][T16706] ? __lock_acquire+0xb8a/0x1c90 [ 797.683390][T16706] ? get_pid_task+0xfc/0x250 [ 797.683424][T16706] ? __pfx_seq_read+0x10/0x10 [ 797.683445][T16706] proc_reg_read+0x240/0x330 [ 797.683469][T16706] ? __pfx_proc_reg_read+0x10/0x10 [ 797.683495][T16706] vfs_read+0x1e4/0xc60 [ 797.683521][T16706] ? __pfx___mutex_lock+0x10/0x10 [ 797.683548][T16706] ? __pfx_vfs_read+0x10/0x10 [ 797.683578][T16706] ? __fget_files+0x20e/0x3c0 [ 797.683607][T16706] ksys_read+0x12a/0x250 [ 797.683630][T16706] ? __pfx_ksys_read+0x10/0x10 [ 797.683660][T16706] do_syscall_64+0xcd/0x490 [ 797.683678][T16706] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 797.683696][T16706] RIP: 0033:0x7f610c38e929 [ 797.683711][T16706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 797.683728][T16706] RSP: 002b:00007f610d11a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 797.683744][T16706] RAX: ffffffffffffffda RBX: 00007f610c5b6080 RCX: 00007f610c38e929 [ 797.683756][T16706] RDX: 0000000000000067 RSI: 0000200000000140 RDI: 000000000000000a [ 797.683766][T16706] RBP: 00007f610d11a090 R08: 0000000000000000 R09: 0000000000000000 [ 797.683776][T16706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 797.683785][T16706] R13: 0000000000000000 R14: 00007f610c5b6080 R15: 00007ffd55f1aa08 [ 797.683812][T16706] [ 798.661895][T16720] Invalid ELF header magic: != ELF [ 799.564358][T16754] ERROR: Out of memory at tomoyo_memory_ok. [ 799.658417][T16753] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2199'. [ 799.915857][T16755] netlink: set zone limit has 8 unknown bytes [ 799.957226][T16753] hub 8-0:1.0: USB hub found [ 800.002467][T16757] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2199'. [ 800.051620][T16753] hub 8-0:1.0: 1 port detected [ 801.887390][T16784] ERROR: Out of memory at tomoyo_memory_ok. [ 803.364387][T16813] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2211'. [ 804.583675][T16818] delete_channel: no stack [ 805.167559][T16842] could not allocate digest TFM handle [ 806.320177][T16865] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2222'. [ 806.516945][T16875] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2224'. [ 806.578593][T16875] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2224'. [ 807.204137][T16892] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 809.358531][T16925] netlink: 186 bytes leftover after parsing attributes in process `syz.1.2234'. [ 809.377117][T16925] netlink: 186 bytes leftover after parsing attributes in process `syz.1.2234'. [ 811.057956][T16949] can: request_module (can-proto-0) failed. [ 811.264740][T16953] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input256 [ 812.218176][T16965] filter_write: 2 callbacks suppressed [ 812.218200][T16965] msr: Write to unrecognized MSR 0x6 by syz.2.2242 (pid: 16965). [ 812.249913][T16965] msr: See https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/about for details. [ 812.565919][T16967] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2240'. [ 813.029893][T16991] futex_wake_op: syz.3.2245 tries to shift op by -9; fix this program [ 813.560643][T16994] FAULT_INJECTION: forcing a failure. [ 813.560643][T16994] name failslab, interval 1, probability 0, space 0, times 0 [ 813.608217][T16994] CPU: 0 UID: 0 PID: 16994 Comm: syz.2.2246 Tainted: G S U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 813.608251][T16994] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER [ 813.608259][T16994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 813.608268][T16994] Call Trace: [ 813.608275][T16994] [ 813.608282][T16994] dump_stack_lvl+0x16c/0x1f0 [ 813.608311][T16994] should_fail_ex+0x512/0x640 [ 813.608335][T16994] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 813.608361][T16994] should_failslab+0xc2/0x120 [ 813.608385][T16994] __kmalloc_cache_noprof+0x6a/0x3e0 [ 813.608406][T16994] ? ww_mutex_lock+0x37/0x160 [ 813.608422][T16994] ? vkms_plane_duplicate_state+0x45/0x130 [ 813.608441][T16994] ? modeset_lock+0x114/0x6e0 [ 813.608468][T16994] vkms_plane_duplicate_state+0x45/0x130 [ 813.608487][T16994] drm_atomic_get_plane_state+0x20e/0x590 [ 813.608507][T16994] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 813.608527][T16994] ? __pfx___might_resched+0x10/0x10 [ 813.608550][T16994] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 813.608594][T16994] drm_client_modeset_commit_locked+0x14d/0x580 [ 813.608616][T16994] drm_client_modeset_commit+0x4f/0x80 [ 813.608635][T16994] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 813.608663][T16994] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 813.608687][T16994] drm_fbdev_client_restore+0x2c/0x40 [ 813.608708][T16994] drm_client_dev_restore+0x1f3/0x2a0 [ 813.608730][T16994] drm_release+0x2c4/0x360 [ 813.608748][T16994] ? __pfx_drm_release+0x10/0x10 [ 813.608764][T16994] __fput+0x3ff/0xb70 [ 813.608786][T16994] task_work_run+0x14d/0x240 [ 813.608818][T16994] ? __pfx_task_work_run+0x10/0x10 [ 813.608843][T16994] ? __pfx___do_sys_close_range+0x10/0x10 [ 813.608872][T16994] exit_to_user_mode_loop+0xeb/0x110 [ 813.608898][T16994] do_syscall_64+0x3f6/0x490 [ 813.608919][T16994] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 813.608946][T16994] RIP: 0033:0x7f4e9e78e929 [ 813.608969][T16994] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 813.608994][T16994] RSP: 002b:00007f4e9f668038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 813.609022][T16994] RAX: 0000000000000000 RBX: 00007f4e9e9b5fa0 RCX: 00007f4e9e78e929 [ 813.609039][T16994] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 813.609055][T16994] RBP: 00007f4e9e810b39 R08: 0000000000000000 R09: 0000000000000000 [ 813.609071][T16994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 813.609087][T16994] R13: 0000000000000000 R14: 00007f4e9e9b5fa0 R15: 00007ffdc42e58c8 [ 813.609125][T16994] [ 813.920593][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 813.927218][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 814.928108][T17009] can: request_module (can-proto-0) failed. [ 815.273002][T17015] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input257 [ 817.238067][T17027] can: request_module (can-proto-0) failed. [ 817.366410][T17034] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input258 [ 817.563427][T17030] FAULT_INJECTION: forcing a failure. [ 817.563427][T17030] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 817.579746][T17030] CPU: 0 UID: 0 PID: 17030 Comm: syz.0.2252 Tainted: G S U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 817.579800][T17030] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER [ 817.579812][T17030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 817.579829][T17030] Call Trace: [ 817.579839][T17030] [ 817.579850][T17030] dump_stack_lvl+0x16c/0x1f0 [ 817.579900][T17030] should_fail_ex+0x512/0x640 [ 817.579950][T17030] should_fail_alloc_page+0xe7/0x130 [ 817.579981][T17030] prepare_alloc_pages+0x3c2/0x610 [ 817.580026][T17030] ? rcu_is_watching+0x12/0xc0 [ 817.580060][T17030] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 817.580113][T17030] ? rcu_is_watching+0x12/0xc0 [ 817.580141][T17030] ? trace_mm_page_alloc+0x11f/0x1a0 [ 817.580175][T17030] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 817.580221][T17030] ? __pfx_stack_trace_save+0x10/0x10 [ 817.580254][T17030] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 817.580321][T17030] ? alloc_vmap_area+0x645/0x29c0 [ 817.580352][T17030] ? __vmalloc_node_range_noprof+0x271/0x14b0 [ 817.580390][T17030] ? __do_sys_listmount+0x1c2/0xec0 [ 817.580425][T17030] ? do_syscall_64+0xcd/0x490 [ 817.580449][T17030] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.580498][T17030] alloc_pages_bulk_noprof+0x71c/0x1410 [ 817.580542][T17030] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 817.580588][T17030] ? policy_nodemask+0xea/0x4e0 [ 817.580639][T17030] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 817.580686][T17030] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 817.580732][T17030] kasan_populate_vmalloc+0xf1/0x1f0 [ 817.580782][T17030] alloc_vmap_area+0x959/0x29c0 [ 817.580831][T17030] ? __pfx_alloc_vmap_area+0x10/0x10 [ 817.580874][T17030] __get_vm_area_node+0x1ca/0x330 [ 817.580918][T17030] __vmalloc_node_range_noprof+0x271/0x14b0 [ 817.580957][T17030] ? __do_sys_listmount+0x1c2/0xec0 [ 817.581002][T17030] ? __lock_acquire+0xb8a/0x1c90 [ 817.581039][T17030] ? __do_sys_listmount+0x1c2/0xec0 [ 817.581083][T17030] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 817.581125][T17030] ? __alloc_pages_noprof+0xb/0x1b0 [ 817.581168][T17030] ? ___kmalloc_large_node+0x84/0x1e0 [ 817.581201][T17030] ? find_held_lock+0x2b/0x80 [ 817.581237][T17030] __kvmalloc_node_noprof+0x30a/0x620 [ 817.581280][T17030] ? __do_sys_listmount+0x1c2/0xec0 [ 817.581327][T17030] ? __do_sys_listmount+0x1c2/0xec0 [ 817.581373][T17030] ? __do_sys_listmount+0x1c2/0xec0 [ 817.581406][T17030] __do_sys_listmount+0x1c2/0xec0 [ 817.581454][T17030] ? __x64_sys_futex+0x1e0/0x4c0 [ 817.581488][T17030] ? __x64_sys_futex+0x1e9/0x4c0 [ 817.581525][T17030] ? __pfx___do_sys_listmount+0x10/0x10 [ 817.581587][T17030] do_syscall_64+0xcd/0x490 [ 817.581617][T17030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.581647][T17030] RIP: 0033:0x7f610c38e929 [ 817.581670][T17030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 817.581699][T17030] RSP: 002b:00007f610d13b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 817.581727][T17030] RAX: ffffffffffffffda RBX: 00007f610c5b5fa0 RCX: 00007f610c38e929 [ 817.581746][T17030] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 817.581764][T17030] RBP: 00007f610c410b39 R08: 0000000000000000 R09: 0000000000000000 [ 817.581782][T17030] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 817.581799][T17030] R13: 0000000000000000 R14: 00007f610c5b5fa0 R15: 00007ffd55f1aa08 [ 817.581837][T17030] [ 817.583571][T17030] syz.0.2252: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 818.124472][T17030] CPU: 1 UID: 0 PID: 17030 Comm: syz.0.2252 Tainted: G S U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 818.124527][T17030] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER [ 818.124538][T17030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 818.124556][T17030] Call Trace: [ 818.124566][T17030] [ 818.124577][T17030] dump_stack_lvl+0x16c/0x1f0 [ 818.124628][T17030] warn_alloc+0x248/0x3a0 [ 818.124674][T17030] ? __pfx_warn_alloc+0x10/0x10 [ 818.124720][T17030] ? kfree+0x2b4/0x4d0 [ 818.124765][T17030] ? __get_vm_area_node+0x208/0x330 [ 818.124809][T17030] __vmalloc_node_range_noprof+0xb2d/0x14b0 [ 818.124857][T17030] ? __lock_acquire+0xb8a/0x1c90 [ 818.124894][T17030] ? __do_sys_listmount+0x1c2/0xec0 [ 818.124943][T17030] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 818.124983][T17030] ? __alloc_pages_noprof+0xb/0x1b0 [ 818.125024][T17030] ? ___kmalloc_large_node+0x84/0x1e0 [ 818.125054][T17030] ? find_held_lock+0x2b/0x80 [ 818.125089][T17030] __kvmalloc_node_noprof+0x30a/0x620 [ 818.125131][T17030] ? __do_sys_listmount+0x1c2/0xec0 [ 818.125169][T17030] ? __do_sys_listmount+0x1c2/0xec0 [ 818.125210][T17030] ? __do_sys_listmount+0x1c2/0xec0 [ 818.125240][T17030] __do_sys_listmount+0x1c2/0xec0 [ 818.125277][T17030] ? __x64_sys_futex+0x1e0/0x4c0 [ 818.125307][T17030] ? __x64_sys_futex+0x1e9/0x4c0 [ 818.125350][T17030] ? __pfx___do_sys_listmount+0x10/0x10 [ 818.125409][T17030] do_syscall_64+0xcd/0x490 [ 818.125439][T17030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 818.125468][T17030] RIP: 0033:0x7f610c38e929 [ 818.125492][T17030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 818.125519][T17030] RSP: 002b:00007f610d13b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 818.125547][T17030] RAX: ffffffffffffffda RBX: 00007f610c5b5fa0 RCX: 00007f610c38e929 [ 818.125567][T17030] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 818.125585][T17030] RBP: 00007f610c410b39 R08: 0000000000000000 R09: 0000000000000000 [ 818.125601][T17030] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 818.125619][T17030] R13: 0000000000000000 R14: 00007f610c5b5fa0 R15: 00007ffd55f1aa08 [ 818.125660][T17030] [ 818.125690][T17030] Mem-Info: [ 818.411563][T17030] active_anon:18205 inactive_anon:8604 isolated_anon:0 [ 818.411563][T17030] active_file:11192 inactive_file:51038 isolated_file:0 [ 818.411563][T17030] unevictable:768 dirty:513 writeback:0 [ 818.411563][T17030] slab_reclaimable:12112 slab_unreclaimable:95647 [ 818.411563][T17030] mapped:25759 shmem:10014 pagetables:1280 [ 818.411563][T17030] sec_pagetables:0 bounce:0 [ 818.411563][T17030] kernel_misc_reclaimable:0 [ 818.411563][T17030] free:1289853 free_pcp:18476 free_cma:0 [ 818.578799][T17030] Node 0 active_anon:74360kB inactive_anon:34416kB active_file:44768kB inactive_file:203952kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:107136kB dirty:2052kB writeback:0kB shmem:38592kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB writeback_tmp:0kB kernel_stack:11780kB pagetables:4884kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 818.638726][T17030] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1464kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 818.724040][T17030] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 818.814651][T17030] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 818.830598][T17030] Node 0 DMA32 free:1248256kB boost:76660kB min:110736kB low:119252kB high:127768kB reserved_highatomic:0KB free_highatomic:0KB active_anon:70060kB inactive_anon:34416kB active_file:44768kB inactive_file:202644kB unevictable:1536kB writepending:2052kB present:3129332kB managed:2540888kB mlocked:0kB bounce:0kB free_pcp:53888kB local_pcp:19360kB free_cma:0kB [ 818.877867][T17030] lowmem_reserve[]: 0 0 1 1 1 [ 818.908302][T17030] Node 0 Normal free:20kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:1308kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 819.012858][T17030] lowmem_reserve[]: 0 0 0 0 0 [ 819.060201][T17030] Node 1 Normal free:3898096kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:20000kB local_pcp:8736kB free_cma:0kB [ 819.164312][T17030] lowmem_reserve[]: 0 0 0 0 0 [ 819.169551][T17030] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (UM) = 15360kB [ 819.223025][T17030] Node 0 DMA32: 6561*4kB (UME) 3862*8kB (UME) 2842*16kB (UME) 1927*32kB (UME) 979*64kB (UME) 509*128kB (UME) 238*256kB (UME) 136*512kB (UME) 105*1024kB (UM) 42*2048kB (UM) 155*4096kB (UM) = 1251060kB [ 819.321423][T17030] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB [ 819.363919][T17030] Node 1 Normal: 224*4kB (UME) 56*8kB (UME) 53*16kB (UME) 199*32kB (UME) 48*64kB (UME) 11*128kB (UME) 8*256kB (UME) 8*512kB (UME) 4*1024kB (UM) 4*2048kB (UE) 944*4096kB (UM) = 3898096kB [ 819.415307][T17030] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 819.426343][T17030] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 819.458309][T17030] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 819.470986][T17030] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 819.493059][T17030] 72254 total pagecache pages [ 819.497938][T17030] 38 pages in swap cache [ 819.499818][T17058] kAFS: Invalid Command on /proc/fs/afs/cells file [ 819.518111][T17030] Free swap = 61140kB [ 819.522716][T17030] Total swap = 124996kB [ 819.527801][T17030] 2097051 pages RAM [ 819.543835][T17030] 0 pages HighMem/MovableOnly [ 819.558284][T17030] 429851 pages reserved [ 819.562526][T17030] 0 pages cma reserved [ 820.118034][ T5830] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 820.754891][T17092] ima: policy update failed [ 820.774785][ T30] audit: type=1802 audit(4294967301.000:17): pid=17092 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.2267" res=0 errno=0 [ 821.259729][T17107] ICMPv6: process `syz.0.2270' is using deprecated sysctl (syscall) net.ipv6.neigh.wg1.retrans_time - use net.ipv6.neigh.wg1.retrans_time_ms instead [ 822.783523][T17138] can: request_module (can-proto-0) failed. [ 822.938865][T17142] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input261 [ 823.580054][T17146] random: crng reseeded on system resumption [ 823.783103][T17149] can: request_module (can-proto-0) failed. [ 825.199370][T17175] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2286'. [ 825.403880][T17177] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2286'. [ 825.417153][T17175] hub 8-0:1.0: USB hub found [ 825.423201][T17175] hub 8-0:1.0: 1 port detected [ 826.907847][T17198] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2292'. [ 826.943157][T17198] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2292'. [ 829.124793][T17235] ERROR: Out of memory at tomoyo_memory_ok. [ 829.395782][T17243] openvswitch: netlink: ct_state flags aa1414ac unsupported [ 829.459071][T17248] openvswitch: netlink: ct_state flags aa1414ac unsupported [ 829.527833][T17246] ERROR: Out of memory at tomoyo_memory_ok. [ 830.298431][T17244] delete_channel: no stack [ 830.324880][T17244] delete_channel: no stack [ 830.689628][T17271] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input263 [ 831.250221][T17272] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input264 [ 833.639167][T17320] synth uevent: /module/orangefs: unknown uevent action string [ 834.478194][T17326] ERROR: Out of memory at tomoyo_memory_ok. [ 834.510717][T17326] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2319'. [ 834.564739][T17328] ERROR: Out of memory at tomoyo_memory_ok. [ 834.658017][T17326] : (slave bond_slave_1): Releasing backup interface [ 836.085135][T17357] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2324'. [ 836.097038][T17357] ipvlan0: entered allmulticast mode [ 836.215584][T17358] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 837.079380][T17378] ERROR: Out of memory at tomoyo_memory_ok. [ 837.657080][T17377] nvme_fabrics: missing parameter 'transport=%s' [ 837.684735][T17377] nvme_fabrics: missing parameter 'nqn=%s' [ 838.008646][T17388] can0: slcan on pty20. [ 838.324815][T17387] can0 (unregistered): slcan off pty20. [ 838.561315][T17414] vivid-007: ================= START STATUS ================= [ 838.605490][T17414] vivid-007: Generate PTS: true [ 838.634711][T17414] vivid-007: Generate SCR: true [ 838.662052][T17414] tpg source WxH: 320x240 (Y'CbCr) [ 838.696458][T17414] tpg field: 1 [ 838.721415][T17414] tpg crop: (0,0)/320x240 [ 838.770910][T17414] tpg compose: (0,0)/320x240 [ 838.817050][T17414] tpg colorspace: 8 [ 838.827175][T17414] tpg transfer function: 0/0 [ 838.852376][T17414] tpg Y'CbCr encoding: 0/0 [ 838.902494][T17414] tpg quantization: 0/0 [ 838.954789][T17414] tpg RGB range: 0/2 [ 838.972839][T17414] vivid-007: ================== END STATUS ================== [ 839.252645][T17431] ERROR: Out of memory at tomoyo_memory_ok. [ 839.677128][T17432] zswap: compressor 000 not available [ 842.498496][T16243] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 842.516383][T16243] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 842.525546][T16243] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 842.537577][T16243] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 842.548442][T16243] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 843.329350][T17497] chnl_net:caif_netlink_parms(): no params data found [ 843.780337][T14550] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 844.268171][T14550] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 844.497443][T14550] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 844.526048][T17532] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2354'. [ 844.637259][ T5830] Bluetooth: hci4: command tx timeout [ 844.957786][T17497] bridge0: port 1(bridge_slave_0) entered blocking state [ 844.975231][T17497] bridge0: port 1(bridge_slave_0) entered disabled state [ 844.985566][T17497] bridge_slave_0: entered allmulticast mode [ 844.993950][T17497] bridge_slave_0: entered promiscuous mode [ 845.048450][T14550] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 845.187378][T17497] bridge0: port 2(bridge_slave_1) entered blocking state [ 845.198794][T17497] bridge0: port 2(bridge_slave_1) entered disabled state [ 845.206678][T17497] bridge_slave_1: entered allmulticast mode [ 845.214927][T17497] bridge_slave_1: entered promiscuous mode [ 845.519268][T17497] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 845.562810][T17497] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 845.830235][T17497] team0: Port device team_slave_0 added [ 845.870074][T17497] team0: Port device team_slave_1 added [ 846.088102][T17497] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 846.095126][T17497] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 846.179004][T17497] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 846.304461][T17497] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 846.324096][T17497] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 846.384420][T17497] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 846.471100][T14550] vlan1: left allmulticast mode [ 846.477545][T14550] vlan1: left promiscuous mode [ 846.485248][T14550] bridge0: port 3(vlan1) entered disabled state [ 846.499044][T14550] bridge_slave_1: left allmulticast mode [ 846.520740][T14550] bridge_slave_1: left promiscuous mode [ 846.533165][T14550] bridge0: port 2(bridge_slave_1) entered disabled state [ 846.553043][T14550] bridge_slave_0: left allmulticast mode [ 846.584861][T14550] bridge_slave_0: left promiscuous mode [ 846.626784][T14550] bridge0: port 1(bridge_slave_0) entered disabled state [ 846.696992][ T5830] Bluetooth: hci4: command tx timeout [ 848.311138][T14550] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 848.338199][T14550] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 848.359373][T14550] bond0 (unregistering): Released all slaves [ 848.460317][T14550] ovs_: left promiscuous mode [ 848.574535][T17497] hsr_slave_0: entered promiscuous mode [ 848.583459][T17497] hsr_slave_1: entered promiscuous mode [ 848.596595][T17497] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 848.604562][T17497] Cannot create hsr debugfs directory [ 848.612766][T14550] : left promiscuous mode [ 848.778008][ T5830] Bluetooth: hci4: command tx timeout [ 850.859045][ T5830] Bluetooth: hci4: command tx timeout [ 851.095882][T17610] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2364'. [ 856.206459][T14550] hsr_slave_0: left promiscuous mode [ 856.246016][T14550] hsr_slave_1: left promiscuous mode [ 856.350166][T14550] veth1_macvtap: left promiscuous mode [ 856.368680][T14550] veth0_macvtap: left promiscuous mode [ 856.405524][T14550] veth1_vlan: left promiscuous mode [ 856.424625][T14550] veth0_vlan: left promiscuous mode [ 856.535250][T17690] usb usb36: usbfs: process 17690 (syz.1.2372) did not claim interface 0 before use [ 857.268198][T17706] random: crng reseeded on system resumption [ 857.288890][T17708] warn_alloc: 1 callbacks suppressed [ 857.288912][T17708] syz.0.2375: vmalloc error: size 18446744073709551615, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 857.334682][T17708] CPU: 1 UID: 0 PID: 17708 Comm: syz.0.2375 Tainted: G S U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 857.334738][T17708] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER [ 857.334750][T17708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 857.334767][T17708] Call Trace: [ 857.334777][T17708] [ 857.334788][T17708] dump_stack_lvl+0x16c/0x1f0 [ 857.334849][T17708] warn_alloc+0x248/0x3a0 [ 857.334896][T17708] ? __pfx_warn_alloc+0x10/0x10 [ 857.334950][T17708] ? __lock_acquire+0xb8a/0x1c90 [ 857.335011][T17708] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 857.335061][T17708] __vmalloc_node_range_noprof+0xff5/0x14b0 [ 857.335100][T17708] ? __pfx___mutex_trylock_common+0x10/0x10 [ 857.335145][T17708] ? __pfx___might_resched+0x10/0x10 [ 857.335179][T17708] ? rcu_is_watching+0x12/0xc0 [ 857.335210][T17708] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 857.335256][T17708] ? __mutex_lock+0x1ca/0xb90 [ 857.335281][T17708] ? tomoyo_path_number_perm+0x295/0x580 [ 857.335319][T17708] ? dvb_dvr_do_ioctl+0x7e/0x290 [ 857.335368][T17708] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 857.335405][T17708] ? __pfx___mutex_lock+0x10/0x10 [ 857.335455][T17708] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 857.335502][T17708] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 857.335548][T17708] __vmalloc_node_noprof+0xad/0xf0 [ 857.335584][T17708] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 857.335637][T17708] dvb_dvr_do_ioctl+0x15d/0x290 [ 857.335692][T17708] dvb_usercopy+0x167/0x340 [ 857.335755][T17708] ? __pfx_dvb_dvr_do_ioctl+0x10/0x10 [ 857.335814][T17708] ? __pfx_dvb_usercopy+0x10/0x10 [ 857.335882][T17708] ? __fget_files+0x20e/0x3c0 [ 857.335935][T17708] dvb_dvr_ioctl+0x29/0x40 [ 857.335979][T17708] ? __pfx_dvb_dvr_ioctl+0x10/0x10 [ 857.336027][T17708] __x64_sys_ioctl+0x18b/0x210 [ 857.336066][T17708] do_syscall_64+0xcd/0x490 [ 857.336096][T17708] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 857.336125][T17708] RIP: 0033:0x7f610c38e929 [ 857.336150][T17708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 857.336178][T17708] RSP: 002b:00007f610d13b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 857.336206][T17708] RAX: ffffffffffffffda RBX: 00007f610c5b5fa0 RCX: 00007f610c38e929 [ 857.336226][T17708] RDX: ffffffffffffffff RSI: 0000000000006f2d RDI: 0000000000000004 [ 857.336244][T17708] RBP: 00007f610c410b39 R08: 0000000000000000 R09: 0000000000000000 [ 857.336261][T17708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 857.336278][T17708] R13: 0000000000000000 R14: 00007f610c5b5fa0 R15: 00007ffd55f1aa08 [ 857.336318][T17708] [ 857.336329][T17708] Mem-Info: [ 857.424930][T17708] active_anon:25088 inactive_anon:8604 isolated_anon:0 [ 857.424930][T17708] active_file:11182 inactive_file:51088 isolated_file:0 [ 857.424930][T17708] unevictable:768 dirty:553 writeback:0 [ 857.424930][T17708] slab_reclaimable:12272 slab_unreclaimable:96545 [ 857.424930][T17708] mapped:25807 shmem:15500 pagetables:1202 [ 857.424930][T17708] sec_pagetables:0 bounce:0 [ 857.424930][T17708] kernel_misc_reclaimable:0 [ 857.424930][T17708] free:1275246 free_pcp:22400 free_cma:0 [ 857.613512][T17708] Node 0 active_anon:95452kB inactive_anon:34416kB active_file:44728kB inactive_file:204152kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:103228kB dirty:2212kB writeback:0kB shmem:55436kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11936kB pagetables:4772kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 857.762054][T17708] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1464kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 857.851966][T17708] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 857.931420][T17708] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 857.966070][T17708] Node 0 DMA32 free:1226152kB boost:76660kB min:110736kB low:119252kB high:127768kB reserved_highatomic:0KB free_highatomic:0KB active_anon:85100kB inactive_anon:34416kB active_file:44728kB inactive_file:202844kB unevictable:1536kB writepending:2212kB present:3129332kB managed:2540888kB mlocked:0kB bounce:0kB free_pcp:43696kB local_pcp:22048kB free_cma:0kB [ 858.062033][T17708] lowmem_reserve[]: 0 0 1 1 1 [ 858.072369][T17708] Node 0 Normal free:20kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:1308kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 858.171044][T17708] lowmem_reserve[]: 0 0 0 0 0 [ 858.191796][T17708] Node 1 Normal free:3876656kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:41448kB local_pcp:26964kB free_cma:0kB [ 858.231508][T17708] lowmem_reserve[]: 0 0 0 0 0 [ 858.252983][T17708] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (UM) = 15360kB [ 858.274293][T17708] Node 0 DMA32: 12520*4kB (UME) 3233*8kB (UME) 1898*16kB (UME) 1226*32kB (UME) 447*64kB (UME) 454*128kB (UME) 253*256kB (UME) 155*512kB (UME) 110*1024kB (UM) 42*2048kB (UM) 157*4096kB (UM) = 1218120kB [ 858.316242][T17708] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB [ 858.329302][T17708] Node 1 Normal: 164*4kB (UME) 58*8kB (UME) 55*16kB (UME) 203*32kB (UME) 52*64kB (UME) 12*128kB (UME) 9*256kB (UME) 7*512kB (UE) 3*1024kB (U) 4*2048kB (UE) 939*4096kB (UM) = 3876656kB [ 858.366579][T17708] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 858.376749][T17708] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 858.399656][T17708] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 858.409392][T17708] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 858.426565][T17708] 72324 total pagecache pages [ 858.447120][T17708] 38 pages in swap cache [ 858.453937][T17708] Free swap = 61140kB [ 858.458074][T17708] Total swap = 124996kB [ 858.468517][T17708] 2097051 pages RAM [ 858.473101][T17708] 0 pages HighMem/MovableOnly [ 858.477925][T17708] 429851 pages reserved [ 858.483607][T17708] 0 pages cma reserved [ 858.637432][T14550] team0 (unregistering): Port device team_slave_1 removed [ 858.710303][T14550] team0 (unregistering): Port device team_slave_0 removed [ 859.228456][T17497] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 859.241204][T17497] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 859.285022][T17497] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 859.376980][T17497] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 860.469930][T17497] 8021q: adding VLAN 0 to HW filter on device bond0 [ 860.590742][T17497] 8021q: adding VLAN 0 to HW filter on device team0 [ 860.706855][ T4461] bridge0: port 1(bridge_slave_0) entered blocking state [ 860.714158][ T4461] bridge0: port 1(bridge_slave_0) entered forwarding state [ 860.759349][ T4461] bridge0: port 2(bridge_slave_1) entered blocking state [ 860.767218][ T4461] bridge0: port 2(bridge_slave_1) entered forwarding state [ 860.946379][T17776] FAULT_INJECTION: forcing a failure. [ 860.946379][T17776] name failslab, interval 1, probability 0, space 0, times 0 [ 860.992063][T17776] CPU: 1 UID: 0 PID: 17776 Comm: syz.0.2381 Tainted: G S U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 860.992122][T17776] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER [ 860.992133][T17776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 860.992149][T17776] Call Trace: [ 860.992159][T17776] [ 860.992171][T17776] dump_stack_lvl+0x16c/0x1f0 [ 860.992223][T17776] should_fail_ex+0x512/0x640 [ 860.992265][T17776] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 860.992317][T17776] should_failslab+0xc2/0x120 [ 860.992347][T17776] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 860.992396][T17776] ? drm_atomic_get_connector_state+0x231/0x740 [ 860.992439][T17776] krealloc_noprof+0x1fc/0x370 [ 860.992486][T17776] drm_atomic_get_connector_state+0x231/0x740 [ 860.992526][T17776] drm_atomic_add_affected_connectors+0x2e0/0x3f0 [ 860.992563][T17776] ? __pfx_drm_atomic_add_affected_connectors+0x10/0x10 [ 860.992585][T17776] ? ww_mutex_lock+0x37/0x160 [ 860.992604][T17776] ? modeset_lock+0x114/0x6e0 [ 860.992634][T17776] __drm_atomic_helper_set_config+0x5ef/0xea0 [ 860.992658][T17776] ? __pfx___drm_atomic_helper_set_config+0x10/0x10 [ 860.992683][T17776] ? drm_client_rotation+0x4da/0x6a0 [ 860.992705][T17776] drm_client_modeset_commit_atomic+0x53d/0x7e0 [ 860.992733][T17776] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 860.992791][T17776] drm_client_modeset_commit_locked+0x14d/0x580 [ 860.992816][T17776] drm_client_modeset_commit+0x4f/0x80 [ 860.992838][T17776] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 860.992870][T17776] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 860.992895][T17776] drm_fbdev_client_restore+0x2c/0x40 [ 860.992918][T17776] drm_client_dev_restore+0x1f3/0x2a0 [ 860.992941][T17776] drm_release+0x2c4/0x360 [ 860.992961][T17776] ? __pfx_drm_release+0x10/0x10 [ 860.992977][T17776] __fput+0x3ff/0xb70 [ 860.993001][T17776] task_work_run+0x14d/0x240 [ 860.993028][T17776] ? __pfx_task_work_run+0x10/0x10 [ 860.993055][T17776] ? __pfx___do_sys_close_range+0x10/0x10 [ 860.993087][T17776] exit_to_user_mode_loop+0xeb/0x110 [ 860.993115][T17776] do_syscall_64+0x3f6/0x490 [ 860.993135][T17776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 860.993153][T17776] RIP: 0033:0x7f610c38e929 [ 860.993170][T17776] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 860.993187][T17776] RSP: 002b:00007f610d13b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 860.993205][T17776] RAX: 0000000000000000 RBX: 00007f610c5b5fa0 RCX: 00007f610c38e929 [ 860.993217][T17776] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 860.993228][T17776] RBP: 00007f610c410b39 R08: 0000000000000000 R09: 0000000000000000 [ 860.993238][T17776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 860.993248][T17776] R13: 0000000000000000 R14: 00007f610c5b5fa0 R15: 00007ffd55f1aa08 [ 860.993272][T17776] [ 861.828790][T17497] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 862.038173][T17497] veth0_vlan: entered promiscuous mode [ 862.095001][T17497] veth1_vlan: entered promiscuous mode [ 862.215557][T17497] veth0_macvtap: entered promiscuous mode [ 862.260169][T17497] veth1_macvtap: entered promiscuous mode [ 862.336424][T17497] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 862.449084][T17497] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 862.495354][T17497] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 862.531684][T17497] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 862.583098][T17497] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 862.602464][T17497] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 862.917438][T11805] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 862.967122][T11805] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 863.105864][T11809] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 863.175564][T11809] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 864.676651][T16243] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 864.689051][T16243] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 864.699555][T16243] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 864.711042][T16243] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 864.719209][T16243] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 865.476706][T17820] chnl_net:caif_netlink_parms(): no params data found [ 865.841088][T17842] vhci_hcd: invalid port number 16 [ 865.857368][T17842] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 865.891301][T17820] bridge0: port 1(bridge_slave_0) entered blocking state [ 865.907046][T17820] bridge0: port 1(bridge_slave_0) entered disabled state [ 865.914527][T17820] bridge_slave_0: entered allmulticast mode [ 865.923489][T17820] bridge_slave_0: entered promiscuous mode [ 865.936123][T17820] bridge0: port 2(bridge_slave_1) entered blocking state [ 865.943602][T17820] bridge0: port 2(bridge_slave_1) entered disabled state [ 865.951222][T17820] bridge_slave_1: entered allmulticast mode [ 865.963839][T17820] bridge_slave_1: entered promiscuous mode [ 866.030151][T17820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 866.053432][T17820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 866.210980][T17820] team0: Port device team_slave_0 added [ 866.374174][T17820] team0: Port device team_slave_1 added [ 866.559044][T17820] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 866.561357][T17849] netlink: zone id is out of range [ 866.566941][T17820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 866.571902][T17849] netlink: del zone limit has 4 unknown bytes [ 866.651946][T17820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 866.671097][T17820] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 866.688816][T17820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 866.729721][T17820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 866.782572][ T5830] Bluetooth: hci0: command tx timeout [ 867.000375][T17858] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2395'. [ 867.043711][T17820] hsr_slave_0: entered promiscuous mode [ 867.050628][T17820] hsr_slave_1: entered promiscuous mode [ 867.735563][T17820] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 867.858741][T17820] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 868.071019][T17820] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 868.227376][T17820] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 868.544032][T17820] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 868.579023][T17820] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 868.606473][T17820] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 868.644086][T17820] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 868.862038][ T5830] Bluetooth: hci0: command tx timeout [ 869.070385][T17820] 8021q: adding VLAN 0 to HW filter on device bond0 [ 869.103867][T17820] 8021q: adding VLAN 0 to HW filter on device team0 [ 869.135507][T17752] bridge0: port 1(bridge_slave_0) entered blocking state [ 869.142666][T17752] bridge0: port 1(bridge_slave_0) entered forwarding state [ 869.189237][T17752] bridge0: port 2(bridge_slave_1) entered blocking state [ 869.196515][T17752] bridge0: port 2(bridge_slave_1) entered forwarding state [ 870.090125][T17919] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 870.098003][T17919] #PF: supervisor instruction fetch in kernel mode [ 870.104527][T17919] #PF: error_code(0x0010) - not-present page [ 870.110516][T17919] PGD 800000005c612067 P4D 800000005c612067 PUD 0 [ 870.117057][T17919] Oops: Oops: 0010 [#1] SMP KASAN PTI [ 870.122437][T17919] CPU: 1 UID: 0 PID: 17919 Comm: syz.0.2405 Tainted: G S U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 870.136083][T17919] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER [ 870.141817][T17919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 870.151900][T17919] RIP: 0010:0x0 [ 870.155378][T17919] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 870.162847][T17919] RSP: 0018:ffffc9000be979c8 EFLAGS: 00010287 [ 870.168940][T17919] RAX: 0000000000000959 RBX: 0000000000000000 RCX: ffffc9000ba09000 [ 870.176955][T17919] RDX: 0000000000080000 RSI: ffffea00012b7140 RDI: ffff88805d1c2380 [ 870.185028][T17919] RBP: ffffea00012b7140 R08: 0000000000000007 R09: 0000000000000000 [ 870.193012][T17919] R10: 0000000000000000 R11: 0000000000000001 R12: 1ffff920017d2f3a [ 870.200996][T17919] R13: ffff88805d1c2380 R14: 0000000000000000 R15: dffffc0000000000 [ 870.208985][T17919] FS: 00007f610d13b6c0(0000) GS:ffff88812485f000(0000) knlGS:0000000000000000 [ 870.217937][T17919] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 870.224545][T17919] CR2: ffffffffffffffd6 CR3: 0000000053322000 CR4: 00000000003526f0 [ 870.232536][T17919] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 870.240519][T17919] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 870.248501][T17919] Call Trace: [ 870.251789][T17919] [ 870.254736][T17919] filemap_read_folio+0xc8/0x2a0 [ 870.259707][T17919] ? __pfx_filemap_read_folio+0x10/0x10 [ 870.265372][T17919] ? __filemap_get_folio+0x32b/0xc30 [ 870.270687][T17919] ? down_read+0x13d/0x480 [ 870.275131][T17919] do_read_cache_folio+0x263/0x5c0 [ 870.280354][T17919] freader_get_folio+0x337/0x930 [ 870.285320][T17919] freader_fetch+0xc2/0x5e0 [ 870.289845][T17919] ? mt_find+0x3ef/0xa30 [ 870.294111][T17919] __build_id_parse.isra.0+0xec/0x7a0 [ 870.299512][T17919] ? __pfx___build_id_parse.isra.0+0x10/0x10 [ 870.305536][T17919] ? __pfx_find_vma+0x10/0x10 [ 870.310243][T17919] do_procmap_query+0xd96/0x1090 [ 870.315204][T17919] ? do_vfs_ioctl+0x523/0x1a60 [ 870.319988][T17919] ? __pfx_do_procmap_query+0x10/0x10 [ 870.327154][T17919] ? __fget_files+0x20e/0x3c0 [ 870.331899][T17919] procfs_procmap_ioctl+0x7d/0xb0 [ 870.336975][T17919] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 870.342732][T17919] __x64_sys_ioctl+0x18b/0x210 [ 870.347530][T17919] do_syscall_64+0xcd/0x490 [ 870.352061][T17919] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 870.357979][T17919] RIP: 0033:0x7f610c38e929 [ 870.362602][T17919] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 870.382250][T17919] RSP: 002b:00007f610d13b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 870.390690][T17919] RAX: ffffffffffffffda RBX: 00007f610c5b5fa0 RCX: 00007f610c38e929 [ 870.398676][T17919] RDX: 0000200000000080 RSI: 00000000c0686611 RDI: 0000000000000002 [ 870.406663][T17919] RBP: 00007f610c410b39 R08: 0000000000000000 R09: 0000000000000000 [ 870.414650][T17919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 870.422648][T17919] R13: 0000000000000000 R14: 00007f610c5b5fa0 R15: 00007ffd55f1aa08 [ 870.430731][T17919] [ 870.433763][T17919] Modules linked in: [ 870.437679][T17919] CR2: 0000000000000000 [ 870.441843][T17919] ---[ end trace 0000000000000000 ]--- [ 870.447307][T17919] RIP: 0010:0x0 [ 870.450785][T17919] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 870.458159][T17919] RSP: 0018:ffffc9000be979c8 EFLAGS: 00010287 [ 870.464239][T17919] RAX: 0000000000000959 RBX: 0000000000000000 RCX: ffffc9000ba09000 [ 870.472235][T17919] RDX: 0000000000080000 RSI: ffffea00012b7140 RDI: ffff88805d1c2380 [ 870.480218][T17919] RBP: ffffea00012b7140 R08: 0000000000000007 R09: 0000000000000000 [ 870.488215][T17919] R10: 0000000000000000 R11: 0000000000000001 R12: 1ffff920017d2f3a [ 870.496239][T17919] R13: ffff88805d1c2380 R14: 0000000000000000 R15: dffffc0000000000 [ 870.504224][T17919] FS: 00007f610d13b6c0(0000) GS:ffff88812485f000(0000) knlGS:0000000000000000 [ 870.513286][T17919] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 870.519883][T17919] CR2: ffffffffffffffd6 CR3: 0000000053322000 CR4: 00000000003526f0 [ 870.527874][T17919] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 870.535861][T17919] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 870.543853][T17919] Kernel panic - not syncing: Fatal exception [ 870.550074][T17919] Kernel Offset: disabled [ 870.554400][T17919] Rebooting in 86400 seconds..