last executing test programs:

7.728492893s ago: executing program 0 (id=805):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0xa, 0x3e, 0xfffffffffffffffa, 0x1ffde, 0x7, 0x6, 0x5, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x3, 0x10000, 0x80, 0x7, 0x0, 0x8000007, 0x2000, 0x200, 0x0, 0x40084, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0xb8a0]}, 0x1fe, 0x200c)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'ip6gre0\x00'})
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0)
unshare$auto(0x40000080)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/nbd6/queue/iosched/prio_aging_expire\x00', 0x88282, 0x0)
sendfile$auto(r2, r2, 0x0, 0x1)
r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x2, 0x0)
write$auto_tomoyo_operations_securityfs_if(r3, &(0x7f0000000500)="0a1b9a3c3e3e006e163b99d4d7c3e76dc04c0bcdcd1cb044b3162cb440886d8ebcc2574c58e9867ecec3371cadb848770dc8f745d1c76eedba12b9f694da9dbcf3401910bb713aca465c9bbc23b5d40a", 0x50)
r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
timerfd_settime$auto(0xffffffffffffffff, 0x0, &(0x7f0000000000)={{0xe, 0x3ff}, {0x10, 0xd}}, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r5, 0x6, 0xd, 0x0, 0x0)
ioctl$auto_SG_EMULATED_HOST2(0xffffffffffffffff, 0x2203, 0x0)
read$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffffff, &(0x7f0000000380)=""/223, 0xdf)
r6 = socket(0xa, 0x5, 0x84)
sendto$auto(r6, 0x0, 0x401, 0x101, &(0x7f0000000000)=@generic={0xa, "000000000000fe8000"}, 0x1f)
r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0)
r8 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/controlC1\x00', 0x44a0c0, 0x0)
io_uring_register$auto_IORING_UNREGISTER_PBUF_RING(r8, 0x17, &(0x7f0000000740)="28923f61c88ec5077b990638a5b4e297920b8e87922dde9ce7be4ed67b4996fc51f57e17ebe8adbf5f61b75e71e50db0bb546d7a7d3768fe6454b388521a40b81f3128298263389bfcd03357fd6b9eab3eb68686dab37cf3f2fd39e3d10f75d8aacd7f0b2b1a63973202b4508710d0311b0b44e621c30df8a770e1980efdc6788f02aff179bd6af4dac38c61185d2776754cc7b286b8eed4b7511db9ebd17554f0dc895c8a17348d3b07cbaec996e59ce204d815c55c7045d7f2dd022ecde320b325be2d100ce8f72d6f6005384bc66df8de765b1a5bebeb7791c29d88d7b4d71186844fb29846cec8e0812429e7d52e38f9c8e93a20a9aef2e09d83853cdf7d9ee0bfe4e855e75742cdb5358971f598f0749662b1fae79c302341f367f66308a12bc40fb6304a462872cf90c6a00bcdc738f4c2d03e4a87d61086bc2b4cb59f71c6d7c13bdaa97f1c833ed6eac56b6e41290d864bff90597c28a1f69cb1fc9f406df5edf9a119cdfe55e084ede0bd1a578c2d26d2581aa085d3a25f8c9d43751c489c252452f0708f71d2b6fc27c153ad6584c057427d6243b6b4be53345f986f35348f48e2eab493fd3c15c0c5a40d23fa1e36c19e1c7de2c6b506e5c3be7014411158d32d9b817bfc68bf8588ecf6b0f36cd30b2373bb22bf6bdb51d7e977f6227c98a2dcb6e571db3b7c005d0a575fe04f67e4c068a30878f5cda3adcdbabee2cb8dfe782c11c713f4ac6d2bc83537811e1dcef241bb6faabc19aa42f3acb88ffbb7cc69ee14a91a3423d6a0504633d2c40f4519b3c212ef28d93605a2f2d7c98287a1c4258c45b745bcbcc284346a20e8490526b3a5f25334c2d845bc9400808bd61410070bf2836046aa7e488eaacff4871bd83d018c4d2b5bce84dd0e10d5a3190e7f1779013c3113449a4dffca89c2195d8d5055c443fa24d13de0e084d68f06238fde7a33760db12af2e09d4ef5bc0f42c4d6dcb1cce00d25359e4edaa2054a5025364f7f97173c17b6f5d97b5927321ce02643f15d9477bd4b017bf860e4e59075174d7eaf208339784d5fc3bdd5025190b16d368e95264e76b2fb34e93cd97f184da4abd326bf64884ab0be97f891e96fbe0403a415227a504c7b5bf5af2f29b6ea6e2bd0b0f56470b0eb8b2fea1513b85565a56bb8bcfb8a7762ccb82276a88ce87ba3931351c10c34daeca0b2bca74a72176ce23acaf99c4023152a05d09fec7df572a889be34ceddad0897e33cd1fcad382f3476c73d0e87eaba6edeabb8661e66745bddf2fbd951a546049774575907ed8988f95c60fa3abec6a24afdf3070c6dd90319e4ea3dab210a925cda06b4e85aa2d56daa632791210b43e3b6b05c91d5329251ceeee250f5da07c8d8a26bc6bc2222f6a3da5b2c1121187f4c840c51b5b4c414919f7e9eafe17c213c280ed85b03336d74b89810bc95f84d1de53b44446b73a455ecf283d5f6521ffe789c96306a60da0c8322f85ff1d0efccbe85f039006c649aab6646fd6ec7c9ba539d720c2e96ab02cc4de8a70e07c78df2c99ec641e1e7b81a06e2d7421c1f06371030f0f39861b6ff8fc6f2bdb72db134d45b3a2b608fa7f5c2d177a43447d4c3e0a8eda02fc13301287b963c034fafa6bf10565263584c678d54bbbc7e7e23c56b2930569c3513f79ecc296ec88b38387de54da4cf45b61fe42fa4dfaeec4f24a6acffc00dc6f12aa6d1aca2956871eb0ebfdbde021b1729abb53cf000cbfe8eee5e1d225ded1f52cbf060ca7e21d758b9e4c7f853363b3e275af79be431dcd9d56115f8aee8e5cf7f5f2385708345cc06890bd211e5976698365fb151078fe2bc17f6114c80c98a8a405d77fb9d7023afeb16c7819df1c378fb74b819020cade4c8e29795e321e6ace23f5d53ad5a2f6beaf1bb4e1ae47b19adac64e40a191ea337d555d607362ecc0116c17ef59f1e84b4dbc41a57c53f493f8589b5481620f2d85fde408309f8423e2d6d5463718aae4fd3bd502425a4b21406c627196268fb25b6c20a2053d7dfef2073def526b0ade6ccc46aeef71f2c78b8c921853383ab95522fdf993e525f0845cee57e8b3ba29c1fa74accfac00853da4385d1396d9846ef0f54ca5925b09670aaceab8465ac55d279ff50e9f9a470376461f2793060a66e50f2b0963578e62099e5e225e4e5423a191193d2227ba169b5e14b8af9b5612ce03fbb48bef7b941a29507b7ec73924a88631a6eabda7f1a6540d43fdcea6b0d38be25774cef8a1d8c37658718fe9a7da6ac2682a0855bc3bc7e90d56808c6ee2429c2d27d8cd643a4b202f05462e8a248f92bf428b1a2f869e17d6e3bb4b41e3c9e26dae837a831557982079c112cd8cb42db2e6f3f3fadf5360eb60efdbb7d696953f0738c59230d8eb40c2b06c26697aac33a5ab9b7313c93e52c37e09eda652521ed87e61e3670f7d3b907dfe5c0b2be878f0124d7ad7916b9426ce48f3c4e697dcd223b9e8fde933578f87eef995267a132e7796c52ef29f270ef8eddab6faf134887c5cddf00f09a2bf616ad4b3d95a8cf7b651cc6ce853407cc90e50348df03bd79f42843fe1d533798b9903f2efc56e4f47433a9416e9396a64a91b4a876836d3a9c3a4a9886172df9c0b264616ef9639fa6e62502be143e5c7a14932b8e91f602ffa8e03440c35cdcf21398ff0ac1296ab3eb8894ab42e4ad6c59faeec8c3b57e680f1af40652a11d27cb7ca0d98fea53e4ac614b58852fec64f3c46eaf64c1db517e9c00a2903e21f9ee77cc834ece0a2138be0718a7d2af63dc183c9fe0f1075cd079b0323304b1ebbc63f4bceb6037c76ba8ecb90df4ace03ec30135c87fd13f514401dd8744f0bcb74d8d728f217f374165b7f8f59d731e34b1a472bb7912d79ae031e450a21ed65ba1155da73274007e970185241ed68b68dc2ad7d3fb2f83abebac4d1170a968af8d4d14dac3c5ccce6cc8d057c1cfdfa8a094f9567c958ae5de78edf2f842fb1d0bb4f8607c12abd49fac8bff488da02f025611052fdb85c7800ae4e3f8249fb52ea4bf61b471a3695ec27fcbbc113d1ef4d8bb537f2124f58e1d9c632e583fb6e15d09376e90fe83745ac8462e8b8834033ac551dbd9dd013898b0df9e2e87e19a709531054736153b1b9177f947e8e812a08f56cc5be164dc700a08fb3598052412679309a3a954395a2ea06fb9650af9011b97d497dff8c1226ec1aa05d9b90a06dc6437be10ec467a10939641ab3a21b7e06303add85a4ff36b0421a43684cc5c67ad1532ca09d77417118783bdb1c0c7374a2e189336ef8ed43f2cfdbb4b1a9bb166d4200630240165907d5439a4fdf6cae2fdff645cadfffe48503fbf78fa08362c3df501ddd4086a5de28720a78cbac740e742df8ad48f46b6f55e3aeb6c97ffe18094f74c96063fecaf880aa2fd0da87ddba99ae6687b15b66476a27d4df12f9f47f455ce37fdb1320979eaf35e58e077720bcb481cfb72f63fee3ded96723328f082c00303f6adef3b19421a0d29028b3404ef17497bdfed54eb5a81e81d61b8c07f4769f988b2efb6688e92f4edd51d1172b2c44840acd0be9684e2abd29106eab844404319a89dae0ef99d27b96b9e3f893dadede90b4fb58f302206a506af6e24e59662689a3eb484804ec06b3c58b4710343ba0aa71bc3734020a67cb39781f6843c22a89cc8eb0c3c7f4d5064303814724b320289aa803a0c87317085ec613440c913a5f59cbc6e74711c6dc3af3e1590e20fb9580d7bb8e2c1bde961fab5e8c0778c59b4658c81c61716446bfb11033fe3f8e317b095173797f012e76c43a77706af39d3d686431e42114647ab35d2d9334624f0aa750596f5a857b85d891ddf6af4a8faba84e01d3f44a7776203754a410ee8daa514dace70bfcd8bb6fdd76e4dd9c9479cff910a4f59a370e1d9e575d58795ebe147f51e70f0fe2444ad10f5271e1186da5b47cb881c70246cdfc8b97cd9f4f947cb35f0930dbceb70e5769e79c87e6104969d7742c396fbd20a4f89c2076c7196744c8aa46028fe46fc5ec53c9ee8aa17d4297e3921c114872f61ee455f916a46cdc4c5468629b59cef4900b8c6439520ec2c742d3f12d3899a3a8e90bd7fa91640f3f240cd831ad9e2091e675626cbdf913869a289f4339013491fb0066098e06248cce1b3c7aa401b173464e55e749505cfbc358dbbf4e46ba7042505ae81231646bb194b487284a137b0ad3cb082d23195ac22af7098a09f69a8b4fa3b5ef018becc8ad74389f8f7fbc2e0484dd4892e1e7dcc7e674a665f97bed7c9ef80ab12a20f57408843b7d62eb3acd338c8f55a31e87dc8d176964f795812229107c6c9993461fa509914efa0cbbd7386e434600e4ffebc0f481f75d58de8f5a86cb5f0f11e5f60254ebb5252b9824ab95b27fe03df7f92354510b8ae220d7d4bb869ad580b290cb2c7fe3f73a2325f072e1855c761ed00f2c8f4252df6eea2d1924bb01c4e7bd245c241ad7fd1f0f858be5d9bc141b3ab0adccf4ae54dd871fe418e53d1590f1f3c8bb58698854258a22984ec9ec8193217f8e3548d6367666f09f4cf1156eea513a75618ac7117cafa4a3e918ab7d7860ef8b1993119bf6794bdfd8a1456690b116a4d8860e1340daea0eb71ded6e2ce423e9afb37dfbac460fe6aa165b56ddf66d38d0dd79d6d109dc606ee30e4209d8734788aaf62f9d1c3e23dfaf12691d4802fffb42fe34dba1c4b8ba7e7d9780972b29c8a39e2d9a64d2cf80f2e7f0ecb47c645f7e42367b13c446b47fa417803d00628a0c7284017369aa31c1d73d07eb779f320add5411e032614b079e02799301fa7c6f9f07b27584efa4e465a6fa9ec62ad6ac4a7bf6c03d629e9285f1211cd17cd913742d85d69ee33aa2666a2dbaa50d82e1022ebc11c1515b7d10b7ad133c4bb1675dde4d3c3e9f748b2e54f43e7b3e82c554629aafc8ff520443f9501799c4191a73c2f9773118a3184ca855aa1e8dabab89970e532744f36f4b6e05e3fa27e96a710e795a68e03343ec089a9798259b2309cc41938f603395e9b4328d44b3e3512fca31b92c0dc4da9492f69100cd5af3a5d9ea9539514d2a713d6016d20cf695ce3de89190d644a7372b0bc936aaa984c1a2a267bd75a168dfbfe7616ae26ddb5bbec5731e7560d565181004688dc575474fb78e02cf5d4059a3ca2f44ec96c79c0f7d326caf0aee5dbdb7732440f4891b663020b8dae099e44177ff20bd883f8ac9c67d9b8c61a0888bf3760896a1f4ab98d92b991ed368aa5f8d821bb0886511e9f377a86c36ec2fa182d9932032eb8a83dec02dc3fbeaa9fe6410bdcd9162243e8fa3d4840116fbf12dbc3bb4ac16398358756d1ad4b73377690377132c007900b6e27c0c7208f04d61de9f429161ce9698abe2b7ba2fd58f2a0a25dd6e715970233222cc515904c4157d02b64eba72ac79d66d152670480d03e61c2a607c9fac4336751202829111fe86bbba92f4a90f18d2a047e43205541f2fa2d66e27707de8a25e579c0ccfbda6449a4bcfd7a23cb8a1d38d587f277ef0934be128cb94d46be5b1d26e6fb966fbcd1f302f850c77b141fb171d7875ee44d2acfce492a6a5db12e049ddd88ac105f453703bca65f5ed8ab44ffc15c808b8f3e882a32478ad1c32c5cad0aa95b23af5214dbb65c933da35d8e373c4eea94484c41f8fd1e34cf963afc2a85191a49d2a4b9469dbde2b0ebd16631687182d0dff3904c81033bf59f76897cd3b2161220e00fa043e2f35128843d78992c0ad60ae1a50b9ef400bd2d", 0x3)
read$auto(r7, 0x0, 0x20)
writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3)
bpf$auto(0x0, &(0x7f0000000280)=@link_detach={r7}, 0x4c5)
ioctl$auto_TIOCSTI2(r1, 0x5412, &(0x7f0000000700)="12")

6.816985519s ago: executing program 3 (id=807):
recvmmsg$auto(0xffffffffffffffff, 0x0, 0x0, 0xffffffff, 0x0)
mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x89b0, &(0x7f0000000140)={'bridge0\x00', <r1=>0x0})
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000)
close_range$auto(0x0, 0x5, 0x0)
r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x101202, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_DEL_PMK(0xffffffffffffffff, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000a40)=ANY=[@ANYBLOB="5a1d2a1772eae57526e7543df28252fe5c3560407fe7035ce5b999867c144cddf1ad1bb02182f223c0c2cb68e793f1c284fba290d4", @ANYRESOCT=r1, @ANYBLOB="51743461bc7e0da4a1548b745b7f52a0a6fcbcef243d50e875904b13870757aec924599f3682090f5e6b0c22943326913eedfec2a03e2906a238a5113858d5b2522598c3906c5be94578fbf4b477fcfb8b61bae7ca32a8c99c23fcedc47b6acb89f622ddedc122ce9615fa8ac652e8b385cf1cd881984c64696a4ca533e92f38c89c2e745d99ef7d1aadedc3c728d4ee7b72d02b0e311f79b4a38bcceb30bc6c5ab552046e0731c2875620918a59705d068d1be4369e9b7506c3d5c58997e7835e807d9f42adf907b64cef0c4eb2f7010dd520ae685626f667f1a1a21365c89754f959afa8470016f23e477db3832acbb97cd13d499409", @ANYRES32, @ANYRESHEX, @ANYRES64=r4, @ANYRES16=r3, @ANYRESHEX], 0x1c}, 0x1, 0x0, 0x0, 0x4008800}, 0x4002c800)
stat$auto(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000340)={0x2, 0x0, 0xf661, 0x0, 0xee00, <r5=>0xee00, 0x0, 0xbcd, 0x6c, 0x8, 0x261, 0x5, 0x7fffffff, 0x7, 0x9, 0x8000, 0x144})
ioctl$auto_XFS_IOC_SWAPEXT(0xffffffffffffffff, 0xc0c0586d, &(0x7f0000000080)={0xd, @raw=0x7fffffffffffffff, @raw=0x7fffffff, 0x3, 0x7, '\x00', {0x5, 0x3, 0x0, 0xffffffffffffffff, r5, 0x0, 0x1000, 0x7ff, {0x4, 0x100}, {0x1133, 0x40}, {0x2, 0xc431}, 0xa00, 0x3ae0, 0x4, 0x8, 0xe, 0x0, 0x3, 0xf, 0x8, 0x2, '\x00', 0x7, 0x0, 0x1816, 0x4}})
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xc, 0x800008000)
sysfs$auto(0x2, 0x46, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @loopback}, 0x6a)
r6 = socket(0x2, 0x5, 0x0)
r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x7965dae200b7d1b3, 0x10)
renameat$auto(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', r7, &(0x7f0000000340)='./file0\x00')
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x10, 0x0, 0x7, 0x0, 0xc004, 0xb}, 0xfff}, 0x5, 0x311)
sendmmsg$auto(r6, &(0x7f0000000400)={{&(0x7f00000001c0)="3618b3d64640c945ddf86a720bf2461e82a4aadefe61234ec678cd3c3eac36e3eaa0a36e7777ac174014b4d57e5f3d761faf4cf4920542685b916aa5aea6b5f2c84a2db4", 0x3fc, &(0x7f00000000c0)={0x0, 0xfffffffffffff1b9}, 0x0, 0x0, 0x8000000000000001, 0xb}, 0x8}, 0x10001, 0xfffffff5)
sendmsg$auto_NL80211_CMD_GET_COALESCE(r3, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x40040}, 0x66)
ioctl$auto_SG_GET_RESERVED_SIZE(r2, 0x4c04, 0x0)
r8 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x400042, 0x0)
r9 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x80402, 0x0)
ioctl$auto_SNDCTL_DSP_GETOPTR(r9, 0x800c5012, &(0x7f00000000c0))
write$auto(r8, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\x89\xe8^\x98#\x86\x92\x86w\xa1\x05\x9b\xad}yX\xc5\xc0\x1c\xd1\xd9\x9e\x91\b\xfc=\x18\xf9E\b\xa3Rgu\xf5L\x1d\xf8\ny', 0x401)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r10 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000000), 0x123000, 0x0)
ioctl$auto_USB_RAW_IOCTL_EVENT_FETCH(r10, 0x80085502, 0x0)

6.388324656s ago: executing program 1 (id=809):
mmap$auto(0x0, 0x7, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0)
ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000380)="7a47301037954c081c9a0bb84bb7b04ef84993eab91abe1686f43e43d786e964e8f04455bd620de9f3fb6d65e6c078c1a672c549dbc7876cb528ba081a81d884bfc00dd4eef57cedc0cc4156ff6a5b0aa8ba9511fe2b07c6e7f4732fe36ba218aa5b0ff402f2e6adb8ea60886c1e52c60d7d87e4c0551386501763ad098eb2b9602f83b2a643399f10dfdb0f4018b401be4db675d0acf8d348c26acf338cbe20fcb76439ca602a3c022f4463a8820f1c6f865d24e058af98f0c48bf552c3f6cc28c09d9054347db3c28701c67fa1e57d81b881638b518dd8e24969b7fd10406fcf6eb9bb66bf56ed7568510c72b380fa6efbca845bde90f7672708000000000000003513")
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
lseek$auto(0x3, 0x7fffffffffffffff, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
socket(0x10, 0x2, 0x0)
setsockopt$auto(0xffffffffffffffff, 0x6, 0xc, 0x0, 0x4)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x123002, 0x0)
write$auto(r1, &(0x7f0000000080)='/dev/audio\x00', 0x80000000)
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x147)
ioctl$auto_SNDCTL_DSP_GETODELAY(r1, 0x80045017, &(0x7f0000000180))
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)

6.162961261s ago: executing program 0 (id=810):
mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
readv$auto(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x5}, 0x369)
connect$auto(0xffffffffffffffff, 0x0, 0x3a)
r0 = socket(0x1e, 0x5, 0x0)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r0)
openat$auto_dfs_cpu_ops_debugfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/x86/topo/cpus/1\x00', 0x48140, 0x0)
unshare$auto(0x40000080)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000000)={{0x0, 0x8000001, 0x0, 0x2000000000000003, 0x0, 0x24, 0x1}, 0x401}, 0x800, 0xa0000000)
r1 = socket(0xa, 0x5, 0x84)
sendto$auto(r1, 0x0, 0x401, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c)
ioctl$auto_SNDRV_CTL_IOCTL_TLV_COMMAND(0xffffffffffffffff, 0xc008551c, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/admmidi2\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000001100), 0xa8000, 0x0)
madvise$auto(0x3, 0x6, 0x929e)
ioctl$auto_USB_RAW_IOCTL_EP0_READ(r2, 0xc0085504, &(0x7f0000000040)={0x9, 0x1, 0x400000})

5.932276652s ago: executing program 3 (id=811):
mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
readv$auto(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x5}, 0x369)
connect$auto(0xffffffffffffffff, 0x0, 0x3a)
close_range$auto(0xffffffffffffffff, 0x8, 0x0)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$auto_dfs_cpu_ops_debugfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/x86/topo/cpus/1\x00', 0x48140, 0x0)
unshare$auto(0x40000080)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000000)={{0x0, 0x8000001, 0x0, 0x2000000000000003, 0x0, 0x24, 0x1}, 0x401}, 0x800, 0xa0000000)
r0 = socket(0xa, 0x5, 0x84)
sendto$auto(r0, 0x0, 0x401, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c)
ioctl$auto_SNDRV_CTL_IOCTL_TLV_COMMAND(0xffffffffffffffff, 0xc008551c, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/admmidi2\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000001100), 0xa8000, 0x0)
madvise$auto(0x3, 0x6, 0x929e)
ioctl$auto_USB_RAW_IOCTL_EP0_READ(r1, 0xc0085504, &(0x7f0000000040)={0x9, 0x1, 0x400000})

5.787107745s ago: executing program 2 (id=812):
socket(0x2, 0x5, 0x0)
bind$auto(0x3, 0x0, 0x6a)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x18dd01, 0x0)
syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000002740), 0xffffffffffffffff)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0)
madvise$auto(0x0, 0x2003f2, 0x15)
io_uring_setup$auto(0x1, 0x0)
futex$auto(&(0x7f0000000080)=0x1, 0xb, 0x1, 0x0, 0x0, 0xfffffffa)
futex$auto(&(0x7f0000000080)=0xfffffffa, 0xc, 0x1, 0x0, 0x0, 0xfffffffa)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$auto(0x0, 0x0, 0x9f)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x2d00, 0x0)
read$auto_tracing_buffers_fops_trace(r0, 0x0, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x4ff, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_TIPC_NL_MEDIA_GET(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x10)

5.326455566s ago: executing program 1 (id=813):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0xa, 0x3e, 0xfffffffffffffffa, 0x1ffde, 0x7, 0x6, 0x5, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x3, 0x10000, 0x80, 0x7, 0x0, 0x8000007, 0x2000, 0x200, 0x0, 0x40084, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0xb8a0]}, 0x1fe, 0x200c)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'ip6gre0\x00'})
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0)
unshare$auto(0x40000080)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/nbd6/queue/iosched/prio_aging_expire\x00', 0x88282, 0x0)
sendfile$auto(r2, r2, 0x0, 0x1)
r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x2, 0x0)
write$auto_tomoyo_operations_securityfs_if(r3, &(0x7f0000000500)="0a1b9a3c3e3e006e163b99d4d7c3e76dc04c0bcdcd1cb044b3162cb440886d8ebcc2574c58e9867ecec3371cadb848770dc8f745d1c76eedba12b9f694da9dbcf3401910bb713aca465c9bbc23b5d40a", 0x50)
r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
timerfd_settime$auto(0xffffffffffffffff, 0x0, &(0x7f0000000000)={{0xe, 0x3ff}, {0x10, 0xd}}, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r5, 0x6, 0xd, 0x0, 0x0)
ioctl$auto_SG_EMULATED_HOST2(0xffffffffffffffff, 0x2203, 0x0)
read$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffffff, &(0x7f0000000380)=""/223, 0xdf)
r6 = socket(0xa, 0x5, 0x84)
sendto$auto(r6, 0x0, 0x401, 0x101, &(0x7f0000000000)=@generic={0xa, "000000000000fe8000"}, 0x1f)
r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0)
r8 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/controlC1\x00', 0x44a0c0, 0x0)
io_uring_register$auto_IORING_UNREGISTER_PBUF_RING(r8, 0x17, &(0x7f0000000740)="28923f61c88ec5077b990638a5b4e297920b8e87922dde9ce7be4ed67b4996fc51f57e17ebe8adbf5f61b75e71e50db0bb546d7a7d3768fe6454b388521a40b81f3128298263389bfcd03357fd6b9eab3eb68686dab37cf3f2fd39e3d10f75d8aacd7f0b2b1a63973202b4508710d0311b0b44e621c30df8a770e1980efdc6788f02aff179bd6af4dac38c61185d2776754cc7b286b8eed4b7511db9ebd17554f0dc895c8a17348d3b07cbaec996e59ce204d815c55c7045d7f2dd022ecde320b325be2d100ce8f72d6f6005384bc66df8de765b1a5bebeb7791c29d88d7b4d71186844fb29846cec8e0812429e7d52e38f9c8e93a20a9aef2e09d83853cdf7d9ee0bfe4e855e75742cdb5358971f598f0749662b1fae79c302341f367f66308a12bc40fb6304a462872cf90c6a00bcdc738f4c2d03e4a87d61086bc2b4cb59f71c6d7c13bdaa97f1c833ed6eac56b6e41290d864bff90597c28a1f69cb1fc9f406df5edf9a119cdfe55e084ede0bd1a578c2d26d2581aa085d3a25f8c9d43751c489c252452f0708f71d2b6fc27c153ad6584c057427d6243b6b4be53345f986f35348f48e2eab493fd3c15c0c5a40d23fa1e36c19e1c7de2c6b506e5c3be7014411158d32d9b817bfc68bf8588ecf6b0f36cd30b2373bb22bf6bdb51d7e977f6227c98a2dcb6e571db3b7c005d0a575fe04f67e4c068a30878f5cda3adcdbabee2cb8dfe782c11c713f4ac6d2bc83537811e1dcef241bb6faabc19aa42f3acb88ffbb7cc69ee14a91a3423d6a0504633d2c40f4519b3c212ef28d93605a2f2d7c98287a1c4258c45b745bcbcc284346a20e8490526b3a5f25334c2d845bc9400808bd61410070bf2836046aa7e488eaacff4871bd83d018c4d2b5bce84dd0e10d5a3190e7f1779013c3113449a4dffca89c2195d8d5055c443fa24d13de0e084d68f06238fde7a33760db12af2e09d4ef5bc0f42c4d6dcb1cce00d25359e4edaa2054a5025364f7f97173c17b6f5d97b5927321ce02643f15d9477bd4b017bf860e4e59075174d7eaf208339784d5fc3bdd5025190b16d368e95264e76b2fb34e93cd97f184da4abd326bf64884ab0be97f891e96fbe0403a415227a504c7b5bf5af2f29b6ea6e2bd0b0f56470b0eb8b2fea1513b85565a56bb8bcfb8a7762ccb82276a88ce87ba3931351c10c34daeca0b2bca74a72176ce23acaf99c4023152a05d09fec7df572a889be34ceddad0897e33cd1fcad382f3476c73d0e87eaba6edeabb8661e66745bddf2fbd951a546049774575907ed8988f95c60fa3abec6a24afdf3070c6dd90319e4ea3dab210a925cda06b4e85aa2d56daa632791210b43e3b6b05c91d5329251ceeee250f5da07c8d8a26bc6bc2222f6a3da5b2c1121187f4c840c51b5b4c414919f7e9eafe17c213c280ed85b03336d74b89810bc95f84d1de53b44446b73a455ecf283d5f6521ffe789c96306a60da0c8322f85ff1d0efccbe85f039006c649aab6646fd6ec7c9ba539d720c2e96ab02cc4de8a70e07c78df2c99ec641e1e7b81a06e2d7421c1f06371030f0f39861b6ff8fc6f2bdb72db134d45b3a2b608fa7f5c2d177a43447d4c3e0a8eda02fc13301287b963c034fafa6bf10565263584c678d54bbbc7e7e23c56b2930569c3513f79ecc296ec88b38387de54da4cf45b61fe42fa4dfaeec4f24a6acffc00dc6f12aa6d1aca2956871eb0ebfdbde021b1729abb53cf000cbfe8eee5e1d225ded1f52cbf060ca7e21d758b9e4c7f853363b3e275af79be431dcd9d56115f8aee8e5cf7f5f2385708345cc06890bd211e5976698365fb151078fe2bc17f6114c80c98a8a405d77fb9d7023afeb16c7819df1c378fb74b819020cade4c8e29795e321e6ace23f5d53ad5a2f6beaf1bb4e1ae47b19adac64e40a191ea337d555d607362ecc0116c17ef59f1e84b4dbc41a57c53f493f8589b5481620f2d85fde408309f8423e2d6d5463718aae4fd3bd502425a4b21406c627196268fb25b6c20a2053d7dfef2073def526b0ade6ccc46aeef71f2c78b8c921853383ab95522fdf993e525f0845cee57e8b3ba29c1fa74accfac00853da4385d1396d9846ef0f54ca5925b09670aaceab8465ac55d279ff50e9f9a470376461f2793060a66e50f2b0963578e62099e5e225e4e5423a191193d2227ba169b5e14b8af9b5612ce03fbb48bef7b941a29507b7ec73924a88631a6eabda7f1a6540d43fdcea6b0d38be25774cef8a1d8c37658718fe9a7da6ac2682a0855bc3bc7e90d56808c6ee2429c2d27d8cd643a4b202f05462e8a248f92bf428b1a2f869e17d6e3bb4b41e3c9e26dae837a831557982079c112cd8cb42db2e6f3f3fadf5360eb60efdbb7d696953f0738c59230d8eb40c2b06c26697aac33a5ab9b7313c93e52c37e09eda652521ed87e61e3670f7d3b907dfe5c0b2be878f0124d7ad7916b9426ce48f3c4e697dcd223b9e8fde933578f87eef995267a132e7796c52ef29f270ef8eddab6faf134887c5cddf00f09a2bf616ad4b3d95a8cf7b651cc6ce853407cc90e50348df03bd79f42843fe1d533798b9903f2efc56e4f47433a9416e9396a64a91b4a876836d3a9c3a4a9886172df9c0b264616ef9639fa6e62502be143e5c7a14932b8e91f602ffa8e03440c35cdcf21398ff0ac1296ab3eb8894ab42e4ad6c59faeec8c3b57e680f1af40652a11d27cb7ca0d98fea53e4ac614b58852fec64f3c46eaf64c1db517e9c00a2903e21f9ee77cc834ece0a2138be0718a7d2af63dc183c9fe0f1075cd079b0323304b1ebbc63f4bceb6037c76ba8ecb90df4ace03ec30135c87fd13f514401dd8744f0bcb74d8d728f217f374165b7f8f59d731e34b1a472bb7912d79ae031e450a21ed65ba1155da73274007e970185241ed68b68dc2ad7d3fb2f83abebac4d1170a968af8d4d14dac3c5ccce6cc8d057c1cfdfa8a094f9567c958ae5de78edf2f842fb1d0bb4f8607c12abd49fac8bff488da02f025611052fdb85c7800ae4e3f8249fb52ea4bf61b471a3695ec27fcbbc113d1ef4d8bb537f2124f58e1d9c632e583fb6e15d09376e90fe83745ac8462e8b8834033ac551dbd9dd013898b0df9e2e87e19a709531054736153b1b9177f947e8e812a08f56cc5be164dc700a08fb3598052412679309a3a954395a2ea06fb9650af9011b97d497dff8c1226ec1aa05d9b90a06dc6437be10ec467a10939641ab3a21b7e06303add85a4ff36b0421a43684cc5c67ad1532ca09d77417118783bdb1c0c7374a2e189336ef8ed43f2cfdbb4b1a9bb166d4200630240165907d5439a4fdf6cae2fdff645cadfffe48503fbf78fa08362c3df501ddd4086a5de28720a78cbac740e742df8ad48f46b6f55e3aeb6c97ffe18094f74c96063fecaf880aa2fd0da87ddba99ae6687b15b66476a27d4df12f9f47f455ce37fdb1320979eaf35e58e077720bcb481cfb72f63fee3ded96723328f082c00303f6adef3b19421a0d29028b3404ef17497bdfed54eb5a81e81d61b8c07f4769f988b2efb6688e92f4edd51d1172b2c44840acd0be9684e2abd29106eab844404319a89dae0ef99d27b96b9e3f893dadede90b4fb58f302206a506af6e24e59662689a3eb484804ec06b3c58b4710343ba0aa71bc3734020a67cb39781f6843c22a89cc8eb0c3c7f4d5064303814724b320289aa803a0c87317085ec613440c913a5f59cbc6e74711c6dc3af3e1590e20fb9580d7bb8e2c1bde961fab5e8c0778c59b4658c81c61716446bfb11033fe3f8e317b095173797f012e76c43a77706af39d3d686431e42114647ab35d2d9334624f0aa750596f5a857b85d891ddf6af4a8faba84e01d3f44a7776203754a410ee8daa514dace70bfcd8bb6fdd76e4dd9c9479cff910a4f59a370e1d9e575d58795ebe147f51e70f0fe2444ad10f5271e1186da5b47cb881c70246cdfc8b97cd9f4f947cb35f0930dbceb70e5769e79c87e6104969d7742c396fbd20a4f89c2076c7196744c8aa46028fe46fc5ec53c9ee8aa17d4297e3921c114872f61ee455f916a46cdc4c5468629b59cef4900b8c6439520ec2c742d3f12d3899a3a8e90bd7fa91640f3f240cd831ad9e2091e675626cbdf913869a289f4339013491fb0066098e06248cce1b3c7aa401b173464e55e749505cfbc358dbbf4e46ba7042505ae81231646bb194b487284a137b0ad3cb082d23195ac22af7098a09f69a8b4fa3b5ef018becc8ad74389f8f7fbc2e0484dd4892e1e7dcc7e674a665f97bed7c9ef80ab12a20f57408843b7d62eb3acd338c8f55a31e87dc8d176964f795812229107c6c9993461fa509914efa0cbbd7386e434600e4ffebc0f481f75d58de8f5a86cb5f0f11e5f60254ebb5252b9824ab95b27fe03df7f92354510b8ae220d7d4bb869ad580b290cb2c7fe3f73a2325f072e1855c761ed00f2c8f4252df6eea2d1924bb01c4e7bd245c241ad7fd1f0f858be5d9bc141b3ab0adccf4ae54dd871fe418e53d1590f1f3c8bb58698854258a22984ec9ec8193217f8e3548d6367666f09f4cf1156eea513a75618ac7117cafa4a3e918ab7d7860ef8b1993119bf6794bdfd8a1456690b116a4d8860e1340daea0eb71ded6e2ce423e9afb37dfbac460fe6aa165b56ddf66d38d0dd79d6d109dc606ee30e4209d8734788aaf62f9d1c3e23dfaf12691d4802fffb42fe34dba1c4b8ba7e7d9780972b29c8a39e2d9a64d2cf80f2e7f0ecb47c645f7e42367b13c446b47fa417803d00628a0c7284017369aa31c1d73d07eb779f320add5411e032614b079e02799301fa7c6f9f07b27584efa4e465a6fa9ec62ad6ac4a7bf6c03d629e9285f1211cd17cd913742d85d69ee33aa2666a2dbaa50d82e1022ebc11c1515b7d10b7ad133c4bb1675dde4d3c3e9f748b2e54f43e7b3e82c554629aafc8ff520443f9501799c4191a73c2f9773118a3184ca855aa1e8dabab89970e532744f36f4b6e05e3fa27e96a710e795a68e03343ec089a9798259b2309cc41938f603395e9b4328d44b3e3512fca31b92c0dc4da9492f69100cd5af3a5d9ea9539514d2a713d6016d20cf695ce3de89190d644a7372b0bc936aaa984c1a2a267bd75a168dfbfe7616ae26ddb5bbec5731e7560d565181004688dc575474fb78e02cf5d4059a3ca2f44ec96c79c0f7d326caf0aee5dbdb7732440f4891b663020b8dae099e44177ff20bd883f8ac9c67d9b8c61a0888bf3760896a1f4ab98d92b991ed368aa5f8d821bb0886511e9f377a86c36ec2fa182d9932032eb8a83dec02dc3fbeaa9fe6410bdcd9162243e8fa3d4840116fbf12dbc3bb4ac16398358756d1ad4b73377690377132c007900b6e27c0c7208f04d61de9f429161ce9698abe2b7ba2fd58f2a0a25dd6e715970233222cc515904c4157d02b64eba72ac79d66d152670480d03e61c2a607c9fac4336751202829111fe86bbba92f4a90f18d2a047e43205541f2fa2d66e27707de8a25e579c0ccfbda6449a4bcfd7a23cb8a1d38d587f277ef0934be128cb94d46be5b1d26e6fb966fbcd1f302f850c77b141fb171d7875ee44d2acfce492a6a5db12e049ddd88ac105f453703bca65f5ed8ab44ffc15c808b8f3e882a32478ad1c32c5cad0aa95b23af5214dbb65c933da35d8e373c4eea94484c41f8fd1e34cf963afc2a85191a49d2a4b9469dbde2b0ebd16631687182d0dff3904c81033bf59f76897cd3b2161220e00fa043e2f35128843d78992c0ad60ae1a50b9ef400bd2d", 0x3)
read$auto(r7, 0x0, 0x20)
writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3)
bpf$auto(0x0, &(0x7f0000000280)=@link_detach={r7}, 0x4c5)
ioctl$auto_TIOCSTI2(r1, 0x5412, &(0x7f0000000700)="12")

5.254160177s ago: executing program 2 (id=814):
r0 = socket(0x2, 0x5, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
sendmmsg$auto(r0, 0x0, 0x4, 0x5)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x18dd01, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x2003f2, 0x15)
ioctl$auto_BLKALIGNOFF(0xffffffffffffffff, 0x127a, 0x0)
madvise$auto(0x0, 0x1010001, 0x100000003)
madvise$auto(0x1000, 0x400050, 0x9)
openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/error_log\x00', 0xb01, 0x0)
r1 = io_uring_setup$auto(0x1, 0x0)
futex$auto(&(0x7f0000000080)=0x1, 0xb, 0x1, 0x0, 0x0, 0xfffffffa)
futex$auto(&(0x7f0000000080)=0xfffffffa, 0xc, 0x1, 0x0, 0x0, 0xfffffffa)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x40009, 0x2, 0x9b72, 0x7, 0x28000)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$auto(0x0, &(0x7f0000000780)=@link_create={@map_fd=r1, @target_ifindex, 0xfffffff7, 0x9c, @uprobe_multi={0xbb63, 0x7fffffffffffffff, 0x2, 0xfffffffffffffffb, 0x1d34, 0x1}}, 0x9f)
read$auto_tracing_buffers_fops_trace(0xffffffffffffffff, &(0x7f00000000c0)=""/194, 0xc2)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x4ff, 0x0)

4.629608422s ago: executing program 1 (id=815):
mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
readv$auto(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x5}, 0x369)
connect$auto(0xffffffffffffffff, 0x0, 0x3a)
close_range$auto(0xffffffffffffffff, 0x8, 0x0)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), 0xffffffffffffffff)
openat$auto_dfs_cpu_ops_debugfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/x86/topo/cpus/1\x00', 0x48140, 0x0)
unshare$auto(0x40000080)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000000)={{0x0, 0x8000001, 0x0, 0x2000000000000003, 0x0, 0x24, 0x1}, 0x401}, 0x800, 0xa0000000)
r0 = socket(0xa, 0x5, 0x84)
sendto$auto(r0, 0x0, 0x401, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c)
ioctl$auto_SNDRV_CTL_IOCTL_TLV_COMMAND(0xffffffffffffffff, 0xc008551c, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/admmidi2\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000001100), 0xa8000, 0x0)
madvise$auto(0x3, 0x6, 0x929e)
ioctl$auto_USB_RAW_IOCTL_EP0_READ(r1, 0xc0085504, &(0x7f0000000040)={0x9, 0x1, 0x400000})

4.543502495s ago: executing program 3 (id=816):
r0 = fsopen$auto(0x0, 0x1)
fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0)
process_madvise$auto_MADV_PAGEOUT(r0, &(0x7f0000000180)={&(0x7f00000000c0)="6bc435df379d38af2070e83ab820b0b15150be99d3063202de267667bb5fa15ce74ac0fb440ea2015d190f8ebd6e6427cb9a59d3cad3d2819c4e21caabd133d6cccdbae60f4ae89d62159cdb0cd02b6c24f2f4b16912ffec395de0e2a131d6047ed554bff8eed5782198b7615f59bd171d433765771e3ebe9ba010b66a31cb92dc09aab37592b5f66bbc92184733254768720007c7d6097032cea9fe5d18b38b4598956717fe92912375382c9e061b42", 0x3}, 0x1, 0x15, 0x5)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
listmount$auto(0xfffffffffffffffd, 0x0, 0x8, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
select$auto(0x500000, 0x0, &(0x7f0000000240)={[0x8, 0x200000000006, 0x800000004, 0x8000, 0x0, 0x80000008, 0x7, 0x6, 0x8fc, 0xb80, 0x100000e34d, 0x4009, 0x8000, 0xfffffffffffff954, 0xfffffffffffffef8, 0x4]}, 0x0, &(0x7f0000000080)={0x1, 0x401})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/kernel/ns_last_pid\x00', 0x88642, 0x0)
read$auto_proc_sys_file_operations_proc_sysctl(r1, 0x0, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
write$auto(0xffffffffffffffff, &(0x7f0000000180)='7\x00\xe6\xeaA\r\nW\xa6&\xff\xff\f\x00\x00\x00\xff\x00\x00\x00\x00\x00\x1f\xde\x00\x00\x00\x00\x00\x00\x00', 0x9)
set_mempolicy$auto(0x6, 0x0, 0x9)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0xe01, 0x0)
fadvise64$auto_POSIX_FADV_DONTNEED(0xffffffffffffffff, 0x10, 0x8, 0x4)
setresgid$auto(0xffffffffffffffff, 0xee00, 0x0)
r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0)
read$auto(r2, &(0x7f00000002c0)='N\xd5\f\xb9GC*(,\x00\xc4bAL\xa3`\xb1\xf2T\xc0\x1d\xa4\x10r\xc4\xa2\xb1y\t\x05\xe7\xc04b$\x99.\xb4\xcc\xc0%\xaa\xd3\xd5\xef\xa4\xd35u\xc0\xa6\r\xcaJ\x11\xaf\x93\xde\xc3|\x17\x96\xd1\x15g\x10\x1ai1(=!\xf1\xe8\xe4\xcdm\xed\rW\xe7\xfbL\\\xf2sj(\v\xcd\xe5\x02B\x81ss\xdd\x8199\xa5\x1e\xb0A\xa3\xcbj7\xe9\xc9L\xcc\xc6\xa4\xaf%\xba\xda\xee\xd8%:bXj\xd5[UG\x8a\x8ab\x9a\x18\xe8K\xafU\x8d\xb1\f~\xaa\xab(\x86(\xf9\b\xf7$%\xf2\x11\xa4\x9bj\xc1)\n\x1ft\xb6\xaf\xe2\xd4\x95\xa3\xe1', 0x100000001)
openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x2, 0x0)
ioctl$auto_TUNSETCARRIER(r0, 0x400454e2, 0x0)
socket(0x3, 0x805, 0x4)
r3 = socket(0x2a, 0x2, 0x1)
r4 = memfd_create$auto(&(0x7f0000000300)='/sys/kernel/debug/x86/boot_params/data\x00\"F\xb6\xcd\x06\xd6\x97\\L\xe1\xb2\xee\xb8\x8e\xd6O\xa1j\x90w\xc7\x94\xb7yi\x01&\x04b/\xaa\xfb#s\xc4\xa3\xa7\xacj\xc6\x8e\xf4L\x9a\xf8\xcc\xdcy\x9f\x93\xbc\xf6\xc8\xdb\x05w,|B\xfc\x04\x97\xd3\x0f\x8b\x81\xe8\xbc\x81\x0e\xd7o\xd2\xcd\x18z\xc2\xb7|\xe1\xa6\x9a~\x96\x10rnLnt\xdb\xdb-\x1b\x99\xd4\xed;\xf8\x13a\r\xf2\a\x85%\xef\xa7\x7f#\x96\xf2S\xb0\xf1Hq\x0f;\x83\xb7\x0fz\x9dN\xc9\x1e\x15r\x97|\xbfE\xce\"', 0x4)
fallocate$auto(r4, 0x0, 0x9, 0x4cbd5d)
bind$auto(r3, &(0x7f0000000080)=@rc={0x1f, @none, 0x48}, 0x6c)
connect$auto(r3, &(0x7f0000000140)=@qipcrtr={0x2a, 0x1, 0x4000}, 0x57)

3.779814742s ago: executing program 0 (id=817):
openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/config/nullb/features\x00', 0x109103, 0xfeff)

3.553985763s ago: executing program 0 (id=818):
close_range$auto(0x2, 0xa, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/mpls/platform_labels\x00', 0x202, 0x0)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xe, 0x9, 0x5, 0x14, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0x0, 0x5, 0x3, 0x4, 0x7, 0x20, 0x309, 0x8, 0x0, 0x7fffffff, 0x3, 0x0, 0x0, 0x78, 0x0, 0xfffffffe, [0x0, 0x0, 0x0, 0x200, 0x9, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x4000000000000, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0xe, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x10, 0xfffffffffffffffe, 0xffffffffffffd059, 0x0, 0x0, 0x0, 0x2961, 0x0, 0x2]}, 0x2001fb, 0x7e)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
r0 = socket(0x1d, 0x3, 0x1)
setsockopt$auto(r0, 0x65, 0x2, 0x0, 0x5)
listen$auto(0xffffffffffffffff, 0x0)
io_uring_setup$auto(0x59, &(0x7f0000000000)={0x83, 0x1000, 0x6, 0x1, 0xffffffff, 0xa, 0xffffffffffffffff, [], {0x8, 0x1, 0x0, 0x8998d60, 0x8000100, 0x7fff, 0x8000105, 0x0, 0x8d6}, {0xbfc7, 0x1, 0x52, 0x8, 0x47304, 0x3d, 0x8, 0x7, 0x8001}})
mmap$auto(0x0, 0xf6, 0xdf, 0xeb1, 0x401, 0x0)
r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x189002, 0x0)
ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x0, 0x0)
r2 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x101040, 0x0)
read$auto_rng_chrdev_ops_core(r2, &(0x7f0000000040)=""/4096, 0xfffffe82)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
r3 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000040), 0x8442, 0x0)
ioctl$auto_PPPIOCSPASS(r3, 0x40107447, &(0x7f0000000080)={0x0, 0x0})
openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000001040)='/sys/kernel/debug/usb/usbmon/35u\x00', 0x40000, 0x0)
ioctl$auto_PPPIOCSPASS(r1, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x28, 0xf3, 0xb0, @raw=0xfffff014}})
r4 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000100)={0x0, 0x7155}, 0x2, 0x0, 0x8, 0xa505}, 0x4}, 0x6, 0x4008)

3.531301495s ago: executing program 2 (id=819):
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/kernel/cad_pid\x00', 0x242, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x163340, 0x2a)
socket(0x2a, 0x2, 0x1)
ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
write$auto(0xca, &(0x7f0000000140)='\x04\x14\xa8\x1bk|d\v\x00\x00@\x00\x81\x00\x12\x00\xf6\xf5\x00\xdf\xff\x00', 0x13)

3.401705126s ago: executing program 3 (id=820):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0xa, 0x3e, 0xfffffffffffffffa, 0x1ffde, 0x7, 0x6, 0x5, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x3, 0x10000, 0x80, 0x7, 0x0, 0x8000007, 0x2000, 0x200, 0x0, 0x40084, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0xb8a0]}, 0x1fe, 0x200c)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'ip6gre0\x00'})
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0)
unshare$auto(0x40000080)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/nbd6/queue/iosched/prio_aging_expire\x00', 0x88282, 0x0)
sendfile$auto(r2, r2, 0x0, 0x1)
r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x2, 0x0)
write$auto_tomoyo_operations_securityfs_if(r3, &(0x7f0000000500)="0a1b9a3c3e3e006e163b99d4d7c3e76dc04c0bcdcd1cb044b3162cb440886d8ebcc2574c58e9867ecec3371cadb848770dc8f745d1c76eedba12b9f694da9dbcf3401910bb713aca465c9bbc23b5d40a", 0x50)
r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
timerfd_settime$auto(0xffffffffffffffff, 0x0, &(0x7f0000000000)={{0xe, 0x3ff}, {0x10, 0xd}}, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r5, 0x6, 0xd, 0x0, 0x0)
ioctl$auto_SG_EMULATED_HOST2(0xffffffffffffffff, 0x2203, 0x0)
read$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffffff, &(0x7f0000000380)=""/223, 0xdf)
r6 = socket(0xa, 0x5, 0x84)
sendto$auto(r6, 0x0, 0x401, 0x101, &(0x7f0000000000)=@generic={0xa, "000000000000fe8000"}, 0x1f)
r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0)
r8 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/controlC1\x00', 0x44a0c0, 0x0)
io_uring_register$auto_IORING_UNREGISTER_PBUF_RING(r8, 0x17, &(0x7f0000000740)="28923f61c88ec5077b990638a5b4e297920b8e87922dde9ce7be4ed67b4996fc51f57e17ebe8adbf5f61b75e71e50db0bb546d7a7d3768fe6454b388521a40b81f3128298263389bfcd03357fd6b9eab3eb68686dab37cf3f2fd39e3d10f75d8aacd7f0b2b1a63973202b4508710d0311b0b44e621c30df8a770e1980efdc6788f02aff179bd6af4dac38c61185d2776754cc7b286b8eed4b7511db9ebd17554f0dc895c8a17348d3b07cbaec996e59ce204d815c55c7045d7f2dd022ecde320b325be2d100ce8f72d6f6005384bc66df8de765b1a5bebeb7791c29d88d7b4d71186844fb29846cec8e0812429e7d52e38f9c8e93a20a9aef2e09d83853cdf7d9ee0bfe4e855e75742cdb5358971f598f0749662b1fae79c302341f367f66308a12bc40fb6304a462872cf90c6a00bcdc738f4c2d03e4a87d61086bc2b4cb59f71c6d7c13bdaa97f1c833ed6eac56b6e41290d864bff90597c28a1f69cb1fc9f406df5edf9a119cdfe55e084ede0bd1a578c2d26d2581aa085d3a25f8c9d43751c489c252452f0708f71d2b6fc27c153ad6584c057427d6243b6b4be53345f986f35348f48e2eab493fd3c15c0c5a40d23fa1e36c19e1c7de2c6b506e5c3be7014411158d32d9b817bfc68bf8588ecf6b0f36cd30b2373bb22bf6bdb51d7e977f6227c98a2dcb6e571db3b7c005d0a575fe04f67e4c068a30878f5cda3adcdbabee2cb8dfe782c11c713f4ac6d2bc83537811e1dcef241bb6faabc19aa42f3acb88ffbb7cc69ee14a91a3423d6a0504633d2c40f4519b3c212ef28d93605a2f2d7c98287a1c4258c45b745bcbcc284346a20e8490526b3a5f25334c2d845bc9400808bd61410070bf2836046aa7e488eaacff4871bd83d018c4d2b5bce84dd0e10d5a3190e7f1779013c3113449a4dffca89c2195d8d5055c443fa24d13de0e084d68f06238fde7a33760db12af2e09d4ef5bc0f42c4d6dcb1cce00d25359e4edaa2054a5025364f7f97173c17b6f5d97b5927321ce02643f15d9477bd4b017bf860e4e59075174d7eaf208339784d5fc3bdd5025190b16d368e95264e76b2fb34e93cd97f184da4abd326bf64884ab0be97f891e96fbe0403a415227a504c7b5bf5af2f29b6ea6e2bd0b0f56470b0eb8b2fea1513b85565a56bb8bcfb8a7762ccb82276a88ce87ba3931351c10c34daeca0b2bca74a72176ce23acaf99c4023152a05d09fec7df572a889be34ceddad0897e33cd1fcad382f3476c73d0e87eaba6edeabb8661e66745bddf2fbd951a546049774575907ed8988f95c60fa3abec6a24afdf3070c6dd90319e4ea3dab210a925cda06b4e85aa2d56daa632791210b43e3b6b05c91d5329251ceeee250f5da07c8d8a26bc6bc2222f6a3da5b2c1121187f4c840c51b5b4c414919f7e9eafe17c213c280ed85b03336d74b89810bc95f84d1de53b44446b73a455ecf283d5f6521ffe789c96306a60da0c8322f85ff1d0efccbe85f039006c649aab6646fd6ec7c9ba539d720c2e96ab02cc4de8a70e07c78df2c99ec641e1e7b81a06e2d7421c1f06371030f0f39861b6ff8fc6f2bdb72db134d45b3a2b608fa7f5c2d177a43447d4c3e0a8eda02fc13301287b963c034fafa6bf10565263584c678d54bbbc7e7e23c56b2930569c3513f79ecc296ec88b38387de54da4cf45b61fe42fa4dfaeec4f24a6acffc00dc6f12aa6d1aca2956871eb0ebfdbde021b1729abb53cf000cbfe8eee5e1d225ded1f52cbf060ca7e21d758b9e4c7f853363b3e275af79be431dcd9d56115f8aee8e5cf7f5f2385708345cc06890bd211e5976698365fb151078fe2bc17f6114c80c98a8a405d77fb9d7023afeb16c7819df1c378fb74b819020cade4c8e29795e321e6ace23f5d53ad5a2f6beaf1bb4e1ae47b19adac64e40a191ea337d555d607362ecc0116c17ef59f1e84b4dbc41a57c53f493f8589b5481620f2d85fde408309f8423e2d6d5463718aae4fd3bd502425a4b21406c627196268fb25b6c20a2053d7dfef2073def526b0ade6ccc46aeef71f2c78b8c921853383ab95522fdf993e525f0845cee57e8b3ba29c1fa74accfac00853da4385d1396d9846ef0f54ca5925b09670aaceab8465ac55d279ff50e9f9a470376461f2793060a66e50f2b0963578e62099e5e225e4e5423a191193d2227ba169b5e14b8af9b5612ce03fbb48bef7b941a29507b7ec73924a88631a6eabda7f1a6540d43fdcea6b0d38be25774cef8a1d8c37658718fe9a7da6ac2682a0855bc3bc7e90d56808c6ee2429c2d27d8cd643a4b202f05462e8a248f92bf428b1a2f869e17d6e3bb4b41e3c9e26dae837a831557982079c112cd8cb42db2e6f3f3fadf5360eb60efdbb7d696953f0738c59230d8eb40c2b06c26697aac33a5ab9b7313c93e52c37e09eda652521ed87e61e3670f7d3b907dfe5c0b2be878f0124d7ad7916b9426ce48f3c4e697dcd223b9e8fde933578f87eef995267a132e7796c52ef29f270ef8eddab6faf134887c5cddf00f09a2bf616ad4b3d95a8cf7b651cc6ce853407cc90e50348df03bd79f42843fe1d533798b9903f2efc56e4f47433a9416e9396a64a91b4a876836d3a9c3a4a9886172df9c0b264616ef9639fa6e62502be143e5c7a14932b8e91f602ffa8e03440c35cdcf21398ff0ac1296ab3eb8894ab42e4ad6c59faeec8c3b57e680f1af40652a11d27cb7ca0d98fea53e4ac614b58852fec64f3c46eaf64c1db517e9c00a2903e21f9ee77cc834ece0a2138be0718a7d2af63dc183c9fe0f1075cd079b0323304b1ebbc63f4bceb6037c76ba8ecb90df4ace03ec30135c87fd13f514401dd8744f0bcb74d8d728f217f374165b7f8f59d731e34b1a472bb7912d79ae031e450a21ed65ba1155da73274007e970185241ed68b68dc2ad7d3fb2f83abebac4d1170a968af8d4d14dac3c5ccce6cc8d057c1cfdfa8a094f9567c958ae5de78edf2f842fb1d0bb4f8607c12abd49fac8bff488da02f025611052fdb85c7800ae4e3f8249fb52ea4bf61b471a3695ec27fcbbc113d1ef4d8bb537f2124f58e1d9c632e583fb6e15d09376e90fe83745ac8462e8b8834033ac551dbd9dd013898b0df9e2e87e19a709531054736153b1b9177f947e8e812a08f56cc5be164dc700a08fb3598052412679309a3a954395a2ea06fb9650af9011b97d497dff8c1226ec1aa05d9b90a06dc6437be10ec467a10939641ab3a21b7e06303add85a4ff36b0421a43684cc5c67ad1532ca09d77417118783bdb1c0c7374a2e189336ef8ed43f2cfdbb4b1a9bb166d4200630240165907d5439a4fdf6cae2fdff645cadfffe48503fbf78fa08362c3df501ddd4086a5de28720a78cbac740e742df8ad48f46b6f55e3aeb6c97ffe18094f74c96063fecaf880aa2fd0da87ddba99ae6687b15b66476a27d4df12f9f47f455ce37fdb1320979eaf35e58e077720bcb481cfb72f63fee3ded96723328f082c00303f6adef3b19421a0d29028b3404ef17497bdfed54eb5a81e81d61b8c07f4769f988b2efb6688e92f4edd51d1172b2c44840acd0be9684e2abd29106eab844404319a89dae0ef99d27b96b9e3f893dadede90b4fb58f302206a506af6e24e59662689a3eb484804ec06b3c58b4710343ba0aa71bc3734020a67cb39781f6843c22a89cc8eb0c3c7f4d5064303814724b320289aa803a0c87317085ec613440c913a5f59cbc6e74711c6dc3af3e1590e20fb9580d7bb8e2c1bde961fab5e8c0778c59b4658c81c61716446bfb11033fe3f8e317b095173797f012e76c43a77706af39d3d686431e42114647ab35d2d9334624f0aa750596f5a857b85d891ddf6af4a8faba84e01d3f44a7776203754a410ee8daa514dace70bfcd8bb6fdd76e4dd9c9479cff910a4f59a370e1d9e575d58795ebe147f51e70f0fe2444ad10f5271e1186da5b47cb881c70246cdfc8b97cd9f4f947cb35f0930dbceb70e5769e79c87e6104969d7742c396fbd20a4f89c2076c7196744c8aa46028fe46fc5ec53c9ee8aa17d4297e3921c114872f61ee455f916a46cdc4c5468629b59cef4900b8c6439520ec2c742d3f12d3899a3a8e90bd7fa91640f3f240cd831ad9e2091e675626cbdf913869a289f4339013491fb0066098e06248cce1b3c7aa401b173464e55e749505cfbc358dbbf4e46ba7042505ae81231646bb194b487284a137b0ad3cb082d23195ac22af7098a09f69a8b4fa3b5ef018becc8ad74389f8f7fbc2e0484dd4892e1e7dcc7e674a665f97bed7c9ef80ab12a20f57408843b7d62eb3acd338c8f55a31e87dc8d176964f795812229107c6c9993461fa509914efa0cbbd7386e434600e4ffebc0f481f75d58de8f5a86cb5f0f11e5f60254ebb5252b9824ab95b27fe03df7f92354510b8ae220d7d4bb869ad580b290cb2c7fe3f73a2325f072e1855c761ed00f2c8f4252df6eea2d1924bb01c4e7bd245c241ad7fd1f0f858be5d9bc141b3ab0adccf4ae54dd871fe418e53d1590f1f3c8bb58698854258a22984ec9ec8193217f8e3548d6367666f09f4cf1156eea513a75618ac7117cafa4a3e918ab7d7860ef8b1993119bf6794bdfd8a1456690b116a4d8860e1340daea0eb71ded6e2ce423e9afb37dfbac460fe6aa165b56ddf66d38d0dd79d6d109dc606ee30e4209d8734788aaf62f9d1c3e23dfaf12691d4802fffb42fe34dba1c4b8ba7e7d9780972b29c8a39e2d9a64d2cf80f2e7f0ecb47c645f7e42367b13c446b47fa417803d00628a0c7284017369aa31c1d73d07eb779f320add5411e032614b079e02799301fa7c6f9f07b27584efa4e465a6fa9ec62ad6ac4a7bf6c03d629e9285f1211cd17cd913742d85d69ee33aa2666a2dbaa50d82e1022ebc11c1515b7d10b7ad133c4bb1675dde4d3c3e9f748b2e54f43e7b3e82c554629aafc8ff520443f9501799c4191a73c2f9773118a3184ca855aa1e8dabab89970e532744f36f4b6e05e3fa27e96a710e795a68e03343ec089a9798259b2309cc41938f603395e9b4328d44b3e3512fca31b92c0dc4da9492f69100cd5af3a5d9ea9539514d2a713d6016d20cf695ce3de89190d644a7372b0bc936aaa984c1a2a267bd75a168dfbfe7616ae26ddb5bbec5731e7560d565181004688dc575474fb78e02cf5d4059a3ca2f44ec96c79c0f7d326caf0aee5dbdb7732440f4891b663020b8dae099e44177ff20bd883f8ac9c67d9b8c61a0888bf3760896a1f4ab98d92b991ed368aa5f8d821bb0886511e9f377a86c36ec2fa182d9932032eb8a83dec02dc3fbeaa9fe6410bdcd9162243e8fa3d4840116fbf12dbc3bb4ac16398358756d1ad4b73377690377132c007900b6e27c0c7208f04d61de9f429161ce9698abe2b7ba2fd58f2a0a25dd6e715970233222cc515904c4157d02b64eba72ac79d66d152670480d03e61c2a607c9fac4336751202829111fe86bbba92f4a90f18d2a047e43205541f2fa2d66e27707de8a25e579c0ccfbda6449a4bcfd7a23cb8a1d38d587f277ef0934be128cb94d46be5b1d26e6fb966fbcd1f302f850c77b141fb171d7875ee44d2acfce492a6a5db12e049ddd88ac105f453703bca65f5ed8ab44ffc15c808b8f3e882a32478ad1c32c5cad0aa95b23af5214dbb65c933da35d8e373c4eea94484c41f8fd1e34cf963afc2a85191a49d2a4b9469dbde2b0ebd16631687182d0dff3904c81033bf59f76897cd3b2161220e00fa043e2f35128843d78992c0ad60ae1a50b9ef400bd2d", 0x3)
read$auto(r7, 0x0, 0x20)
writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3)
bpf$auto(0x0, &(0x7f0000000280)=@link_detach={r7}, 0x4c5)
ioctl$auto_TIOCSTI2(r1, 0x5412, &(0x7f0000000700)="12")

3.099699227s ago: executing program 2 (id=821):
mmap$auto(0x0, 0x7, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0)
ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000380)="7a47301037954c081c9a0bb84bb7b04ef84993eab91abe1686f43e43d786e964e8f04455bd620de9f3fb6d65e6c078c1a672c549dbc7876cb528ba081a81d884bfc00dd4eef57cedc0cc4156ff6a5b0aa8ba9511fe2b07c6e7f4732fe36ba218aa5b0ff402f2e6adb8ea60886c1e52c60d7d87e4c0551386501763ad098eb2b9602f83b2a643399f10dfdb0f4018b401be4db675d0acf8d348c26acf338cbe20fcb76439ca602a3c022f4463a8820f1c6f865d24e058af98f0c48bf552c3f6cc28c09d9054347db3c28701c67fa1e57d81b881638b518dd8e24969b7fd10406fcf6eb9bb66bf56ed7568510c72b380fa6efbca845bde90f7672708000000000000003513")
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
lseek$auto(0x3, 0x7fffffffffffffff, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
socket(0x10, 0x2, 0x0)
setsockopt$auto(0xffffffffffffffff, 0x6, 0xc, 0x0, 0x4)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x123002, 0x0)
write$auto(r1, &(0x7f0000000080)='/dev/audio\x00', 0x80000000)
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x147)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
write$auto_proc_sys_file_operations_proc_sysctl(r0, &(0x7f0000000500)="171a0e83fb025543a8913123c7839ff59c13c7f1d99c84cadf1fae4b0c2557019a5830946732d3e6080e614ca5020ecec66ca8608ce0a297cbc31c5d2d0c87b7d92e116423a9bccbf91578b6a43a581022bacf32afd61ad275cc3800a918531d8246f79f890df0aca9820e09b80e3ba34337d2be15f29e74ce1a2cdacac7dd5c10f8d0bac5740db9326b095875707b08", 0x90)

2.036611118s ago: executing program 3 (id=822):
mmap$auto(0x0, 0x7, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0)
ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000380)="7a47301037954c081c9a0bb84bb7b04ef84993eab91abe1686f43e43d786e964e8f04455bd620de9f3fb6d65e6c078c1a672c549dbc7876cb528ba081a81d884bfc00dd4eef57cedc0cc4156ff6a5b0aa8ba9511fe2b07c6e7f4732fe36ba218aa5b0ff402f2e6adb8ea60886c1e52c60d7d87e4c0551386501763ad098eb2b9602f83b2a643399f10dfdb0f4018b401be4db675d0acf8d348c26acf338cbe20fcb76439ca602a3c022f4463a8820f1c6f865d24e058af98f0c48bf552c3f6cc28c09d9054347db3c28701c67fa1e57d81b881638b518dd8e24969b7fd10406fcf6eb9bb66bf56ed7568510c72b380fa6efbca845bde90f7672708000000000000003513")
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
lseek$auto(0x3, 0x7fffffffffffffff, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
socket(0x10, 0x2, 0x0)
setsockopt$auto(0xffffffffffffffff, 0x6, 0xc, 0x0, 0x4)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x123002, 0x0)
write$auto(r1, &(0x7f0000000080)='/dev/audio\x00', 0x80000000)
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x147)
ioctl$auto_SNDCTL_DSP_GETODELAY(r1, 0x80045017, &(0x7f0000000180))
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)

2.03499533s ago: executing program 1 (id=830):
socket(0x2, 0x3, 0xa)
setresgid$auto(0xffffffffffffffff, 0xee00, 0x0)
futex_waitv$auto(&(0x7f0000000200)={0x6, 0x7, 0x6}, 0x3, 0x100, &(0x7f0000000280)={0x1, 0x7c1}, 0xffffffff)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
r0 = getsockopt$auto(0xffffffffffffffff, 0x114, 0x2711, 0xfffffffffffffffc, 0x0)
mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000200)
r1 = io_uring_setup$auto(0x6, 0x0)
r2 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000040), 0xffffffffffffffff)
msgctl$auto_IPC_INFO(0xd, 0x3, &(0x7f00000006c0)={{0x9, 0x0, 0x0, 0x7, 0xcb, 0x0, 0x6}, &(0x7f0000000640)=0x9, &(0x7f0000000680)=0x3, 0x9, 0x4, 0x8, 0x8, 0x4, 0xfd33, 0x4, 0x35})
acct$auto(&(0x7f00000000c0)='/dev/nbd0\x00')
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00'})
sendmsg$auto_NETDEV_CMD_DEV_GET(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100a5bd7000fedbdf250100000008000100", @ANYRES32=r3, @ANYBLOB="86fd01e1", @ANYRES32=r3, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x406c004}, 0x48014)
setsockopt$auto(0x3, 0x1, 0x1d, 0x0, 0x8)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000600)='/sys/kernel/mm/lru_gen/enabled\x00', 0x2062, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1eb842, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab83, 0x0)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/input/event0\x00', 0x224d42, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000001180), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r4 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x181881, 0x0)
ioctl$auto_SG_SET_TIMEOUT2(r4, 0x2201, &(0x7f0000000040)="bd10a58de2")
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$auto_SEG6_CMD_SET_TUNSRC(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="7ce031c40855ce4310f10b205b5463ee61a0b99357f9303583e324a50b770d70d72125d404a0372c9d5076e23374a569af81302438653995a0dfbb95d3bb58fa71cd6fa2480907b9e83fd513294592e46ec05a61fb1d8164b8d24eb96111b8a5cdaae9da0c7d05266e1b98edb5c45be7ec0c0c66c08ec904682f529efdd29d5a68ef38bbe8d9456251af6ec6810ea17e65b28cdc0d1ee0fe81b9a4c7cfa90f2231e18bf3d5c704ea02d15fdec573f9b631242fe6f8ec50879c2f466843ba31a7075ef757523f93905694834e7b27426aa876659daab7e1", @ANYRES16=r6, @ANYBLOB="010025bd7000ffdbdf25030000001400010000000000000000000000000000000001"], 0x28}}, 0x20000040)
r7 = syz_genetlink_get_family_id$auto_nlbl_unlbl(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$auto_NLBL_UNLABEL_C_STATICADDDEF(r5, &(0x7f0000002280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000002240)={&(0x7f00000022c0)=ANY=[@ANYBLOB="dc0b0000", @ANYRES16=r7, @ANYBLOB="02002abd7000ffdbdf2506000000b60b070065073f6411ce0ef02fd75ff0a93dd66a719e5af36bd071bdfc058effb7b736bdf42663284e984efed162cdeabf9d0dd77e6838d49cf28b1b8d9a74e3dcf7f16ee74fb941aeec5ad6761bb655515a5073d281014648ddda19d23d6da6d59237214583c35c253e04887199657fa3ab80a3cb4b6ca517b650ebea55c47c4dec3e43b25d4052fa5281f0041813e6e1217eb4407eb80f41032934afb8c55d51988422f62b6463b6f125bd1ca01d38c523dec1bbdda312335651aed825ad49a41e61be7bfd39164aa3315c7b350a9ac2cf3306d2cb9f5a1fc1bca17f35d2d9d8173171208a198e7f1a67dfcc33f114f8fbe60df26f81abe7e81878bf9b49e52f9a0678b7091fc16f26b122a3b4bc74b02c27078e2fee51f8bd58b80f111b818e0919e8d939995c178f169d8d36b5578ecbd563cc4177a137375256810ba02f3d633100a0db1808f857b5d9de24e49fa4bf013908774c720fe57d35dd1216b7d4c77e3b0701eac0ee08f446356118b8d6ba07f359f9da53ff514abdb090eaf74376182430b6e63fa422f65b77eae0d90502b17f11d7021ca5261bf78b645387343be7ca0bd511ee544a76749518b53dbd84800567509db7268793deefd396381ac697c53c82875e9de90f5b0def1ce5c5ee1efbf70cdafc3ad40b5c64e04f79d8c8a606c36fdec2fbb8469c1d44cae6f3a01066f1194a1ac2f5a8a58174b3fc36615e75b94cf88171da45937dd67d512266eaacee668be4d4c750b7f2425b64800baed49eccbd3c1269c8cb9f8dc1903cd0a0ffc946b320311a0bd9b17a4dedf377de6f446a7869b07858bb1c9d3e1d79e8a23cfd0c47fbf536e073a048fb6e0261f7664047dc5e401ed5ac0d3c02bff4ab31f0d961f555915fc5f14bc360d06f0c78fb19bd2228eb4d501b207e7baa94504e978d698b8331303e84f6eccdbcd0f77198cfcb18b108fffc911342baa5e284aeba4c0c1b5acc2f6449b103bf8bd0f5a6c5882aadc2f62b0f0578545339e39b696210a9279f14eed5fab0d26b69d20331d158375fd44fbbc40f7577c6309a577de6857c7e20c525edf655e2a21b7e78c30791557c000ce7b3c5459eac7920152319535d5f2bd8c2891db92a1f216f842466a9287cd5870523ccedfddd1e34b31281a03e26ddfdcf0b4701716799a86e42c08ae3d5333a99f9d70da28e46e8d985d0dec6166052c8f1185765836db77f605a461dceb721a65884285cbdab9a296885952f99d41c99d6e5be29be90c90e940a2a73be0ce5a8fd5327001aef9c4570443c915e59603ea4d226c0adb90dc651ef73a57183dae7091ca8db8c727bd23079101c3d27978534daa429f98e6c60c0b6bb37cd0962c07599aacabb9546d7e900bf627ead1440e8c095634c97affcc09a19f7e8cbc10a4a4ce491ab716c838343a85b5304fb6ab34f73c8fffb6b812188bb976bd26a3c99820f0a2060a0ff7d2a572f0da387a0c6a299dcd7c73fb7da609cdbbbfc14e81e970cd510e4108e7f1b738425b6aa936288ac3c76b5e7dabad5f07e012195446b288ccb575a39b9d433d9d4fd9729e33f7a4cc19fc5a7464e3f1dd648873a975c6eeed4b6a6d3a12b4fc0d201a27f715e4bc784c13db649fe0752536bab3de46476727fb9fb61690d5d51dd94ef26f181afcd75ee0e677ab4b4afb5fb0ed2b8fac16f64dd26a1b0034ffbbaa166b9ba5ba965a3498ed3733870c1ec7b7e466c324117a6e9ee399e519a17b08d5e6928b1c15c0b9a2aa2bed203bde18a6afb655b083e100de0e8fe934d03a57a1afc008e4139b14d7c68dd1c530fc10d5b03f8fcc7922e6de27f1a3c6e95d6f13702cf854a85ce96f15547c4055405f203ce96a53ef7ec15bb63a91aeb0ac37acfebeae2cf69783ee3e8425fd853d25974726ea2d700726c100c64c040526e9ec747823ac00b2ee7d5d2fdc0668856d40a7fdca98419f93abfdacb60a29c7c01214ac4b415990df6262af808d5773ca889a8a23d4b49a4a3f5f1c8cb9e457831687a482b65e7d9196269a32a98402611cf891fc98f515cbbd6e7ec4a927bc5154dd7c3d05126f3d295a6020a4a6cc972c20d123f8305224fe4b83bf9cea05ac097171d52f06ad537b3fccda87b0ed6bc7207667bd9c277fa366f12020e941c3aeba89f3782c8ecca1ba739ed06f375295401051c371cc523c94e98562d6f4ce8a4e138d2a0f08bbcda4240d0f7a563df54f7786830144063dcc83f478468d2b20743b6563aa14384c5b7234334e2f28f3cda3536c66014e9aa676c860834a6d754df25be16a0006ed8922eed7bd8bd410904e00449cb2c8e88d45027189595f95baa467e4260f1c17a76b52bfd7d58791609685bc1eaa9f207b4aa137b5a9df2521c0a2bea87bf598acfab9ebc1d479ac6ace571b8313e34531b3dd7046c3ebe3ab2c89a1550f122631d362b6868c44d50e43431be26dd99a536d251ca1c6e6cf1346c5e0608c65f052eb6424b220b06fe7b7c93c47024d0991d0a2bfa59a2c5e3648815494eb08561b123c7b2c4902b0da3a261a7e7a6136bcbab89e8c194dce30f5cae82db6554f63c87091719eaca2f111479e947d979f67894dae8a832c2487da93ac43caf6b069b9a420565f23dad6c9fbf954baf246cc34b7147d95d0d8b3c69767077ae91518883bf95c94102db4cdced50440de2edf3cf9c8351c9f444d88a2a8a17611de4cf99557c1d8899c8f24f85762f76ac242391a135c0f7286400eb37c439298cdb491483674db31164c0bfe12b5df4d066ef8fecf02abc0ee149e7a67ce618140750dba3605b40493e165b4db40f8bb0fc2e7ed8c8e46ae598149949cacc1d03c49d3ea7c906c4f7149472b7a7aaabbb51cef95588c453748047a7e17a9e8986393d47a26b216a714f032d1767a60a876c4efcb64378d9dd03d074f4879bb93bb96ed6f5f5b23457e9f54ee0b4a42a4a0c323655aa72da81e24c6304e4be7f8d76c4210fe8be65a5c9aff983fd3c37e6da189da9d721a0dee54da422878215cbcba6b05265bc02b10f9159a093359b78dfeadeb12ee1b2e5e4131f7cdddc01e8252ec3c642e7311eecbd41ba3fca7b3ee523171ebe4fcf8fdd7f498a26b9b33b634867c583285033039a37b298d922d4f347cf1cb70d2508f18a7ed5812bcbcd6395dd0ac4ae6cc612c24e3071a874a0e95777f339f6549cf384959eada5d00527b25a7b55215e80ef006f5a3374be24b86fb1ba0167f916141ebf5c3f6704368bfd6cb572cf5f192166b85f12b8d2dda277144c0ea9e0a424179d426858c86da5a27a641e07c629c23702331a65355f728cc0a012631f258c555354e97b043078c3758177b578d9fd5edf2775098f18aa80ef1c698b84490952c442d2adc19998fee0506d674dad8288ae4c0a2e958196772f9814f998e6c06c3fdb7cf98a92b566f4f6cb19ace1f7f88d08c4b756f760b909ab6f75a9799b96f706f6ef3682d980661d83b18c7cfc7d3edfd5d6dd1ffeafbaae9fe036dc706c11a72a466a745c770765e6f9100055cd77cf1a8f0eb9c03232615c8ea3b19f9cedd848d3c5597082adf311c1901d8f43090bcd2451f528b8538f3c4c49c380db3834945d019a6dccf21808b5795dd7d400ebba33386b261ae95de02fde4163080d34462bcdd92d7d1b75a74ff21ebb7f645152f308c59c247a424988ed5e3d5b80ccff3769f9fdb1338aa7d75b33b9fe0dfbff953655fe7218fd45ca2af920a44059c5ff8fc955f1235a3ed3fcd34c376a2be9dc352ee794b423c84745507df67c36e7c4694fef6d6c244b485082db0f4df480a64396c5ebbc9e69a59b8f2d5afd72c74344ccbb82c9f16ad51b72289419f4422dd6119b772a3d3f238f71caa1a0c661eba1a9c6ae011f6aa292456dc90da4ddc5bf4ab1402a954798dff513744a55ab1b7733e783f974488dac906ee0572da3c311ab7d88a06b43e0516d9cd8ce30c5815fb53d8f7ed7b88d804c5db88dd00db731f4e23de9aa262dbd6ae856a9821785009b000425ae0b4df5f003b1387eddbaccb630a571556bfcece6a2511e12f722f93077f6a0d064a708dd5eacb6b441be5b2168af6b35f1a1ed7052795b4c6203cbc2526b288bcda4e44b60d904531297dc31416a3e31041e7821eae97ad284b24adbd161f8d32b8e7007877f29969b1c24dbdbaf0e7f886a6dddd82f63366f84d6bc593a6c3354e17f98ee0c82727b575cee4caa9e327dee1e0000050001008000000008000500000000008501fe9a9023fd587f9e76a391a689a08958b362712acb96544a8a4b71c746cd810e6be0b8202e87173986cedfc814959d16f250ea8cb97898e79b470f51b8d431e26ed49265eb21a27fcf8d802720ee99f848027729b317"], 0xbdc}, 0x1, 0x0, 0x0, 0x8000010}, 0x40)

1.829824697s ago: executing program 0 (id=823):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
statmount$auto(0x0, 0x0, 0x1fe, 0x200c)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'ip6gre0\x00'})
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0)
unshare$auto(0x40000080)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/nbd6/queue/iosched/prio_aging_expire\x00', 0x88282, 0x0)
sendfile$auto(r2, r2, 0x0, 0x1)
r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x2, 0x0)
write$auto_tomoyo_operations_securityfs_if(r3, &(0x7f0000000500)="0a1b9a3c3e3e006e163b99d4d7c3e76dc04c0bcdcd1cb044b3162cb440886d8ebcc2574c58e9867ecec3371cadb848770dc8f745d1c76eedba12b9f694da9dbcf3401910bb713aca465c9bbc23b5d40a", 0x50)
r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
timerfd_settime$auto(0xffffffffffffffff, 0x0, &(0x7f0000000000)={{0xe, 0x3ff}, {0x10, 0xd}}, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r5, 0x6, 0xd, 0x0, 0x0)
ioctl$auto_SG_EMULATED_HOST2(0xffffffffffffffff, 0x2203, 0x0)
read$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffffff, &(0x7f0000000380)=""/223, 0xdf)
r6 = socket(0xa, 0x5, 0x84)
sendto$auto(r6, 0x0, 0x401, 0x101, &(0x7f0000000000)=@generic={0xa, "000000000000fe8000"}, 0x1f)
r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0)
r8 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/controlC1\x00', 0x44a0c0, 0x0)
io_uring_register$auto_IORING_UNREGISTER_PBUF_RING(r8, 0x17, &(0x7f0000000740)="28923f61c88ec5077b990638a5b4e297920b8e87922dde9ce7be4ed67b4996fc51f57e17ebe8adbf5f61b75e71e50db0bb546d7a7d3768fe6454b388521a40b81f3128298263389bfcd03357fd6b9eab3eb68686dab37cf3f2fd39e3d10f75d8aacd7f0b2b1a63973202b4508710d0311b0b44e621c30df8a770e1980efdc6788f02aff179bd6af4dac38c61185d2776754cc7b286b8eed4b7511db9ebd17554f0dc895c8a17348d3b07cbaec996e59ce204d815c55c7045d7f2dd022ecde320b325be2d100ce8f72d6f6005384bc66df8de765b1a5bebeb7791c29d88d7b4d71186844fb29846cec8e0812429e7d52e38f9c8e93a20a9aef2e09d83853cdf7d9ee0bfe4e855e75742cdb5358971f598f0749662b1fae79c302341f367f66308a12bc40fb6304a462872cf90c6a00bcdc738f4c2d03e4a87d61086bc2b4cb59f71c6d7c13bdaa97f1c833ed6eac56b6e41290d864bff90597c28a1f69cb1fc9f406df5edf9a119cdfe55e084ede0bd1a578c2d26d2581aa085d3a25f8c9d43751c489c252452f0708f71d2b6fc27c153ad6584c057427d6243b6b4be53345f986f35348f48e2eab493fd3c15c0c5a40d23fa1e36c19e1c7de2c6b506e5c3be7014411158d32d9b817bfc68bf8588ecf6b0f36cd30b2373bb22bf6bdb51d7e977f6227c98a2dcb6e571db3b7c005d0a575fe04f67e4c068a30878f5cda3adcdbabee2cb8dfe782c11c713f4ac6d2bc83537811e1dcef241bb6faabc19aa42f3acb88ffbb7cc69ee14a91a3423d6a0504633d2c40f4519b3c212ef28d93605a2f2d7c98287a1c4258c45b745bcbcc284346a20e8490526b3a5f25334c2d845bc9400808bd61410070bf2836046aa7e488eaacff4871bd83d018c4d2b5bce84dd0e10d5a3190e7f1779013c3113449a4dffca89c2195d8d5055c443fa24d13de0e084d68f06238fde7a33760db12af2e09d4ef5bc0f42c4d6dcb1cce00d25359e4edaa2054a5025364f7f97173c17b6f5d97b5927321ce02643f15d9477bd4b017bf860e4e59075174d7eaf208339784d5fc3bdd5025190b16d368e95264e76b2fb34e93cd97f184da4abd326bf64884ab0be97f891e96fbe0403a415227a504c7b5bf5af2f29b6ea6e2bd0b0f56470b0eb8b2fea1513b85565a56bb8bcfb8a7762ccb82276a88ce87ba3931351c10c34daeca0b2bca74a72176ce23acaf99c4023152a05d09fec7df572a889be34ceddad0897e33cd1fcad382f3476c73d0e87eaba6edeabb8661e66745bddf2fbd951a546049774575907ed8988f95c60fa3abec6a24afdf3070c6dd90319e4ea3dab210a925cda06b4e85aa2d56daa632791210b43e3b6b05c91d5329251ceeee250f5da07c8d8a26bc6bc2222f6a3da5b2c1121187f4c840c51b5b4c414919f7e9eafe17c213c280ed85b03336d74b89810bc95f84d1de53b44446b73a455ecf283d5f6521ffe789c96306a60da0c8322f85ff1d0efccbe85f039006c649aab6646fd6ec7c9ba539d720c2e96ab02cc4de8a70e07c78df2c99ec641e1e7b81a06e2d7421c1f06371030f0f39861b6ff8fc6f2bdb72db134d45b3a2b608fa7f5c2d177a43447d4c3e0a8eda02fc13301287b963c034fafa6bf10565263584c678d54bbbc7e7e23c56b2930569c3513f79ecc296ec88b38387de54da4cf45b61fe42fa4dfaeec4f24a6acffc00dc6f12aa6d1aca2956871eb0ebfdbde021b1729abb53cf000cbfe8eee5e1d225ded1f52cbf060ca7e21d758b9e4c7f853363b3e275af79be431dcd9d56115f8aee8e5cf7f5f2385708345cc06890bd211e5976698365fb151078fe2bc17f6114c80c98a8a405d77fb9d7023afeb16c7819df1c378fb74b819020cade4c8e29795e321e6ace23f5d53ad5a2f6beaf1bb4e1ae47b19adac64e40a191ea337d555d607362ecc0116c17ef59f1e84b4dbc41a57c53f493f8589b5481620f2d85fde408309f8423e2d6d5463718aae4fd3bd502425a4b21406c627196268fb25b6c20a2053d7dfef2073def526b0ade6ccc46aeef71f2c78b8c921853383ab95522fdf993e525f0845cee57e8b3ba29c1fa74accfac00853da4385d1396d9846ef0f54ca5925b09670aaceab8465ac55d279ff50e9f9a470376461f2793060a66e50f2b0963578e62099e5e225e4e5423a191193d2227ba169b5e14b8af9b5612ce03fbb48bef7b941a29507b7ec73924a88631a6eabda7f1a6540d43fdcea6b0d38be25774cef8a1d8c37658718fe9a7da6ac2682a0855bc3bc7e90d56808c6ee2429c2d27d8cd643a4b202f05462e8a248f92bf428b1a2f869e17d6e3bb4b41e3c9e26dae837a831557982079c112cd8cb42db2e6f3f3fadf5360eb60efdbb7d696953f0738c59230d8eb40c2b06c26697aac33a5ab9b7313c93e52c37e09eda652521ed87e61e3670f7d3b907dfe5c0b2be878f0124d7ad7916b9426ce48f3c4e697dcd223b9e8fde933578f87eef995267a132e7796c52ef29f270ef8eddab6faf134887c5cddf00f09a2bf616ad4b3d95a8cf7b651cc6ce853407cc90e50348df03bd79f42843fe1d533798b9903f2efc56e4f47433a9416e9396a64a91b4a876836d3a9c3a4a9886172df9c0b264616ef9639fa6e62502be143e5c7a14932b8e91f602ffa8e03440c35cdcf21398ff0ac1296ab3eb8894ab42e4ad6c59faeec8c3b57e680f1af40652a11d27cb7ca0d98fea53e4ac614b58852fec64f3c46eaf64c1db517e9c00a2903e21f9ee77cc834ece0a2138be0718a7d2af63dc183c9fe0f1075cd079b0323304b1ebbc63f4bceb6037c76ba8ecb90df4ace03ec30135c87fd13f514401dd8744f0bcb74d8d728f217f374165b7f8f59d731e34b1a472bb7912d79ae031e450a21ed65ba1155da73274007e970185241ed68b68dc2ad7d3fb2f83abebac4d1170a968af8d4d14dac3c5ccce6cc8d057c1cfdfa8a094f9567c958ae5de78edf2f842fb1d0bb4f8607c12abd49fac8bff488da02f025611052fdb85c7800ae4e3f8249fb52ea4bf61b471a3695ec27fcbbc113d1ef4d8bb537f2124f58e1d9c632e583fb6e15d09376e90fe83745ac8462e8b8834033ac551dbd9dd013898b0df9e2e87e19a709531054736153b1b9177f947e8e812a08f56cc5be164dc700a08fb3598052412679309a3a954395a2ea06fb9650af9011b97d497dff8c1226ec1aa05d9b90a06dc6437be10ec467a10939641ab3a21b7e06303add85a4ff36b0421a43684cc5c67ad1532ca09d77417118783bdb1c0c7374a2e189336ef8ed43f2cfdbb4b1a9bb166d4200630240165907d5439a4fdf6cae2fdff645cadfffe48503fbf78fa08362c3df501ddd4086a5de28720a78cbac740e742df8ad48f46b6f55e3aeb6c97ffe18094f74c96063fecaf880aa2fd0da87ddba99ae6687b15b66476a27d4df12f9f47f455ce37fdb1320979eaf35e58e077720bcb481cfb72f63fee3ded96723328f082c00303f6adef3b19421a0d29028b3404ef17497bdfed54eb5a81e81d61b8c07f4769f988b2efb6688e92f4edd51d1172b2c44840acd0be9684e2abd29106eab844404319a89dae0ef99d27b96b9e3f893dadede90b4fb58f302206a506af6e24e59662689a3eb484804ec06b3c58b4710343ba0aa71bc3734020a67cb39781f6843c22a89cc8eb0c3c7f4d5064303814724b320289aa803a0c87317085ec613440c913a5f59cbc6e74711c6dc3af3e1590e20fb9580d7bb8e2c1bde961fab5e8c0778c59b4658c81c61716446bfb11033fe3f8e317b095173797f012e76c43a77706af39d3d686431e42114647ab35d2d9334624f0aa750596f5a857b85d891ddf6af4a8faba84e01d3f44a7776203754a410ee8daa514dace70bfcd8bb6fdd76e4dd9c9479cff910a4f59a370e1d9e575d58795ebe147f51e70f0fe2444ad10f5271e1186da5b47cb881c70246cdfc8b97cd9f4f947cb35f0930dbceb70e5769e79c87e6104969d7742c396fbd20a4f89c2076c7196744c8aa46028fe46fc5ec53c9ee8aa17d4297e3921c114872f61ee455f916a46cdc4c5468629b59cef4900b8c6439520ec2c742d3f12d3899a3a8e90bd7fa91640f3f240cd831ad9e2091e675626cbdf913869a289f4339013491fb0066098e06248cce1b3c7aa401b173464e55e749505cfbc358dbbf4e46ba7042505ae81231646bb194b487284a137b0ad3cb082d23195ac22af7098a09f69a8b4fa3b5ef018becc8ad74389f8f7fbc2e0484dd4892e1e7dcc7e674a665f97bed7c9ef80ab12a20f57408843b7d62eb3acd338c8f55a31e87dc8d176964f795812229107c6c9993461fa509914efa0cbbd7386e434600e4ffebc0f481f75d58de8f5a86cb5f0f11e5f60254ebb5252b9824ab95b27fe03df7f92354510b8ae220d7d4bb869ad580b290cb2c7fe3f73a2325f072e1855c761ed00f2c8f4252df6eea2d1924bb01c4e7bd245c241ad7fd1f0f858be5d9bc141b3ab0adccf4ae54dd871fe418e53d1590f1f3c8bb58698854258a22984ec9ec8193217f8e3548d6367666f09f4cf1156eea513a75618ac7117cafa4a3e918ab7d7860ef8b1993119bf6794bdfd8a1456690b116a4d8860e1340daea0eb71ded6e2ce423e9afb37dfbac460fe6aa165b56ddf66d38d0dd79d6d109dc606ee30e4209d8734788aaf62f9d1c3e23dfaf12691d4802fffb42fe34dba1c4b8ba7e7d9780972b29c8a39e2d9a64d2cf80f2e7f0ecb47c645f7e42367b13c446b47fa417803d00628a0c7284017369aa31c1d73d07eb779f320add5411e032614b079e02799301fa7c6f9f07b27584efa4e465a6fa9ec62ad6ac4a7bf6c03d629e9285f1211cd17cd913742d85d69ee33aa2666a2dbaa50d82e1022ebc11c1515b7d10b7ad133c4bb1675dde4d3c3e9f748b2e54f43e7b3e82c554629aafc8ff520443f9501799c4191a73c2f9773118a3184ca855aa1e8dabab89970e532744f36f4b6e05e3fa27e96a710e795a68e03343ec089a9798259b2309cc41938f603395e9b4328d44b3e3512fca31b92c0dc4da9492f69100cd5af3a5d9ea9539514d2a713d6016d20cf695ce3de89190d644a7372b0bc936aaa984c1a2a267bd75a168dfbfe7616ae26ddb5bbec5731e7560d565181004688dc575474fb78e02cf5d4059a3ca2f44ec96c79c0f7d326caf0aee5dbdb7732440f4891b663020b8dae099e44177ff20bd883f8ac9c67d9b8c61a0888bf3760896a1f4ab98d92b991ed368aa5f8d821bb0886511e9f377a86c36ec2fa182d9932032eb8a83dec02dc3fbeaa9fe6410bdcd9162243e8fa3d4840116fbf12dbc3bb4ac16398358756d1ad4b73377690377132c007900b6e27c0c7208f04d61de9f429161ce9698abe2b7ba2fd58f2a0a25dd6e715970233222cc515904c4157d02b64eba72ac79d66d152670480d03e61c2a607c9fac4336751202829111fe86bbba92f4a90f18d2a047e43205541f2fa2d66e27707de8a25e579c0ccfbda6449a4bcfd7a23cb8a1d38d587f277ef0934be128cb94d46be5b1d26e6fb966fbcd1f302f850c77b141fb171d7875ee44d2acfce492a6a5db12e049ddd88ac105f453703bca65f5ed8ab44ffc15c808b8f3e882a32478ad1c32c5cad0aa95b23af5214dbb65c933da35d8e373c4eea94484c41f8fd1e34cf963afc2a85191a49d2a4b9469dbde2b0ebd16631687182d0dff3904c81033bf59f76897cd3b2161220e00fa043e2f35128843d78992c0ad60ae1a50b9ef400bd2d", 0x3)
read$auto(r7, 0x0, 0x20)
writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3)
bpf$auto(0x0, &(0x7f0000000280)=@link_detach={r7}, 0x4c5)
ioctl$auto_TIOCSTI2(r1, 0x5412, &(0x7f0000000700)="12")

1.559915423s ago: executing program 2 (id=824):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0xa, 0x3e, 0xfffffffffffffffa, 0x1ffde, 0x7, 0x6, 0x5, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x3, 0x10000, 0x80, 0x7, 0x0, 0x8000007, 0x2000, 0x200, 0x0, 0x40084, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0xb8a0]}, 0x1fe, 0x200c)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'ip6gre0\x00'})
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0)
unshare$auto(0x40000080)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/nbd6/queue/iosched/prio_aging_expire\x00', 0x88282, 0x0)
sendfile$auto(r2, r2, 0x0, 0x1)
r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x2, 0x0)
write$auto_tomoyo_operations_securityfs_if(r3, &(0x7f0000000500)="0a1b9a3c3e3e006e163b99d4d7c3e76dc04c0bcdcd1cb044b3162cb440886d8ebcc2574c58e9867ecec3371cadb848770dc8f745d1c76eedba12b9f694da9dbcf3401910bb713aca465c9bbc23b5d40a", 0x50)
r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
timerfd_settime$auto(0xffffffffffffffff, 0x0, &(0x7f0000000000)={{0xe, 0x3ff}, {0x10, 0xd}}, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r5, 0x6, 0xd, 0x0, 0x0)
ioctl$auto_SG_EMULATED_HOST2(0xffffffffffffffff, 0x2203, 0x0)
read$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffffff, &(0x7f0000000380)=""/223, 0xdf)
r6 = socket(0xa, 0x5, 0x84)
sendto$auto(r6, 0x0, 0x401, 0x101, &(0x7f0000000000)=@generic={0xa, "000000000000fe8000"}, 0x1f)
r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0)
r8 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/controlC1\x00', 0x44a0c0, 0x0)
io_uring_register$auto_IORING_UNREGISTER_PBUF_RING(r8, 0x17, &(0x7f0000000740)="28923f61c88ec5077b990638a5b4e297920b8e87922dde9ce7be4ed67b4996fc51f57e17ebe8adbf5f61b75e71e50db0bb546d7a7d3768fe6454b388521a40b81f3128298263389bfcd03357fd6b9eab3eb68686dab37cf3f2fd39e3d10f75d8aacd7f0b2b1a63973202b4508710d0311b0b44e621c30df8a770e1980efdc6788f02aff179bd6af4dac38c61185d2776754cc7b286b8eed4b7511db9ebd17554f0dc895c8a17348d3b07cbaec996e59ce204d815c55c7045d7f2dd022ecde320b325be2d100ce8f72d6f6005384bc66df8de765b1a5bebeb7791c29d88d7b4d71186844fb29846cec8e0812429e7d52e38f9c8e93a20a9aef2e09d83853cdf7d9ee0bfe4e855e75742cdb5358971f598f0749662b1fae79c302341f367f66308a12bc40fb6304a462872cf90c6a00bcdc738f4c2d03e4a87d61086bc2b4cb59f71c6d7c13bdaa97f1c833ed6eac56b6e41290d864bff90597c28a1f69cb1fc9f406df5edf9a119cdfe55e084ede0bd1a578c2d26d2581aa085d3a25f8c9d43751c489c252452f0708f71d2b6fc27c153ad6584c057427d6243b6b4be53345f986f35348f48e2eab493fd3c15c0c5a40d23fa1e36c19e1c7de2c6b506e5c3be7014411158d32d9b817bfc68bf8588ecf6b0f36cd30b2373bb22bf6bdb51d7e977f6227c98a2dcb6e571db3b7c005d0a575fe04f67e4c068a30878f5cda3adcdbabee2cb8dfe782c11c713f4ac6d2bc83537811e1dcef241bb6faabc19aa42f3acb88ffbb7cc69ee14a91a3423d6a0504633d2c40f4519b3c212ef28d93605a2f2d7c98287a1c4258c45b745bcbcc284346a20e8490526b3a5f25334c2d845bc9400808bd61410070bf2836046aa7e488eaacff4871bd83d018c4d2b5bce84dd0e10d5a3190e7f1779013c3113449a4dffca89c2195d8d5055c443fa24d13de0e084d68f06238fde7a33760db12af2e09d4ef5bc0f42c4d6dcb1cce00d25359e4edaa2054a5025364f7f97173c17b6f5d97b5927321ce02643f15d9477bd4b017bf860e4e59075174d7eaf208339784d5fc3bdd5025190b16d368e95264e76b2fb34e93cd97f184da4abd326bf64884ab0be97f891e96fbe0403a415227a504c7b5bf5af2f29b6ea6e2bd0b0f56470b0eb8b2fea1513b85565a56bb8bcfb8a7762ccb82276a88ce87ba3931351c10c34daeca0b2bca74a72176ce23acaf99c4023152a05d09fec7df572a889be34ceddad0897e33cd1fcad382f3476c73d0e87eaba6edeabb8661e66745bddf2fbd951a546049774575907ed8988f95c60fa3abec6a24afdf3070c6dd90319e4ea3dab210a925cda06b4e85aa2d56daa632791210b43e3b6b05c91d5329251ceeee250f5da07c8d8a26bc6bc2222f6a3da5b2c1121187f4c840c51b5b4c414919f7e9eafe17c213c280ed85b03336d74b89810bc95f84d1de53b44446b73a455ecf283d5f6521ffe789c96306a60da0c8322f85ff1d0efccbe85f039006c649aab6646fd6ec7c9ba539d720c2e96ab02cc4de8a70e07c78df2c99ec641e1e7b81a06e2d7421c1f06371030f0f39861b6ff8fc6f2bdb72db134d45b3a2b608fa7f5c2d177a43447d4c3e0a8eda02fc13301287b963c034fafa6bf10565263584c678d54bbbc7e7e23c56b2930569c3513f79ecc296ec88b38387de54da4cf45b61fe42fa4dfaeec4f24a6acffc00dc6f12aa6d1aca2956871eb0ebfdbde021b1729abb53cf000cbfe8eee5e1d225ded1f52cbf060ca7e21d758b9e4c7f853363b3e275af79be431dcd9d56115f8aee8e5cf7f5f2385708345cc06890bd211e5976698365fb151078fe2bc17f6114c80c98a8a405d77fb9d7023afeb16c7819df1c378fb74b819020cade4c8e29795e321e6ace23f5d53ad5a2f6beaf1bb4e1ae47b19adac64e40a191ea337d555d607362ecc0116c17ef59f1e84b4dbc41a57c53f493f8589b5481620f2d85fde408309f8423e2d6d5463718aae4fd3bd502425a4b21406c627196268fb25b6c20a2053d7dfef2073def526b0ade6ccc46aeef71f2c78b8c921853383ab95522fdf993e525f0845cee57e8b3ba29c1fa74accfac00853da4385d1396d9846ef0f54ca5925b09670aaceab8465ac55d279ff50e9f9a470376461f2793060a66e50f2b0963578e62099e5e225e4e5423a191193d2227ba169b5e14b8af9b5612ce03fbb48bef7b941a29507b7ec73924a88631a6eabda7f1a6540d43fdcea6b0d38be25774cef8a1d8c37658718fe9a7da6ac2682a0855bc3bc7e90d56808c6ee2429c2d27d8cd643a4b202f05462e8a248f92bf428b1a2f869e17d6e3bb4b41e3c9e26dae837a831557982079c112cd8cb42db2e6f3f3fadf5360eb60efdbb7d696953f0738c59230d8eb40c2b06c26697aac33a5ab9b7313c93e52c37e09eda652521ed87e61e3670f7d3b907dfe5c0b2be878f0124d7ad7916b9426ce48f3c4e697dcd223b9e8fde933578f87eef995267a132e7796c52ef29f270ef8eddab6faf134887c5cddf00f09a2bf616ad4b3d95a8cf7b651cc6ce853407cc90e50348df03bd79f42843fe1d533798b9903f2efc56e4f47433a9416e9396a64a91b4a876836d3a9c3a4a9886172df9c0b264616ef9639fa6e62502be143e5c7a14932b8e91f602ffa8e03440c35cdcf21398ff0ac1296ab3eb8894ab42e4ad6c59faeec8c3b57e680f1af40652a11d27cb7ca0d98fea53e4ac614b58852fec64f3c46eaf64c1db517e9c00a2903e21f9ee77cc834ece0a2138be0718a7d2af63dc183c9fe0f1075cd079b0323304b1ebbc63f4bceb6037c76ba8ecb90df4ace03ec30135c87fd13f514401dd8744f0bcb74d8d728f217f374165b7f8f59d731e34b1a472bb7912d79ae031e450a21ed65ba1155da73274007e970185241ed68b68dc2ad7d3fb2f83abebac4d1170a968af8d4d14dac3c5ccce6cc8d057c1cfdfa8a094f9567c958ae5de78edf2f842fb1d0bb4f8607c12abd49fac8bff488da02f025611052fdb85c7800ae4e3f8249fb52ea4bf61b471a3695ec27fcbbc113d1ef4d8bb537f2124f58e1d9c632e583fb6e15d09376e90fe83745ac8462e8b8834033ac551dbd9dd013898b0df9e2e87e19a709531054736153b1b9177f947e8e812a08f56cc5be164dc700a08fb3598052412679309a3a954395a2ea06fb9650af9011b97d497dff8c1226ec1aa05d9b90a06dc6437be10ec467a10939641ab3a21b7e06303add85a4ff36b0421a43684cc5c67ad1532ca09d77417118783bdb1c0c7374a2e189336ef8ed43f2cfdbb4b1a9bb166d4200630240165907d5439a4fdf6cae2fdff645cadfffe48503fbf78fa08362c3df501ddd4086a5de28720a78cbac740e742df8ad48f46b6f55e3aeb6c97ffe18094f74c96063fecaf880aa2fd0da87ddba99ae6687b15b66476a27d4df12f9f47f455ce37fdb1320979eaf35e58e077720bcb481cfb72f63fee3ded96723328f082c00303f6adef3b19421a0d29028b3404ef17497bdfed54eb5a81e81d61b8c07f4769f988b2efb6688e92f4edd51d1172b2c44840acd0be9684e2abd29106eab844404319a89dae0ef99d27b96b9e3f893dadede90b4fb58f302206a506af6e24e59662689a3eb484804ec06b3c58b4710343ba0aa71bc3734020a67cb39781f6843c22a89cc8eb0c3c7f4d5064303814724b320289aa803a0c87317085ec613440c913a5f59cbc6e74711c6dc3af3e1590e20fb9580d7bb8e2c1bde961fab5e8c0778c59b4658c81c61716446bfb11033fe3f8e317b095173797f012e76c43a77706af39d3d686431e42114647ab35d2d9334624f0aa750596f5a857b85d891ddf6af4a8faba84e01d3f44a7776203754a410ee8daa514dace70bfcd8bb6fdd76e4dd9c9479cff910a4f59a370e1d9e575d58795ebe147f51e70f0fe2444ad10f5271e1186da5b47cb881c70246cdfc8b97cd9f4f947cb35f0930dbceb70e5769e79c87e6104969d7742c396fbd20a4f89c2076c7196744c8aa46028fe46fc5ec53c9ee8aa17d4297e3921c114872f61ee455f916a46cdc4c5468629b59cef4900b8c6439520ec2c742d3f12d3899a3a8e90bd7fa91640f3f240cd831ad9e2091e675626cbdf913869a289f4339013491fb0066098e06248cce1b3c7aa401b173464e55e749505cfbc358dbbf4e46ba7042505ae81231646bb194b487284a137b0ad3cb082d23195ac22af7098a09f69a8b4fa3b5ef018becc8ad74389f8f7fbc2e0484dd4892e1e7dcc7e674a665f97bed7c9ef80ab12a20f57408843b7d62eb3acd338c8f55a31e87dc8d176964f795812229107c6c9993461fa509914efa0cbbd7386e434600e4ffebc0f481f75d58de8f5a86cb5f0f11e5f60254ebb5252b9824ab95b27fe03df7f92354510b8ae220d7d4bb869ad580b290cb2c7fe3f73a2325f072e1855c761ed00f2c8f4252df6eea2d1924bb01c4e7bd245c241ad7fd1f0f858be5d9bc141b3ab0adccf4ae54dd871fe418e53d1590f1f3c8bb58698854258a22984ec9ec8193217f8e3548d6367666f09f4cf1156eea513a75618ac7117cafa4a3e918ab7d7860ef8b1993119bf6794bdfd8a1456690b116a4d8860e1340daea0eb71ded6e2ce423e9afb37dfbac460fe6aa165b56ddf66d38d0dd79d6d109dc606ee30e4209d8734788aaf62f9d1c3e23dfaf12691d4802fffb42fe34dba1c4b8ba7e7d9780972b29c8a39e2d9a64d2cf80f2e7f0ecb47c645f7e42367b13c446b47fa417803d00628a0c7284017369aa31c1d73d07eb779f320add5411e032614b079e02799301fa7c6f9f07b27584efa4e465a6fa9ec62ad6ac4a7bf6c03d629e9285f1211cd17cd913742d85d69ee33aa2666a2dbaa50d82e1022ebc11c1515b7d10b7ad133c4bb1675dde4d3c3e9f748b2e54f43e7b3e82c554629aafc8ff520443f9501799c4191a73c2f9773118a3184ca855aa1e8dabab89970e532744f36f4b6e05e3fa27e96a710e795a68e03343ec089a9798259b2309cc41938f603395e9b4328d44b3e3512fca31b92c0dc4da9492f69100cd5af3a5d9ea9539514d2a713d6016d20cf695ce3de89190d644a7372b0bc936aaa984c1a2a267bd75a168dfbfe7616ae26ddb5bbec5731e7560d565181004688dc575474fb78e02cf5d4059a3ca2f44ec96c79c0f7d326caf0aee5dbdb7732440f4891b663020b8dae099e44177ff20bd883f8ac9c67d9b8c61a0888bf3760896a1f4ab98d92b991ed368aa5f8d821bb0886511e9f377a86c36ec2fa182d9932032eb8a83dec02dc3fbeaa9fe6410bdcd9162243e8fa3d4840116fbf12dbc3bb4ac16398358756d1ad4b73377690377132c007900b6e27c0c7208f04d61de9f429161ce9698abe2b7ba2fd58f2a0a25dd6e715970233222cc515904c4157d02b64eba72ac79d66d152670480d03e61c2a607c9fac4336751202829111fe86bbba92f4a90f18d2a047e43205541f2fa2d66e27707de8a25e579c0ccfbda6449a4bcfd7a23cb8a1d38d587f277ef0934be128cb94d46be5b1d26e6fb966fbcd1f302f850c77b141fb171d7875ee44d2acfce492a6a5db12e049ddd88ac105f453703bca65f5ed8ab44ffc15c808b8f3e882a32478ad1c32c5cad0aa95b23af5214dbb65c933da35d8e373c4eea94484c41f8fd1e34cf963afc2a85191a49d2a4b9469dbde2b0ebd16631687182d0dff3904c81033bf59f76897cd3b2161220e00fa043e2f35128843d78992c0ad60ae1a50b9ef400bd2d", 0x3)
read$auto(r7, 0x0, 0x20)
writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3)
bpf$auto(0x0, &(0x7f0000000280)=@link_detach={r7}, 0x4c5)
ioctl$auto_TIOCSTI2(r1, 0x5412, &(0x7f0000000700)="12")

785.353451ms ago: executing program 3 (id=825):
mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
readv$auto(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x5}, 0x369)
connect$auto(0xffffffffffffffff, 0x0, 0x3a)
r0 = socket(0x1e, 0x5, 0x0)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r0)
openat$auto_dfs_cpu_ops_debugfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/x86/topo/cpus/1\x00', 0x48140, 0x0)
unshare$auto(0x40000080)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000000)={{0x0, 0x8000001, 0x0, 0x2000000000000003, 0x0, 0x24, 0x1}, 0x401}, 0x800, 0xa0000000)
r1 = socket(0xa, 0x5, 0x84)
sendto$auto(r1, 0x0, 0x401, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c)
ioctl$auto_SNDRV_CTL_IOCTL_TLV_COMMAND(0xffffffffffffffff, 0xc008551c, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/admmidi2\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000001100), 0xa8000, 0x0)
madvise$auto(0x3, 0x6, 0x929e)
ioctl$auto_USB_RAW_IOCTL_EP0_READ(r2, 0xc0085504, &(0x7f0000000040)={0x9, 0x1, 0x400000})

781.164443ms ago: executing program 0 (id=834):
r0 = fsopen$auto(0x0, 0x1)
fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0)
process_madvise$auto_MADV_PAGEOUT(r0, &(0x7f0000000180)={&(0x7f00000000c0)="6bc435df379d38af2070e83ab820b0b15150be99d3063202de267667bb5fa15ce74ac0fb440ea2015d190f8ebd6e6427cb9a59d3cad3d2819c4e21caabd133d6cccdbae60f4ae89d62159cdb0cd02b6c24f2f4b16912ffec395de0e2a131d6047ed554bff8eed5782198b7615f59bd171d433765771e3ebe9ba010b66a31cb92dc09aab37592b5f66bbc92184733254768720007c7d6097032cea9fe5d18b38b4598956717fe92912375382c9e061b42", 0x3}, 0x1, 0x15, 0x5)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
listmount$auto(0xfffffffffffffffd, 0x0, 0x8, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
select$auto(0x500000, 0x0, &(0x7f0000000240)={[0x8, 0x200000000006, 0x800000004, 0x8000, 0x0, 0x80000008, 0x7, 0x6, 0x8fc, 0xb80, 0x100000e34d, 0x4009, 0x8000, 0xfffffffffffff954, 0xfffffffffffffef8, 0x4]}, 0x0, &(0x7f0000000080)={0x1, 0x401})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/kernel/ns_last_pid\x00', 0x88642, 0x0)
read$auto_proc_sys_file_operations_proc_sysctl(r1, 0x0, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
write$auto(0xffffffffffffffff, &(0x7f0000000180)='7\x00\xe6\xeaA\r\nW\xa6&\xff\xff\f\x00\x00\x00\xff\x00\x00\x00\x00\x00\x1f\xde\x00\x00\x00\x00\x00\x00\x00', 0x9)
set_mempolicy$auto(0x6, 0x0, 0x9)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0xe01, 0x0)
fadvise64$auto_POSIX_FADV_DONTNEED(0xffffffffffffffff, 0x10, 0x8, 0x4)
setresgid$auto(0xffffffffffffffff, 0xee00, 0x0)
r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0)
read$auto(r2, &(0x7f00000002c0)='N\xd5\f\xb9GC*(,\x00\xc4bAL\xa3`\xb1\xf2T\xc0\x1d\xa4\x10r\xc4\xa2\xb1y\t\x05\xe7\xc04b$\x99.\xb4\xcc\xc0%\xaa\xd3\xd5\xef\xa4\xd35u\xc0\xa6\r\xcaJ\x11\xaf\x93\xde\xc3|\x17\x96\xd1\x15g\x10\x1ai1(=!\xf1\xe8\xe4\xcdm\xed\rW\xe7\xfbL\\\xf2sj(\v\xcd\xe5\x02B\x81ss\xdd\x8199\xa5\x1e\xb0A\xa3\xcbj7\xe9\xc9L\xcc\xc6\xa4\xaf%\xba\xda\xee\xd8%:bXj\xd5[UG\x8a\x8ab\x9a\x18\xe8K\xafU\x8d\xb1\f~\xaa\xab(\x86(\xf9\b\xf7$%\xf2\x11\xa4\x9bj\xc1)\n\x1ft\xb6\xaf\xe2\xd4\x95\xa3\xe1', 0x100000001)
openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x2, 0x0)
ioctl$auto_TUNSETCARRIER(r0, 0x400454e2, 0x0)
socket(0x3, 0x805, 0x4)
r3 = socket(0x2a, 0x2, 0x1)
r4 = memfd_create$auto(&(0x7f0000000300)='/sys/kernel/debug/x86/boot_params/data\x00\"F\xb6\xcd\x06\xd6\x97\\L\xe1\xb2\xee\xb8\x8e\xd6O\xa1j\x90w\xc7\x94\xb7yi\x01&\x04b/\xaa\xfb#s\xc4\xa3\xa7\xacj\xc6\x8e\xf4L\x9a\xf8\xcc\xdcy\x9f\x93\xbc\xf6\xc8\xdb\x05w,|B\xfc\x04\x97\xd3\x0f\x8b\x81\xe8\xbc\x81\x0e\xd7o\xd2\xcd\x18z\xc2\xb7|\xe1\xa6\x9a~\x96\x10rnLnt\xdb\xdb-\x1b\x99\xd4\xed;\xf8\x13a\r\xf2\a\x85%\xef\xa7\x7f#\x96\xf2S\xb0\xf1Hq\x0f;\x83\xb7\x0fz\x9dN\xc9\x1e\x15r\x97|\xbfE\xce\"', 0x4)
fallocate$auto(r4, 0x0, 0x9, 0x4cbd5d)
bind$auto(r3, &(0x7f0000000080)=@rc={0x1f, @none, 0x48}, 0x6c)
connect$auto(r3, &(0x7f0000000140)=@qipcrtr={0x2a, 0x1, 0x4000}, 0x57)

734.679773ms ago: executing program 1 (id=826):
recvmmsg$auto(0xffffffffffffffff, 0x0, 0x0, 0xffffffff, 0x0)
mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x89b0, &(0x7f0000000140)={'bridge0\x00', <r1=>0x0})
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000)
close_range$auto(0x0, 0x5, 0x0)
r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x101202, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_DEL_PMK(0xffffffffffffffff, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000a40)=ANY=[@ANYBLOB="5a1d2a1772eae57526e7543df28252fe5c3560407fe7035ce5b999867c144cddf1ad1bb02182f223c0c2cb68e793f1c284fba290d4", @ANYRESOCT=r1, @ANYBLOB="51743461bc7e0da4a1548b745b7f52a0a6fcbcef243d50e875904b13870757aec924599f3682090f5e6b0c22943326913eedfec2a03e2906a238a5113858d5b2522598c3906c5be94578fbf4b477fcfb8b61bae7ca32a8c99c23fcedc47b6acb89f622ddedc122ce9615fa8ac652e8b385cf1cd881984c64696a4ca533e92f38c89c2e745d99ef7d1aadedc3c728d4ee7b72d02b0e311f79b4a38bcceb30bc6c5ab552046e0731c2875620918a59705d068d1be4369e9b7506c3d5c58997e7835e807d9f42adf907b64cef0c4eb2f7010dd520ae685626f667f1a1a21365c89754f959afa8470016f23e477db3832acbb97cd13d499409", @ANYRES32, @ANYRESHEX, @ANYRES64=r4, @ANYRES16=r3, @ANYRESHEX], 0x1c}, 0x1, 0x0, 0x0, 0x4008800}, 0x4002c800)
stat$auto(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000340)={0x2, 0x0, 0xf661, 0x0, 0xee00, <r5=>0xee00, 0x0, 0xbcd, 0x6c, 0x8, 0x261, 0x5, 0x7fffffff, 0x7, 0x9, 0x8000, 0x144})
ioctl$auto_XFS_IOC_SWAPEXT(0xffffffffffffffff, 0xc0c0586d, &(0x7f0000000080)={0xd, @raw=0x7fffffffffffffff, @raw=0x7fffffff, 0x3, 0x7, '\x00', {0x5, 0x3, 0x0, 0xffffffffffffffff, r5, 0x0, 0x1000, 0x7ff, {0x4, 0x100}, {0x1133, 0x40}, {0x2, 0xc431}, 0xa00, 0x3ae0, 0x4, 0x8, 0xe, 0x0, 0x3, 0xf, 0x8, 0x2, '\x00', 0x7, 0x0, 0x1816, 0x4}})
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xc, 0x800008000)
sysfs$auto(0x2, 0x46, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @loopback}, 0x6a)
r6 = socket(0x2, 0x5, 0x0)
r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x7965dae200b7d1b3, 0x10)
renameat$auto(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', r7, &(0x7f0000000340)='./file0\x00')
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x10, 0x0, 0x7, 0x0, 0xc004, 0xb}, 0xfff}, 0x5, 0x311)
sendmmsg$auto(r6, &(0x7f0000000400)={{&(0x7f00000001c0)="3618b3d64640c945ddf86a720bf2461e82a4aadefe61234ec678cd3c3eac36e3eaa0a36e7777ac174014b4d57e5f3d761faf4cf4920542685b916aa5aea6b5f2c84a2db4", 0x3fc, &(0x7f00000000c0)={0x0, 0xfffffffffffff1b9}, 0x0, 0x0, 0x8000000000000001, 0xb}, 0x8}, 0x10001, 0xfffffff5)
sendmsg$auto_NL80211_CMD_GET_COALESCE(r3, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x40040}, 0x66)
ioctl$auto_SG_GET_RESERVED_SIZE(r2, 0x4c04, 0x0)
r8 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x400042, 0x0)
r9 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x80402, 0x0)
ioctl$auto_SNDCTL_DSP_GETOPTR(r9, 0x800c5012, &(0x7f00000000c0))
write$auto(r8, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\x89\xe8^\x98#\x86\x92\x86w\xa1\x05\x9b\xad}yX\xc5\xc0\x1c\xd1\xd9\x9e\x91\b\xfc=\x18\xf9E\b\xa3Rgu\xf5L\x1d\xf8\ny', 0x401)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r10 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000000), 0x123000, 0x0)
ioctl$auto_USB_RAW_IOCTL_EVENT_FETCH(r10, 0x80085502, 0x0)

13.486445ms ago: executing program 1 (id=827):
mmap$auto(0x0, 0x7, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0)
ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000380)="7a47301037954c081c9a0bb84bb7b04ef84993eab91abe1686f43e43d786e964e8f04455bd620de9f3fb6d65e6c078c1a672c549dbc7876cb528ba081a81d884bfc00dd4eef57cedc0cc4156ff6a5b0aa8ba9511fe2b07c6e7f4732fe36ba218aa5b0ff402f2e6adb8ea60886c1e52c60d7d87e4c0551386501763ad098eb2b9602f83b2a643399f10dfdb0f4018b401be4db675d0acf8d348c26acf338cbe20fcb76439ca602a3c022f4463a8820f1c6f865d24e058af98f0c48bf552c3f6cc28c09d9054347db3c28701c67fa1e57d81b881638b518dd8e24969b7fd10406fcf6eb9bb66bf56ed7568510c72b380fa6efbca845bde90f7672708000000000000003513")
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
lseek$auto(0x3, 0x7fffffffffffffff, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
socket(0x10, 0x2, 0x0)
setsockopt$auto(0xffffffffffffffff, 0x6, 0xc, 0x0, 0x4)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x123002, 0x0)
write$auto(r1, &(0x7f0000000080)='/dev/audio\x00', 0x80000000)
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x147)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
write$auto_proc_sys_file_operations_proc_sysctl(r0, &(0x7f0000000500)="171a0e83fb025543a8913123c7839ff59c13c7f1d99c84cadf1fae4b0c2557019a5830946732d3e6080e614ca5020ecec66ca8608ce0a297cbc31c5d2d0c87b7d92e116423a9bccbf91578b6a43a581022bacf32afd61ad275cc3800a918531d8246f79f890df0aca9820e09b80e3ba34337d2be15f29e74ce1a2cdacac7dd5c10f8d0bac5740db9326b095875707b08", 0x90)

0s ago: executing program 2 (id=828):
mmap$auto(0x0, 0x9, 0xdf, 0x109b72, 0xffffffffffffffff, 0x8000)
r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0)
r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000000c0), 0x302, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x4dd8, 0x5)
r3 = syz_genetlink_get_family_id$auto_netdev(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$auto_NETDEV_CMD_BIND_RX(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010026bd7000fcdbdf250d00000008000300", @ANYRES32, @ANYBLOB="0400028008000100"], 0x28}, 0x1, 0x0, 0x0, 0x4800}, 0x4)
close_range$auto(0x2, 0x8, 0x0)
ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5)
ioctl$auto(r1, 0x4008af24, r0)
r4 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa1\x00', 0x101041, 0x0)
write$auto(r4, &(0x7f0000000000)='/s]s/kernel/security/i\xdbtegrity/Nvm/evm_xattrs\x06', 0x5)

kernel console output (not intermixed with test programs):


[   95.877396][ T5995]  ? __might_fault+0xc5/0x140
[   95.877442][ T5995]  mm_release+0x24a/0x2f0
[   95.877471][ T5995]  do_exit+0x707/0x2af0
[   95.877517][ T5995]  ? __pfx_do_exit+0x10/0x10
[   95.877550][ T5995]  ? do_raw_spin_lock+0x128/0x260
[   95.877576][ T5995]  ? find_held_lock+0x2b/0x80
[   95.877604][ T5995]  ? get_signal+0x7e5/0x2210
[   95.877638][ T5995]  do_group_exit+0xd5/0x2a0
[   95.877678][ T5995]  get_signal+0x20ff/0x2210
[   95.877716][ T5995]  ? ldsem_up_read+0x4e/0x90
[   95.877742][ T5995]  ? __pfx_get_signal+0x10/0x10
[   95.877773][ T5995]  ? do_futex+0x192/0x350
[   95.877802][ T5995]  arch_do_signal_or_restart+0x91/0x7a0
[   95.877839][ T5995]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[   95.877886][ T5995]  ? rcu_is_watching+0x12/0xc0
[   95.877915][ T5995]  exit_to_user_mode_loop+0x8b/0x4f0
[   95.877938][ T5995]  ? rcu_is_watching+0x12/0xc0
[   95.877970][ T5995]  do_syscall_64+0x6f2/0xf80
[   95.878004][ T5995]  ? clear_bhb_loop+0x40/0x90
[   95.878034][ T5995]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.878059][ T5995] RIP: 0033:0x7f7fcdd9ce59
[   95.878078][ T5995] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   95.878100][ T5995] RSP: 002b:00007f7fcecc00e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   95.878124][ T5995] RAX: fffffffffffffe00 RBX: 00007f7fce016098 RCX: 00007f7fcdd9ce59
[   95.878139][ T5995] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7fce016098
[   95.878152][ T5995] RBP: 00007f7fce016090 R08: 0000000000000000 R09: 0000000000000000
[   95.878165][ T5995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   95.878178][ T5995] R13: 00007f7fce016128 R14: 00007ffdeeb437e0 R15: 00007ffdeeb438c8
[   95.878211][ T5995]  </TASK>
[   96.608879][ T6002] [U] ^R
[   97.832769][ T6029] ubi0: attaching mtd0
[   97.849988][ T6029] ubi0: scanning is finished
[   97.901178][ T6032] netlink: 8 bytes leftover after parsing attributes in process `syz.0.56'.
[   98.087618][ T6029] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[   98.102859][ T6029] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[   98.120570][ T6029] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[   98.170879][ T6029] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[   98.198849][ T6029] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[   98.209002][ T6029] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[   98.229508][ T6040] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[   98.242241][ T6029] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[   98.303006][ T6029] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[   98.333696][ T6033] ubi0: detaching mtd0
[   98.342302][ T6037] ubi0: background thread "ubi_bgt0d" started, PID 6037
[   98.411444][ T6033] ubi0: mtd0 is detached
[  101.381312][ T6088] ubi0: attaching mtd0
[  101.410747][ T6088] ubi0: scanning is finished
[  101.775042][ T6088] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  101.822703][ T6088] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  101.847027][ T6088] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  101.861298][ T6088] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  101.891245][ T6088] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  101.914073][ T6088] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  101.934390][ T6088] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  101.986661][ T6088] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  102.029061][ T6093] ubi0: background thread "ubi_bgt0d" started, PID 6093
[  102.036115][ T6089] ubi0: detaching mtd0
[  102.134117][ T6089] ubi0: mtd0 is detached
[  104.126687][ T6111] [U] v
[  104.548998][ T6132] ubi0: attaching mtd0
[  104.575918][ T6132] ubi0: scanning is finished
[  104.776695][ T6132] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  104.784932][ T6132] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  104.823796][ T6132] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  104.878273][ T6132] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  104.903903][ T6132] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  104.936974][ T6132] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  104.967493][ T6132] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  105.000871][ T6132] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  105.029442][ T6139] ubi0: background thread "ubi_bgt0d" started, PID 6139
[  105.040090][ T6134] ubi0: detaching mtd0
[  105.115983][ T6134] ubi0: mtd0 is detached
[  108.315650][ T6175] netlink: 342 bytes leftover after parsing attributes in process `syz.1.82'.
[  109.094954][ T6185] [U] ^R
[  109.187186][ T4947] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  109.190352][   T29] audit: type=1804 audit(1779068608.031:3): pid=6182 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.84" name="/newroot/sys/kernel/debug/tracing/error_log" dev="tracefs" ino=1015 res=1 errno=0
[  109.278890][ T4947] Bluetooth: hci0: unexpected event 0x04 length: 6 < 10
[  110.141997][ T6198] ubi0: attaching mtd0
[  110.172254][ T6198] ubi0: scanning is finished
[  110.565005][ T6198] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  110.574111][ T6198] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  110.584648][ T6198] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  110.758537][ T6198] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  110.803459][ T6212] netlink: 342 bytes leftover after parsing attributes in process `syz.2.90'.
[  110.837807][ T6198] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  110.856332][ T6198] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  110.879795][ T6198] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  110.892092][ T6198] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  110.958873][ T6209] ubi0: background thread "ubi_bgt0d" started, PID 6209
[  110.967684][ T6200] ubi0: detaching mtd0
[  111.127806][ T6200] ubi0: mtd0 is detached
[  111.181843][ T6216] ubi0: attaching mtd0
[  111.249942][ T6216] ubi0: scanning is finished
[  111.267617][ T4947] Bluetooth: hci0: command 0x2016 tx timeout
[  111.697335][ T6218] [U] ^R
[  111.746269][ T6216] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  111.778597][ T6216] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  111.786954][ T6216] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  111.808193][ T6216] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  111.828904][ T6216] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  111.837378][ T6216] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  111.858504][ T6216] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  111.868813][ T6216] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  111.891952][ T6220] ubi0: detaching mtd0
[  111.911994][ T6225] ubi0: background thread "ubi_bgt0d" started, PID 6225
[  112.287247][ T6220] ubi0: mtd0 is detached
[  113.033498][ T6236] process 'syz.1.93' launched './file0' with NULL argv: empty string added
[  113.069042][ T6239] ubi0: attaching mtd0
[  113.164482][ T6239] ubi0: scanning is finished
[  113.347411][   T50] Bluetooth: hci0: command 0x2016 tx timeout
[  113.959799][ T6239] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  113.993624][ T6239] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  114.026974][ T6239] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  114.102050][ T6239] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  114.134911][ T6239] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  114.186813][ T6239] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  114.217563][ T6239] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  114.306483][ T6239] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  114.354433][ T6241] ubi0: detaching mtd0
[  114.355768][ T6252] ubi0: background thread "ubi_bgt0d" started, PID 6252
[  114.678629][ T6241] ubi0: mtd0 is detached
[  114.998300][ T6257] ubi0: attaching mtd0
[  115.186372][ T6257] ubi0: scanning is finished
[  115.338320][ T6264] netlink: 342 bytes leftover after parsing attributes in process `syz.1.98'.
[  115.599950][ T6257] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  115.668923][ T6257] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  115.693526][ T6257] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  115.771739][ T6257] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  115.888366][ T6257] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  115.906484][ T6257] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  115.923736][ T6257] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  115.948484][ T6257] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  115.975147][ T6259] ubi0: detaching mtd0
[  115.990157][ T6266] ubi0: background thread "ubi_bgt0d" started, PID 6266
[  116.164090][ T6259] ubi0: mtd0 is detached
[  116.446306][ T6264] [U] ^R
[  116.822245][ T6272] netlink: 342 bytes leftover after parsing attributes in process `syz.2.99'.
[  116.988282][ T6275] netlink: 342 bytes leftover after parsing attributes in process `syz.1.100'.
[  117.545778][ T6277] [U] ^R
[  117.764148][ T6284] ubi0: attaching mtd0
[  117.792586][ T6284] ubi0: scanning is finished
[  118.010386][ T6280] [U] ^R
[  118.272097][ T6284] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  118.363868][ T6284] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  118.454025][ T6284] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  118.549207][ T6284] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  118.616090][ T6284] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  118.625557][ T6284] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  118.640496][ T6284] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  118.653916][ T6284] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  118.684054][ T6288] ubi0: background thread "ubi_bgt0d" started, PID 6288
[  118.793258][ T6283] ubi0: detaching mtd0
[  118.849013][ T6283] ubi0: mtd0 is detached
[  120.514414][ T6306] netlink: 172 bytes leftover after parsing attributes in process `syz.2.105'.
[  121.063410][ T6300] ubi0: attaching mtd0
[  121.120235][ T6300] ubi0: scanning is finished
[  122.556336][ T6300] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  122.967154][ T6300] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  123.111020][ T6300] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  123.219424][ T6300] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  123.350163][ T6300] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  123.912871][ T6300] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  124.211996][ T6300] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  124.571695][ T6300] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  124.722063][ T6321] ubi0: background thread "ubi_bgt0d" started, PID 6321
[  124.727664][ T6309] ubi0: detaching mtd0
[  124.760464][ T6309] ubi0: mtd0 is detached
[  124.983641][ T6327] netlink: 8 bytes leftover after parsing attributes in process `syz.3.109'.
[  125.512971][ T6329] netlink: 172 bytes leftover after parsing attributes in process `syz.2.110'.
[  125.991701][ T6339] syz_tun: tun_chr_ioctl cmd 1074025673
[  130.695533][ T6354] netlink: 342 bytes leftover after parsing attributes in process `syz.1.115'.
[  131.007301][ T6356] [U] ^R
[  131.196316][ T6355] FAULT_INJECTION: forcing a failure.
[  131.196316][ T6355] name failslab, interval 1, probability 0, space 0, times 0
[  131.209139][ T6355] CPU: 1 UID: 0 PID: 6355 Comm: syz.1.115 Not tainted syzkaller #0 PREEMPT(full) 
[  131.209165][ T6355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  131.209177][ T6355] Call Trace:
[  131.209185][ T6355]  <TASK>
[  131.209192][ T6355]  dump_stack_lvl+0x100/0x190
[  131.209234][ T6355]  should_fail_ex.cold+0x5/0xa
[  131.209259][ T6355]  should_failslab+0xc2/0x120
[  131.209282][ T6355]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  131.209312][ T6355]  ? __send_signal_locked+0x155/0x12d0
[  131.209340][ T6355]  __send_signal_locked+0x155/0x12d0
[  131.209367][ T6355]  do_notify_parent+0xf05/0x10b0
[  131.209390][ T6355]  ? __pfx_do_notify_parent+0x10/0x10
[  131.209410][ T6355]  ? do_raw_spin_lock+0x128/0x260
[  131.209442][ T6355]  ? lockdep_hardirqs_on+0x78/0x100
[  131.209470][ T6355]  ? _raw_write_lock_irq+0x45/0x50
[  131.209503][ T6355]  do_exit+0x2103/0x2af0
[  131.209537][ T6355]  ? __pfx_do_exit+0x10/0x10
[  131.209567][ T6355]  ? do_raw_spin_lock+0x128/0x260
[  131.209588][ T6355]  ? find_held_lock+0x2b/0x80
[  131.209612][ T6355]  ? get_signal+0x7e5/0x2210
[  131.209638][ T6355]  do_group_exit+0xd5/0x2a0
[  131.209670][ T6355]  get_signal+0x20ff/0x2210
[  131.209703][ T6355]  ? __pfx_get_signal+0x10/0x10
[  131.209730][ T6355]  ? do_futex+0x192/0x350
[  131.209754][ T6355]  arch_do_signal_or_restart+0x91/0x7a0
[  131.209784][ T6355]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  131.209822][ T6355]  ? rcu_is_watching+0x12/0xc0
[  131.209849][ T6355]  exit_to_user_mode_loop+0x8b/0x4f0
[  131.209868][ T6355]  ? rcu_is_watching+0x12/0xc0
[  131.209894][ T6355]  do_syscall_64+0x6f2/0xf80
[  131.209922][ T6355]  ? clear_bhb_loop+0x40/0x90
[  131.209945][ T6355]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.209966][ T6355] RIP: 0033:0x7f33fe39ce59
[  131.209986][ T6355] Code: Unable to access opcode bytes at 0x7f33fe39ce2f.
[  131.209995][ T6355] RSP: 002b:00007f33ff1860e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  131.210014][ T6355] RAX: fffffffffffffe00 RBX: 00007f33fe616098 RCX: 00007f33fe39ce59
[  131.210027][ T6355] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f33fe616098
[  131.210039][ T6355] RBP: 00007f33fe616090 R08: 0000000000000000 R09: 0000000000000000
[  131.210055][ T6355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  131.210066][ T6355] R13: 00007f33fe616128 R14: 00007ffec0cb8c60 R15: 00007ffec0cb8d48
[  131.210092][ T6355]  </TASK>
[  131.920851][ T6365] ubi0: attaching mtd0
[  131.957501][ T6365] ubi0: scanning is finished
[  132.431803][ T6365] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  132.493579][ T6365] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  132.510750][ T6365] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  132.518492][ T6365] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  132.556281][ T6365] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  132.573738][ T6365] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  132.581947][ T6365] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  132.592066][ T6365] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  132.622574][ T6375] ubi0: background thread "ubi_bgt0d" started, PID 6375
[  132.687057][ T6367] ubi0: detaching mtd0
[  132.783844][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[  132.790835][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[  132.870810][ T6367] ubi0: mtd0 is detached
[  132.968870][ T6371] ubi0: attaching mtd0
[  133.079079][ T6371] ubi0: scanning is finished
[  133.144399][ T6384] netlink: 8 bytes leftover after parsing attributes in process `syz.3.121'.
[  133.972483][ T6371] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  133.993558][ T6371] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  134.073148][ T6371] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  134.081721][ T6371] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  134.116411][ T6371] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  134.255864][ T6371] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  134.286607][ T6371] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  134.641118][ T6371] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  134.999006][ T6410] syz_tun: tun_chr_ioctl cmd 1074025673
[  135.016902][ T6398] ubi0: background thread "ubi_bgt0d" started, PID 6398
[  135.027934][ T6374] ubi0: detaching mtd0
[  135.200602][ T6374] ubi0: mtd0 is detached
[  135.547329][ T6414] netlink: 172 bytes leftover after parsing attributes in process `syz.1.126'.
[  137.297305][ T6427] ubi0: attaching mtd0
[  137.359592][ T6427] ubi0: scanning is finished
[  137.396805][ T6428] netlink: 342 bytes leftover after parsing attributes in process `syz.0.129'.
[  137.594607][ T6436] netlink: 172 bytes leftover after parsing attributes in process `syz.3.132'.
[  137.939069][ T6434] Page cache invalidation failure on direct I/O.  Possible data corruption due to collision with buffered I/O!
[  137.966124][ T6434] File: /dev/nullb0 PID: 6434 Comm: syz.3.132
[  138.114481][ T6427] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  138.273334][ T6427] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  138.370902][ T6427] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  138.389248][ T6427] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  138.421549][ T6427] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  138.502128][ T6427] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  138.510291][ T6427] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  138.521935][ T6427] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  138.596613][ T6431] ubi0: detaching mtd0
[  139.111148][ T6431] ubi0: mtd0 is detached
[  140.528434][ T6437] [U] ^R
[  140.633249][ T6437] FAULT_INJECTION: forcing a failure.
[  140.633249][ T6437] name fail_futex, interval 1, probability 0, space 0, times 0
[  140.778074][ T6461] ubi0: attaching mtd0
[  140.804530][ T6461] ubi0: scanning is finished
[  140.848784][ T6437] CPU: 0 UID: 0 PID: 6437 Comm: syz.0.129 Not tainted syzkaller #0 PREEMPT(full) 
[  140.848817][ T6437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  140.848831][ T6437] Call Trace:
[  140.848840][ T6437]  <TASK>
[  140.848851][ T6437]  dump_stack_lvl+0x100/0x190
[  140.848889][ T6437]  should_fail_ex.cold+0x5/0xa
[  140.848933][ T6437]  get_futex_key+0x1d2/0x1510
[  140.848972][ T6437]  ? __pfx_get_futex_key+0x10/0x10
[  140.849002][ T6437]  ? preempt_schedule_common+0x42/0xc0
[  140.849049][ T6437]  ? preempt_schedule_thunk+0x16/0x30
[  140.849101][ T6437]  futex_wait_setup+0x83/0x510
[  140.849150][ T6437]  __futex_wait+0x19f/0x300
[  140.849192][ T6437]  ? __pfx___futex_wait+0x10/0x10
[  140.849234][ T6437]  ? __pfx_futex_wake_mark+0x10/0x10
[  140.849278][ T6437]  ? futex_hash+0x2ad/0x370
[  140.849307][ T6437]  ? futex_hash+0x141/0x370
[  140.849342][ T6437]  futex_wait+0xe6/0x370
[  140.849378][ T6437]  ? __pfx_futex_wait+0x10/0x10
[  140.849413][ T6437]  ? tty_ioctl+0x93d/0x1640
[  140.849464][ T6437]  ? ldsem_up_read+0x4e/0x90
[  140.849493][ T6437]  ? tty_ioctl+0x345/0x1640
[  140.849542][ T6437]  do_futex+0x1ef/0x350
[  140.849575][ T6437]  ? __pfx_do_futex+0x10/0x10
[  140.849609][ T6437]  ? find_held_lock+0x2b/0x80
[  140.849652][ T6437]  __x64_sys_futex+0x34f/0x4d0
[  140.849687][ T6437]  ? __pfx___x64_sys_futex+0x10/0x10
[  140.849728][ T6437]  ? rcu_is_watching+0x12/0xc0
[  140.849764][ T6437]  do_syscall_64+0x10b/0xf80
[  140.849800][ T6437]  ? clear_bhb_loop+0x40/0x90
[  140.849830][ T6437]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.849857][ T6437] RIP: 0033:0x7f7fcdd9ce59
[  140.849880][ T6437] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  140.849921][ T6437] RSP: 002b:00007f7fcecc00e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  140.849954][ T6437] RAX: ffffffffffffffda RBX: 00007f7fce016098 RCX: 00007f7fcdd9ce59
[  140.849973][ T6437] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7fce016098
[  140.849990][ T6437] RBP: 00007f7fce016090 R08: 0000000000000000 R09: 0000000000000000
[  140.850007][ T6437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  140.850023][ T6437] R13: 00007f7fce016128 R14: 00007ffdeeb437e0 R15: 00007ffdeeb438c8
[  140.850055][ T6437]  </TASK>
[  141.670218][ T6461] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  141.713928][ T6461] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  141.747702][ T6461] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  141.766986][ T6461] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  141.800148][ T6461] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  141.811286][ T6461] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  141.828529][ T6461] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  141.839449][ T6461] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  141.879951][ T6464] ubi0: detaching mtd0
[  141.923947][ T6464] ubi0: mtd0 is detached
[  142.491507][ T6483] netlink: 172 bytes leftover after parsing attributes in process `syz.2.139'.
[  144.085198][ T6498] netlink: 172 bytes leftover after parsing attributes in process `syz.2.143'.
[  147.784148][ T6517] netlink: 342 bytes leftover after parsing attributes in process `syz.3.147'.
[  148.059262][ T6520] [U] ^R
[  148.278187][ T6518] FAULT_INJECTION: forcing a failure.
[  148.278187][ T6518] name fail_futex, interval 1, probability 0, space 0, times 0
[  148.338414][ T6518] CPU: 0 UID: 0 PID: 6518 Comm: syz.3.147 Not tainted syzkaller #0 PREEMPT(full) 
[  148.338447][ T6518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  148.338464][ T6518] Call Trace:
[  148.338472][ T6518]  <TASK>
[  148.338481][ T6518]  dump_stack_lvl+0x100/0x190
[  148.338514][ T6518]  should_fail_ex.cold+0x5/0xa
[  148.338546][ T6518]  get_futex_key+0xf78/0x1510
[  148.338576][ T6518]  ? __pfx_get_futex_key+0x10/0x10
[  148.338600][ T6518]  ? lock_acquire+0x1b1/0x370
[  148.338634][ T6518]  futex_wake+0xea/0x530
[  148.338669][ T6518]  ? __pfx_futex_wake+0x10/0x10
[  148.338709][ T6518]  ? exit_mm_release+0x19/0x30
[  148.338752][ T6518]  do_futex+0x32b/0x350
[  148.338779][ T6518]  ? __pfx_do_futex+0x10/0x10
[  148.338803][ T6518]  ? __might_fault+0xc5/0x140
[  148.338848][ T6518]  mm_release+0x24a/0x2f0
[  148.338879][ T6518]  do_exit+0x707/0x2af0
[  148.338922][ T6518]  ? __pfx_do_exit+0x10/0x10
[  148.338955][ T6518]  ? do_raw_spin_lock+0x128/0x260
[  148.338983][ T6518]  ? find_held_lock+0x2b/0x80
[  148.339013][ T6518]  ? get_signal+0x7e5/0x2210
[  148.339047][ T6518]  do_group_exit+0xd5/0x2a0
[  148.339084][ T6518]  get_signal+0x20ff/0x2210
[  148.339126][ T6518]  ? __pfx_get_signal+0x10/0x10
[  148.339158][ T6518]  ? do_futex+0x192/0x350
[  148.339186][ T6518]  arch_do_signal_or_restart+0x91/0x7a0
[  148.339221][ T6518]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  148.339267][ T6518]  ? rcu_is_watching+0x12/0xc0
[  148.339299][ T6518]  exit_to_user_mode_loop+0x8b/0x4f0
[  148.339324][ T6518]  ? rcu_is_watching+0x12/0xc0
[  148.339355][ T6518]  do_syscall_64+0x6f2/0xf80
[  148.339389][ T6518]  ? clear_bhb_loop+0x40/0x90
[  148.339419][ T6518]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.339444][ T6518] RIP: 0033:0x7f750b59ce59
[  148.339464][ T6518] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  148.339486][ T6518] RSP: 002b:00007f750c4070e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  148.339510][ T6518] RAX: fffffffffffffe00 RBX: 00007f750b816098 RCX: 00007f750b59ce59
[  148.339526][ T6518] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f750b816098
[  148.339541][ T6518] RBP: 00007f750b816090 R08: 0000000000000000 R09: 0000000000000000
[  148.339556][ T6518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  148.339569][ T6518] R13: 00007f750b816128 R14: 00007ffd1a9bb0a0 R15: 00007ffd1a9bb188
[  148.339603][ T6518]  </TASK>
[  148.391464][ T6524] ubi0: attaching mtd0
[  148.930656][ T6535] netlink: 7 bytes leftover after parsing attributes in process `syz.1.149'.
[  148.965603][ T6524] ubi0: scanning is finished
[  149.189621][ T6541] netlink: 172 bytes leftover after parsing attributes in process `syz.3.152'.
[  149.595000][ T6545] syz_tun: tun_chr_ioctl cmd 1074025673
[  149.727257][ T6529] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  150.130226][ T6529] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  150.486821][ T6529] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  150.547202][ T6524] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  150.556335][ T6524] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  150.596327][ T6524] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  150.762824][ T6524] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  150.792345][ T6524] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  150.818686][ T6524] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  150.899618][ T6524] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  150.920072][ T6524] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  150.957769][ T6528] ubi0: detaching mtd0
[  150.962168][ T6550] ubi0: background thread "ubi_bgt0d" started, PID 6550
[  151.031039][ T6529] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  151.039068][ T6528] ubi0: mtd0 is detached
[  151.069053][ T6529] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  151.191947][ T6529] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  151.294670][ T6529] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  151.324198][ T6529] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  151.406513][ T6529] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  151.476723][ T6529] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  151.510238][ T6529] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  151.642025][ T6529] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  151.737247][ T4947] Bluetooth: hci0: command 0x2016 tx timeout
[  152.297946][ T6564] syz_tun: tun_chr_ioctl cmd 1074025673
[  152.538952][ T6567] netlink: 342 bytes leftover after parsing attributes in process `syz.0.156'.
[  153.106937][ T4947] Bluetooth: hci2: command 0x0c1a tx timeout
[  153.238665][ T6578] netlink: 342 bytes leftover after parsing attributes in process `syz.2.159'.
[  153.250606][ T6580] netlink: 342 bytes leftover after parsing attributes in process `syz.3.160'.
[  153.336984][ T4947] Bluetooth: hci1: command 0x0c1a tx timeout
[  153.497237][ T4947] Bluetooth: hci3: command 0x0c1a tx timeout
[  153.577169][ T6586] [U] ^R
[  153.778802][ T6588] [U] ^R
[  153.817219][ T4947] Bluetooth: hci0: command 0x2016 tx timeout
[  154.073635][ T6572] [U] ^R
[  155.035980][ T6600] ubi0: attaching mtd0
[  155.068779][ T6600] ubi0: scanning is finished
[  155.178098][ T4947] Bluetooth: hci2: command 0x0c1a tx timeout
[  155.417680][ T4947] Bluetooth: hci1: command 0x0c1a tx timeout
[  155.578003][ T4947] Bluetooth: hci3: command 0x0c1a tx timeout
[  155.629322][ T6600] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  155.643074][ T6600] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  155.654198][ T6600] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  155.664358][ T6600] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  155.681739][ T6600] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  155.753294][ T6600] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  155.764415][ T6600] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  155.799865][ T6600] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  155.812326][ T6602] ubi0: detaching mtd0
[  155.821192][ T6614] ubi0: background thread "ubi_bgt0d" started, PID 6614
[  155.903133][ T4947] Bluetooth: hci0: command 0x2016 tx timeout
[  156.119049][ T6602] ubi0: mtd0 is detached
[  157.256962][ T4947] Bluetooth: hci2: command 0x0c1a tx timeout
[  157.496953][ T4947] Bluetooth: hci1: command 0x0c1a tx timeout
[  157.657023][ T4947] Bluetooth: hci3: command 0x0c1a tx timeout
[  158.666110][ T6642] netlink: 342 bytes leftover after parsing attributes in process `syz.2.173'.
[  158.912348][ T6643] [U] ^R
[  159.094436][ T6643] FAULT_INJECTION: forcing a failure.
[  159.094436][ T6643] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  159.173202][ T6643] CPU: 0 UID: 0 PID: 6643 Comm: syz.2.173 Not tainted syzkaller #0 PREEMPT(full) 
[  159.173225][ T6643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  159.173234][ T6643] Call Trace:
[  159.173240][ T6643]  <TASK>
[  159.173246][ T6643]  dump_stack_lvl+0x100/0x190
[  159.173268][ T6643]  should_fail_ex.cold+0x5/0xa
[  159.173288][ T6643]  _copy_from_user+0x2e/0xd0
[  159.173306][ T6643]  restore_altstack+0x98/0x170
[  159.173330][ T6643]  ? __pfx_restore_altstack+0x10/0x10
[  159.173354][ T6643]  ? _raw_spin_unlock_irq+0x23/0x50
[  159.173374][ T6643]  ? lockdep_hardirqs_on+0x78/0x100
[  159.173396][ T6643]  ? _raw_spin_unlock_irq+0x2e/0x50
[  159.173418][ T6643]  __do_sys_rt_sigreturn+0x1ab/0x2c0
[  159.173442][ T6643]  ? __pfx___do_sys_rt_sigreturn+0x10/0x10
[  159.173463][ T6643]  ? exit_to_user_mode_loop+0xe2/0x4f0
[  159.173480][ T6643]  ? rcu_is_watching+0x12/0xc0
[  159.173499][ T6643]  do_syscall_64+0x10b/0xf80
[  159.173521][ T6643]  ? clear_bhb_loop+0x40/0x90
[  159.173539][ T6643]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.173554][ T6643] RIP: 0033:0x7f47b073e1d9
[  159.173567][ T6643] Code: 11 06 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 0c 25
[  159.173581][ T6643] RSP: 002b:00007f47b15d2b40 EFLAGS: 00000246 ORIG_RAX: 000000000000000f
[  159.173596][ T6643] RAX: ffffffffffffffda RBX: 00007f47b0a16098 RCX: 00007f47b073e1d9
[  159.173605][ T6643] RDX: 00007f47b15d2b40 RSI: 00007f47b15d2c70 RDI: 0000000000000011
[  159.173614][ T6643] RBP: 00007f47b0a16090 R08: 0000000000000000 R09: 0000000000000000
[  159.173623][ T6643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  159.173632][ T6643] R13: 00007f47b0a16128 R14: 00007ffcd5c40360 R15: 00007ffcd5c40448
[  159.173656][ T6643]  </TASK>
[  160.522975][ T6669] ubi0: attaching mtd0
[  160.546114][ T6669] ubi0: scanning is finished
[  160.886616][ T6669] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  160.906763][ T6669] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  160.927927][ T6669] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  160.949233][ T6669] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  160.973976][ T6669] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  160.980971][ T6669] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  160.995325][ T6669] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  161.039530][ T6669] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  161.059088][ T6681] ubi0: background thread "ubi_bgt0d" started, PID 6681
[  161.068628][ T6673] ubi0: detaching mtd0
[  161.182244][ T6673] ubi0: mtd0 is detached
[  162.136757][ T6705] netlink: 342 bytes leftover after parsing attributes in process `syz.1.187'.
[  162.450893][ T6712] [U] ^R
[  166.479883][ T6736] ubi0: attaching mtd0
[  166.513408][ T6736] ubi0: scanning is finished
[  166.769772][ T6736] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  166.814686][ T6736] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  166.841353][ T6736] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  166.860375][ T6736] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  166.872875][ T6736] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  166.882162][ T6736] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  166.895892][ T6736] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  166.908851][ T6736] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  166.921113][ T6739] ubi0: detaching mtd0
[  166.937630][ T6745] ubi0: background thread "ubi_bgt0d" started, PID 6745
[  167.075829][ T6739] ubi0: mtd0 is detached
[  169.226110][ T6774] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  169.293403][ T6774] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  169.321338][   T29] audit: type=1800 audit(1779068668.161:4): pid=6778 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.202" name="dbroot" dev="configfs" ino=11840 res=0 errno=0
[  169.472054][ T6210] syz.0.89 (6210) used greatest stack depth: 18840 bytes left
[  171.146452][ T6784] netlink: 172 bytes leftover after parsing attributes in process `syz.1.205'.
[  172.018847][ T6796] ubi0: attaching mtd0
[  172.108904][ T6796] ubi0: scanning is finished
[  172.751945][ T6805] netlink: 172 bytes leftover after parsing attributes in process `syz.3.207'.
[  174.006743][ T6796] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4
[  178.001756][ T6843] ubi0: attaching mtd0
[  178.035150][ T6843] ubi0: scanning is finished
[  178.707451][ T6843] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  178.715068][ T6843] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  178.725034][ T6843] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  178.736936][ T6843] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  178.765482][ T6843] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  178.776434][ T6843] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  178.850427][ T6843] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  178.890206][ T6843] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  178.923256][ T6855] ubi0: background thread "ubi_bgt0d" started, PID 6855
[  178.924737][ T6847] ubi0: detaching mtd0
[  179.015619][ T6847] ubi0: mtd0 is detached
[  179.494337][ T6867] ubi0: attaching mtd0
[  179.567049][ T6867] ubi0: scanning is finished
[  180.513323][ T6874] netlink: 342 bytes leftover after parsing attributes in process `syz.0.222'.
[  180.704496][ T6880] [U] ^R
[  181.101683][ T6867] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  181.112647][ T6867] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  181.136695][ T6867] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  181.166063][ T6867] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  181.175437][ T6867] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  181.183071][ T6867] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  181.199796][ T6867] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  181.269359][ T6867] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  181.410360][ T6883] ubi0: background thread "ubi_bgt0d" started, PID 6883
[  181.430892][ T6869] ubi0: detaching mtd0
[  181.553107][ T6869] ubi0: mtd0 is detached
[  182.358948][ T6905] ubi0: attaching mtd0
[  182.383045][ T6905] ubi0: scanning is finished
[  182.633711][ T6905] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  182.747566][ T6905] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  182.760627][ T6905] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  182.789745][ T6905] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  182.798775][ T6905] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  182.829135][ T6905] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  183.165647][ T6905] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  183.222842][ T6905] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  183.268941][ T6908] ubi0: detaching mtd0
[  183.275753][ T6918] ubi0: background thread "ubi_bgt0d" started, PID 6918
[  183.345073][ T6908] ubi0: mtd0 is detached
[  183.726805][ T6932] netlink: 342 bytes leftover after parsing attributes in process `syz.3.236'.
[  183.900410][ T6935] [U] ^R
[  184.557462][ T6943] ubi0: attaching mtd0
[  184.598707][ T6943] ubi0: scanning is finished
[  186.040103][ T6943] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  186.226945][ T6943] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  186.235158][ T6943] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  186.419216][ T6943] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  186.588616][ T6943] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  186.620007][ T6943] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  186.692146][ T6943] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  186.794569][ T6943] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  186.856623][ T6960] ubi0: background thread "ubi_bgt0d" started, PID 6960
[  186.868356][ T6945] ubi0: detaching mtd0
[  186.940570][ T6945] ubi0: mtd0 is detached
[  189.564599][ T7010] netlink: 342 bytes leftover after parsing attributes in process `syz.1.258'.
[  190.385386][ T7030] [U] ^R
[  190.567965][ T7036] netlink: 8 bytes leftover after parsing attributes in process `syz.3.265'.
[  194.231186][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[  194.242721][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[  194.404236][ T7102] ubi0: attaching mtd0
[  194.490030][ T7102] ubi0: scanning is finished
[  194.813639][ T7102] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  194.842454][ T7102] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  194.877209][ T7102] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  194.920075][ T7102] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  194.935362][ T7102] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  194.969493][ T7102] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  195.041462][ T7102] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  195.129373][ T7102] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  195.252215][ T7118] ubi0: background thread "ubi_bgt0d" started, PID 7118
[  195.260547][ T7105] ubi0: detaching mtd0
[  195.379389][ T7105] ubi0: mtd0 is detached
[  197.200786][ T7159] ubi0: attaching mtd0
[  197.239186][ T7159] ubi0: scanning is finished
[  197.722648][ T7159] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  197.745077][ T7159] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  197.781200][ T7159] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  197.816220][ T7159] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  197.856965][ T7159] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  197.996991][ T7159] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  198.102228][ T7159] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  198.119476][ T7159] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  198.174467][ T7168] ubi0: background thread "ubi_bgt0d" started, PID 7168
[  198.187272][ T7162] ubi0: detaching mtd0
[  198.568780][ T7162] ubi0: mtd0 is detached
[  199.030611][ T7181] netlink: 342 bytes leftover after parsing attributes in process `syz.0.300'.
[  199.525498][ T7181] [U] ^R
[  199.577263][ T7191] ubi0: attaching mtd0
[  199.590727][ T7191] ubi0: scanning is finished
[  199.649148][ T7181] FAULT_INJECTION: forcing a failure.
[  199.649148][ T7181] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  199.821421][ T7181] CPU: 0 UID: 0 PID: 7181 Comm: syz.0.300 Not tainted syzkaller #0 PREEMPT(full) 
[  199.821459][ T7181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  199.821483][ T7181] Call Trace:
[  199.821493][ T7181]  <TASK>
[  199.821504][ T7181]  dump_stack_lvl+0x100/0x190
[  199.821541][ T7181]  should_fail_ex.cold+0x5/0xa
[  199.821577][ T7181]  _copy_from_user+0x2e/0xd0
[  199.821608][ T7181]  restore_altstack+0x98/0x170
[  199.821653][ T7181]  ? __pfx_restore_altstack+0x10/0x10
[  199.821697][ T7181]  ? _raw_spin_unlock_irq+0x23/0x50
[  199.821736][ T7181]  ? lockdep_hardirqs_on+0x78/0x100
[  199.821775][ T7181]  ? _raw_spin_unlock_irq+0x2e/0x50
[  199.821816][ T7181]  __do_sys_rt_sigreturn+0x1ab/0x2c0
[  199.821859][ T7181]  ? __pfx___do_sys_rt_sigreturn+0x10/0x10
[  199.821895][ T7181]  ? exit_to_user_mode_loop+0xe2/0x4f0
[  199.821927][ T7181]  ? rcu_is_watching+0x12/0xc0
[  199.821965][ T7181]  do_syscall_64+0x10b/0xf80
[  199.822004][ T7181]  ? clear_bhb_loop+0x40/0x90
[  199.822037][ T7181]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.822074][ T7181] RIP: 0033:0x7f7fcdd3e1d9
[  199.822098][ T7181] Code: 11 06 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 0c 25
[  199.822124][ T7181] RSP: 002b:00007f7fcece0b40 EFLAGS: 00000246 ORIG_RAX: 000000000000000f
[  199.822155][ T7181] RAX: ffffffffffffffda RBX: 00007f7fce015fa8 RCX: 00007f7fcdd3e1d9
[  199.822176][ T7181] RDX: 00007f7fcece0b40 RSI: 00007f7fcece0c70 RDI: 0000000000000011
[  199.822194][ T7181] RBP: 00007f7fce015fa0 R08: 0000000000000000 R09: 0000000000000000
[  199.822212][ T7181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  199.822229][ T7181] R13: 00007f7fce016038 R14: 00007ffdeeb437e0 R15: 00007ffdeeb438c8
[  199.822267][ T7181]  </TASK>
[  200.343671][ T7191] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  200.433534][ T7191] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  200.483590][ T7191] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  200.507948][ T7191] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  200.614622][ T7191] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  200.646098][ T7191] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  200.672597][ T7191] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  200.919723][ T7191] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  200.970050][ T7195] ubi0: background thread "ubi_bgt0d" started, PID 7195
[  201.010763][ T7192] ubi0: detaching mtd0
[  201.084932][ T7192] ubi0: mtd0 is detached
[  203.197023][ T7226] Page cache invalidation failure on direct I/O.  Possible data corruption due to collision with buffered I/O!
[  203.561560][ T7226] File: /dev/nullb0 PID: 7226 Comm: syz.3.310
[  206.954214][ T7254] netlink: 342 bytes leftover after parsing attributes in process `syz.0.317'.
[  207.366937][ T7262] [U] ^R
[  212.610429][ T7313] syz_tun: tun_chr_ioctl cmd 2147767521
[  213.368516][ T7317] netlink: 342 bytes leftover after parsing attributes in process `syz.1.334'.
[  213.599010][ T7320] [U] ^R
[  214.413650][ T7339] syz_tun: tun_chr_ioctl cmd 2147767521
[  215.673876][ T7359] syz_tun: tun_chr_ioctl cmd 2147767521
[  215.903116][ T7359] FAULT_INJECTION: forcing a failure.
[  215.903116][ T7359] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  216.016966][ T7359] CPU: 0 UID: 0 PID: 7359 Comm: syz.3.346 Not tainted syzkaller #0 PREEMPT(full) 
[  216.017008][ T7359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  216.017022][ T7359] Call Trace:
[  216.017031][ T7359]  <TASK>
[  216.017041][ T7359]  dump_stack_lvl+0x100/0x190
[  216.017078][ T7359]  should_fail_ex.cold+0x5/0xa
[  216.017111][ T7359]  _copy_from_user+0x2e/0xd0
[  216.017139][ T7359]  snd_pcm_oss_write2+0x1c2/0x400
[  216.017180][ T7359]  ? __pfx_snd_pcm_oss_write2+0x10/0x10
[  216.017216][ T7359]  ? snd_pcm_kernel_ioctl+0x14a/0x2e0
[  216.017255][ T7359]  snd_pcm_oss_write+0x729/0xa30
[  216.017299][ T7359]  ? security_file_permission+0x76/0x210
[  216.017336][ T7359]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  216.017373][ T7359]  vfs_writev+0x5ea/0xe10
[  216.017410][ T7359]  ? __pfx_vfs_writev+0x10/0x10
[  216.017439][ T7359]  ? find_held_lock+0x2b/0x80
[  216.017470][ T7359]  ? ksys_write+0x190/0x250
[  216.017517][ T7359]  ? __fget_files+0x21f/0x3d0
[  216.017555][ T7359]  ? do_writev+0x13e/0x340
[  216.017580][ T7359]  do_writev+0x13e/0x340
[  216.017608][ T7359]  ? __pfx_do_writev+0x10/0x10
[  216.017638][ T7359]  ? rcu_is_watching+0x12/0xc0
[  216.017674][ T7359]  do_syscall_64+0x10b/0xf80
[  216.017710][ T7359]  ? clear_bhb_loop+0x40/0x90
[  216.017741][ T7359]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.017768][ T7359] RIP: 0033:0x7f750b59ce59
[  216.017790][ T7359] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  216.017813][ T7359] RSP: 002b:00007f750c428028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  216.017837][ T7359] RAX: ffffffffffffffda RBX: 00007f750b815fa0 RCX: 00007f750b59ce59
[  216.017854][ T7359] RDX: 0000000000000008 RSI: 0000200000000100 RDI: 0000000000000003
[  216.017870][ T7359] RBP: 00007f750c428090 R08: 0000000000000000 R09: 0000000000000000
[  216.017885][ T7359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  216.017900][ T7359] R13: 00007f750b816038 R14: 00007f750b815fa0 R15: 00007ffd1a9bb188
[  216.017935][ T7359]  </TASK>
[  217.853902][ T7381] netlink: 28 bytes leftover after parsing attributes in process `syz.0.352'.
[  217.878020][ T7381] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  217.886198][ T7385] ubi0: attaching mtd0
[  217.888107][ T7381] batman_adv: batadv0: Removing interface: batadv_slave_0
[  217.909548][ T7381] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  217.921725][ T7381] batman_adv: batadv0: Removing interface: batadv_slave_1
[  217.922872][ T7385] ubi0: scanning is finished
[  217.940705][ T7387] FAULT_INJECTION: forcing a failure.
[  217.940705][ T7387] name failslab, interval 1, probability 0, space 0, times 0
[  217.963625][ T7387] CPU: 0 UID: 0 PID: 7387 Comm: syz.3.355 Not tainted syzkaller #0 PREEMPT(full) 
[  217.963666][ T7387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  217.963682][ T7387] Call Trace:
[  217.963690][ T7387]  <TASK>
[  217.963701][ T7387]  dump_stack_lvl+0x100/0x190
[  217.963738][ T7387]  should_fail_ex.cold+0x5/0xa
[  217.963771][ T7387]  should_failslab+0xc2/0x120
[  217.963803][ T7387]  __kmalloc_cache_noprof+0x7a/0x6f0
[  217.963844][ T7387]  ? snd_pcm_oss_change_params_locked+0x1db/0x39f0
[  217.963896][ T7387]  snd_pcm_oss_change_params_locked+0x1db/0x39f0
[  217.963944][ T7387]  ? rcu_is_watching+0x12/0xc0
[  217.963977][ T7387]  ? trace_contention_end+0x122/0x170
[  217.964010][ T7387]  ? snd_pcm_oss_sync+0x243/0x840
[  217.964045][ T7387]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  217.964085][ T7387]  ? __pfx___mutex_lock+0x10/0x10
[  217.964117][ T7387]  ? __fsnotify_parent+0x2b4/0xca0
[  217.964161][ T7387]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[  217.964211][ T7387]  snd_pcm_oss_sync+0x265/0x840
[  217.964255][ T7387]  snd_pcm_oss_release+0x238/0x300
[  217.964293][ T7387]  ? __pfx_snd_pcm_oss_release+0x10/0x10
[  217.964330][ T7387]  __fput+0x3ff/0xb50
[  217.964365][ T7387]  task_work_run+0x150/0x240
[  217.964398][ T7387]  ? __pfx_task_work_run+0x10/0x10
[  217.964429][ T7387]  ? rcu_is_watching+0x12/0xc0
[  217.964469][ T7387]  exit_to_user_mode_loop+0x107/0x4f0
[  217.964499][ T7387]  ? rcu_is_watching+0x12/0xc0
[  217.964541][ T7387]  do_syscall_64+0x6f2/0xf80
[  217.964589][ T7387]  ? clear_bhb_loop+0x40/0x90
[  217.964628][ T7387]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.964660][ T7387] RIP: 0033:0x7f750b59ce59
[  217.964685][ T7387] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  217.964710][ T7387] RSP: 002b:00007f750c428028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  217.964735][ T7387] RAX: 0000000000000000 RBX: 00007f750b815fa0 RCX: 00007f750b59ce59
[  217.964752][ T7387] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002
[  217.964766][ T7387] RBP: 00007f750b632d6f R08: 0000000000000000 R09: 0000000000000000
[  217.964784][ T7387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  217.964800][ T7387] R13: 00007f750b816038 R14: 00007f750b815fa0 R15: 00007ffd1a9bb188
[  217.964834][ T7387]  </TASK>
[  218.501245][ T7385] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  218.532258][ T7385] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  218.573401][ T7385] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  218.582521][ T7385] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  218.602238][ T7385] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  218.627353][ T7385] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  218.640152][ T7385] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  218.650312][ T7385] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  218.680422][ T7389] ubi0: detaching mtd0
[  218.734030][ T7389] ubi0: mtd0 is detached
[  223.122515][ T7470] netlink: 342 bytes leftover after parsing attributes in process `syz.0.372'.
[  223.462808][ T7478] [U] ^R
[  228.026857][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[  228.506847][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  229.478351][ T7544] syz_tun: tun_chr_ioctl cmd 2147767521
[  230.484957][ T7563] netlink: 342 bytes leftover after parsing attributes in process `syz.0.390'.
[  230.764132][ T7570] [U] ^R
[  231.102021][ T7565] syz_tun: tun_chr_ioctl cmd 1074025675
[  231.127262][ T7565] syz_tun: persist disabled
[  231.146290][ T7577] netlink: 8 bytes leftover after parsing attributes in process `syz.0.392'.
[  231.594596][ T7584] ubi0: attaching mtd0
[  231.615970][ T7584] ubi0: scanning is finished
[  232.029935][ T7593] syz_tun: tun_chr_ioctl cmd 2147767521
[  232.125662][ T7584] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  232.134265][ T7584] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  232.142345][ T7584] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  232.149626][ T7584] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  232.157662][ T7584] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  232.164568][ T7584] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  232.173027][ T7584] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  232.183351][ T7584] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  232.195439][ T7583] ubi: mtd0 is already attached to ubi0
[  232.195713][ T7594] ubi0: background thread "ubi_bgt0d" started, PID 7594
[  232.223316][ T7586] ubi0: detaching mtd0
[  232.379284][ T7586] ubi0: mtd0 is detached
[  233.957291][ T7618] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  234.005701][ T7618] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  234.047611][ T7618] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  234.067081][ T7618] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  235.273667][ T7644] syz_tun: tun_chr_ioctl cmd 2147767521
[  235.977185][ T4947] Bluetooth: hci0: command 0x2016 tx timeout
[  236.056978][   T50] Bluetooth: hci2: command 0x0c1a tx timeout
[  236.065367][ T4947] Bluetooth: hci1: command 0x0c1a tx timeout
[  236.138484][ T4947] Bluetooth: hci3: command 0x0c1a tx timeout
[  236.762527][ T7670] FAULT_INJECTION: forcing a failure.
[  236.762527][ T7670] name failslab, interval 1, probability 0, space 0, times 0
[  236.784375][ T7670] CPU: 1 UID: 0 PID: 7670 Comm: syz.3.415 Not tainted syzkaller #0 PREEMPT(full) 
[  236.784409][ T7670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  236.784422][ T7670] Call Trace:
[  236.784430][ T7670]  <TASK>
[  236.784439][ T7670]  dump_stack_lvl+0x100/0x190
[  236.784472][ T7670]  should_fail_ex.cold+0x5/0xa
[  236.784505][ T7670]  should_failslab+0xc2/0x120
[  236.784537][ T7670]  __kvmalloc_node_noprof+0xfa/0xa00
[  236.784561][ T7670]  ? seq_read_iter+0x819/0x1270
[  236.784597][ T7670]  seq_read_iter+0x819/0x1270
[  236.784627][ T7670]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[  236.784665][ T7670]  kernfs_fop_read_iter+0x46c/0x610
[  236.784710][ T7670]  copy_splice_read+0x4ba/0xb90
[  236.784748][ T7670]  ? __pfx_copy_splice_read+0x10/0x10
[  236.784783][ T7670]  ? look_up_lock_class+0x55/0x120
[  236.784827][ T7670]  ? lockdep_init_map_type+0x5c/0x250
[  236.784856][ T7670]  ? __pfx_pipe_lock_cmp_fn+0x10/0x10
[  236.784888][ T7670]  ? __pfx_copy_splice_read+0x10/0x10
[  236.784918][ T7670]  do_splice_read+0x285/0x370
[  236.784954][ T7670]  splice_direct_to_actor+0x2a1/0xa30
[  236.784989][ T7670]  ? __pfx_direct_splice_actor+0x10/0x10
[  236.785028][ T7670]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  236.785070][ T7670]  do_splice_direct+0x174/0x240
[  236.785101][ T7670]  ? __pfx_do_splice_direct+0x10/0x10
[  236.785132][ T7670]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  236.785165][ T7670]  ? rw_verify_area+0xce/0x6d0
[  236.785193][ T7670]  do_sendfile+0xadc/0xe20
[  236.785228][ T7670]  ? __pfx_do_sendfile+0x10/0x10
[  236.785263][ T7670]  ? __fget_files+0x21f/0x3d0
[  236.785301][ T7670]  __x64_sys_sendfile64+0x1d8/0x220
[  236.785334][ T7670]  ? ksys_write+0x1ac/0x250
[  236.785361][ T7670]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[  236.785396][ T7670]  ? rcu_is_watching+0x12/0xc0
[  236.785431][ T7670]  do_syscall_64+0x10b/0xf80
[  236.785467][ T7670]  ? clear_bhb_loop+0x40/0x90
[  236.785498][ T7670]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  236.785524][ T7670] RIP: 0033:0x7f750b59ce59
[  236.785545][ T7670] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  236.785569][ T7670] RSP: 002b:00007f750c428028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  236.785593][ T7670] RAX: ffffffffffffffda RBX: 00007f750b815fa0 RCX: 00007f750b59ce59
[  236.785610][ T7670] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003
[  236.785624][ T7670] RBP: 00007f750c428090 R08: 0000000000000000 R09: 0000000000000000
[  236.785638][ T7670] R10: 0000000000002001 R11: 0000000000000246 R12: 0000000000000001
[  236.785650][ T7670] R13: 00007f750b816038 R14: 00007f750b815fa0 R15: 00007ffd1a9bb188
[  236.785681][ T7670]  </TASK>
[  237.128530][ T7676] FAULT_INJECTION: forcing a failure.
[  237.128530][ T7676] name failslab, interval 1, probability 0, space 0, times 0
[  237.194888][ T7676] CPU: 0 UID: 0 PID: 7676 Comm: syz.3.417 Not tainted syzkaller #0 PREEMPT(full) 
[  237.194908][ T7676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  237.194916][ T7676] Call Trace:
[  237.194921][ T7676]  <TASK>
[  237.194927][ T7676]  dump_stack_lvl+0x100/0x190
[  237.194948][ T7676]  should_fail_ex.cold+0x5/0xa
[  237.194966][ T7676]  should_failslab+0xc2/0x120
[  237.194984][ T7676]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  237.195007][ T7676]  ? skb_clone+0x190/0x400
[  237.195027][ T7676]  skb_clone+0x190/0x400
[  237.195044][ T7676]  netlink_deliver_tap+0xaed/0xcc0
[  237.195069][ T7676]  netlink_unicast+0x62b/0x850
[  237.195092][ T7676]  ? __pfx_netlink_unicast+0x10/0x10
[  237.195118][ T7676]  netlink_sendmsg+0x8b0/0xda0
[  237.195141][ T7676]  ? __pfx_netlink_sendmsg+0x10/0x10
[  237.195161][ T7676]  ? __import_iovec+0x1d2/0x640
[  237.195178][ T7676]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  237.195204][ T7676]  ____sys_sendmsg+0x9e1/0xb70
[  237.195224][ T7676]  ? __pfx_netlink_sendmsg+0x10/0x10
[  237.195247][ T7676]  ? __pfx_____sys_sendmsg+0x10/0x10
[  237.195275][ T7676]  ___sys_sendmsg+0x190/0x1e0
[  237.195298][ T7676]  ? __pfx____sys_sendmsg+0x10/0x10
[  237.195341][ T7676]  __sys_sendmsg+0x170/0x220
[  237.195358][ T7676]  ? __pfx___sys_sendmsg+0x10/0x10
[  237.195382][ T7676]  ? rcu_is_watching+0x12/0xc0
[  237.195403][ T7676]  do_syscall_64+0x10b/0xf80
[  237.195424][ T7676]  ? clear_bhb_loop+0x40/0x90
[  237.195442][ T7676]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.195456][ T7676] RIP: 0033:0x7f750b59ce59
[  237.195468][ T7676] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  237.195481][ T7676] RSP: 002b:00007f750c428028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  237.195495][ T7676] RAX: ffffffffffffffda RBX: 00007f750b815fa0 RCX: 00007f750b59ce59
[  237.195504][ T7676] RDX: 0000000064004890 RSI: 0000200000000000 RDI: 0000000000000003
[  237.195513][ T7676] RBP: 00007f750c428090 R08: 0000000000000000 R09: 0000000000000000
[  237.195521][ T7676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  237.195529][ T7676] R13: 00007f750b816038 R14: 00007f750b815fa0 R15: 00007ffd1a9bb188
[  237.195547][ T7676]  </TASK>
[  238.442173][ T7700] syz_tun: tun_chr_ioctl cmd 1074025673
[  239.757030][ T7726] netlink: 342 bytes leftover after parsing attributes in process `syz.3.429'.
[  240.045982][ T7729] [U] ^R
[  243.694625][ T4947] Bluetooth: hci0: unexpected event 0x0e length: 1 < 3
[  246.125868][ T7794] netlink: 'syz.0.441': attribute type 11 has an invalid length.
[  246.601203][ T7801] netlink: 342 bytes leftover after parsing attributes in process `syz.1.443'.
[  246.916979][ T7808] [U] ^R
[  247.063114][ T7804] FAULT_INJECTION: forcing a failure.
[  247.063114][ T7804] name fail_futex, interval 1, probability 0, space 0, times 0
[  247.108672][ T7804] CPU: 0 UID: 0 PID: 7804 Comm: syz.1.443 Not tainted syzkaller #0 PREEMPT(full) 
[  247.108714][ T7804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  247.108730][ T7804] Call Trace:
[  247.108738][ T7804]  <TASK>
[  247.108748][ T7804]  dump_stack_lvl+0x100/0x190
[  247.108783][ T7804]  should_fail_ex.cold+0x5/0xa
[  247.108815][ T7804]  get_futex_key+0xf78/0x1510
[  247.108846][ T7804]  ? __pfx_get_futex_key+0x10/0x10
[  247.108872][ T7804]  ? lock_acquire+0x1b1/0x370
[  247.108908][ T7804]  futex_wake+0xea/0x530
[  247.108944][ T7804]  ? __pfx_futex_wake+0x10/0x10
[  247.108976][ T7804]  ? exit_mm_release+0x19/0x30
[  247.109023][ T7804]  do_futex+0x32b/0x350
[  247.109052][ T7804]  ? __pfx_do_futex+0x10/0x10
[  247.109077][ T7804]  ? __might_fault+0xc5/0x140
[  247.109124][ T7804]  mm_release+0x24a/0x2f0
[  247.109156][ T7804]  do_exit+0x707/0x2af0
[  247.109202][ T7804]  ? __pfx_do_exit+0x10/0x10
[  247.109239][ T7804]  ? do_raw_spin_lock+0x128/0x260
[  247.109267][ T7804]  ? find_held_lock+0x2b/0x80
[  247.109298][ T7804]  ? get_signal+0x7e5/0x2210
[  247.109334][ T7804]  do_group_exit+0xd5/0x2a0
[  247.109374][ T7804]  get_signal+0x20ff/0x2210
[  247.109419][ T7804]  ? __pfx_get_signal+0x10/0x10
[  247.109454][ T7804]  ? do_futex+0x192/0x350
[  247.109484][ T7804]  arch_do_signal_or_restart+0x91/0x7a0
[  247.109523][ T7804]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  247.109574][ T7804]  ? rcu_is_watching+0x12/0xc0
[  247.109608][ T7804]  exit_to_user_mode_loop+0x8b/0x4f0
[  247.109634][ T7804]  ? rcu_is_watching+0x12/0xc0
[  247.109667][ T7804]  do_syscall_64+0x6f2/0xf80
[  247.109704][ T7804]  ? clear_bhb_loop+0x40/0x90
[  247.109741][ T7804]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.109767][ T7804] RIP: 0033:0x7f33fe39ce59
[  247.109788][ T7804] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  247.109812][ T7804] RSP: 002b:00007f33ff1860e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  247.109836][ T7804] RAX: fffffffffffffe00 RBX: 00007f33fe616098 RCX: 00007f33fe39ce59
[  247.109854][ T7804] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f33fe616098
[  247.109869][ T7804] RBP: 00007f33fe616090 R08: 0000000000000000 R09: 0000000000000000
[  247.109884][ T7804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  247.109899][ T7804] R13: 00007f33fe616128 R14: 00007ffec0cb8c60 R15: 00007ffec0cb8d48
[  247.109934][ T7804]  </TASK>
[  247.734155][ T7818] syz_tun: tun_chr_ioctl cmd 2147767521
[  248.451760][ T7841] ubi0: attaching mtd0
[  248.465745][ T7841] ubi0: scanning is finished
[  248.603248][ T7828] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.661889][ T7841] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  248.694239][ T7841] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  248.706326][ T7841] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  248.786575][ T7841] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  248.853434][ T7841] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  248.885825][ T7841] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  248.901536][ T7841] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  248.926082][ T7841] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  248.943791][ T7850] ubi0: background thread "ubi_bgt0d" started, PID 7850
[  248.946028][ T7840] ubi: mtd0 is already attached to ubi0
[  248.994751][ T7843] ubi0: detaching mtd0
[  249.066556][ T7843] ubi0: mtd0 is detached
[  250.019259][ T7866] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  250.069012][ T7866] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  250.144421][ T7866] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  250.193343][ T7866] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  250.328551][ T7873] netlink: 342 bytes leftover after parsing attributes in process `syz.1.456'.
[  250.811809][ T7878] [U] ^R
[  251.192454][ T7874] FAULT_INJECTION: forcing a failure.
[  251.192454][ T7874] name fail_futex, interval 1, probability 0, space 0, times 0
[  251.205894][ T7874] CPU: 0 UID: 0 PID: 7874 Comm: syz.1.456 Not tainted syzkaller #0 PREEMPT(full) 
[  251.205928][ T7874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  251.205941][ T7874] Call Trace:
[  251.205949][ T7874]  <TASK>
[  251.205958][ T7874]  dump_stack_lvl+0x100/0x190
[  251.205992][ T7874]  should_fail_ex.cold+0x5/0xa
[  251.206024][ T7874]  get_futex_key+0xf78/0x1510
[  251.206052][ T7874]  ? __pfx_get_futex_key+0x10/0x10
[  251.206074][ T7874]  ? lock_acquire+0x1b1/0x370
[  251.206103][ T7874]  futex_wake+0xea/0x530
[  251.206134][ T7874]  ? __pfx_futex_wake+0x10/0x10
[  251.206162][ T7874]  ? exit_mm_release+0x19/0x30
[  251.206201][ T7874]  do_futex+0x32b/0x350
[  251.206226][ T7874]  ? __pfx_do_futex+0x10/0x10
[  251.206247][ T7874]  ? __might_fault+0xc5/0x140
[  251.206288][ T7874]  mm_release+0x24a/0x2f0
[  251.206315][ T7874]  do_exit+0x707/0x2af0
[  251.206352][ T7874]  ? __pfx_do_exit+0x10/0x10
[  251.206384][ T7874]  ? do_raw_spin_lock+0x128/0x260
[  251.206409][ T7874]  ? find_held_lock+0x2b/0x80
[  251.206436][ T7874]  ? get_signal+0x7e5/0x2210
[  251.206466][ T7874]  do_group_exit+0xd5/0x2a0
[  251.206501][ T7874]  get_signal+0x20ff/0x2210
[  251.206539][ T7874]  ? __pfx_get_signal+0x10/0x10
[  251.206569][ T7874]  ? do_futex+0x192/0x350
[  251.206595][ T7874]  arch_do_signal_or_restart+0x91/0x7a0
[  251.206630][ T7874]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  251.206673][ T7874]  ? rcu_is_watching+0x12/0xc0
[  251.206702][ T7874]  exit_to_user_mode_loop+0x8b/0x4f0
[  251.206725][ T7874]  ? rcu_is_watching+0x12/0xc0
[  251.206754][ T7874]  do_syscall_64+0x6f2/0xf80
[  251.206792][ T7874]  ? clear_bhb_loop+0x40/0x90
[  251.206819][ T7874]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  251.206842][ T7874] RIP: 0033:0x7f33fe39ce59
[  251.206861][ T7874] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  251.206882][ T7874] RSP: 002b:00007f33ff1860e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  251.206903][ T7874] RAX: fffffffffffffe00 RBX: 00007f33fe616098 RCX: 00007f33fe39ce59
[  251.206918][ T7874] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f33fe616098
[  251.206931][ T7874] RBP: 00007f33fe616090 R08: 0000000000000000 R09: 0000000000000000
[  251.206944][ T7874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  251.206957][ T7874] R13: 00007f33fe616128 R14: 00007ffec0cb8c60 R15: 00007ffec0cb8d48
[  251.206986][ T7874]  </TASK>
[  251.779965][ T7868] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[  251.984831][ T4947] Bluetooth: hci0: command 0x2016 tx timeout
[  252.145461][ T4947] Bluetooth: hci1: command 0x0c1a tx timeout
[  252.145490][   T50] Bluetooth: hci2: command 0x0c1a tx timeout
[  252.225032][   T50] Bluetooth: hci3: command 0x0c1a tx timeout
[  252.500294][ T7896] zswap: compressor  not available
[  255.421512][ T7941] netlink: 342 bytes leftover after parsing attributes in process `syz.0.469'.
[  255.678737][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[  255.678813][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[  259.163435][ T7982] ubi0: attaching mtd0
[  259.175744][ T7982] ubi0: scanning is finished
[  259.595531][ T7982] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  259.608967][ T7982] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  259.617391][ T7982] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  259.633040][ T7982] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  259.670348][ T7982] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  259.811833][ T7982] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  259.895661][ T7982] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  260.320748][ T7982] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  260.407353][ T7984] ubi0: detaching mtd0
[  260.412681][ T7989] ubi0: background thread "ubi_bgt0d" started, PID 7989
[  261.003173][ T7984] ubi0: mtd0 is detached
[  262.521729][ T7998] netlink: 172 bytes leftover after parsing attributes in process `syz.1.477'.
[  263.653153][ T8010] netlink: 172 bytes leftover after parsing attributes in process `syz.0.480'.
[  267.947885][ T8033] kAFS: Invalid Command on /proc/fs/afs/cells file
[  269.127933][ T8059] netlink: 172 bytes leftover after parsing attributes in process `syz.3.490'.
[  269.164006][ T8062] syz_tun: tun_chr_ioctl cmd 2147767521
[  269.297985][ T8065] netlink: 342 bytes leftover after parsing attributes in process `syz.0.491'.
[  270.063267][ T8072] [U] ^R
[  273.211065][ T8112] syz_tun: tun_chr_ioctl cmd 2147767521
[  273.685219][ T8120] netlink: 342 bytes leftover after parsing attributes in process `syz.2.503'.
[  273.898527][ T8080] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[  273.962743][ T8120] [U] ^R
[  274.259419][ T8136] netlink: 342 bytes leftover after parsing attributes in process `syz.2.507'.
[  275.100189][ T8149] ubi0: attaching mtd0
[  275.108073][ T8149] ubi0: scanning is finished
[  275.500071][ T8149] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  275.592574][ T8149] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  275.625766][ T8149] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  275.669125][ T8149] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  275.689630][ T8149] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  275.712016][ T8149] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  275.725757][ T8149] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  275.743007][ T8149] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  275.762992][ T8150] ubi0: detaching mtd0
[  275.763282][ T8160] ubi0: background thread "ubi_bgt0d" started, PID 8160
[  275.932813][ T8150] ubi0: mtd0 is detached
[  276.065487][ T8164] netlink: 342 bytes leftover after parsing attributes in process `syz.2.512'.
[  276.631569][ T8175] netlink: 172 bytes leftover after parsing attributes in process `syz.3.515'.
[  276.684670][ T8164] [U] ^R
[  276.736746][ T8178] netlink: 342 bytes leftover after parsing attributes in process `syz.0.516'.
[  276.912424][ T8179] syz_tun: tun_chr_ioctl cmd 2147767521
[  276.961554][ T8184] [U] ^R
[  278.849183][ T8207] ubi0: attaching mtd0
[  278.897837][ T8207] ubi0: scanning is finished
[  279.696079][ T8207] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  279.736941][ T8207] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  279.827106][ T8217] netlink: 172 bytes leftover after parsing attributes in process `syz.2.523'.
[  279.850103][ T8207] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  280.002006][ T8207] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  280.032748][ T8207] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  280.111980][ T8207] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  280.170342][ T8207] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  280.197970][ T8207] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  280.219301][ T8210] ubi0: detaching mtd0
[  280.226811][ T8218] ubi0: background thread "ubi_bgt0d" started, PID 8218
[  280.473567][ T8210] ubi0: mtd0 is detached
[  283.162478][ T8228] netlink: 342 bytes leftover after parsing attributes in process `syz.0.532'.
[  283.391486][ T8234] [U] ^R
[  283.683905][ T8238] ubi0: attaching mtd0
[  283.697739][ T8238] ubi0: scanning is finished
[  283.960219][ T8238] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  283.995434][ T8238] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  284.017563][ T8238] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  284.035875][ T8238] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  284.045085][ T8238] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  284.088797][ T8238] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  284.105576][ T8238] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  284.130745][ T8238] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  284.160557][ T8249] ubi0: background thread "ubi_bgt0d" started, PID 8249
[  284.201534][ T8243] ubi0: detaching mtd0
[  284.259393][ T8248] kAFS: Invalid Command on /proc/fs/afs/cells file
[  284.300046][ T8243] ubi0: mtd0 is detached
[  286.288250][ T8279] netlink: 172 bytes leftover after parsing attributes in process `syz.1.533'.
[  287.079500][ T8289] netlink: 342 bytes leftover after parsing attributes in process `syz.0.536'.
[  288.868650][ T8302] ubi0: attaching mtd0
[  288.966777][ T8302] ubi0: scanning is finished
[  290.088808][ T8302] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  290.132836][ T8302] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  290.171312][ T8302] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  290.189692][ T8302] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  290.304703][ T8302] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  290.324959][ T8302] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  290.394063][ T8302] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  290.421485][ T8302] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  290.443070][ T8303] ubi0: detaching mtd0
[  290.457239][ T8309] ubi0: background thread "ubi_bgt0d" started, PID 8309
[  290.589597][ T8303] ubi0: mtd0 is detached
[  291.494031][ T8312] netlink: 342 bytes leftover after parsing attributes in process `syz.0.538'.
[  291.951455][ T8319] syz_tun: tun_chr_ioctl cmd 2147767521
[  292.172503][ T8317] [U] ^R
[  292.907927][ T8331] ubi0: attaching mtd0
[  292.993031][ T8331] ubi0: scanning is finished
[  293.397433][ T8331] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  293.415074][ T8331] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  293.431455][ T8331] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  293.452525][ T8331] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  293.473792][ T8341] netlink: 172 bytes leftover after parsing attributes in process `syz.3.545'.
[  293.507617][ T8331] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  293.517518][ T8331] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  293.533464][ T8331] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  293.562880][ T8331] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  293.592056][ T8332] ubi0: detaching mtd0
[  293.596341][ T8339] ubi0: background thread "ubi_bgt0d" started, PID 8339
[  293.679604][ T8332] ubi0: mtd0 is detached
[  296.743498][ T8358] ubi0: attaching mtd0
[  296.771909][ T8358] ubi0: scanning is finished
[  297.091531][ T8358] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  297.113444][ T8358] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  297.173364][ T8358] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  297.212736][ T8358] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  297.245592][ T8358] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  297.276954][ T8358] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  297.433281][ T8358] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  297.443443][ T8358] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  297.477951][ T8359] ubi0: detaching mtd0
[  297.645598][ T8359] ubi0: mtd0 is detached
[  298.722991][ T8384] syz_tun: tun_chr_ioctl cmd 2147767521
[  299.442827][ T8395] FAULT_INJECTION: forcing a failure.
[  299.442827][ T8395] name failslab, interval 1, probability 0, space 0, times 0
[  299.490173][ T8395] CPU: 1 UID: 0 PID: 8395 Comm: syz.0.554 Not tainted syzkaller #0 PREEMPT(full) 
[  299.490197][ T8395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  299.490207][ T8395] Call Trace:
[  299.490212][ T8395]  <TASK>
[  299.490219][ T8395]  dump_stack_lvl+0x100/0x190
[  299.490244][ T8395]  should_fail_ex.cold+0x5/0xa
[  299.490264][ T8395]  ? udpv6_init_sock+0x24e/0x450
[  299.490281][ T8395]  should_failslab+0xc2/0x120
[  299.490299][ T8395]  __kmalloc_noprof+0xe0/0x850
[  299.490313][ T8395]  ? lockdep_init_map_type+0x5c/0x250
[  299.490332][ T8395]  udpv6_init_sock+0x24e/0x450
[  299.490348][ T8395]  ? __pfx_udpv6_init_sock+0x10/0x10
[  299.490366][ T8395]  inet6_create+0xb21/0x12b0
[  299.490389][ T8395]  ? inet6_create+0x7f/0x12b0
[  299.490411][ T8395]  __sock_create+0x339/0x860
[  299.490436][ T8395]  __sys_socket+0x14d/0x260
[  299.490458][ T8395]  ? __pfx___sys_socket+0x10/0x10
[  299.490479][ T8395]  ? ksys_write+0x1ac/0x250
[  299.490501][ T8395]  __x64_sys_socket+0x72/0xb0
[  299.490523][ T8395]  ? lockdep_hardirqs_on+0x78/0x100
[  299.490545][ T8395]  do_syscall_64+0x10b/0xf80
[  299.490566][ T8395]  ? clear_bhb_loop+0x40/0x90
[  299.490587][ T8395]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  299.490603][ T8395] RIP: 0033:0x7f7fcdd9ce59
[  299.490616][ T8395] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  299.490630][ T8395] RSP: 002b:00007f7fcece1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  299.490645][ T8395] RAX: ffffffffffffffda RBX: 00007f7fce015fa0 RCX: 00007f7fcdd9ce59
[  299.490655][ T8395] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 080000000000000a
[  299.490664][ T8395] RBP: 00007f7fcde32d6f R08: 0000000000000000 R09: 0000000000000000
[  299.490673][ T8395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  299.490682][ T8395] R13: 00007f7fce016038 R14: 00007f7fce015fa0 R15: 00007ffdeeb438c8
[  299.490701][ T8395]  </TASK>
[  300.473379][ T8412] netlink: 172 bytes leftover after parsing attributes in process `syz.3.558'.
[  304.273379][ T8446] netlink: 342 bytes leftover after parsing attributes in process `syz.1.564'.
[  304.710723][ T8455] FAULT_INJECTION: forcing a failure.
[  304.710723][ T8455] name failslab, interval 1, probability 0, space 0, times 0
[  304.742175][ T8455] CPU: 1 UID: 0 PID: 8455 Comm: syz.2.566 Not tainted syzkaller #0 PREEMPT(full) 
[  304.742207][ T8455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  304.742221][ T8455] Call Trace:
[  304.742229][ T8455]  <TASK>
[  304.742239][ T8455]  dump_stack_lvl+0x100/0x190
[  304.742277][ T8455]  should_fail_ex.cold+0x5/0xa
[  304.742309][ T8455]  should_failslab+0xc2/0x120
[  304.742339][ T8455]  __kvmalloc_node_noprof+0xfa/0xa00
[  304.742365][ T8455]  ? traverse.part.0.constprop.0+0x397/0x650
[  304.742405][ T8455]  traverse.part.0.constprop.0+0x397/0x650
[  304.742447][ T8455]  seq_read_iter+0x93f/0x1270
[  304.742490][ T8455]  proc_reg_read_iter+0x220/0x310
[  304.742520][ T8455]  ? __pfx_proc_reg_read_iter+0x10/0x10
[  304.742551][ T8455]  vfs_read+0x825/0xb30
[  304.742585][ T8455]  ? __pfx_vfs_read+0x10/0x10
[  304.742610][ T8455]  ? find_held_lock+0x2b/0x80
[  304.742666][ T8455]  __x64_sys_pread64+0x1eb/0x250
[  304.742697][ T8455]  ? __pfx___x64_sys_pread64+0x10/0x10
[  304.742732][ T8455]  ? rcu_is_watching+0x12/0xc0
[  304.742766][ T8455]  do_syscall_64+0x10b/0xf80
[  304.742802][ T8455]  ? clear_bhb_loop+0x40/0x90
[  304.742834][ T8455]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  304.742860][ T8455] RIP: 0033:0x7f47b079ce59
[  304.742881][ T8455] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  304.742903][ T8455] RSP: 002b:00007f47b15f4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[  304.742926][ T8455] RAX: ffffffffffffffda RBX: 00007f47b0a15fa0 RCX: 00007f47b079ce59
[  304.742942][ T8455] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000003
[  304.742955][ T8455] RBP: 00007f47b15f4090 R08: 0000000000000000 R09: 0000000000000000
[  304.742970][ T8455] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001
[  304.742984][ T8455] R13: 00007f47b0a16038 R14: 00007f47b0a15fa0 R15: 00007ffcd5c40448
[  304.743019][ T8455]  </TASK>
[  305.196343][ T8446] [U] ^R
[  305.470483][ T8446] FAULT_INJECTION: forcing a failure.
[  305.470483][ T8446] name fail_futex, interval 1, probability 0, space 0, times 0
[  305.490686][ T8446] CPU: 0 UID: 0 PID: 8446 Comm: syz.1.564 Not tainted syzkaller #0 PREEMPT(full) 
[  305.490720][ T8446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  305.490734][ T8446] Call Trace:
[  305.490742][ T8446]  <TASK>
[  305.490752][ T8446]  dump_stack_lvl+0x100/0x190
[  305.490784][ T8446]  should_fail_ex.cold+0x5/0xa
[  305.490822][ T8446]  get_futex_key+0x1d2/0x1510
[  305.490852][ T8446]  ? __pfx_get_futex_key+0x10/0x10
[  305.490876][ T8446]  ? lock_acquire+0x1b1/0x370
[  305.490910][ T8446]  futex_wake+0xea/0x530
[  305.490945][ T8446]  ? __pfx_futex_wake+0x10/0x10
[  305.490977][ T8446]  ? exit_mm_release+0x19/0x30
[  305.491022][ T8446]  do_futex+0x32b/0x350
[  305.491051][ T8446]  ? __pfx_do_futex+0x10/0x10
[  305.491075][ T8446]  ? __might_fault+0xc5/0x140
[  305.491122][ T8446]  mm_release+0x24a/0x2f0
[  305.491153][ T8446]  do_exit+0x707/0x2af0
[  305.491195][ T8446]  ? __pfx_do_exit+0x10/0x10
[  305.491231][ T8446]  ? do_raw_spin_lock+0x128/0x260
[  305.491259][ T8446]  ? find_held_lock+0x2b/0x80
[  305.491289][ T8446]  ? get_signal+0x7e5/0x2210
[  305.491325][ T8446]  do_group_exit+0xd5/0x2a0
[  305.491368][ T8446]  get_signal+0x20ff/0x2210
[  305.491404][ T8446]  ? ldsem_up_read+0x4e/0x90
[  305.491430][ T8446]  ? __pfx_get_signal+0x10/0x10
[  305.491462][ T8446]  ? do_futex+0x192/0x350
[  305.491492][ T8446]  arch_do_signal_or_restart+0x91/0x7a0
[  305.491531][ T8446]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  305.491580][ T8446]  ? rcu_is_watching+0x12/0xc0
[  305.491614][ T8446]  exit_to_user_mode_loop+0x8b/0x4f0
[  305.491639][ T8446]  ? rcu_is_watching+0x12/0xc0
[  305.491668][ T8446]  do_syscall_64+0x6f2/0xf80
[  305.491703][ T8446]  ? clear_bhb_loop+0x40/0x90
[  305.491734][ T8446]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  305.491759][ T8446] RIP: 0033:0x7f33fe39ce59
[  305.491781][ T8446] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  305.491805][ T8446] RSP: 002b:00007f33ff1a70e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  305.491836][ T8446] RAX: fffffffffffffe00 RBX: 00007f33fe615fa8 RCX: 00007f33fe39ce59
[  305.491853][ T8446] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f33fe615fa8
[  305.491868][ T8446] RBP: 00007f33fe615fa0 R08: 0000000000000000 R09: 0000000000000000
[  305.491883][ T8446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  305.491897][ T8446] R13: 00007f33fe616038 R14: 00007ffec0cb8c60 R15: 00007ffec0cb8d48
[  305.491931][ T8446]  </TASK>
[  305.933977][ T8476] netlink: 342 bytes leftover after parsing attributes in process `syz.3.571'.
[  307.722923][ T8522] netlink: 172 bytes leftover after parsing attributes in process `syz.1.580'.
[  309.152113][ T8524] Page cache invalidation failure on direct I/O.  Possible data corruption due to collision with buffered I/O!
[  309.178049][ T8524] File: /dev/nullb0 PID: 8524 Comm: syz.1.580
[  310.794824][ T8549] netlink: 342 bytes leftover after parsing attributes in process `syz.0.586'.
[  312.594633][ T8570] netlink: 172 bytes leftover after parsing attributes in process `syz.2.591'.
[  312.811320][ T8577] netlink: 172 bytes leftover after parsing attributes in process `syz.0.592'.
[  312.868867][   T50] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  313.271560][ T8572] random: crng reseeded on system resumption
[  314.896170][   T50] Bluetooth: hci2: command 0x0c1a tx timeout
[  316.093116][ T8600] ubi0: attaching mtd0
[  316.256283][ T8600] ubi0: scanning is finished
[  316.977328][   T50] Bluetooth: hci2: command 0x0c1a tx timeout
[  317.150034][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[  317.179181][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[  317.369407][ T8600] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  317.407507][ T8600] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  317.414872][ T8600] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  317.423470][ T8600] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  317.430958][ T8600] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  317.450309][ T8600] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  317.495926][ T8600] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  317.656443][ T8600] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  317.783699][ T8608] ubi0: background thread "ubi_bgt0d" started, PID 8608
[  317.790918][ T8601] ubi0: detaching mtd0
[  317.865971][ T8601] ubi0: mtd0 is detached
[  318.853920][ T8623] syz.3.600 uses obsolete (PF_INET,SOCK_PACKET)
[  318.885145][ T8623] FAULT_INJECTION: forcing a failure.
[  318.885145][ T8623] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  318.905993][ T8625] netlink: 2532 bytes leftover after parsing attributes in process `syz.1.601'.
[  318.915308][ T8623] CPU: 1 UID: 0 PID: 8623 Comm: syz.3.600 Not tainted syzkaller #0 PREEMPT(full) 
[  318.915329][ T8623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  318.915338][ T8623] Call Trace:
[  318.915344][ T8623]  <TASK>
[  318.915350][ T8623]  dump_stack_lvl+0x100/0x190
[  318.915371][ T8623]  should_fail_ex.cold+0x5/0xa
[  318.915388][ T8623]  ? prepare_alloc_pages+0x16d/0x5f0
[  318.915410][ T8623]  should_fail_alloc_page+0xeb/0x140
[  318.915430][ T8623]  prepare_alloc_pages+0x1f0/0x5f0
[  318.915452][ T8623]  __alloc_frozen_pages_noprof+0x19a/0x2bc0
[  318.915483][ T8623]  ? rcu_is_watching+0x12/0xc0
[  318.915501][ T8623]  ? trace_mm_page_alloc+0x163/0x1d0
[  318.915520][ T8623]  ? __alloc_frozen_pages_noprof+0x2b1/0x2bc0
[  318.915564][ T8623]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  318.915603][ T8623]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  318.915624][ T8623]  ? lockdep_hardirqs_on+0x78/0x100
[  318.915646][ T8623]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  318.915666][ T8623]  ? stack_depot_save_flags+0x479/0x9d0
[  318.915687][ T8623]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  318.915710][ T8623]  ? kasan_save_stack+0x3f/0x50
[  318.915724][ T8623]  ? kasan_save_stack+0x30/0x50
[  318.915737][ T8623]  ? kasan_save_track+0x14/0x30
[  318.915751][ T8623]  ? kmem_cache_alloc_node_noprof+0x25a/0x6f0
[  318.915775][ T8623]  ? __get_vm_area_node+0x1ca/0x330
[  318.915792][ T8623]  ? get_vm_area_caller+0x71/0xa0
[  318.915809][ T8623]  ? vmap+0x131/0x2f0
[  318.915824][ T8623]  ? ringbuf_map_alloc+0x3a1/0x8b0
[  318.915838][ T8623]  ? map_create+0x84e/0x2bc0
[  318.915859][ T8623]  ? __sys_bpf+0x2091/0x4b90
[  318.915872][ T8623]  ? __x64_sys_bpf+0x7b/0xc0
[  318.915886][ T8623]  ? do_syscall_64+0x10b/0xf80
[  318.915906][ T8623]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.915926][ T8623]  alloc_pages_bulk_noprof+0x657/0x1390
[  318.915945][ T8623]  ? policy_nodemask+0xed/0x4f0
[  318.915963][ T8623]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[  318.915988][ T8623]  __kasan_populate_vmalloc+0xf0/0x210
[  318.916016][ T8623]  alloc_vmap_area+0x95d/0x2b70
[  318.916040][ T8623]  ? __pfx_alloc_vmap_area+0x10/0x10
[  318.916062][ T8623]  __get_vm_area_node+0x1ca/0x330
[  318.916088][ T8623]  ? ringbuf_map_alloc+0x3a1/0x8b0
[  318.916104][ T8623]  get_vm_area_caller+0x71/0xa0
[  318.916122][ T8623]  ? ringbuf_map_alloc+0x3a1/0x8b0
[  318.916138][ T8623]  vmap+0x131/0x2f0
[  318.916156][ T8623]  ? __pfx_vmap+0x10/0x10
[  318.916178][ T8623]  ringbuf_map_alloc+0x3a1/0x8b0
[  318.916204][ T8623]  ? __pfx_ringbuf_map_mem_usage+0x10/0x10
[  318.916245][ T8623]  map_create+0x84e/0x2bc0
[  318.916266][ T8623]  ? futex_unqueue+0x13d/0x2c0
[  318.916281][ T8623]  ? __futex_wait+0x256/0x300
[  318.916304][ T8623]  ? __pfx_map_create+0x10/0x10
[  318.916324][ T8623]  ? __might_fault+0xc5/0x140
[  318.916345][ T8623]  ? __might_fault+0xc5/0x140
[  318.916374][ T8623]  __sys_bpf+0x2091/0x4b90
[  318.916391][ T8623]  ? __pfx___sys_bpf+0x10/0x10
[  318.916406][ T8623]  ? __pfx_futex_wait+0x10/0x10
[  318.916429][ T8623]  ? errseq_sample+0x51/0x70
[  318.916444][ T8623]  ? file_init_path+0x48e/0x670
[  318.916467][ T8623]  ? do_futex+0x192/0x350
[  318.916493][ T8623]  ? xfd_validate_state+0x129/0x190
[  318.916514][ T8623]  __x64_sys_bpf+0x7b/0xc0
[  318.916529][ T8623]  ? lockdep_hardirqs_on+0x78/0x100
[  318.916550][ T8623]  do_syscall_64+0x10b/0xf80
[  318.916572][ T8623]  ? clear_bhb_loop+0x40/0x90
[  318.916592][ T8623]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.916607][ T8623] RIP: 0033:0x7f750b59ce59
[  318.916621][ T8623] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  318.916635][ T8623] RSP: 002b:00007f750c428028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  318.916650][ T8623] RAX: ffffffffffffffda RBX: 00007f750b815fa0 RCX: 00007f750b59ce59
[  318.916660][ T8623] RDX: 0000000000000010 RSI: 00002000000000c0 RDI: 0000000000000000
[  318.916669][ T8623] RBP: 00007f750b632d6f R08: 0000000000000000 R09: 0000000000000000
[  318.916678][ T8623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  318.916687][ T8623] R13: 00007f750b816038 R14: 00007f750b815fa0 R15: 00007ffd1a9bb188
[  318.916705][ T8623]  </TASK>
[  319.628815][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!!
[  320.294222][ T8639] netlink: 342 bytes leftover after parsing attributes in process `syz.1.604'.
[  320.542997][ T8647] netlink: 'syz.3.607': attribute type 10 has an invalid length.
[  320.560341][ T8647] netlink: 330 bytes leftover after parsing attributes in process `syz.3.607'.
[  321.318498][ T8656] [U] ^R
[  321.869850][ T8671] ubi0: attaching mtd0
[  321.879786][ T8671] ubi0: scanning is finished
[  322.273484][ T8671] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  322.366045][ T8671] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  322.405991][ T8671] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  322.422861][ T8671] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  322.447259][ T8671] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  322.458584][ T8671] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  322.476762][ T8671] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  322.489206][ T8671] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  322.549958][ T8674] ubi0: detaching mtd0
[  322.618995][ T8674] ubi0: mtd0 is detached
[  323.290653][ T8701] netlink: 172 bytes leftover after parsing attributes in process `syz.0.618'.
[  326.074710][ T8720] netlink: 172 bytes leftover after parsing attributes in process `syz.2.621'.
[  331.258390][ T8758] ubi0: attaching mtd0
[  331.293931][ T8758] ubi0: scanning is finished
[  331.644394][ T8758] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  331.686189][ T8758] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  331.712485][ T8758] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  331.808356][ T8758] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  331.871397][ T8758] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  331.906437][ T8758] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  331.914716][ T8758] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  331.932418][ T8758] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  331.957437][ T8761] ubi0: detaching mtd0
[  331.996202][ T8761] ubi0: mtd0 is detached
[  332.833151][ T8790] netlink: 172 bytes leftover after parsing attributes in process `syz.0.636'.
[  338.325569][ T8820] usb usb35: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  338.636358][ T8825] input: jJǸ-���9�%v����l��Q�	J86�� as /devices/virtual/input/input37
[  338.949094][ T8833] ubi0: attaching mtd0
[  338.973410][ T8833] ubi0: scanning is finished
[  339.204095][ T8833] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  339.222215][ T8833] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  339.256856][ T8833] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  339.275567][ T8833] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  339.295027][ T8833] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  339.321316][ T8833] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  339.338414][ T8833] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  339.370771][ T8833] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  339.386082][ T8835] ubi0: detaching mtd0
[  339.390475][ T8844] ubi0: background thread "ubi_bgt0d" started, PID 8844
[  339.466877][ T8835] ubi0: mtd0 is detached
[  339.839052][ T8836] [U] ^R
[  341.854800][ T8889] netlink: 342 bytes leftover after parsing attributes in process `syz.3.657'.
[  341.872118][ T8890] ubi0: attaching mtd0
[  341.879398][ T8890] ubi0: scanning is finished
[  342.105284][ T8890] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  342.167522][ T8890] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  342.185802][ T8890] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  342.267282][ T8890] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  342.310299][ T8890] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  342.324771][ T8890] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  342.349233][ T8890] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  342.363688][ T8890] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  342.376473][ T8892] ubi0: detaching mtd0
[  342.424901][ T8892] ubi0: mtd0 is detached
[  342.439619][ T8889] [U] ^R
[  343.004124][ T8912] [U] ^R
[  343.153027][ T8912] FAULT_INJECTION: forcing a failure.
[  343.153027][ T8912] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  343.245643][ T8912] CPU: 1 UID: 0 PID: 8912 Comm: syz.2.660 Not tainted syzkaller #0 PREEMPT(full) 
[  343.245670][ T8912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  343.245686][ T8912] Call Trace:
[  343.245695][ T8912]  <TASK>
[  343.245705][ T8912]  dump_stack_lvl+0x100/0x190
[  343.245734][ T8912]  should_fail_ex.cold+0x5/0xa
[  343.245755][ T8912]  _copy_from_user+0x2e/0xd0
[  343.245772][ T8912]  restore_altstack+0x98/0x170
[  343.245796][ T8912]  ? __pfx_restore_altstack+0x10/0x10
[  343.245820][ T8912]  ? _raw_spin_unlock_irq+0x23/0x50
[  343.245841][ T8912]  ? lockdep_hardirqs_on+0x78/0x100
[  343.245871][ T8912]  ? _raw_spin_unlock_irq+0x2e/0x50
[  343.245892][ T8912]  __do_sys_rt_sigreturn+0x1ab/0x2c0
[  343.245916][ T8912]  ? __pfx___do_sys_rt_sigreturn+0x10/0x10
[  343.245937][ T8912]  ? exit_to_user_mode_loop+0xe2/0x4f0
[  343.245954][ T8912]  ? rcu_is_watching+0x12/0xc0
[  343.245977][ T8912]  do_syscall_64+0x10b/0xf80
[  343.245998][ T8912]  ? clear_bhb_loop+0x40/0x90
[  343.246016][ T8912]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  343.246031][ T8912] RIP: 0033:0x7f47b073e1d9
[  343.246044][ T8912] Code: 11 06 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 0c 25
[  343.246058][ T8912] RSP: 002b:00007f47b15d2b40 EFLAGS: 00000246 ORIG_RAX: 000000000000000f
[  343.246073][ T8912] RAX: ffffffffffffffda RBX: 00007f47b0a16098 RCX: 00007f47b073e1d9
[  343.246083][ T8912] RDX: 00007f47b15d2b40 RSI: 00007f47b15d2c70 RDI: 0000000000000011
[  343.246092][ T8912] RBP: 00007f47b0a16090 R08: 0000000000000000 R09: 0000000000000000
[  343.246100][ T8912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  343.246114][ T8912] R13: 00007f47b0a16128 R14: 00007ffcd5c40360 R15: 00007ffcd5c40448
[  343.246134][ T8912]  </TASK>
[  343.667363][ T8931] netlink: 172 bytes leftover after parsing attributes in process `syz.1.665'.
[  343.976093][ T8933] Page cache invalidation failure on direct I/O.  Possible data corruption due to collision with buffered I/O!
[  344.008361][ T8933] File: /dev/nullb0 PID: 8933 Comm: syz.1.665
[  344.057030][ T8937] ubi0: attaching mtd0
[  344.087393][ T8937] ubi0: scanning is finished
[  344.891130][ T8937] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  345.005700][ T8937] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  345.109603][ T8937] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  345.156682][ T8937] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  345.282046][ T8937] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  345.289588][ T8937] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  345.551592][ T8937] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  345.909121][ T8937] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  345.928235][ T8950] ubi0: background thread "ubi_bgt0d" started, PID 8950
[  345.931865][ T8941] ubi: mtd0 is already attached to ubi0
[  345.969169][ T8943] ubi0: detaching mtd0
[  346.101833][ T8943] ubi0: mtd0 is detached
[  348.127389][ T8975] netlink: 172 bytes leftover after parsing attributes in process `syz.1.671'.
[  349.995005][ T8995] ubi0: attaching mtd0
[  350.023930][ T8995] ubi0: scanning is finished
[  350.352612][ T8993] [U] ^R
[  350.486327][ T8995] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  350.525105][ T8995] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  350.535289][ T8995] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  350.552515][ T8995] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  350.561823][ T8987] FAULT_INJECTION: forcing a failure.
[  350.561823][ T8987] name fail_futex, interval 1, probability 0, space 0, times 0
[  350.609998][ T8995] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  350.625807][ T8987] CPU: 0 UID: 0 PID: 8987 Comm: syz.2.675 Not tainted syzkaller #0 PREEMPT(full) 
[  350.625839][ T8987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  350.625853][ T8987] Call Trace:
[  350.625861][ T8987]  <TASK>
[  350.625871][ T8987]  dump_stack_lvl+0x100/0x190
[  350.625904][ T8987]  should_fail_ex.cold+0x5/0xa
[  350.625936][ T8987]  get_futex_key+0xf78/0x1510
[  350.625975][ T8987]  ? __pfx_get_futex_key+0x10/0x10
[  350.626000][ T8987]  ? lock_acquire+0x1b1/0x370
[  350.626034][ T8987]  futex_wake+0xea/0x530
[  350.626070][ T8987]  ? __pfx_futex_wake+0x10/0x10
[  350.626102][ T8987]  ? exit_mm_release+0x19/0x30
[  350.626147][ T8987]  do_futex+0x32b/0x350
[  350.626174][ T8987]  ? __pfx_do_futex+0x10/0x10
[  350.626199][ T8987]  ? __might_fault+0xc5/0x140
[  350.626246][ T8987]  mm_release+0x24a/0x2f0
[  350.626277][ T8987]  do_exit+0x707/0x2af0
[  350.626320][ T8987]  ? __pfx_do_exit+0x10/0x10
[  350.626356][ T8987]  ? do_raw_spin_lock+0x128/0x260
[  350.626384][ T8987]  ? find_held_lock+0x2b/0x80
[  350.626415][ T8987]  ? get_signal+0x7e5/0x2210
[  350.626450][ T8987]  do_group_exit+0xd5/0x2a0
[  350.626492][ T8987]  get_signal+0x20ff/0x2210
[  350.626536][ T8987]  ? __pfx_get_signal+0x10/0x10
[  350.626570][ T8987]  ? do_futex+0x192/0x350
[  350.626605][ T8987]  arch_do_signal_or_restart+0x91/0x7a0
[  350.626643][ T8987]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  350.626693][ T8987]  ? rcu_is_watching+0x12/0xc0
[  350.626727][ T8987]  exit_to_user_mode_loop+0x8b/0x4f0
[  350.626752][ T8987]  ? rcu_is_watching+0x12/0xc0
[  350.626785][ T8987]  do_syscall_64+0x6f2/0xf80
[  350.626822][ T8987]  ? clear_bhb_loop+0x40/0x90
[  350.626852][ T8987]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  350.626878][ T8987] RIP: 0033:0x7f47b079ce59
[  350.626900][ T8987] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  350.626923][ T8987] RSP: 002b:00007f47b15d30e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  350.626947][ T8987] RAX: fffffffffffffe00 RBX: 00007f47b0a16098 RCX: 00007f47b079ce59
[  350.626972][ T8987] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f47b0a16098
[  350.626986][ T8987] RBP: 00007f47b0a16090 R08: 0000000000000000 R09: 0000000000000000
[  350.627001][ T8987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  350.627016][ T8987] R13: 00007f47b0a16128 R14: 00007ffcd5c40360 R15: 00007ffcd5c40448
[  350.627050][ T8987]  </TASK>
[  350.637408][ T8995] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  350.925520][ T8995] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  350.995617][ T8995] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  351.035376][ T9000] ubi0: background thread "ubi_bgt0d" started, PID 9000
[  351.063865][ T8996] ubi0: detaching mtd0
[  351.166222][ T8996] ubi0: mtd0 is detached
[  352.033373][ T9010] netlink: 172 bytes leftover after parsing attributes in process `syz.3.680'.
[  352.970675][ T9018] netlink: 172 bytes leftover after parsing attributes in process `syz.2.682'.
[  354.084170][ T9011] [U] ^R
[  356.151437][ T9038] netlink: 342 bytes leftover after parsing attributes in process `syz.1.684'.
[  356.675152][ T9042] netlink: 172 bytes leftover after parsing attributes in process `syz.0.685'.
[  356.837219][ T9039] [U] ^R
[  359.065958][ T9049] FAULT_INJECTION: forcing a failure.
[  359.065958][ T9049] name failslab, interval 1, probability 0, space 0, times 0
[  359.145752][ T9049] CPU: 0 UID: 0 PID: 9049 Comm: syz.3.687 Not tainted syzkaller #0 PREEMPT(full) 
[  359.145775][ T9049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  359.145784][ T9049] Call Trace:
[  359.145790][ T9049]  <TASK>
[  359.145796][ T9049]  dump_stack_lvl+0x100/0x190
[  359.145817][ T9049]  should_fail_ex.cold+0x5/0xa
[  359.145837][ T9049]  ? tomoyo_realpath_from_path+0xb6/0x690
[  359.145857][ T9049]  should_failslab+0xc2/0x120
[  359.145876][ T9049]  __kmalloc_noprof+0xe0/0x850
[  359.145890][ T9049]  ? kfree+0x1dd/0x6c0
[  359.145923][ T9049]  tomoyo_realpath_from_path+0xb6/0x690
[  359.145947][ T9049]  tomoyo_check_open_permission+0x2af/0x3c0
[  359.145965][ T9049]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  359.145992][ T9049]  ? hook_file_open+0x24e/0x7a0
[  359.146022][ T9049]  ? path_get+0x61/0x80
[  359.146043][ T9049]  tomoyo_file_open+0x6b/0x90
[  359.146066][ T9049]  security_file_open+0xb5/0x1e0
[  359.146084][ T9049]  do_dentry_open+0x5aa/0x1660
[  359.146103][ T9049]  ? security_inode_permission+0xbf/0x250
[  359.146123][ T9049]  vfs_open+0x82/0x3f0
[  359.146146][ T9049]  path_openat+0x208c/0x31a0
[  359.146171][ T9049]  ? __pfx_path_openat+0x10/0x10
[  359.146196][ T9049]  do_file_open+0x20e/0x430
[  359.146216][ T9049]  ? __pfx_do_file_open+0x10/0x10
[  359.146247][ T9049]  ? alloc_fd+0x476/0x790
[  359.146267][ T9049]  ? do_getname+0x191/0x390
[  359.146290][ T9049]  do_sys_openat2+0x10d/0x1e0
[  359.146312][ T9049]  ? __pfx_do_sys_openat2+0x10/0x10
[  359.146341][ T9049]  __x64_sys_openat+0x12d/0x210
[  359.146364][ T9049]  ? __pfx___x64_sys_openat+0x10/0x10
[  359.146385][ T9049]  ? ksys_write+0x1ac/0x250
[  359.146404][ T9049]  ? rcu_is_watching+0x12/0xc0
[  359.146429][ T9049]  do_syscall_64+0x10b/0xf80
[  359.146451][ T9049]  ? clear_bhb_loop+0x40/0x90
[  359.146470][ T9049]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.146486][ T9049] RIP: 0033:0x7f750b59ce59
[  359.146499][ T9049] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  359.146514][ T9049] RSP: 002b:00007f750c428028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  359.146530][ T9049] RAX: ffffffffffffffda RBX: 00007f750b815fa0 RCX: 00007f750b59ce59
[  359.146540][ T9049] RDX: 000000000002a082 RSI: 0000200000000240 RDI: ffffffffffffff9c
[  359.146549][ T9049] RBP: 00007f750b632d6f R08: 0000000000000000 R09: 0000000000000000
[  359.146558][ T9049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  359.146567][ T9049] R13: 00007f750b816038 R14: 00007f750b815fa0 R15: 00007ffd1a9bb188
[  359.146587][ T9049]  </TASK>
[  359.309059][ T9049] ERROR: Out of memory at tomoyo_realpath_from_path.
[  361.911639][ T9077] Page cache invalidation failure on direct I/O.  Possible data corruption due to collision with buffered I/O!
[  361.968318][ T9077] File: /dev/nullb0 PID: 9077 Comm: syz.1.692
[  362.557665][ T9091] syz_tun: tun_chr_ioctl cmd 2147767521
[  363.666911][ T9103] netlink: 172 bytes leftover after parsing attributes in process `syz.1.696'.
[  367.035264][ T9123] ubi0: attaching mtd0
[  367.114300][ T9123] ubi0: scanning is finished
[  367.732998][ T9123] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  367.747930][ T9123] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  367.792884][ T9123] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  367.809515][ T9123] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  367.824734][ T9123] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  367.857678][ T9123] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  367.886180][ T9123] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  367.900395][ T9123] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  368.137796][ T9144] ubi0: background thread "ubi_bgt0d" started, PID 9144
[  368.147958][ T9127] ubi0: detaching mtd0
[  368.287352][ T9127] ubi0: mtd0 is detached
[  368.358213][ T9131] ubi0: attaching mtd0
[  368.474570][ T9131] ubi0: scanning is finished
[  368.841205][ T9131] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4
[  370.009790][ T9168] ubi0: attaching mtd0
[  370.036821][ T9168] ubi0: scanning is finished
[  370.291439][ T9168] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  370.311508][ T9168] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  370.330692][ T9168] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  370.347524][ T9168] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  370.359378][ T9168] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  370.382120][ T9168] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  370.412257][ T9168] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  370.439576][ T9168] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  370.456866][ T9171] ubi0: detaching mtd0
[  370.522284][ T9171] ubi0: mtd0 is detached
[  370.533564][ T9180] netlink: 172 bytes leftover after parsing attributes in process `syz.3.708'.
[  371.382300][ T9194] netlink: 172 bytes leftover after parsing attributes in process `syz.2.710'.
[  378.617520][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[  378.624005][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[  379.470233][ T9238] netlink: 342 bytes leftover after parsing attributes in process `syz.3.717'.
[  381.957927][ T9245] [U] ^R
[  382.718571][ T9260] syz_tun: tun_chr_ioctl cmd 2147767521
[  382.945820][ T9269] ubi0: attaching mtd0
[  382.972308][ T9269] ubi0: scanning is finished
[  383.364234][ T9276] FAULT_INJECTION: forcing a failure.
[  383.364234][ T9276] name failslab, interval 1, probability 0, space 0, times 0
[  383.417754][ T9269] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  383.431970][ T9276] CPU: 1 UID: 0 PID: 9276 Comm: syz.1.724 Not tainted syzkaller #0 PREEMPT(full) 
[  383.432012][ T9276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  383.432029][ T9276] Call Trace:
[  383.432039][ T9276]  <TASK>
[  383.432049][ T9276]  dump_stack_lvl+0x100/0x190
[  383.432087][ T9276]  should_fail_ex.cold+0x5/0xa
[  383.432123][ T9276]  ? tomoyo_encode2+0xfb/0x3c0
[  383.432158][ T9276]  should_failslab+0xc2/0x120
[  383.432195][ T9276]  __kmalloc_noprof+0xe0/0x850
[  383.432222][ T9276]  ? d_absolute_path+0x136/0x1b0
[  383.432255][ T9276]  tomoyo_encode2+0xfb/0x3c0
[  383.432292][ T9276]  tomoyo_encode+0x29/0x50
[  383.432322][ T9276]  tomoyo_realpath_from_path+0x18c/0x690
[  383.432367][ T9276]  tomoyo_check_open_permission+0x2af/0x3c0
[  383.432395][ T9276]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  383.432419][ T9276]  ? hook_file_open+0x24e/0x7a0
[  383.432448][ T9276]  ? path_get+0x61/0x80
[  383.432470][ T9276]  tomoyo_file_open+0x6b/0x90
[  383.432492][ T9276]  security_file_open+0xb5/0x1e0
[  383.432511][ T9276]  do_dentry_open+0x5aa/0x1660
[  383.432530][ T9276]  ? security_inode_permission+0xbf/0x250
[  383.432556][ T9276]  vfs_open+0x82/0x3f0
[  383.432581][ T9276]  path_openat+0x208c/0x31a0
[  383.432607][ T9276]  ? __pfx_path_openat+0x10/0x10
[  383.432633][ T9276]  do_file_open+0x20e/0x430
[  383.432654][ T9276]  ? __pfx_do_file_open+0x10/0x10
[  383.432685][ T9276]  ? alloc_fd+0x476/0x790
[  383.432706][ T9276]  ? do_getname+0x191/0x390
[  383.432728][ T9276]  do_sys_openat2+0x10d/0x1e0
[  383.432751][ T9276]  ? __pfx_do_sys_openat2+0x10/0x10
[  383.432780][ T9276]  __x64_sys_openat+0x12d/0x210
[  383.432803][ T9276]  ? __pfx___x64_sys_openat+0x10/0x10
[  383.432825][ T9276]  ? ksys_write+0x1ac/0x250
[  383.432844][ T9276]  ? rcu_is_watching+0x12/0xc0
[  383.432865][ T9276]  do_syscall_64+0x10b/0xf80
[  383.432887][ T9276]  ? clear_bhb_loop+0x40/0x90
[  383.432907][ T9276]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  383.432923][ T9276] RIP: 0033:0x7f33fe39ce59
[  383.432937][ T9276] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  383.432951][ T9276] RSP: 002b:00007f33ff1a7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  383.432967][ T9276] RAX: ffffffffffffffda RBX: 00007f33fe615fa0 RCX: 00007f33fe39ce59
[  383.432977][ T9276] RDX: 000000000002a082 RSI: 0000200000000240 RDI: ffffffffffffff9c
[  383.432987][ T9276] RBP: 00007f33fe432d6f R08: 0000000000000000 R09: 0000000000000000
[  383.432996][ T9276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  383.433005][ T9276] R13: 00007f33fe616038 R14: 00007f33fe615fa0 R15: 00007ffec0cb8d48
[  383.433025][ T9276]  </TASK>
[  383.701827][ T9276] ERROR: Out of memory at tomoyo_realpath_from_path.
[  383.751379][ T9269] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  383.758677][ T9269] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  383.766629][ T9269] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  383.774789][ T9269] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  383.781635][ T9269] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  383.789648][ T9269] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  383.799754][ T9269] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  383.982056][ T9279] ubi0: background thread "ubi_bgt0d" started, PID 9279
[  384.072225][ T9270] ubi0: detaching mtd0
[  384.138331][ T9270] ubi0: mtd0 is detached
[  384.650560][ T9285] netlink: 172 bytes leftover after parsing attributes in process `syz.1.726'.
[  388.373157][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  388.755699][ T9327] netlink: 172 bytes leftover after parsing attributes in process `syz.0.734'.
[  388.850800][ T9329] ubi0: attaching mtd0
[  388.912191][ T9329] ubi0: scanning is finished
[  389.068023][ T9321] [U] ^R
[  389.354418][ T9329] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  389.382935][ T9329] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  389.419801][ T9329] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  389.441307][ T9329] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  389.570343][ T9329] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  389.578968][ T9329] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  389.668753][ T9329] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  389.718312][ T9329] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  389.778809][ T9331] ubi0: detaching mtd0
[  389.874259][ T9331] ubi0: mtd0 is detached
[  392.501605][ T9352] netlink: 172 bytes leftover after parsing attributes in process `syz.2.738'.
[  392.971341][ T9353] Page cache invalidation failure on direct I/O.  Possible data corruption due to collision with buffered I/O!
[  392.992322][ T9353] File: /dev/nullb0 PID: 9353 Comm: syz.2.738
[  393.002438][ T9359] netlink: 172 bytes leftover after parsing attributes in process `syz.0.740'.
[  395.778235][ T9376] netlink: 172 bytes leftover after parsing attributes in process `syz.1.742'.
[  399.059055][ T9397] netlink: 172 bytes leftover after parsing attributes in process `syz.0.748'.
[  404.334708][ T9413] ubi0: attaching mtd0
[  404.384744][ T9413] ubi0: scanning is finished
[  404.931444][ T9413] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  405.152182][ T9413] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  405.340050][ T9413] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  405.437688][ T9413] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  405.723138][ T9413] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  405.915685][ T9413] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  406.285330][ T9413] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  407.313930][ T9413] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  407.329271][ T9426] ubi0: background thread "ubi_bgt0d" started, PID 9426
[  407.575469][ T9417] ubi0: detaching mtd0
[  407.779193][ T9417] ubi0: mtd0 is detached
[  407.999667][ T9437] syz_tun: tun_chr_ioctl cmd 2147767521
[  408.154580][ T9441] ubi0: attaching mtd0
[  408.172496][ T9441] ubi0: scanning is finished
[  408.475333][ T9441] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  408.487436][ T9441] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  408.532980][ T9441] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  408.549809][ T9441] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  408.570402][ T9441] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  408.598301][ T9441] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  408.615027][ T9441] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  408.625562][ T9441] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  408.652170][ T9452] netlink: 172 bytes leftover after parsing attributes in process `syz.1.756'.
[  408.678970][ T9450] ubi0: background thread "ubi_bgt0d" started, PID 9450
[  408.707322][ T9445] ubi0: detaching mtd0
[  408.765301][ T9445] ubi0: mtd0 is detached
[  409.869044][ T9469] usb usb35: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  412.219087][ T9490] netlink: 172 bytes leftover after parsing attributes in process `syz.3.764'.
[  415.773693][ T9511] netlink: 342 bytes leftover after parsing attributes in process `syz.0.776'.
[  416.089678][ T9518] [U] ^R
[  416.339117][ T9514] FAULT_INJECTION: forcing a failure.
[  416.339117][ T9514] name fail_futex, interval 1, probability 0, space 0, times 0
[  416.362528][ T9514] CPU: 1 UID: 0 PID: 9514 Comm: syz.0.776 Not tainted syzkaller #0 PREEMPT(full) 
[  416.362562][ T9514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  416.362576][ T9514] Call Trace:
[  416.362585][ T9514]  <TASK>
[  416.362594][ T9514]  dump_stack_lvl+0x100/0x190
[  416.362629][ T9514]  should_fail_ex.cold+0x5/0xa
[  416.362669][ T9514]  get_futex_key+0xf78/0x1510
[  416.362700][ T9514]  ? __pfx_get_futex_key+0x10/0x10
[  416.362725][ T9514]  ? lock_acquire+0x1b1/0x370
[  416.362761][ T9514]  futex_wake+0xea/0x530
[  416.362797][ T9514]  ? __pfx_futex_wake+0x10/0x10
[  416.362829][ T9514]  ? exit_mm_release+0x19/0x30
[  416.362876][ T9514]  do_futex+0x32b/0x350
[  416.362905][ T9514]  ? __pfx_do_futex+0x10/0x10
[  416.362930][ T9514]  ? __might_fault+0xc5/0x140
[  416.362977][ T9514]  mm_release+0x24a/0x2f0
[  416.363009][ T9514]  do_exit+0x707/0x2af0
[  416.363052][ T9514]  ? __pfx_do_exit+0x10/0x10
[  416.363088][ T9514]  ? do_raw_spin_lock+0x128/0x260
[  416.363116][ T9514]  ? find_held_lock+0x2b/0x80
[  416.363146][ T9514]  ? get_signal+0x7e5/0x2210
[  416.363180][ T9514]  do_group_exit+0xd5/0x2a0
[  416.363221][ T9514]  get_signal+0x20ff/0x2210
[  416.363265][ T9514]  ? __pfx_get_signal+0x10/0x10
[  416.363300][ T9514]  ? do_futex+0x192/0x350
[  416.363331][ T9514]  arch_do_signal_or_restart+0x91/0x7a0
[  416.363370][ T9514]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  416.363421][ T9514]  ? rcu_is_watching+0x12/0xc0
[  416.363456][ T9514]  exit_to_user_mode_loop+0x8b/0x4f0
[  416.363481][ T9514]  ? rcu_is_watching+0x12/0xc0
[  416.363515][ T9514]  do_syscall_64+0x6f2/0xf80
[  416.363551][ T9514]  ? clear_bhb_loop+0x40/0x90
[  416.363583][ T9514]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.363610][ T9514] RIP: 0033:0x7f7fcdd9ce59
[  416.363631][ T9514] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  416.363663][ T9514] RSP: 002b:00007f7fcecc00e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  416.363688][ T9514] RAX: fffffffffffffe00 RBX: 00007f7fce016098 RCX: 00007f7fcdd9ce59
[  416.363705][ T9514] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7fce016098
[  416.363721][ T9514] RBP: 00007f7fce016090 R08: 0000000000000000 R09: 0000000000000000
[  416.363739][ T9514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  416.363754][ T9514] R13: 00007f7fce016128 R14: 00007ffdeeb437e0 R15: 00007ffdeeb438c8
[  416.363789][ T9514]  </TASK>
[  416.894091][ T9521] syz_tun: tun_chr_ioctl cmd 2147767521
[  416.987353][ T9525] netlink: 172 bytes leftover after parsing attributes in process `syz.2.770'.
[  419.789127][ T9550] usb usb35: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  420.557450][ T9564] ubi0: attaching mtd0
[  420.574561][ T9564] ubi0: scanning is finished
[  420.827402][ T9564] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  420.856632][ T9564] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  420.914264][ T9564] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  420.958968][ T9564] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  420.987243][ T9564] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  421.006180][ T9564] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  421.040102][ T9564] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  421.050652][ T9564] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  421.066416][ T9566] ubi0: detaching mtd0
[  421.072832][ T9573] ubi0: background thread "ubi_bgt0d" started, PID 9573
[  421.143646][ T9566] ubi0: mtd0 is detached
[  421.160991][ T9572] ubi0: attaching mtd0
[  421.210849][ T9572] ubi0: scanning is finished
[  421.447937][ T9588] netlink: 172 bytes leftover after parsing attributes in process `syz.2.782'.
[  421.543672][ T9572] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  421.561074][ T9593] netlink: 172 bytes leftover after parsing attributes in process `syz.1.783'.
[  421.694187][ T9572] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  421.848710][ T9572] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  422.057444][ T9572] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  422.206512][ T9572] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  423.011386][ T9572] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  423.161428][ T9572] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  423.964307][ T9572] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  424.147802][ T9592] ubi0: background thread "ubi_bgt0d" started, PID 9592
[  424.263467][ T9576] ubi0: detaching mtd0
[  424.543261][ T9576] ubi0: mtd0 is detached
[  425.899710][ T9610] netlink: 172 bytes leftover after parsing attributes in process `syz.0.786'.
[  426.039252][ T9616] ubi0: attaching mtd0
[  426.064388][ T9616] ubi0: scanning is finished
[  426.261210][ T9616] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  426.288770][ T9616] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  426.300025][ T9616] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  426.307999][ T9616] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  426.322444][ T9616] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  426.341568][ T9616] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  426.385832][ T9616] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1321699002
[  426.399291][ T9616] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  426.421165][ T9621] ubi0: background thread "ubi_bgt0d" started, PID 9621
[  426.432733][ T9617] ubi0: detaching mtd0
[  426.488065][ T9617] ubi0: mtd0 is detached
[  427.043373][ T9625] usb usb35: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  430.306620][ T9647] netlink: 172 bytes leftover after parsing attributes in process `syz.1.793'.
[  432.804850][ T9658] netlink: 342 bytes leftover after parsing attributes in process `syz.2.794'.
[  433.702002][ T9668] [U] ^R
[  436.351686][ T9703] [U] ^R
[  436.385811][ T9718] ACPI: button: Initial lid state set to 'ignore'
[  438.164550][ T9739] [U] ^R
[  439.272998][   T29] audit: type=1800 audit(1779069961.007:5): pid=9763 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.817" name="features" dev="configfs" ino=24630 res=0 errno=0
[  439.625780][ T4947] Bluetooth: hci0: unexpected event 0x14 length: 16 > 6
[  440.033961][ T9772] [U] ^R
[  440.080882][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[  440.087425][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[  440.235008][ T9772] FAULT_INJECTION: forcing a failure.
[  440.235008][ T9772] name fail_futex, interval 1, probability 0, space 0, times 0
[  440.258845][ T9772] CPU: 1 UID: 0 PID: 9772 Comm: syz.3.820 Not tainted syzkaller #0 PREEMPT(full) 
[  440.258882][ T9772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  440.258897][ T9772] Call Trace:
[  440.258905][ T9772]  <TASK>
[  440.258915][ T9772]  dump_stack_lvl+0x100/0x190
[  440.258949][ T9772]  should_fail_ex.cold+0x5/0xa
[  440.258982][ T9772]  get_futex_key+0x295/0x1510
[  440.259012][ T9772]  ? __pfx_get_futex_key+0x10/0x10
[  440.259037][ T9772]  ? lock_acquire+0x1b1/0x370
[  440.259071][ T9772]  futex_wake+0xea/0x530
[  440.259104][ T9772]  ? __pfx_futex_wake+0x10/0x10
[  440.259134][ T9772]  ? exit_mm_release+0x19/0x30
[  440.259179][ T9772]  do_futex+0x32b/0x350
[  440.259206][ T9772]  ? __pfx_do_futex+0x10/0x10
[  440.259231][ T9772]  ? __might_fault+0xc5/0x140
[  440.259276][ T9772]  mm_release+0x24a/0x2f0
[  440.259306][ T9772]  do_exit+0x707/0x2af0
[  440.259348][ T9772]  ? __pfx_do_exit+0x10/0x10
[  440.259383][ T9772]  ? do_raw_spin_lock+0x128/0x260
[  440.259410][ T9772]  ? find_held_lock+0x2b/0x80
[  440.259440][ T9772]  ? get_signal+0x7e5/0x2210
[  440.259474][ T9772]  do_group_exit+0xd5/0x2a0
[  440.259513][ T9772]  get_signal+0x20ff/0x2210
[  440.259551][ T9772]  ? ldsem_up_read+0x4e/0x90
[  440.259580][ T9772]  ? __pfx_get_signal+0x10/0x10
[  440.259613][ T9772]  ? do_futex+0x192/0x350
[  440.259643][ T9772]  arch_do_signal_or_restart+0x91/0x7a0
[  440.259681][ T9772]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  440.259729][ T9772]  ? rcu_is_watching+0x12/0xc0
[  440.259762][ T9772]  exit_to_user_mode_loop+0x8b/0x4f0
[  440.259786][ T9772]  ? rcu_is_watching+0x12/0xc0
[  440.259825][ T9772]  do_syscall_64+0x6f2/0xf80
[  440.259861][ T9772]  ? clear_bhb_loop+0x40/0x90
[  440.259892][ T9772]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  440.259918][ T9772] RIP: 0033:0x7f750b59ce59
[  440.259939][ T9772] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  440.259962][ T9772] RSP: 002b:00007f750c4070e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  440.259986][ T9772] RAX: fffffffffffffe00 RBX: 00007f750b816098 RCX: 00007f750b59ce59
[  440.260003][ T9772] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f750b816098
[  440.260019][ T9772] RBP: 00007f750b816090 R08: 0000000000000000 R09: 0000000000000000
[  440.260033][ T9772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  440.260047][ T9772] R13: 00007f750b816128 R14: 00007ffd1a9bb0a0 R15: 00007ffd1a9bb188
[  440.260080][ T9772]  </TASK>
[  441.163091][ T9788] netlink: 342 bytes leftover after parsing attributes in process `syz.0.823'.
[  441.645377][ T9792] [U] ^R
[  441.752974][ T9790] FAULT_INJECTION: forcing a failure.
[  441.752974][ T9790] name fail_futex, interval 1, probability 0, space 0, times 0
[  441.775185][ T9790] CPU: 0 UID: 0 PID: 9790 Comm: syz.0.823 Not tainted syzkaller #0 PREEMPT(full) 
[  441.775227][ T9790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  441.775241][ T9790] Call Trace:
[  441.775249][ T9790]  <TASK>
[  441.775257][ T9790]  dump_stack_lvl+0x100/0x190
[  441.775288][ T9790]  should_fail_ex.cold+0x5/0xa
[  441.775318][ T9790]  get_futex_key+0xf78/0x1510
[  441.775352][ T9790]  ? __pfx_get_futex_key+0x10/0x10
[  441.775378][ T9790]  ? lock_acquire+0x1b1/0x370
[  441.775412][ T9790]  futex_wake+0xea/0x530
[  441.775447][ T9790]  ? __pfx_futex_wake+0x10/0x10
[  441.775478][ T9790]  ? exit_mm_release+0x19/0x30
[  441.775524][ T9790]  do_futex+0x32b/0x350
[  441.775552][ T9790]  ? __pfx_do_futex+0x10/0x10
[  441.775578][ T9790]  ? __might_fault+0xc5/0x140
[  441.775624][ T9790]  mm_release+0x24a/0x2f0
[  441.775655][ T9790]  do_exit+0x707/0x2af0
[  441.775695][ T9790]  ? __pfx_do_exit+0x10/0x10
[  441.775732][ T9790]  ? do_raw_spin_lock+0x128/0x260
[  441.775760][ T9790]  ? find_held_lock+0x2b/0x80
[  441.775790][ T9790]  ? get_signal+0x7e5/0x2210
[  441.775825][ T9790]  do_group_exit+0xd5/0x2a0
[  441.775864][ T9790]  get_signal+0x20ff/0x2210
[  441.775908][ T9790]  ? __pfx_get_signal+0x10/0x10
[  441.775943][ T9790]  ? do_futex+0x192/0x350
[  441.775972][ T9790]  arch_do_signal_or_restart+0x91/0x7a0
[  441.776010][ T9790]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  441.776060][ T9790]  ? rcu_is_watching+0x12/0xc0
[  441.776094][ T9790]  exit_to_user_mode_loop+0x8b/0x4f0
[  441.776119][ T9790]  ? rcu_is_watching+0x12/0xc0
[  441.776152][ T9790]  do_syscall_64+0x6f2/0xf80
[  441.776195][ T9790]  ? clear_bhb_loop+0x40/0x90
[  441.776227][ T9790]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.776253][ T9790] RIP: 0033:0x7f7fcdd9ce59
[  441.776274][ T9790] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  441.776299][ T9790] RSP: 002b:00007f7fcecc00e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  441.776323][ T9790] RAX: fffffffffffffe00 RBX: 00007f7fce016098 RCX: 00007f7fcdd9ce59
[  441.776342][ T9790] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7fce016098
[  441.776357][ T9790] RBP: 00007f7fce016090 R08: 0000000000000000 R09: 0000000000000000
[  441.776373][ T9790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  441.776389][ T9790] R13: 00007f7fce016128 R14: 00007ffdeeb437e0 R15: 00007ffdeeb438c8
[  441.776423][ T9790]  </TASK>
[  442.053882][ T9797] [U] ^R
[  443.041169][ T9822] ==================================================================
[  443.041191][ T9822] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60
[  443.041240][ T9822] Write of size 8 at addr ffffc90004de10e0 by task syz.2.828/9822
[  443.041263][ T9822] 
[  443.041276][ T9822] CPU: 1 UID: 0 PID: 9822 Comm: syz.2.828 Not tainted syzkaller #0 PREEMPT(full) 
[  443.041308][ T9822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  443.041325][ T9822] Call Trace:
[  443.041334][ T9822]  <TASK>
[  443.041345][ T9822]  dump_stack_lvl+0x100/0x190
[  443.041375][ T9822]  print_report+0x13d/0x4b0
[  443.041414][ T9822]  ? _raw_spin_lock_irqsave+0x52/0x60
[  443.041459][ T9822]  ? sys_imageblit+0x19fb/0x1d60
[  443.041498][ T9822]  kasan_report+0xdf/0x1d0
[  443.041531][ T9822]  ? sys_imageblit+0x19fb/0x1d60
[  443.041575][ T9822]  sys_imageblit+0x19fb/0x1d60
[  443.041626][ T9822]  ? __pfx_sys_imageblit+0x10/0x10
[  443.041675][ T9822]  drm_fbdev_shmem_defio_imageblit+0x20/0x130
[  443.041711][ T9822]  soft_cursor+0x524/0xa10
[  443.041752][ T9822]  bit_cursor+0xca1/0x1490
[  443.041790][ T9822]  ? __pfx_bit_cursor+0x10/0x10
[  443.041829][ T9822]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  443.041870][ T9822]  ? get_color+0x1da/0x450
[  443.041898][ T9822]  ? __pfx_bit_cursor+0x10/0x10
[  443.041931][ T9822]  fbcon_cursor+0x43c/0x5e0
[  443.041967][ T9822]  hide_cursor+0x87/0x230
[  443.042003][ T9822]  putconsxy+0x1f/0x3c0
[  443.042029][ T9822]  vcs_write+0xba9/0xd60
[  443.042063][ T9822]  ? __bpf_trace_sched_exit_tp+0x20/0xc0
[  443.042100][ T9822]  ? __pfx_vcs_write+0x10/0x10
[  443.042132][ T9822]  ? apparmor_file_permission+0x13f/0x1c0
[  443.042163][ T9822]  ? bpf_lsm_file_permission+0x9/0x10
[  443.042190][ T9822]  ? security_file_permission+0x76/0x210
[  443.042222][ T9822]  ? rw_verify_area+0xce/0x6d0
[  443.042251][ T9822]  vfs_write+0x2aa/0x1070
[  443.042282][ T9822]  ? __pfx_vcs_write+0x10/0x10
[  443.042316][ T9822]  ? __pfx_vfs_write+0x10/0x10
[  443.042346][ T9822]  ? find_held_lock+0x2b/0x80
[  443.042381][ T9822]  ? __fget_files+0x215/0x3d0
[  443.042412][ T9822]  ? __fget_files+0x215/0x3d0
[  443.042446][ T9822]  ? __fget_files+0x21f/0x3d0
[  443.042482][ T9822]  ksys_write+0x12a/0x250
[  443.042513][ T9822]  ? __pfx_ksys_write+0x10/0x10
[  443.042546][ T9822]  ? rcu_is_watching+0x12/0xc0
[  443.042580][ T9822]  do_syscall_64+0x10b/0xf80
[  443.042625][ T9822]  ? clear_bhb_loop+0x40/0x90
[  443.042658][ T9822]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.042688][ T9822] RIP: 0033:0x7f47b079ce59
[  443.042711][ T9822] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  443.042739][ T9822] RSP: 002b:00007f47b15f4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  443.042767][ T9822] RAX: ffffffffffffffda RBX: 00007f47b0a15fa0 RCX: 00007f47b079ce59
[  443.042788][ T9822] RDX: 0000000000000005 RSI: 0000200000000000 RDI: 0000000000000002
[  443.042806][ T9822] RBP: 00007f47b0832d6f R08: 0000000000000000 R09: 0000000000000000
[  443.042824][ T9822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  443.042842][ T9822] R13: 00007f47b0a16038 R14: 00007f47b0a15fa0 R15: 00007ffcd5c40448
[  443.042870][ T9822]  </TASK>
[  443.042880][ T9822] 
[  443.042894][ T9822] The buggy address belongs to a vmalloc virtual mapping
[  443.042914][ T9822] Memory state around the buggy address:
[  443.042933][ T9822]  ffffc90004de0f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  443.042958][ T9822]  ffffc90004de1000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  443.042978][ T9822] >ffffc90004de1080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  443.042994][ T9822]                                                        ^
[  443.043011][ T9822]  ffffc90004de1100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  443.043032][ T9822]  ffffc90004de1180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  443.043047][ T9822] ==================================================================
[  443.048738][ T9822] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  443.048756][ T9822] CPU: 1 UID: 0 PID: 9822 Comm: syz.2.828 Not tainted syzkaller #0 PREEMPT(full) 
[  443.048777][ T9822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  443.048787][ T9822] Call Trace:
[  443.048793][ T9822]  <TASK>
[  443.048799][ T9822]  dump_stack_lvl+0x100/0x190
[  443.048819][ T9822]  vpanic+0x552/0x970
[  443.048834][ T9822]  ? __pfx_vpanic+0x10/0x10
[  443.048851][ T9822]  ? sys_imageblit+0x19fb/0x1d60
[  443.048875][ T9822]  panic+0xd1/0xe0
[  443.048888][ T9822]  ? __pfx_panic+0x10/0x10
[  443.048902][ T9822]  ? sys_imageblit+0x19fb/0x1d60
[  443.048924][ T9822]  ? preempt_schedule_common+0x42/0xc0
[  443.048948][ T9822]  check_panic_on_warn.cold+0x19/0x34
[  443.048963][ T9822]  end_report.part.0+0x3a/0x90
[  443.048984][ T9822]  kasan_report.cold+0xe/0x18
[  443.049006][ T9822]  ? sys_imageblit+0x19fb/0x1d60
[  443.049030][ T9822]  sys_imageblit+0x19fb/0x1d60
[  443.049055][ T9822]  ? __pfx_sys_imageblit+0x10/0x10
[  443.049079][ T9822]  drm_fbdev_shmem_defio_imageblit+0x20/0x130
[  443.049099][ T9822]  soft_cursor+0x524/0xa10
[  443.049124][ T9822]  bit_cursor+0xca1/0x1490
[  443.049144][ T9822]  ? __pfx_bit_cursor+0x10/0x10
[  443.049164][ T9822]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  443.049186][ T9822]  ? get_color+0x1da/0x450
[  443.049201][ T9822]  ? __pfx_bit_cursor+0x10/0x10
[  443.049219][ T9822]  fbcon_cursor+0x43c/0x5e0
[  443.049243][ T9822]  hide_cursor+0x87/0x230
[  443.049279][ T9822]  putconsxy+0x1f/0x3c0
[  443.049303][ T9822]  vcs_write+0xba9/0xd60
[  443.049338][ T9822]  ? __bpf_trace_sched_exit_tp+0x20/0xc0
[  443.049359][ T9822]  ? __pfx_vcs_write+0x10/0x10
[  443.049376][ T9822]  ? apparmor_file_permission+0x13f/0x1c0
[  443.049394][ T9822]  ? bpf_lsm_file_permission+0x9/0x10
[  443.049409][ T9822]  ? security_file_permission+0x76/0x210
[  443.049427][ T9822]  ? rw_verify_area+0xce/0x6d0
[  443.049442][ T9822]  vfs_write+0x2aa/0x1070
[  443.049458][ T9822]  ? __pfx_vcs_write+0x10/0x10
[  443.049477][ T9822]  ? __pfx_vfs_write+0x10/0x10
[  443.049492][ T9822]  ? find_held_lock+0x2b/0x80
[  443.049511][ T9822]  ? __fget_files+0x215/0x3d0
[  443.049528][ T9822]  ? __fget_files+0x215/0x3d0
[  443.049546][ T9822]  ? __fget_files+0x21f/0x3d0
[  443.049565][ T9822]  ksys_write+0x12a/0x250
[  443.049581][ T9822]  ? __pfx_ksys_write+0x10/0x10
[  443.049598][ T9822]  ? rcu_is_watching+0x12/0xc0
[  443.049627][ T9822]  do_syscall_64+0x10b/0xf80
[  443.049649][ T9822]  ? clear_bhb_loop+0x40/0x90
[  443.049666][ T9822]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.049681][ T9822] RIP: 0033:0x7f47b079ce59
[  443.049694][ T9822] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  443.049709][ T9822] RSP: 002b:00007f47b15f4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  443.049725][ T9822] RAX: ffffffffffffffda RBX: 00007f47b0a15fa0 RCX: 00007f47b079ce59
[  443.049736][ T9822] RDX: 0000000000000005 RSI: 0000200000000000 RDI: 0000000000000002
[  443.049746][ T9822] RBP: 00007f47b0832d6f R08: 0000000000000000 R09: 0000000000000000
[  443.049755][ T9822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  443.049765][ T9822] R13: 00007f47b0a16038 R14: 00007f47b0a15fa0 R15: 00007ffcd5c40448
[  443.049780][ T9822]  </TASK>
[  443.050049][ T9822] Kernel Offset: disabled