last executing test programs:

4m4.28067869s ago: executing program 0 (id=1437):
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xf, 0x3, 0x2)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = open(&(0x7f0000000100)='./bus\x00', 0x14d27e, 0x72)
socket(0x2, 0x1, 0x0)
select$auto(0x6, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xfff, 0x1, 0x948b, 0x3, 0x95f4da2d, 0xc, 0x6, 0x62, 0x7, 0x7, 0x6d3f, 0xa, 0x4, 0x5]}, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
mmap$auto(0x4, 0x400008, 0x3, 0x9b72, r1, 0x8000)
mmap$auto(0x2, 0x400008, 0xdf, 0x20000009b72, r1, 0x8000)
r2 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000140), 0x60a41, 0x0)
ioctl$auto_RTC_WKALM_RD(r2, 0x80287010, &(0x7f0000000180)={0x1, 0xee, {0x9c, 0x1000, 0x7ff, 0x7, 0x7, 0x81, 0xfffffffa, 0x1, 0x2}})
mprotect$auto(0x110c238000, 0x1, 0x3)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x6, 0x1, 0xfffffffffffffff7, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000021, 0x7, 0x6d3e, 0x7fff, 0x2, 0x6]}, 0x0)
socket(0x1d, 0x2, 0x3)
ioctl$auto_PROCMAP_QUERY(0xffffffffffffffff, 0xc0686611, &(0x7f0000000340)={0x8000000000000001, 0xfffffffffffffffe, 0xfffffffffffffffb, 0xfffffffffffffff8, 0x8, 0xe, 0x3, 0x9, 0x0, 0x200, 0xe223, 0x80000000, 0x2000009, 0x7, 0xfffffffffffffff7})
madvise$auto(0x110c230000, 0x8031ca, 0x9)
write$auto(0x800000000000c8, 0x0, 0x1a)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
io_uring_setup$auto(0x2, 0x0)
r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x202, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/rds/tcp/rds_tcp_rcvbuf\x00', 0x800, 0x0)
io_uring_setup$auto(0x1, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/tty/ttyt7/dev\x00', 0x2a101, 0x0)

4m2.983300483s ago: executing program 0 (id=1440):
r0 = epoll_create$auto(0x4)
r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000040), r0)
sendmsg$auto_NETDEV_CMD_DEV_GET2(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x2, 0x70bd29, 0x25dfdbfe, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)
mmap$auto(0x0, 0x2020009, 0xf, 0xeb1, 0xfffffffffffffffa, 0x7ffd)
ioctl$auto_VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x5)
ioctl$auto(0xffffffffffffffff, 0x4004af07, 0xffffffffffffffff)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
fanotify_init$auto(0x65, 0x2)
socket(0x1d, 0x2, 0x2)
r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x2, 0x0)
write$auto_tomoyo_operations_securityfs_if(r2, 0x0, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xfffffffd, 0x401bf, 0x7, 0x3c, 0x65f, 0x1ffde, 0x5, 0x3, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb2, 0x80000000009, 0x6, 0xdec3, 0xb, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0x185c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0xd)
sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf25030000000600070008000000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060006004000"], 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x0)
alarm$auto(0xd)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x3, 0x100)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x44801)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
close_range$auto(0x2, 0x8000, 0x0)

4m1.425819343s ago: executing program 0 (id=1442):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), 0xffffffffffffffff)
sendmsg$auto_NET_SHAPER_CMD_GROUP(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2004c804}, 0x14)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000000c0), r0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
r1 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_OVS_FLOW_CMD_GET(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={0x28, r1, 0x1, 0x70bd25, 0x25dfdc02, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0x10, 0x1, 0x0, 0x1, [@nested={0xc, 0x10, 0x0, 0x1, [@typed={0x8, 0xf2, 0x0, 0x0, @uid}]}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800)
madvise$auto(0x0, 0x200007, 0x19)
timerfd_create$auto(0x9, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
inotify_add_watch$auto(0xffffffffffffffff, 0x0, 0x0)
openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D1p\x00', 0x0, 0x0)
bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x3, 0x8, 0xc, 0x2e, 0x0, 0x3}, 0x6f4)
bpf$auto(0x4, &(0x7f00000001c0)=@bpf_attr_1={0x3, 0xca96, @next_key=0x5, 0x6}, 0x1)
write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x2, 0x9, 0x2, 0x6]}, 0x0)
close_range$auto(0x2, 0xa, 0x0)

4m0.05288924s ago: executing program 0 (id=1444):
adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x9, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804})
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
ioctl$auto_RTC_PIE_ON(0xffffffffffffffff, 0x7005, 0x0)
readv$auto(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x2004}, 0x5)
r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYRESOCT, @ANYRES16=r0, @ANYRES8=0x0, @ANYRES16=r1], 0x78}, 0x1, 0x0, 0x0, 0x40000}, 0x4045)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x166b82, 0x0)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000080), 0xffffffffffffffff)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0xffffffffffffffff, r1, 0x4)
pidfd_open$auto(0x1, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto_CEC_DQEVENT(0xffffffffffffffff, 0xc0506107, 0x0)
socket(0x2c, 0x3, 0x0)
ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f00000012c0)={{@raw=0x3, 0x1, 0x6d2e99ec, 0x6, "0582a820061b5c51a65a6dd72b0b15addbdf55cb4b0f2381f2673e3a1ebe21e1bf1b26f0db7b62b67bd764f9"}, 0x0, @bytes=@data_ptr=0x0, "528d458095d42b72adda0cac2d45bdaacfc82245992af763188bf00ab57d5d73b094925aa92857fd2f672f85343275f80841c6ca41e93023ab4510269ed959a79a789527276d90375018fc08050559d8936b8d72087a5689d4338da78b8b8bdcea8188ca43202fb78dacb3fea1258074885c899d75cd52751f9be959d90fa5c2"})
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
r4 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x9, 0x948b, 0x3, 0x15f4da0a, 0x0, 0x80000000, 0x7f, 0x80000001, 0x10, 0x6d3f, 0x100000007, 0x2, 0xfffffffffffffffe]}, 0x0)
write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x20000000001fd, 0x3, 0x200d, 0x10001, 0x8000000000000000, 0x6, 0x15f4da0a, 0x1000000001, 0x9, 0x62, 0x80080000020, 0x7, 0x6d3e, 0x9, 0x1, 0x200]}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r4, 0x0, 0x814)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_ETHTOOL_MSG_RSS_GET(r5, 0x0, 0x40044010)
syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, r2)
socket(0x2, 0x3, 0x100)

3m58.605833382s ago: executing program 0 (id=1447):
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty53\x00', 0x200, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2b, 0x1, 0x1)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x7, 0xc45d, 0x7c, 0x6, 0x3, 0x2, 0x3, 0x3, 0x62, 0x80000022, 0x7, 0x6d3e, 0x2000000004000009, 0x2, 0x6]}, 0x0)
socket(0xa, 0x5, 0x94)
mmap$auto(0xf87f, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, 0x0)
r1 = openat$auto_event_inject_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/inject\x00', 0x2, 0x0)
writev$auto(r1, &(0x7f0000000000)={&(0x7f0000000000), 0x4}, 0x2)
close_range$auto(0x2, 0x8, 0x0)
getpgrp(0x0)
sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x4)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x60282, 0x0)
msgctl$auto_IPC_INFO(0x44, 0x3, &(0x7f00000001c0)={{0x0, 0x0, 0x0, 0x2, 0x57e, 0xffff8001}, 0x0, 0x0, 0x0, 0x9, 0x400, 0xfffffffffffffff9, 0x2, 0x18, 0x0, 0xfff8})
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, 0x0)
write$auto(r2, 0x0, 0x100082)

3m57.414717536s ago: executing program 0 (id=1450):
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x20100, 0x0)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0xffffffffffffffff)
sendmsg$auto_PSAMPLE_CMD_GET_GROUP(r1, &(0x7f0000000340)={&(0x7f0000000180), 0xc, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x8014}, 0x805)
ioctl$auto_SNDCTL_TMR_START(r1, 0x5402, &(0x7f0000000000)="f00ba5579c8271484fdcef29cab58f86b1ef479133d363b9261d45e70299711e74c62f5069bdc0cbf6201a0b9220db0792107d34280de74c805a")
pread64$auto(r0, 0x0, 0x80008, 0x1000020000008000)
keyctl$auto(0x4, 0xfffffffe, 0x6, 0xffffffffffffffff, 0xe)
r2 = signalfd4$auto(r0, 0x0, 0x2, 0x200)
read$auto_l2cap_debugfs_fops_(r2, &(0x7f0000000380)=""/177, 0xb1)
mmap$auto(0x0, 0x10020009, 0x4000000000df, 0x40000000000eb1, r1, 0x8000)
move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000)
prctl$auto(0x10, 0x0, 0x0, 0x5, 0x3)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
setresuid$auto(0x0, 0x0, 0x0)
setresuid$auto(0xffffffffffffffff, 0x0, 0x8000)
socketpair$auto(0x7ff, 0x1, 0x8000000000000000, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc2481, 0x0)
recvmmsg$auto(r1, 0x0, 0x10000, 0x5, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff)
epoll_create$auto(0x4)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
mmap$auto(0x0, 0x40009, 0x7, 0x9b72, 0xffffffffffffffff, 0x28000)
r4 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cpu/1/msr\x00', 0xf82, 0x0)
readv$auto(r4, &(0x7f00000000c0)={0x0, 0x24}, 0x9)
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
setsockopt$auto_SO_OOBINLINE(r2, 0xfffc, 0xa, &(0x7f0000000080), 0x2)
r5 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmsg$auto_L2TP_CMD_TUNNEL_GET(r3, &(0x7f0000001240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001200)={&(0x7f0000000480)=ANY=[@ANYRES8=r5, @ANYRES16=r5, @ANYBLOB="7c3b59719de2bbb416a1c65a463be32ddac8ee91c95b267e59d3c9d54cac029671b2d45b690f6553c598e8fdf1529201b2cb72f24378d166e1f45a2636234f268859497a62bc55910e01b02decc191ba3e750f5bc7766173a2eaf645574dd79e2fabc3132a7ffc49f8e3a396c8e2048ceb9a52252977c48f5c83e3d7b5db496bd0bb86655a016a3e8778a0486a030929ced1ebdf3d0a510fa6ec8263e0c8285cc40aaafd7fc08be7a489e21b7b5ec8bb5b551ddf57ab6928061de04b733397ba94e41bf653306bafe60127234d64faf1648b54a70ce76c38d37b43842e11273cf370ba9146d2dfb199bfc31e"], 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
close_range$auto(0x2, 0xa, 0x0)

3m42.023594933s ago: executing program 32 (id=1450):
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x20100, 0x0)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0xffffffffffffffff)
sendmsg$auto_PSAMPLE_CMD_GET_GROUP(r1, &(0x7f0000000340)={&(0x7f0000000180), 0xc, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x8014}, 0x805)
ioctl$auto_SNDCTL_TMR_START(r1, 0x5402, &(0x7f0000000000)="f00ba5579c8271484fdcef29cab58f86b1ef479133d363b9261d45e70299711e74c62f5069bdc0cbf6201a0b9220db0792107d34280de74c805a")
pread64$auto(r0, 0x0, 0x80008, 0x1000020000008000)
keyctl$auto(0x4, 0xfffffffe, 0x6, 0xffffffffffffffff, 0xe)
r2 = signalfd4$auto(r0, 0x0, 0x2, 0x200)
read$auto_l2cap_debugfs_fops_(r2, &(0x7f0000000380)=""/177, 0xb1)
mmap$auto(0x0, 0x10020009, 0x4000000000df, 0x40000000000eb1, r1, 0x8000)
move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000)
prctl$auto(0x10, 0x0, 0x0, 0x5, 0x3)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
setresuid$auto(0x0, 0x0, 0x0)
setresuid$auto(0xffffffffffffffff, 0x0, 0x8000)
socketpair$auto(0x7ff, 0x1, 0x8000000000000000, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc2481, 0x0)
recvmmsg$auto(r1, 0x0, 0x10000, 0x5, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff)
epoll_create$auto(0x4)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
mmap$auto(0x0, 0x40009, 0x7, 0x9b72, 0xffffffffffffffff, 0x28000)
r4 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cpu/1/msr\x00', 0xf82, 0x0)
readv$auto(r4, &(0x7f00000000c0)={0x0, 0x24}, 0x9)
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
setsockopt$auto_SO_OOBINLINE(r2, 0xfffc, 0xa, &(0x7f0000000080), 0x2)
r5 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmsg$auto_L2TP_CMD_TUNNEL_GET(r3, &(0x7f0000001240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001200)={&(0x7f0000000480)=ANY=[@ANYRES8=r5, @ANYRES16=r5, @ANYBLOB="7c3b59719de2bbb416a1c65a463be32ddac8ee91c95b267e59d3c9d54cac029671b2d45b690f6553c598e8fdf1529201b2cb72f24378d166e1f45a2636234f268859497a62bc55910e01b02decc191ba3e750f5bc7766173a2eaf645574dd79e2fabc3132a7ffc49f8e3a396c8e2048ceb9a52252977c48f5c83e3d7b5db496bd0bb86655a016a3e8778a0486a030929ced1ebdf3d0a510fa6ec8263e0c8285cc40aaafd7fc08be7a489e21b7b5ec8bb5b551ddf57ab6928061de04b733397ba94e41bf653306bafe60127234d64faf1648b54a70ce76c38d37b43842e11273cf370ba9146d2dfb199bfc31e"], 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
close_range$auto(0x2, 0xa, 0x0)

2m49.63061327s ago: executing program 1 (id=1541):
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) (async, rerun: 64)
r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) (rerun: 64)
writev$auto(r0, 0x0, 0x3) (async)
setreuid$auto(0x0, 0x20000000004)
r1 = socket(0x10, 0x2, 0x9)
sendmsg$auto_NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000005304"], 0x5f}, 0x1, 0x0, 0x0, 0x40040094}, 0x40) (async)
write$auto(r1, &(0x7f0000000000)='-\x00', 0x2fb) (async)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
syz_genetlink_get_family_id$auto_taskstats(0x0, 0xffffffffffffffff)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) (async, rerun: 32)
fcntl$auto_F_SETLK(0xffffffffffffffff, 0x6, 0x0) (async, rerun: 32)
pread64$auto(0xffffffffffffffff, 0x0, 0xe, 0x100000000007)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sda1\x00', 0x60742, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x82000, 0x0) (async)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) (async, rerun: 64)
mmap$auto(0x0, 0x400008, 0x1000df, 0x9b72, 0x2, 0x8000) (async, rerun: 64)
socket(0xa, 0x2, 0x3a) (async)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) (async)
madvise$auto(0x110c230000, 0x2, 0x7)
socket(0x2, 0xa, 0xe57a)
ioctl$auto(0x3, 0x9, 0xfffffffffffff4e0)
write$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 32)
write$auto(0x1, 0x0, 0x73c7) (async, rerun: 32)
openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5)

2m46.080724075s ago: executing program 1 (id=1545):
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x20342, 0x0)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000))
ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, &(0x7f00000001c0)={0x3}, 0x8)
write$auto(0x3, 0x0, 0x100082)
ioctl$auto_SNDCTL_DSP_SYNC(r0, 0x5001, 0xfffffffffffffffc)
socket(0x10, 0x2, 0x0)
socket(0x2, 0x1, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008)
r1 = socket(0x1f, 0x3, 0x400001)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000)
r2 = socket(0xf, 0x5, 0x20)
setsockopt$auto(r2, 0x6, 0xc, 0x0, 0x7fffffff)
mmap$auto(0x0, 0x20009, 0xdf, 0xebf, 0x401, 0x5)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/mountinfo\x00', 0x42100, 0x0)
syz_genetlink_get_family_id$auto_nlbl_unlbl(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10010}, 0xc, &(0x7f00000000c0)={&(0x7f0000001500)=ANY=[], 0x1094}, 0x1, 0x0, 0x0, 0x4081}, 0xc000)
write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40)
execve$auto(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
execve$auto(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)=&(0x7f0000000300)='#\xdc\xfe\xd8E\xc8\x8bu4\xd9n\xcb\xca\xc7zw \x96\x9ejh\xad\x9eEc\xae\x1e\x89\x92\x9a\xbbP[B\xae\x9cf)\x15\xac\x90)l\x06\xf0\t\x12\x05zz\xa6\xb3\xce=\x00\x00\x00\xf20/\xc4T\x1f\xe5P\xff\xb4\xb7s0\x02\xc5\x81\x93\xc6\xc8\xb6Sp\x1a{8\xfc\xe0,X\xc7BU\xd0\x97\x7f1\x16\x99\x04\xabu/a0\x02\x7f\xbb\xbd\x906\xa8\xce\xee\xcd\xd7\t\x00\xfb\x83\xc8\x8aO\xe9\xbe=\xf7\xf4\x84,\x06\xd3j\x99b\xe6\xf6Y3A\xbb\xa4\xb2\f\x1b\xc3\x8a,g\xc6\xe8[\xdf\x88\x01\x9f7\xb5\x19m\xd8\xc0\f-6\xfe\xa8\xed/u\x81_G\xfeR\xbb\x12|\x97\xabB4J\xed+-\xf8u0/n\xcf\x8b\x95\x9d\xab\xa8\xc47\xa6\x0e\xdeOq\\\xc3\'{\b\xd3m\x94\xc2\xdd{\xeaO\x0e\xe4\xe0\xb9N:\xd60\x17,\x06\xc7B#Y0\x99\xeb\x02\xfe\xd3k\xd5\xdcZ\xdcP\x8e+\xd8\xc7C\xcb\x15\x13c\xbf\xe8\xbd\"\x8f3\"\x14\xf8(\xda\x19\xcd\xec\x03.\xd9^\xc3A\xda\r[\x1a\xda\\#/\xd4\xaf\xd0\xe8\xa2\xdd\xc5{\xfa\xe0\x90\x8f\x99lQ\xec\x84h^\x11+\x93\b\xe0c\xe6\xd22\xf9\xa5\x94\xd0\xf5\xe7\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r4 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = openat$auto_trace_clock_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/trace_clock\x00', 0x0, 0x0)
ioctl$auto_UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f00000004c0)={0x1, 0x80, [{0xffffffffffffffff, 0x0, 0x5, 0xef0}, {r4, 0x0, 0xffffffffffffffff, 0x9}, {r1, 0x0, 0x10000333d, 0x7}, {r5, 0x0, 0x7, 0x2}, {r1, 0x0, 0x8, 0xd589}, {r2, 0x0, 0xa7, 0x2}]})

2m44.547521352s ago: executing program 1 (id=1546):
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs1\x00', 0x1, 0x0)
mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/can/reset_stats\x00', 0x100, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x0, 0x0)
openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/smaps\x00', 0xc0000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
open(&(0x7f0000000100)='.\x00', 0x591083, 0x408)
socketpair$auto(0x3, 0x4, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0xffffffffffffffff, 0x0)
open(0x0, 0x22240, 0x55)
openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2480c2, 0x0)
ioctl$auto(0x3, 0x80026f47, r0)

2m43.460278085s ago: executing program 1 (id=1548):
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty53\x00', 0x200, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0)
openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0)
select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x80000000, 0x1, 0xaef, 0x95f4da0a, 0x4461, 0x3, 0x62, 0x80000000, 0x10000000000004, 0x400000006d40, 0x1, 0x2, 0xfffffffffffffffe]}, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2b, 0x1, 0x1)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x7, 0xc45d, 0x7c, 0x6, 0x3, 0x2, 0x3, 0x3, 0x62, 0x80000022, 0x7, 0x6d3e, 0x2000000004000009, 0x2, 0x6]}, 0x0)
socket(0xa, 0x5, 0x94)
mmap$auto(0xf87f, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, 0x0)
writev$auto(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000000), 0x4}, 0x2)
close_range$auto(0x2, 0x8, 0x0)
getpgrp(0x0)
sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x4)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x60282, 0x0)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, 0x0)
write$auto(r1, 0x0, 0x100082)
close_range$auto(0x2, 0x8, 0x50)
mmap$auto(0x10000, 0xf4, 0xa, 0xeb1, 0x401, 0x5)

2m42.185501118s ago: executing program 1 (id=1550):
socketpair$auto(0x2, 0x5, 0x4, &(0x7f00000000c0)=0xd845)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x8080, 0x0)
mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/can/reset_stats\x00', 0x100, 0x0)
futex_requeue$auto(&(0x7f0000000200)={0x100000000, 0x7}, 0x3df, 0x7f5, 0x9)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x0, 0x0)
socket(0x15, 0x1, 0x0)
openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/smaps\x00', 0xc0000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
io_uring_register$auto(r0, 0xffff, &(0x7f0000000080)="5dee143f79e7049873f7f2a33db1", 0x40)
write$auto_vcs_fops_vc_screen(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
io_uring_setup$auto(0x1, 0x0)
r2 = openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/dri/vkms/Writeback-1/edid_override\x00', 0x40901, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r3 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000007480)='/dev/cec12\x00', 0x400, 0x0)
r4 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0)
io_uring_register$auto_IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, 0x0, 0xcfe5)
ioctl$auto(r4, 0x900064b0, r2)
ioctl$auto_CEC_RECEIVE(r3, 0xc0386106, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$auto(0x3, 0x4, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0xffffffffffffffff, 0x0)
read$auto(r1, &(0x7f0000000180)='+\x0e\x05\xa5\xf7(+/\x00\xa3\xed+A\xff\x94\xba\x1e8\x9dP\xa5\x98]5\xcb\xca\xd4\x85a\x14O\xe9P2', 0xffffffffffffffff)
open(0x0, 0xa2240, 0x64)

2m39.103088031s ago: executing program 1 (id=1553):
socket(0x2, 0x1, 0x0) (async)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async)
socket(0xa, 0x1, 0x84)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) (async)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
socket(0x2, 0x1, 0x0) (async)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/input/event0\x00', 0x40000, 0x0) (async, rerun: 32)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) (async, rerun: 32)
unshare$auto(0x40000080) (async)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_SEG6_CMD_SETHMAC(r1, &(0x7f0000001440)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000240)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="a9e129bd7000ffdb9f2501000040050004000700000008000300010001000500050000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008010) (async)
write$auto(r0, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
write$auto(r0, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) (async)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r0, 0x8000)
syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff)
mmap$auto(0x0, 0x9, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) (async, rerun: 32)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/net/ip_vs_conn\x00', 0xf00, 0x0) (async, rerun: 32)
socket(0x18, 0xa, 0x1)
socket(0xa, 0x2, 0x0) (async)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) (async)
setsockopt$auto(0x400000000000003, 0x29, 0x37, 0xffffffffffffffff, 0x0) (async)
socket(0xa, 0x2, 0x0) (async)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
ioctl$auto_KVM_GET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0x491, 0x400, 0x9}]}) (async)
openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000180), 0x80080, 0x0)

2m23.543848375s ago: executing program 33 (id=1553):
socket(0x2, 0x1, 0x0) (async)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async)
socket(0xa, 0x1, 0x84)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) (async)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
socket(0x2, 0x1, 0x0) (async)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/input/event0\x00', 0x40000, 0x0) (async, rerun: 32)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) (async, rerun: 32)
unshare$auto(0x40000080) (async)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_SEG6_CMD_SETHMAC(r1, &(0x7f0000001440)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000240)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="a9e129bd7000ffdb9f2501000040050004000700000008000300010001000500050000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008010) (async)
write$auto(r0, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
write$auto(r0, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) (async)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r0, 0x8000)
syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff)
mmap$auto(0x0, 0x9, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) (async, rerun: 32)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/net/ip_vs_conn\x00', 0xf00, 0x0) (async, rerun: 32)
socket(0x18, 0xa, 0x1)
socket(0xa, 0x2, 0x0) (async)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) (async)
setsockopt$auto(0x400000000000003, 0x29, 0x37, 0xffffffffffffffff, 0x0) (async)
socket(0xa, 0x2, 0x0) (async)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
ioctl$auto_KVM_GET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0x491, 0x400, 0x9}]}) (async)
openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000180), 0x80080, 0x0)

30.689029285s ago: executing program 2 (id=1733):
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty53\x00', 0x200, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0)
select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x80000000, 0x1, 0xaef, 0x95f4da0a, 0x4461, 0x3, 0x62, 0x80000000, 0x10000000000004, 0x400000006d40, 0x1, 0x2, 0xfffffffffffffffe]}, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2b, 0x1, 0x1)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x7, 0xc45d, 0x7c, 0x6, 0x3, 0x2, 0x3, 0x3, 0x62, 0x80000022, 0x7, 0x6d3e, 0x2000000004000009, 0x2, 0x6]}, 0x0)
socket(0xa, 0x5, 0x94)
mmap$auto(0xf87f, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, 0x0)
r1 = openat$auto_event_inject_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/inject\x00', 0x2, 0x0)
writev$auto(r1, &(0x7f0000000000)={&(0x7f0000000000), 0x4}, 0x2)
close_range$auto(0x2, 0x8, 0x0)
getpgrp(0x0)
sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x4)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x60282, 0x0)
msgctl$auto_IPC_INFO(0x44, 0x3, 0x0)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, 0x0)
write$auto(r2, 0x0, 0x100082)
close_range$auto(0x2, 0x8, 0x50)
mmap$auto(0x10000, 0xf4, 0xa, 0xeb1, 0x401, 0x5)
syz_clone3(&(0x7f0000000100)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58)
mmap$auto(0x8001, 0xff, 0x80000001, 0x1010, 0xffffffffffffffff, 0x28000)

27.055808496s ago: executing program 2 (id=1739):
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty53\x00', 0x200, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0)
select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x80000000, 0x1, 0xaef, 0x95f4da0a, 0x4461, 0x3, 0x62, 0x80000000, 0x10000000000004, 0x400000006d40, 0x1, 0x2, 0xfffffffffffffffe]}, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2b, 0x1, 0x1)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x7, 0xc45d, 0x7c, 0x6, 0x3, 0x2, 0x3, 0x3, 0x62, 0x80000022, 0x7, 0x6d3e, 0x2000000004000009, 0x2, 0x6]}, 0x0)
socket(0xa, 0x5, 0x94)
mmap$auto(0xf87f, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, 0x0)
r1 = openat$auto_event_inject_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/inject\x00', 0x2, 0x0)
writev$auto(r1, 0x0, 0x2)
close_range$auto(0x2, 0x8, 0x0)
getpgrp(0x0)
sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x4)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x60282, 0x0)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, 0x0)
write$auto(r2, 0x0, 0x100082)
close_range$auto(0x2, 0x8, 0x50)
mmap$auto(0x10000, 0xf4, 0xa, 0xeb1, 0x401, 0x5)
mmap$auto(0x8001, 0xff, 0x80000001, 0x1010, 0xffffffffffffffff, 0x28000)

25.303626529s ago: executing program 5 (id=1742):
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x200, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0)
select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x80000000, 0x1, 0xaef, 0x95f4da0a, 0x4461, 0x3, 0x62, 0x80000000, 0x10000000000004, 0x400000006d40, 0x1, 0x2, 0xfffffffffffffffe]}, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2b, 0x1, 0x1)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x7, 0xc45d, 0x7c, 0x6, 0x3, 0x2, 0x3, 0x3, 0x62, 0x80000022, 0x7, 0x6d3e, 0x2000000004000009, 0x2, 0x6]}, 0x0)
socket(0xa, 0x5, 0x94)
mmap$auto(0xf87f, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, 0x0)
writev$auto(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000000), 0x4}, 0x2)
close_range$auto(0x2, 0x8, 0x0)
getpgrp(0x0)
sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x4)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x60282, 0x0)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, 0x0)
write$auto(r1, 0x0, 0x100082)
close_range$auto(0x2, 0x8, 0x50)
mmap$auto(0x10000, 0xf4, 0xa, 0xeb1, 0x401, 0x5)

21.257762489s ago: executing program 5 (id=1745):
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x20342, 0x0)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000))
ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, &(0x7f00000001c0)={0x3}, 0x8)
write$auto(0x3, 0x0, 0x100082)
ioctl$auto_SNDCTL_DSP_SYNC(r0, 0x5001, 0xfffffffffffffffc)
socket(0x2, 0x1, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000)
r1 = socket(0xf, 0x5, 0x20)
setsockopt$auto(r1, 0x6, 0xc, 0x0, 0x7fffffff)
mmap$auto(0x0, 0x20009, 0xdf, 0xebf, 0x401, 0x5)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/mountinfo\x00', 0x42100, 0x0)
sendmsg$auto_NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10010}, 0xc, &(0x7f00000000c0)={&(0x7f0000001500)=ANY=[], 0x1094}, 0x1, 0x0, 0x0, 0x4081}, 0xc000)
write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
ioctl$auto(0xffffffffffffffff, 0x57, r2)
execve$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
execve$auto(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
r3 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = openat$auto_trace_clock_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/trace_clock\x00', 0x0, 0x0)
ioctl$auto_UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f00000004c0)={0x1, 0x80, [{0xffffffffffffffff, 0x0, 0x5, 0xef0}, {r3, 0x0, 0xffffffffffffffff, 0x9}, {0xffffffffffffffff, 0x0, 0x10000333d, 0x7}, {r4, 0x0, 0x7, 0x2}, {0xffffffffffffffff, 0x0, 0x8, 0xd589}, {r1, 0x0, 0xa7, 0x2}]})

20.218079059s ago: executing program 2 (id=1746):
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs1\x00', 0x1, 0x0)
mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/can/reset_stats\x00', 0x100, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x0, 0x0)
openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/smaps\x00', 0xc0000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
open(&(0x7f0000000100)='.\x00', 0x591083, 0x408)
socketpair$auto(0x3, 0x4, 0x8000000000000000, 0x0)
open(0x0, 0x22240, 0x55)
openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2480c2, 0x0)
ioctl$auto(0x3, 0x80026f47, r0)

15.861714481s ago: executing program 5 (id=1748):
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty53\x00', 0x200, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0)
select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x80000000, 0x1, 0xaef, 0x95f4da0a, 0x4461, 0x3, 0x62, 0x80000000, 0x10000000000004, 0x400000006d40, 0x1, 0x2, 0xfffffffffffffffe]}, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2b, 0x1, 0x1)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x7, 0xc45d, 0x7c, 0x6, 0x3, 0x2, 0x3, 0x3, 0x62, 0x80000022, 0x7, 0x6d3e, 0x2000000004000009, 0x2, 0x6]}, 0x0)
socket(0xa, 0x5, 0x94)
mmap$auto(0xf87f, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, 0x0)
r1 = openat$auto_event_inject_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/inject\x00', 0x2, 0x0)
writev$auto(r1, &(0x7f0000000000)={0x0, 0x4}, 0x2)
close_range$auto(0x2, 0x8, 0x0)
getpgrp(0x0)
sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x4)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x60282, 0x0)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, 0x0)
write$auto(r2, 0x0, 0x100082)
close_range$auto(0x2, 0x8, 0x50)
mmap$auto(0x10000, 0xf4, 0xa, 0xeb1, 0x401, 0x5)
mmap$auto(0x8001, 0xff, 0x80000001, 0x1010, 0xffffffffffffffff, 0x28000)

15.085711078s ago: executing program 2 (id=1750):
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty53\x00', 0x200, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x80000000, 0x1, 0xaef, 0x95f4da0a, 0x4461, 0x3, 0x62, 0x80000000, 0x10000000000004, 0x400000006d40, 0x1, 0x2, 0xfffffffffffffffe]}, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2b, 0x1, 0x1)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x7, 0xc45d, 0x7c, 0x6, 0x3, 0x2, 0x3, 0x3, 0x62, 0x80000022, 0x7, 0x6d3e, 0x2000000004000009, 0x2, 0x6]}, 0x0)
socket(0xa, 0x5, 0x94)
mmap$auto(0xf87f, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, 0x0)
r1 = openat$auto_event_inject_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/inject\x00', 0x2, 0x0)
writev$auto(r1, &(0x7f0000000000)={0x0, 0x4}, 0x2)
close_range$auto(0x2, 0x8, 0x0)
getpgrp(0x0)
sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x4)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
r2 = clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x60282, 0x0)
msgctl$auto_IPC_INFO(0x44, 0x3, &(0x7f00000001c0)={{0x0, 0x0, 0x0, 0x2, 0x57e, 0xffff8001}, 0x0, 0x0, 0x0, 0x9, 0x400, 0xfffffffffffffff9, 0x2, 0x18, 0x0, 0xfff8, @inferred=r2, @inferred=r2})
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, 0x0)
write$auto(r3, 0x0, 0x100082)
close_range$auto(0x2, 0x8, 0x50)
mmap$auto(0x10000, 0xf4, 0xa, 0xeb1, 0x401, 0x5)

11.36323581s ago: executing program 5 (id=1757):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/pci0000:00/0000:00:03.0/resource0\x00', 0x103000, 0x0) (async)
r1 = socket(0xa, 0x1, 0x84)
getsockopt$auto(r1, 0x84, 0x7d, 0x0, &(0x7f0000000000)=0x9b) (async)
mbind$auto(0x100000000, 0x1, 0x9, &(0x7f0000000040)=0x48000000, 0xbca, 0x5) (async, rerun: 32)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) (rerun: 32)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/bus/hid/drivers/hid-alps/bind\x00', 0x14780, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b75, 0x2, 0x800008001) (async, rerun: 32)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async, rerun: 32)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x3000000, 0x0, 0x1, 0x0, 0x10000000000000, 0x2}, 0x895}, 0x3, 0x0)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/netfs/volumes\x00', 0x0, 0x0) (async)
r2 = getpid()
process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) (async)
bpf$auto(0x5, &(0x7f0000000000)=@iter_create={0x15, 0x8}, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async, rerun: 32)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb2, 0x403, 0x8000) (async, rerun: 32)
mlock$auto(0xfbe8, 0x1000000000000004) (async, rerun: 64)
read$auto(r0, 0x0, 0x4401) (async, rerun: 64)
mmap$auto(0x3ff, 0x40000a, 0x9, 0x7f, 0x2, 0x8000) (async)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) (async)
syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) (async)
mkdir$auto(&(0x7f00000001c0)='./file0\x00', 0x0)
mmap$auto(0x7, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async)
socket(0x2b, 0x1, 0x1) (async)
syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff)
unshare$auto(0x8000000) (async)
semget$auto(0x0, 0x13c, 0x1ff)
syz_clone(0x2360411, 0x0, 0x0, 0x0, 0x0, 0x0)
futex$auto(0x0, 0x6, 0x7, 0x0, 0x0, 0x80000002) (async)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/power/resume\x00', 0x58d081, 0x0) (async)
mmap$auto(0x0, 0xfffffffffffffff9, 0xdf, 0x9b72, 0x2, 0x7ffd)

10.305276008s ago: executing program 2 (id=1761):
mmap$auto(0x0, 0x40, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a000100000000000000000008000400fa00000008000200", @ANYRES32=0x0, @ANYBLOB="0800040073090000"], 0x68}, 0x1, 0x0, 0x0, 0x18a64d47ddeca1f0}, 0x40090)
socket(0x2, 0x3, 0x100)
socket(0x10, 0x2, 0x0)
socket(0x10, 0x2, 0x0)
sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00082dbd7000fedbdf250300000008000400b70a0000060007000080000008000200", @ANYRES32, @ANYBLOB="0a0005000180c200000e00000a0001000180c200000e00000a000100aaaaaaaaaa35000008000200", @ANYBLOB="060006000500dfff08000d"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
clone$auto(0x801fd, 0x3, 0x0, 0x0, 0x15)

9.885447875s ago: executing program 5 (id=1762):
move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000)
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
ioctl$auto_VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, 0x0)
r1 = socketpair$auto(0xf, 0x7fff, 0x4, &(0x7f0000000180)=0x8)
openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/enable\x00', 0x2040, 0x0)
readv$auto(r1, &(0x7f0000000100)={&(0x7f0000000140), 0x6}, 0xfffffffffffffffe)
mmap$auto(0x0, 0x20006, 0x4000000000de, 0x10010, 0xffffffffffffffff, 0x8001)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.7/usb8/power/autosuspend\x00', 0xa0302, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
bind$auto(0xffffffffffffffff, &(0x7f0000000140)=@nl=@kern={0x10, 0x0, 0x0, 0x22}, 0xfff)
syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000040), 0xffffffffffffffff)
write$auto(0x3, 0x0, 0xfdef)
r2 = openat$auto_dev_fops_plock(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
fcntl$auto(r2, 0x8, 0xffffffffffffffff)
r3 = fcntl$getown(0xffffffffffffffff, 0x9)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r4 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mount_setattr$auto(r4, 0x0, 0x5, 0x0, 0x8)
read$auto(0x4, 0x0, 0xfdef)
msgctl$auto_IPC_SET(0x80, 0x1, &(0x7f0000000080)={{0x7, 0x0, 0xee00, 0x6, 0x7ff, 0xa, 0x8}, 0x0, 0x0, 0x5, 0x1, 0x0, 0x5, 0x80000000000c, 0xad2a, 0x83, 0x2, @raw=0x5, @inferred=r3})
openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0x101500, 0x0)
ioctl$auto_BLKIOMIN(0xffffffffffffffff, 0x1278, 0x0)

8.950630328s ago: executing program 2 (id=1764):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
write$auto(0x3, 0x0, 0x7fffffff)
write$auto(0x1, 0x0, 0x80000000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x210000, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000280)=""/234, 0xea)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = socketcall$auto_SYS_SOCKETPAIR(0x8, 0x0)
ioctl$auto_XFS_IOC_OPEN_BY_HANDLE(r1, 0xc038586b, &(0x7f0000000100)={r1, &(0x7f0000000080)="6817e6b473bbbb3d81347b8e9718b70f", 0xe, &(0x7f0000000180)="6a6794161ee03a5877ddd54dcb1f04673ce47306311219d87725dc97ae4c3b6e8622a1802775f1a86afa25ef2201b6c321bc3fc8f308b9ddf95e71b11e3fba0e0714da5a5b560b8156edfdec6c21beef7e4333020e2732a9626a5d1e1d9c2552c65bbe7e06c54118bd3eeadcecc5746804b4ba35496bbc8312bcbeeb840e57430fdb761fb92a714dd3c6e59c86258d71ca6a6767071cfdb63174745cf97063", 0xe0, &(0x7f0000000380)="6e56a4251c4c5b140aebf424a259feb1bd6c9207b41fc56663a187cd41e9782dec8082c36b5ba9d95bc32a3de99d941a808ebb98eb9784d7bd0ef9bb2436c6a12084ce7d0f9598c2e315266980e15e8d40adcb90221dbe5703b1e27ee7077f5576b241fed8057d32cee4bffa467c90fd10ac2ea63bbb4c7a6ba9ba866409217fe139feecbe7e4d2eab8617a091d0fe33332efc06dddbee84a1c9fa0d751a7f144b3c08066db9671ab543203b873009901435cde475b36363dd7199dee72e509df09fa6efec10287ed9db24a08048cf3717d9500df46bb1196f2d232b", &(0x7f00000000c0)=0xfffffd99})
r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000780)='/proc/self/fail-nth\x00', 0x80000, 0x0)
splice$auto(r2, 0x0, r1, &(0x7f0000000800)=0x40, 0x1, 0x1)
getrandom$auto(0x0, 0x6000000, 0x83)
ioctl$auto_SNDCTL_DSP_GETOSPACE(0xffffffffffffffff, 0x8010500c, &(0x7f0000004040))
mmap$auto(0x100000000005, 0x783, 0x3, 0x8000000008011, 0xffffffffffffffff, 0x40)
mmap$auto(0x0, 0xa, 0x72, 0x8b72, 0x2, 0x8000)
pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xf5s\x1cJ\x99\x8a>c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3)
socket(0xa, 0x5, 0x0)
listen$auto(0x3, 0x81)
fcntl$auto(0x0, 0x407, 0x1)
sendfile$auto(0x1, 0x3, 0x0, 0x6)
r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x10b142, 0x0)
sendfile$auto(r3, r4, 0x0, 0x1000200)

8.234464223s ago: executing program 4 (id=1765):
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x20100, 0x0)
mmap$auto(0x0, 0x202000b, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
read$auto(0xffffffffffffffff, 0x0, 0x9)
close_range$auto(0x2, 0x8, 0x0)
socket(0x1e, 0x805, 0x0)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x60840, 0x0)
ioctl$auto(0x3, 0x40045532, 0x38)
r0 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC1D0c\x00', 0x88c00, 0x0)
ioctl$auto_SNDRV_PCM_IOCTL_DRAIN2(r0, 0x4144, 0x0)

7.87633223s ago: executing program 4 (id=1766):
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty53\x00', 0x200, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x109302, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0)
select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x80000000, 0x1, 0xaef, 0x95f4da0a, 0x4461, 0x3, 0x62, 0x80000000, 0x10000000000004, 0x400000006d40, 0x1, 0x2, 0xfffffffffffffffe]}, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2b, 0x1, 0x1)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x7, 0xc45d, 0x7c, 0x6, 0x3, 0x2, 0x3, 0x3, 0x62, 0x80000022, 0x7, 0x6d3e, 0x2000000004000009, 0x2, 0x6]}, 0x0)
socket(0xa, 0x5, 0x94)
mmap$auto(0xf87f, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, 0x0)
writev$auto(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000000), 0x4}, 0x2)
close_range$auto(0x2, 0x8, 0x0)
getpgrp(0x0)
sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x4)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x60282, 0x0)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, 0x0)
write$auto(r1, 0x0, 0x100082)
close_range$auto(0x2, 0x8, 0x50)
mmap$auto(0x10000, 0xf4, 0xa, 0xeb1, 0x401, 0x5)

6.842610288s ago: executing program 4 (id=1768):
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs1\x00', 0x1, 0x0)
mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/can/reset_stats\x00', 0x100, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x0, 0x0)
openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/smaps\x00', 0xc0000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$auto(0x3, 0x4, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0xffffffffffffffff, 0x0)
open(0x0, 0x22240, 0x55)
openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2480c2, 0x0)
ioctl$auto(0x3, 0x80026f48, r0)

6.577341171s ago: executing program 3 (id=1769):
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty53\x00', 0x200, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0)
select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x80000000, 0x1, 0xaef, 0x95f4da0a, 0x4461, 0x3, 0x62, 0x80000000, 0x10000000000004, 0x400000006d40, 0x1, 0x2, 0xfffffffffffffffe]}, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2b, 0x1, 0x1)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x7, 0xc45d, 0x7c, 0x6, 0x3, 0x2, 0x3, 0x3, 0x62, 0x80000022, 0x7, 0x6d3e, 0x2000000004000009, 0x2, 0x6]}, 0x0)
socket(0xa, 0x5, 0x94)
mmap$auto(0xf87f, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, 0x0)
r1 = openat$auto_event_inject_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/inject\x00', 0x2, 0x0)
writev$auto(r1, &(0x7f0000000000)={&(0x7f0000000000), 0x4}, 0x2)
close_range$auto(0x2, 0x8, 0x0)
getpgrp(0x0)
sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x4)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x60282, 0x0)
msgctl$auto_IPC_INFO(0x44, 0x3, 0x0)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, 0x0)
write$auto(r2, 0x0, 0x100082)
close_range$auto(0x2, 0x8, 0x50)
mmap$auto(0x10000, 0xf4, 0xa, 0xeb1, 0x401, 0x5)
syz_clone3(&(0x7f0000000100)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58)
mmap$auto(0x8001, 0xff, 0x80000001, 0x1010, 0xffffffffffffffff, 0x28000)

5.674713826s ago: executing program 4 (id=1770):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003140), r0)
sendmsg$auto_ETHTOOL_MSG_COALESCE_GET(r0, &(0x7f0000003200)={0x0, 0x0, &(0x7f00000031c0)={&(0x7f0000001100)=ANY=[@ANYBLOB="270000f7f7049b8732ccf75a7500"], 0x14}, 0x1, 0x0, 0x0, 0x6000091}, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/lru_gen/enabled\x00', 0x0, 0x0)
mmap$auto(0x0, 0x2000b, 0x4, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080)
close_range$auto(0x2, 0x8, 0x0)
memfd_create$auto(0x0, 0xe)
openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000001180)='/sys/kernel/security/tomoyo/manager\x00', 0x2, 0x0)
write$auto(0x3, 0x0, 0xfdf3)
fchdir$auto(0xffffffffffffffff)
pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9)
execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0)

3.551515063s ago: executing program 4 (id=1771):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_TIPC_NL_MON_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000000140)=ANY=[@ANYRES32=r0, @ANYRES16, @ANYRESHEX=r0], 0x24}, 0x1, 0x0, 0x0, 0x4000010}, 0xc050) (async)
keyctl$auto(0x217, 0xffffffffffffffff, 0x0, 0x0, 0x1c00000000003) (async)
mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000) (async)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/firmware/acpi/hotplug/pci_root/enabled\x00', 0x41e102, 0x0)
write$auto(r1, 0x0, 0x7d) (async)
symlink$auto(&(0x7f0000000140)='./file0/file0\x00', &(0x7f0000001200)='./file0\x00') (async)
open(&(0x7f0000000000)='./file0\x00', 0x149443, 0x14) (async)
socket(0x7ce6af129ba5bc6c, 0x80000, 0x4) (async)
unshare$auto(0x3) (async)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0)
write$auto_tty_fops_tty_io(r2, &(0x7f0000000080)="976f09bd689a850e08e36136c8535f593331280bb0b4ba0edd7932ab185cca064833fda24d0f81d1b16c3cca5b2611827c2f1ca88bb01e672131c262d346b5601f538ccf285e7a197166480ef899794cab4b61107cdae019c6139c44b5f08880e8c8fee8761b5d52", 0xc3) (async)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) (async)
r3 = openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x101202, 0x0)
write$auto_nvmf_dev_fops_fabrics(r3, 0x0, 0x0)
write$auto(r3, 0x0, 0x7) (async)
mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
io_uring_setup$auto(0x2bf, 0x0) (async)
socket(0x2, 0x1, 0x0)
r4 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sg0\x00', 0x103002, 0x0)
write$auto_sg_fops_sg(r4, &(0x7f0000000040)="01000000000d0000624c492f4aa7d4bbe91b3ddc84d02747403bbca33c95be8fb08baf91e29260d0deefa78dc1e77a5d", 0x30) (async)
socket(0x2, 0xa, 0xb) (async)
sysfs$auto(0x2, 0x0, 0x0)
epoll_create$auto(0x5) (async)
epoll_ctl$auto(0x5, 0x1, 0xffffffffffffffff, 0x0) (async)
mmap$auto(0x105, 0x0, 0x7f, 0xeb3, 0x401, 0x5) (async)
epoll_ctl$auto(0x5, 0xfffffffe, 0xffffffffffffffff, 0x0)
close_range$auto(0x2, 0x8, 0x1f8) (async)
openat$auto_sc_seq_fops_netdebug(0xffffffffffffff9c, 0x0, 0x199080, 0x0)

3.084255128s ago: executing program 4 (id=1772):
sendmsg$auto_SMC_NETLINK_ENABLE_SEID(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x2d, 0x0, 0x1f, 0x80000000}, 0xc, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x40080}, 0x4048014)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
memfd_create$auto(0x0, 0xe)
openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000001180)='/sys/kernel/security/tomoyo/manager\x00', 0x2, 0x0)
write$auto(0x3, 0x0, 0xfdf3)
fchdir$auto(0xffffffffffffffff)
pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9)
execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000140)=""/12, 0xc)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20681, 0x0)
openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0)

2.756954693s ago: executing program 3 (id=1773):
r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x40400, 0x48)
fchmodat$auto(r1, &(0x7f0000000080)='./cgroup\x00', 0x3) (async, rerun: 32)
setsockopt$auto_SO_RESERVE_MEM(r1, 0x3, 0x49, &(0x7f0000000000)='/dev/uinput\x00', 0xff) (async, rerun: 32)
ioctl$auto_UI_SET_KEYBIT(r0, 0x40045565, &(0x7f0000000080)=0x8)

2.253306853s ago: executing program 5 (id=1774):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), 0xffffffffffffffff)
sendmsg$auto_NET_SHAPER_CMD_GROUP(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2004c804}, 0x14)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000000c0), r0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
r1 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_OVS_FLOW_CMD_GET(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={0x28, r1, 0x1, 0x70bd25, 0x25dfdc02, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0x10, 0x1, 0x0, 0x1, [@nested={0xc, 0x10, 0x0, 0x1, [@typed={0x8, 0xf2, 0x0, 0x0, @uid}]}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800)
madvise$auto(0x0, 0x2003f0, 0x15)
madvise$auto(0x0, 0x200007, 0x19)
timerfd_create$auto(0x9, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
inotify_add_watch$auto(0xffffffffffffffff, 0x0, 0x0)
openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D1p\x00', 0x0, 0x0)
bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x3, 0x8, 0xc, 0x2e, 0x0, 0x3}, 0x6f4)
bpf$auto(0x4, &(0x7f00000001c0)=@bpf_attr_1={0x3, 0xca96, @next_key=0x5, 0x6}, 0x1)
write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x2, 0x9, 0x2, 0x6]}, 0x0)
close_range$auto(0x2, 0xa, 0x0)

1.832115585s ago: executing program 3 (id=1775):
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x20100, 0x0)
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x8000, 0x0)
read$auto(r0, 0x0, 0x9)
close_range$auto(0x2, 0x8, 0x0)
socket(0x1e, 0x805, 0x0)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x60840, 0x0)
ioctl$auto(0x3, 0x40045532, 0x38)
r1 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC1D0c\x00', 0x88c00, 0x0)
ioctl$auto_SNDRV_PCM_IOCTL_DRAIN2(r1, 0x4144, 0x0)

897.296244ms ago: executing program 3 (id=1776):
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x20100, 0x0)
mmap$auto(0x0, 0x202000b, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
read$auto(0xffffffffffffffff, 0x0, 0x9)
close_range$auto(0x2, 0x8, 0x0)
socket(0x1e, 0x805, 0x0)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x60840, 0x0)
ioctl$auto(0x3, 0x40045532, 0x38)
r0 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC1D0c\x00', 0x88c00, 0x0)
ioctl$auto_SNDRV_PCM_IOCTL_DRAIN2(r0, 0x4144, 0x0)

328.929329ms ago: executing program 3 (id=1777):
socket(0x10, 0x2, 0x4)
mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000)
uname$auto(&(0x7f0000000300)={"a8fffc7c3bcb1e63cf9f83aa1bd8ffcb0d0b7de71ada11bfa32af2ffb4424167f32c52e55638bffa9e87547e7a28d6c6ef989deddf658194b86344107a0873650f", "bcb13b6181a0237cc851b47c161fee00552fe5225a48d42083b3029e79e9fdba4e0ebca162b0313cd9ab9dbd7ee13d207d2dc34f4cb8557daee65d58de09045781", "b40164dca14746f32306b943fd0824101b1ad651ee577c526b1fdf881aec78917c6c48eb63383a6bdfe3a631d9705ecdb7e90f4515b61dc1d1a96562f861efdea9", "236bf3a306342b890be47569acd9f7bc814c49669c8c0a2642e31fcab383a90f5f76d10f4d0bc08bb8a150dbc7dae9797428f08731c7c3aadaf4bd095c3d7da2ca", "2ce6f6b4aa08dff5044eb55fce512c32eee01ff81f47b7bd61869f2b7e5a52ad57d7f598cbcf0683d7810cdb4a54c0038d82aabf3ecd6b2484e8938e5adfbe14a9", "dd3fe3201f747ca71481337ef1aba06a441396451faa70d615383b4fb71c71ad952ef8f5d40066b2fb0e5b9491416041f483b6c6a9f8a488056c8c77f844f9c920"}) (async)
uname$auto(&(0x7f0000000300)={"a8fffc7c3bcb1e63cf9f83aa1bd8ffcb0d0b7de71ada11bfa32af2ffb4424167f32c52e55638bffa9e87547e7a28d6c6ef989deddf658194b86344107a0873650f", "bcb13b6181a0237cc851b47c161fee00552fe5225a48d42083b3029e79e9fdba4e0ebca162b0313cd9ab9dbd7ee13d207d2dc34f4cb8557daee65d58de09045781", "b40164dca14746f32306b943fd0824101b1ad651ee577c526b1fdf881aec78917c6c48eb63383a6bdfe3a631d9705ecdb7e90f4515b61dc1d1a96562f861efdea9", "236bf3a306342b890be47569acd9f7bc814c49669c8c0a2642e31fcab383a90f5f76d10f4d0bc08bb8a150dbc7dae9797428f08731c7c3aadaf4bd095c3d7da2ca", "2ce6f6b4aa08dff5044eb55fce512c32eee01ff81f47b7bd61869f2b7e5a52ad57d7f598cbcf0683d7810cdb4a54c0038d82aabf3ecd6b2484e8938e5adfbe14a9", "dd3fe3201f747ca71481337ef1aba06a441396451faa70d615383b4fb71c71ad952ef8f5d40066b2fb0e5b9491416041f483b6c6a9f8a488056c8c77f844f9c920"})
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) (async)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
setgroups$auto(0x6, &(0x7f0000000000)=0x7)
sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000)
bpf$auto(0x3, &(0x7f00000001c0)=@task_fd_query={0x0, 0xffffffffffffffff, 0x8, 0x10013, 0x80200000008, 0x2, 0x5f, 0x20000000000803}, 0x6f0) (async)
bpf$auto(0x3, &(0x7f00000001c0)=@task_fd_query={0x0, 0xffffffffffffffff, 0x8, 0x10013, 0x80200000008, 0x2, 0x5f, 0x20000000000803}, 0x6f0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)

0s ago: executing program 3 (id=1778):
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs1\x00', 0x1, 0x0)
mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/can/reset_stats\x00', 0x100, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x0, 0x0)
openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/smaps\x00', 0xc0000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$auto(0x3, 0x4, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0xffffffffffffffff, 0x0)
open(0x0, 0x22240, 0x55)
openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2480c2, 0x0)
ioctl$auto(0x3, 0x80026f48, r0)

kernel console output (not intermixed with test programs):

is_watching+0x12/0xc0
[  562.981851][T10876]  do_syscall_64+0xcd/0x230
[  562.981888][T10876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  562.981911][T10876] RIP: 0033:0x7ffbc378e969
[  562.981929][T10876] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  562.981951][T10876] RSP: 002b:00007ffbc46270e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  562.981972][T10876] RAX: ffffffffffffffda RBX: 00007ffbc39b6168 RCX: 00007ffbc378e969
[  562.981987][T10876] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ffbc39b616c
[  562.982001][T10876] RBP: 00007ffbc39b6160 R08: 00007ffbc466a000 R09: 0000000000000000
[  562.982015][T10876] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007ffbc39b616c
[  562.982030][T10876] R13: 0000000000000000 R14: 00007ffc4fde69e0 R15: 00007ffc4fde6ac8
[  562.982059][T10876]  </TASK>
[  566.553522][T10907] could not allocate digest TFM handle 
[  568.052170][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  568.058487][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  570.793784][T10945] netlink: 330 bytes leftover after parsing attributes in process `syz.2.922'.
[  572.081304][T10958] can: request_module (can-proto-3) failed.
[  577.865338][ T5839] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260
[  577.865376][ T5839] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260
[  577.881241][ T5839] Bluetooth: hci3: Unknown advertising packet type: 0x7f
[  577.881271][ T5839] Bluetooth: hci3: adv larger than maximum supported
[  577.888329][ T5839] Bluetooth: hci3: Unknown advertising packet type: 0x60
[  577.895136][ T5839] Bluetooth: hci3: Malformed LE Event: 0x0d
[  581.867744][T11039] could not allocate digest TFM handle 
[  583.351485][T11056] could not allocate digest TFM handle 
[  586.470264][T11086] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  587.411169][T11093] can: request_module (can-proto-3) failed.
[  587.952887][T11099] netlink: 330 bytes leftover after parsing attributes in process `syz.1.945'.
[  589.015941][T11121] netlink: 28 bytes leftover after parsing attributes in process `syz.3.949'.
[  590.897151][T11150] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12
[  594.968677][T11167] netlink: 8 bytes leftover after parsing attributes in process `syz.1.958'.
[  596.446721][T11198] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  597.394842][T11213] netlink: 198 bytes leftover after parsing attributes in process `syz.3.967'.
[  597.448150][T11213] netlink: 198 bytes leftover after parsing attributes in process `syz.3.967'.
[  598.072876][T11213] netlink: 198 bytes leftover after parsing attributes in process `syz.3.967'.
[  598.956688][ T5839] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  601.155977][T11271] netlink: 28 bytes leftover after parsing attributes in process `syz.2.981'.
[  601.965223][T11286] openvswitch: netlink: Tunnel attr 242 out of range max 16
[  606.802952][T11339] netlink: 330 bytes leftover after parsing attributes in process `syz.2.995'.
[  607.599635][T11345] openvswitch: netlink: Tunnel attr 242 out of range max 16
[  609.360075][T11365] misc userio: No port type given on /dev/userio
[  612.221571][T11397] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1005'.
[  614.481588][T11413] FAULT_INJECTION: forcing a failure.
[  614.481588][T11413] name failslab, interval 1, probability 0, space 0, times 0
[  614.520219][T11413] CPU: 0 UID: 0 PID: 11413 Comm: syz.3.1008 Tainted: G     U              6.15.0-rc6-syzkaller-00047-ge9565e23cd89 #0 PREEMPT(full) 
[  614.520275][T11413] Tainted: [U]=USER
[  614.520284][T11413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  614.520301][T11413] Call Trace:
[  614.520310][T11413]  <TASK>
[  614.520321][T11413]  dump_stack_lvl+0x16c/0x1f0
[  614.520370][T11413]  should_fail_ex+0x512/0x640
[  614.520410][T11413]  ? fs_reclaim_acquire+0xae/0x150
[  614.520458][T11413]  ? security_inode_init_security+0x13f/0x390
[  614.520502][T11413]  should_failslab+0xc2/0x120
[  614.520536][T11413]  __kmalloc_noprof+0xd2/0x510
[  614.520582][T11413]  security_inode_init_security+0x13f/0x390
[  614.520636][T11413]  ? __pfx_shmem_initxattrs+0x10/0x10
[  614.520685][T11413]  ? __pfx_security_inode_init_security+0x10/0x10
[  614.520749][T11413]  shmem_mknod+0x22e/0x450
[  614.520784][T11413]  ? __pfx_shmem_create+0x10/0x10
[  614.520810][T11413]  lookup_open.isra.0+0x11d0/0x1580
[  614.520883][T11413]  ? __pfx_lookup_open.isra.0+0x10/0x10
[  614.520951][T11413]  ? __pfx_down_write+0x10/0x10
[  614.520992][T11413]  ? mnt_get_write_access+0x20c/0x300
[  614.521040][T11413]  path_openat+0x905/0x2d40
[  614.521086][T11413]  ? __pfx_path_openat+0x10/0x10
[  614.521116][T11413]  ? __lock_acquire+0xaa4/0x1ba0
[  614.521161][T11413]  do_filp_open+0x20b/0x470
[  614.521194][T11413]  ? __pfx_do_filp_open+0x10/0x10
[  614.521249][T11413]  ? _raw_spin_unlock+0x28/0x50
[  614.521279][T11413]  ? alloc_fd+0x471/0x7d0
[  614.521324][T11413]  do_sys_openat2+0x11b/0x1d0
[  614.521356][T11413]  ? __pfx_do_sys_openat2+0x10/0x10
[  614.521400][T11413]  __x64_sys_open+0x153/0x1e0
[  614.521433][T11413]  ? __pfx___x64_sys_open+0x10/0x10
[  614.521472][T11413]  ? rcu_is_watching+0x12/0xc0
[  614.521496][T11413]  do_syscall_64+0xcd/0x230
[  614.521532][T11413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  614.521555][T11413] RIP: 0033:0x7fcb6238e969
[  614.521573][T11413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  614.521595][T11413] RSP: 002b:00007fcb63291038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  614.521617][T11413] RAX: ffffffffffffffda RBX: 00007fcb625b6080 RCX: 00007fcb6238e969
[  614.521632][T11413] RDX: 0000000000000100 RSI: 0000000000161342 RDI: 0000200000000000
[  614.521646][T11413] RBP: 00007fcb62410ab1 R08: 0000000000000000 R09: 0000000000000000
[  614.521659][T11413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  614.521672][T11413] R13: 0000000000000000 R14: 00007fcb625b6080 R15: 00007fffae7d4368
[  614.521702][T11413]  </TASK>
[  615.767863][ T5839] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260
[  615.767912][ T5839] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260
[  615.782916][ T5839] Bluetooth: hci1: Unknown advertising packet type: 0x7f
[  615.782959][ T5839] Bluetooth: hci1: adv larger than maximum supported
[  615.790044][ T5839] Bluetooth: hci1: Unknown advertising packet type: 0x60
[  615.797226][ T5839] Bluetooth: hci1: Malformed LE Event: 0x0d
[  617.133045][T11434] can: request_module (can-proto-3) failed.
[  618.224106][T11454] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1015'.
[  619.881358][T11479] can: request_module (can-proto-3) failed.
[  624.452311][T11527] openvswitch: netlink: Tunnel attr 242 out of range max 16
[  625.975591][T11532] ptm ptm40: ldisc open failed (-12), clearing slot 40
[  629.465845][T11559] usbcore.quirks: string doesn't fit in 127 chars.
[  629.497320][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  629.504237][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  635.007894][T11602] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1045'.
[  635.276699][ T5839] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260
[  635.276778][ T5839] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260
[  635.294416][ T5839] Bluetooth: hci3: Unknown advertising packet type: 0x7f
[  635.294449][ T5839] Bluetooth: hci3: adv larger than maximum supported
[  635.301780][ T5839] Bluetooth: hci3: Malformed LE Event: 0x0d
[  637.744352][T11645] sctp: [Deprecated]: syz.2.1052 (pid 11645) Use of int in max_burst socket option deprecated.
[  637.744352][T11645] Use struct sctp_assoc_value instead
[  639.664414][T11651] openvswitch: netlink: Tunnel attr 242 out of range max 16
[  641.181833][T11672] openvswitch: netlink: Tunnel attr 242 out of range max 16
[  641.814450][ T5839] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260
[  641.814488][ T5839] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260
[  641.831557][ T5839] Bluetooth: hci2: Unknown advertising packet type: 0x7f
[  641.831600][ T5839] Bluetooth: hci2: adv larger than maximum supported
[  641.838689][ T5839] Bluetooth: hci2: Unknown advertising packet type: 0x60
[  641.845881][ T5839] Bluetooth: hci2: Malformed LE Event: 0x0d
[  645.106288][T11712] could not allocate digest TFM handle 
[  645.115249][T11719] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1068'.
[  645.602650][T11724] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1067'.
[  645.635284][T11724] FAULT_INJECTION: forcing a failure.
[  645.635284][T11724] name failslab, interval 1, probability 0, space 0, times 0
[  645.689307][T11724] CPU: 1 UID: 0 PID: 11724 Comm: syz.3.1067 Tainted: G     U              6.15.0-rc6-syzkaller-00047-ge9565e23cd89 #0 PREEMPT(full) 
[  645.689349][T11724] Tainted: [U]=USER
[  645.689356][T11724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  645.689371][T11724] Call Trace:
[  645.689379][T11724]  <TASK>
[  645.689388][T11724]  dump_stack_lvl+0x16c/0x1f0
[  645.689429][T11724]  should_fail_ex+0x512/0x640
[  645.689463][T11724]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  645.689495][T11724]  should_failslab+0xc2/0x120
[  645.689525][T11724]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  645.689554][T11724]  ? __kernfs_new_node+0xd2/0x8a0
[  645.689582][T11724]  __kernfs_new_node+0xd2/0x8a0
[  645.689607][T11724]  ? __pfx___kernfs_new_node+0x10/0x10
[  645.689637][T11724]  ? find_held_lock+0x2b/0x80
[  645.689663][T11724]  ? kernfs_root+0xee/0x2a0
[  645.689691][T11724]  kernfs_new_node+0x13c/0x1e0
[  645.689723][T11724]  __kernfs_create_file+0x53/0x350
[  645.689761][T11724]  sysfs_add_file_mode_ns+0x207/0x3c0
[  645.689805][T11724]  internal_create_group+0x578/0xf30
[  645.689836][T11724]  ? __pfx_internal_create_group+0x10/0x10
[  645.689864][T11724]  ? kernfs_create_link+0x1bd/0x240
[  645.689906][T11724]  internal_create_groups+0x9d/0x150
[  645.689934][T11724]  device_add+0xf30/0x1a70
[  645.689969][T11724]  ? __pfx_device_add+0x10/0x10
[  645.690001][T11724]  ? lockdep_init_map_type+0x5c/0x280
[  645.690033][T11724]  ? __init_waitqueue_head+0xca/0x150
[  645.690065][T11724]  netdev_register_kobject+0x182/0x3a0
[  645.690105][T11724]  register_netdevice+0x13dc/0x2270
[  645.690152][T11724]  ? __pfx_register_netdevice+0x10/0x10
[  645.690194][T11724]  internal_dev_create+0x2d3/0x520
[  645.690220][T11724]  ovs_vport_add+0x144/0x4d0
[  645.690263][T11724]  new_vport+0x16/0x1d0
[  645.690292][T11724]  ovs_dp_cmd_new+0x6ba/0xe60
[  645.690334][T11724]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[  645.690373][T11724]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  645.690413][T11724]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  645.690456][T11724]  genl_family_rcv_msg_doit+0x206/0x2f0
[  645.690496][T11724]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  645.690531][T11724]  ? trace_cap_capable+0x18d/0x200
[  645.690564][T11724]  ? bpf_lsm_capable+0x9/0x10
[  645.690589][T11724]  ? security_capable+0x7e/0x260
[  645.690614][T11724]  ? ns_capable+0xd7/0x110
[  645.690641][T11724]  genl_rcv_msg+0x55c/0x800
[  645.690696][T11724]  ? __pfx_genl_rcv_msg+0x10/0x10
[  645.690730][T11724]  ? __pfx___dev_queue_xmit+0x10/0x10
[  645.690752][T11724]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[  645.690787][T11724]  ? __lock_acquire+0xaa4/0x1ba0
[  645.690825][T11724]  netlink_rcv_skb+0x16d/0x440
[  645.690858][T11724]  ? __pfx_genl_rcv_msg+0x10/0x10
[  645.690982][T11724]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  645.691055][T11724]  ? __pfx_down_read+0x10/0x10
[  645.691082][T11724]  ? netlink_deliver_tap+0x1ae/0xd30
[  645.691121][T11724]  genl_rcv+0x28/0x40
[  645.691156][T11724]  netlink_unicast+0x53a/0x7f0
[  645.691198][T11724]  ? __pfx_netlink_unicast+0x10/0x10
[  645.691231][T11724]  ? __lock_acquire+0xaa4/0x1ba0
[  645.691280][T11724]  netlink_sendmsg+0x8d1/0xdd0
[  645.691324][T11724]  ? __pfx_netlink_sendmsg+0x10/0x10
[  645.691374][T11724]  ____sys_sendmsg+0xa98/0xc70
[  645.691414][T11724]  ? copy_msghdr_from_user+0x10a/0x160
[  645.691441][T11724]  ? __pfx_____sys_sendmsg+0x10/0x10
[  645.691487][T11724]  ? try_to_wake_up+0xa2f/0x1680
[  645.691521][T11724]  ___sys_sendmsg+0x134/0x1d0
[  645.691560][T11724]  ? __pfx____sys_sendmsg+0x10/0x10
[  645.691629][T11724]  __sys_sendmsg+0x16d/0x220
[  645.691658][T11724]  ? __pfx___sys_sendmsg+0x10/0x10
[  645.691684][T11724]  ? __x64_sys_futex+0x1e0/0x4c0
[  645.691725][T11724]  ? rcu_is_watching+0x12/0xc0
[  645.691756][T11724]  do_syscall_64+0xcd/0x230
[  645.691797][T11724]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  645.691820][T11724] RIP: 0033:0x7fcb6238e969
[  645.691838][T11724] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  645.691867][T11724] RSP: 002b:00007fcb632b2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  645.691942][T11724] RAX: ffffffffffffffda RBX: 00007fcb625b5fa0 RCX: 00007fcb6238e969
[  645.691960][T11724] RDX: 0000000002000000 RSI: 0000200000000080 RDI: 0000000000000009
[  645.691974][T11724] RBP: 00007fcb62410ab1 R08: 0000000000000000 R09: 0000000000000000
[  645.691988][T11724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  645.692002][T11724] R13: 0000000000000000 R14: 00007fcb625b5fa0 R15: 00007fffae7d4368
[  645.692034][T11724]  </TASK>
[  647.649892][ T5839] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260
[  647.649934][ T5839] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260
[  647.665499][ T5839] Bluetooth: hci0: Unknown advertising packet type: 0x7f
[  647.666426][ T5839] Bluetooth: hci0: adv larger than maximum supported
[  647.674167][ T5839] Bluetooth: hci0: Unknown advertising packet type: 0x60
[  647.680973][ T5839] Bluetooth: hci0: Malformed LE Event: 0x0d
[  648.694784][T11749] can: request_module (can-proto-3) failed.
[  649.852496][T11766] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1077'.
[  650.308021][T11770] could not allocate digest TFM handle 
[  651.515708][T11793] openvswitch: netlink: Tunnel attr 242 out of range max 16
[  652.144800][T11806] openvswitch: netlink: Tunnel attr 242 out of range max 16
[  652.658422][T11811] can: request_module (can-proto-3) failed.
[  654.244849][T11829] could not allocate digest TFM handle 
[  660.102335][T11897] could not allocate digest TFM handle 
[  660.164009][T11908] nfs: Unknown parameter 'w��`_�����I+;��	��HY� ������Lu�>>��uh�*��C<+����'
[  661.559489][T11915] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000
[  661.601056][T11915] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  661.654915][T11915] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  661.700692][T11915] page_type: f5(slab)
[  661.716206][T11915] raw: 00fff00000000040 ffff88801b442140 dead000000000122 0000000000000000
[  661.751189][T11915] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  661.776789][T11915] head: 00fff00000000040 ffff88801b442140 dead000000000122 0000000000000000
[  661.821201][T11915] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  661.884367][T11914] ima: policy update failed
[  661.890494][   T30] audit: type=1802 audit(6042107947.867:5): pid=11914 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.1104" res=0 errno=0
[  661.923621][T11915] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff
[  661.943071][T11915] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  661.987792][T11915] page dumped because: unmovable page
[  662.001360][T11915] page_owner tracks the page as allocated
[  662.020593][T11915] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 63, tgid 63 (kworker/u8:4), ts 649413429858, free_ts 648647998435
[  662.091085][T11915]  post_alloc_hook+0x181/0x1b0
[  662.098407][T11915]  get_page_from_freelist+0x135c/0x3920
[  662.112691][T11915]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  662.118687][T11915]  alloc_pages_mpol+0x1fb/0x550
[  662.151264][T11915]  new_slab+0x244/0x340
[  662.157590][T11915]  ___slab_alloc+0xd9c/0x1940
[  662.174591][T11915]  __slab_alloc.constprop.0+0x56/0xb0
[  662.184708][T11915]  __kmalloc_node_track_caller_noprof+0x2ee/0x510
[  662.201040][T11915]  kmalloc_reserve+0xef/0x2c0
[  662.214196][T11915]  __alloc_skb+0x166/0x380
[  662.221124][T11915]  nsim_dev_trap_report_work+0x2b1/0xcf0
[  662.241050][T11915]  process_one_work+0x9cc/0x1b70
[  662.261239][T11915]  worker_thread+0x6c8/0xf10
[  662.265928][T11915]  kthread+0x3c5/0x780
[  662.270066][T11915]  ret_from_fork+0x48/0x80
[  662.303341][T11915]  ret_from_fork_asm+0x1a/0x30
[  662.308220][T11915] page last free pid 5199 tgid 5199 stack trace:
[  662.331093][T11915]  __free_frozen_pages+0x69d/0xff0
[  662.336287][T11915]  __put_partials+0x16d/0x1c0
[  662.371314][T11915]  qlist_free_all+0x4e/0x120
[  662.376123][T11915]  kasan_quarantine_reduce+0x195/0x1e0
[  662.391148][T11915]  __kasan_slab_alloc+0x69/0x90
[  662.401128][T11915]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  662.406783][T11915]  getname_flags.part.0+0x4c/0x550
[  662.431244][T11915]  getname_flags+0x93/0xf0
[  662.435780][T11915]  do_sys_openat2+0xb8/0x1d0
[  662.440430][T11915]  __x64_sys_openat+0x174/0x210
[  662.461159][T11915]  do_syscall_64+0xcd/0x230
[  662.465772][T11915]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  662.678446][T11925] FAULT_INJECTION: forcing a failure.
[  662.678446][T11925] name failslab, interval 1, probability 0, space 0, times 0
[  662.751429][T11925] CPU: 0 UID: 0 PID: 11925 Comm: syz.2.1105 Tainted: G     U              6.15.0-rc6-syzkaller-00047-ge9565e23cd89 #0 PREEMPT(full) 
[  662.751487][T11925] Tainted: [U]=USER
[  662.751499][T11925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  662.751520][T11925] Call Trace:
[  662.751531][T11925]  <TASK>
[  662.751543][T11925]  dump_stack_lvl+0x16c/0x1f0
[  662.751600][T11925]  should_fail_ex+0x512/0x640
[  662.751651][T11925]  ? fs_reclaim_acquire+0xae/0x150
[  662.751722][T11925]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  662.751775][T11925]  should_failslab+0xc2/0x120
[  662.751820][T11925]  __kmalloc_noprof+0xd2/0x510
[  662.751870][T11925]  tomoyo_realpath_from_path+0xc2/0x6e0
[  662.751935][T11925]  tomoyo_check_open_permission+0x2ab/0x3c0
[  662.751981][T11925]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  662.752072][T11925]  ? find_held_lock+0x2b/0x80
[  662.752118][T11925]  tomoyo_file_open+0x6b/0x90
[  662.752153][T11925]  security_file_open+0x84/0x1e0
[  662.752202][T11925]  do_dentry_open+0x596/0x1c10
[  662.752254][T11925]  vfs_open+0x82/0x3f0
[  662.752306][T11925]  path_openat+0x1e5e/0x2d40
[  662.752358][T11925]  ? __pfx_path_openat+0x10/0x10
[  662.752400][T11925]  do_filp_open+0x20b/0x470
[  662.752433][T11925]  ? __pfx_do_filp_open+0x10/0x10
[  662.752497][T11925]  ? alloc_fd+0x471/0x7d0
[  662.752560][T11925]  do_sys_openat2+0x11b/0x1d0
[  662.752606][T11925]  ? __pfx_do_sys_openat2+0x10/0x10
[  662.752667][T11925]  __x64_sys_openat+0x174/0x210
[  662.752724][T11925]  ? __pfx___x64_sys_openat+0x10/0x10
[  662.752776][T11925]  ? rcu_is_watching+0x12/0xc0
[  662.752821][T11925]  do_syscall_64+0xcd/0x230
[  662.752875][T11925]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  662.752909][T11925] RIP: 0033:0x7f8ffcb8e969
[  662.752937][T11925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  662.752970][T11925] RSP: 002b:00007f8ffd92b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  662.753002][T11925] RAX: ffffffffffffffda RBX: 00007f8ffcdb6080 RCX: 00007f8ffcb8e969
[  662.753024][T11925] RDX: 0000000000060742 RSI: 0000000000000000 RDI: ffffffffffffff9c
[  662.753046][T11925] RBP: 00007f8ffcc10ab1 R08: 0000000000000000 R09: 0000000000000000
[  662.753067][T11925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  662.753087][T11925] R13: 0000000000000000 R14: 00007f8ffcdb6080 R15: 00007ffeb01c4998
[  662.753132][T11925]  </TASK>
[  662.753146][T11925] ERROR: Out of memory at tomoyo_realpath_from_path.
[  666.911615][T11957] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1113'.
[  668.675210][T11943] syz.0.1110: vmalloc error: size 268435456, failed to allocated page array size 524288, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  668.739915][T11981] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1117'.
[  668.806668][T11943] CPU: 1 UID: 0 PID: 11943 Comm: syz.0.1110 Tainted: G     U              6.15.0-rc6-syzkaller-00047-ge9565e23cd89 #0 PREEMPT(full) 
[  668.806724][T11943] Tainted: [U]=USER
[  668.806735][T11943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  668.806754][T11943] Call Trace:
[  668.806764][T11943]  <TASK>
[  668.806776][T11943]  dump_stack_lvl+0x16c/0x1f0
[  668.806828][T11943]  warn_alloc+0x248/0x3a0
[  668.806869][T11943]  ? __pfx_warn_alloc+0x10/0x10
[  668.806920][T11943]  ? __get_vm_area_node+0x1dc/0x330
[  668.806970][T11943]  ? __get_vm_area_node+0x208/0x330
[  668.807028][T11943]  __vmalloc_node_range_noprof+0x1110/0x1540
[  668.807109][T11943]  ? packet_set_ring+0xb07/0x18d0
[  668.807162][T11943]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  668.807219][T11943]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  668.807262][T11943]  ? rcu_is_watching+0x12/0xc0
[  668.807292][T11943]  ? trace_kmalloc+0x2b/0xd0
[  668.807334][T11943]  ? __kmalloc_noprof.cold+0x5c/0x61
[  668.807379][T11943]  ? packet_set_ring+0xb07/0x18d0
[  668.807425][T11943]  vzalloc_noprof+0x6b/0x90
[  668.807456][T11943]  ? packet_set_ring+0xb07/0x18d0
[  668.807501][T11943]  packet_set_ring+0xb07/0x18d0
[  668.807564][T11943]  packet_setsockopt+0x121b/0x3360
[  668.807626][T11943]  ? __pfx_packet_setsockopt+0x10/0x10
[  668.807679][T11943]  ? wake_up_q+0xb0/0x160
[  668.807707][T11943]  ? do_raw_spin_unlock+0x172/0x230
[  668.807767][T11943]  ? aa_sk_perm+0x2f4/0xb10
[  668.807809][T11943]  ? __pfx_futex_wake+0x10/0x10
[  668.807855][T11943]  ? __pfx_aa_sk_perm+0x10/0x10
[  668.807897][T11943]  ? percpu_counter_add_batch+0xb8/0x1f0
[  668.807939][T11943]  ? errseq_sample+0x53/0x70
[  668.808000][T11943]  ? __pfx_packet_setsockopt+0x10/0x10
[  668.808051][T11943]  do_sock_setsockopt+0x221/0x470
[  668.808110][T11943]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  668.808155][T11943]  ? __pfx_do_futex+0x10/0x10
[  668.808194][T11943]  ? fd_install+0x225/0x750
[  668.808233][T11943]  ? __x64_sys_futex+0x1e0/0x4c0
[  668.808280][T11943]  ? __x64_sys_futex+0x1e9/0x4c0
[  668.808325][T11943]  __sys_setsockopt+0x120/0x1a0
[  668.808369][T11943]  __x64_sys_setsockopt+0xbd/0x160
[  668.808405][T11943]  ? do_syscall_64+0x91/0x230
[  668.808453][T11943]  ? lockdep_hardirqs_on+0x7c/0x110
[  668.808498][T11943]  do_syscall_64+0xcd/0x230
[  668.808550][T11943]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  668.808581][T11943] RIP: 0033:0x7f508b18e969
[  668.808607][T11943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  668.808638][T11943] RSP: 002b:00007f508bf12038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  668.808670][T11943] RAX: ffffffffffffffda RBX: 00007f508b3b5fa0 RCX: 00007f508b18e969
[  668.808691][T11943] RDX: 0000000000000005 RSI: 0000000000000107 RDI: 0000000000000004
[  668.808710][T11943] RBP: 00007f508b210ab1 R08: 000000000000ce24 R09: 0000000000000000
[  668.808730][T11943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  668.808750][T11943] R13: 0000000000000000 R14: 00007f508b3b5fa0 R15: 00007fff06352988
[  668.808794][T11943]  </TASK>
[  669.497160][T11943] Mem-Info:
[  669.500436][T11943] active_anon:71217 inactive_anon:2 isolated_anon:0
[  669.500436][T11943]  active_file:16039 inactive_file:42841 isolated_file:0
[  669.500436][T11943]  unevictable:768 dirty:604 writeback:0
[  669.500436][T11943]  slab_reclaimable:11128 slab_unreclaimable:96726
[  669.500436][T11943]  mapped:38191 shmem:59037 pagetables:979
[  669.500436][T11943]  sec_pagetables:0 bounce:0
[  669.500436][T11943]  kernel_misc_reclaimable:0
[  669.500436][T11943]  free:1255061 free_pcp:8681 free_cma:0
[  669.921347][T11943] Node 0 active_anon:270168kB inactive_anon:8kB active_file:64156kB inactive_file:171176kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:145212kB dirty:2412kB writeback:0kB shmem:223812kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10420kB pagetables:3916kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  670.208612][T11943] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:188kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:52kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  670.594009][T11943] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  670.675745][T11997] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1121'.
[  670.679954][T11994] openvswitch: netlink: Tunnel attr 242 out of range max 16
[  670.951443][T11943] lowmem_reserve[]: 0 2484 2486 2486 2486
[  671.534398][T11943] Node 0 DMA32 free:1089256kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:322372kB inactive_anon:8kB active_file:64156kB inactive_file:169348kB unevictable:1536kB writepending:2012kB present:3129332kB managed:2544156kB mlocked:0kB bounce:0kB free_pcp:3196kB local_pcp:3064kB free_cma:0kB
[  671.665460][T11943] lowmem_reserve[]: 0 0 1 1 1
[  671.744616][T11943] Node 0 Normal free:24kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1828kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  671.864834][T11943] lowmem_reserve[]: 0 0 0 0 0
[  671.884291][T11943] Node 1 Normal free:3908020kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:188kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  672.229857][T11943] lowmem_reserve[]: 0 0 0 0 0
[  672.386241][T11943] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  672.624508][T11943] Node 0 DMA32: 37*4kB (UE) 24*8kB (UE) 68*16kB (UME) 41*32kB (UME) 384*64kB (UME) 830*128kB (UME) 485*256kB (UME) 208*512kB (UME) 52*1024kB (UME) 3*2048kB (UE) 160*4096kB (M) = 1078964kB
[  672.773617][T11943] Node 0 Normal: 4*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB
[  672.921148][T11943] Node 1 Normal: 251*4kB (UM) 77*8kB (UME) 50*16kB (UME) 238*32kB (UME) 118*64kB (UME) 34*128kB (UME) 18*256kB (UME) 9*512kB (UM) 4*1024kB (UM) 1*2048kB (U) 945*4096kB (UM) = 3908020kB
[  672.951014][T11943] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  672.987507][T11943] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  673.054410][T11943] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  673.159612][T11943] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  673.317496][T11943] 129321 total pagecache pages
[  673.371159][T11943] 19 pages in swap cache
[  673.375470][T11943] Free swap  = 124744kB
[  673.379624][T11943] Total swap = 124996kB
[  673.454109][T11943] 2097051 pages RAM
[  673.457961][T11943] 0 pages HighMem/MovableOnly
[  673.498094][T11943] 428906 pages reserved
[  673.525594][T11943] 0 pages cma reserved
[  675.504031][T12022] can: request_module (can-proto-3) failed.
[  676.998404][T12044] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1132'.
[  677.994211][ T5839] Bluetooth: hci1: Malformed HCI Event: 0x22
[  680.934899][T12080] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  688.058383][T12129] could not allocate digest TFM handle 
[  690.926499][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  690.934789][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  691.273274][T12181] FAULT_INJECTION: forcing a failure.
[  691.273274][T12181] name failslab, interval 1, probability 0, space 0, times 0
[  691.287848][T12181] CPU: 1 UID: 0 PID: 12181 Comm: syz.1.1157 Tainted: G     U              6.15.0-rc6-syzkaller-00047-ge9565e23cd89 #0 PREEMPT(full) 
[  691.287893][T12181] Tainted: [U]=USER
[  691.287901][T12181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  691.287915][T12181] Call Trace:
[  691.287922][T12181]  <TASK>
[  691.287931][T12181]  dump_stack_lvl+0x16c/0x1f0
[  691.287968][T12181]  should_fail_ex+0x512/0x640
[  691.288002][T12181]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  691.288028][T12181]  should_failslab+0xc2/0x120
[  691.288056][T12181]  __kmalloc_cache_noprof+0x6a/0x3e0
[  691.288078][T12181]  ? __might_fault+0x13b/0x190
[  691.288104][T12181]  ? alloc_bprm+0x86/0xdd0
[  691.288143][T12181]  alloc_bprm+0x86/0xdd0
[  691.288176][T12181]  ? strncpy_from_user+0x203/0x2e0
[  691.288210][T12181]  do_execveat_common.isra.0+0x1ce/0x610
[  691.288254][T12181]  __x64_sys_execve+0x8e/0xb0
[  691.288275][T12181]  do_syscall_64+0xcd/0x230
[  691.288312][T12181]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  691.288336][T12181] RIP: 0033:0x7ffbc378e969
[  691.288353][T12181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  691.288375][T12181] RSP: 002b:00007ffbc4669038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[  691.288396][T12181] RAX: ffffffffffffffda RBX: 00007ffbc39b5fa0 RCX: 00007ffbc378e969
[  691.288411][T12181] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000001c0
[  691.288425][T12181] RBP: 00007ffbc3810ab1 R08: 0000000000000000 R09: 0000000000000000
[  691.288450][T12181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  691.288463][T12181] R13: 0000000000000000 R14: 00007ffbc39b5fa0 R15: 00007ffc4fde6ac8
[  691.288490][T12181]  </TASK>
[  693.279794][T12200] can: request_module (can-proto-3) failed.
[  693.877712][T12205] could not allocate digest TFM handle 
[  694.715111][T12220] can: request_module (can-proto-3) failed.
[  696.617438][T12247] input: jJǸ���;9�%v����l��Q�	J86�� as /devices/virtual/input/input13
[  702.504741][T12278] could not allocate digest TFM handle 
[  703.362575][T12300] can: request_module (can-proto-3) failed.
[  704.030001][T12313] misc userio: Invalid payload size
[  704.737498][ T5839] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  705.746673][T12333] Bluetooth: hci3: unexpected event 0x3e length: 508 > 260
[  705.746725][T12333] Bluetooth: hci3: unexpected subevent 0x02 length: 507 > 260
[  705.770980][T12333] Bluetooth: hci3: Dropping invalid advertising data
[  705.777738][T12333] Bluetooth: hci3: unknown advertising packet type: 0xe9
[  705.777780][T12333] Bluetooth: hci3: Dropping invalid advertising data
[  705.791827][T12333] Bluetooth: hci3: Malformed LE Event: 0x02
[  705.832672][T12343] FAULT_INJECTION: forcing a failure.
[  705.832672][T12343] name failslab, interval 1, probability 0, space 0, times 0
[  705.863366][T12343] CPU: 0 UID: 0 PID: 12343 Comm: syz.2.1187 Tainted: G     U              6.15.0-rc6-syzkaller-00047-ge9565e23cd89 #0 PREEMPT(full) 
[  705.863424][T12343] Tainted: [U]=USER
[  705.863436][T12343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  705.863455][T12343] Call Trace:
[  705.863467][T12343]  <TASK>
[  705.863479][T12343]  dump_stack_lvl+0x16c/0x1f0
[  705.863552][T12343]  should_fail_ex+0x512/0x640
[  705.863599][T12343]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  705.863638][T12343]  should_failslab+0xc2/0x120
[  705.863678][T12343]  __kmalloc_cache_noprof+0x6a/0x3e0
[  705.863713][T12343]  ? open_substream+0xec/0x9b0
[  705.863761][T12343]  ? _raw_spin_unlock_irq+0x23/0x50
[  705.863828][T12343]  open_substream+0xec/0x9b0
[  705.863886][T12343]  rawmidi_open_priv+0x543/0x6e0
[  705.863928][T12343]  snd_rawmidi_open+0x4cc/0xbf0
[  705.863973][T12343]  ? __pfx_snd_rawmidi_open+0x10/0x10
[  705.864008][T12343]  ? __pfx_default_wake_function+0x10/0x10
[  705.864047][T12343]  ? soundcore_open+0x35a/0x580
[  705.864092][T12343]  ? __pfx_snd_rawmidi_open+0x10/0x10
[  705.864130][T12343]  soundcore_open+0x409/0x580
[  705.864177][T12343]  ? __pfx_soundcore_open+0x10/0x10
[  705.864219][T12343]  chrdev_open+0x234/0x6a0
[  705.864255][T12343]  ? __pfx_apparmor_file_open+0x10/0x10
[  705.864301][T12343]  ? __pfx_chrdev_open+0x10/0x10
[  705.864342][T12343]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  705.864404][T12343]  do_dentry_open+0x744/0x1c10
[  705.864440][T12343]  ? __pfx_chrdev_open+0x10/0x10
[  705.864488][T12343]  vfs_open+0x82/0x3f0
[  705.864549][T12343]  path_openat+0x1e5e/0x2d40
[  705.864602][T12343]  ? __pfx_path_openat+0x10/0x10
[  705.864649][T12343]  do_filp_open+0x20b/0x470
[  705.864684][T12343]  ? __pfx_do_filp_open+0x10/0x10
[  705.864752][T12343]  ? alloc_fd+0x471/0x7d0
[  705.864820][T12343]  do_sys_openat2+0x11b/0x1d0
[  705.864867][T12343]  ? __pfx_do_sys_openat2+0x10/0x10
[  705.864933][T12343]  __x64_sys_openat+0x174/0x210
[  705.864983][T12343]  ? __pfx___x64_sys_openat+0x10/0x10
[  705.865034][T12343]  ? rcu_is_watching+0x12/0xc0
[  705.865080][T12343]  do_syscall_64+0xcd/0x230
[  705.865135][T12343]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  705.865169][T12343] RIP: 0033:0x7f8ffcb8e969
[  705.865196][T12343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  705.865230][T12343] RSP: 002b:00007f8ffd92b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  705.865262][T12343] RAX: ffffffffffffffda RBX: 00007f8ffcdb6080 RCX: 00007f8ffcb8e969
[  705.865284][T12343] RDX: 0000000000000002 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  705.865306][T12343] RBP: 00007f8ffcc10ab1 R08: 0000000000000000 R09: 0000000000000000
[  705.865326][T12343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  705.865347][T12343] R13: 0000000000000000 R14: 00007f8ffcdb6080 R15: 00007ffeb01c4998
[  705.865390][T12343]  </TASK>
[  710.254704][T12375] could not allocate digest TFM handle 
[  710.707731][T12387] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1194'.
[  711.281223][T12387] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  711.288692][T12387] batman_adv: batadv0: Removing interface: batadv_slave_0
[  711.714948][T12387] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  711.766299][T12387] batman_adv: batadv0: Removing interface: batadv_slave_1
[  714.991183][T12434] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  718.092476][T12468] could not allocate digest TFM handle 
[  720.464764][T12476] ima: policy update failed
[  720.574916][   T30] audit: type=1802 audit(6042108006.557:6): pid=12476 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm=A7 res=0 errno=0
[  721.801454][T12504] FAULT_INJECTION: forcing a failure.
[  721.801454][T12504] name fail_futex, interval 1, probability 0, space 0, times 0
[  721.930534][T12504] CPU: 1 UID: 0 PID: 12504 Comm: syz.3.1212 Tainted: G     U              6.15.0-rc6-syzkaller-00047-ge9565e23cd89 #0 PREEMPT(full) 
[  721.930593][T12504] Tainted: [U]=USER
[  721.930605][T12504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  721.930625][T12504] Call Trace:
[  721.930636][T12504]  <TASK>
[  721.930649][T12504]  dump_stack_lvl+0x16c/0x1f0
[  721.930704][T12504]  should_fail_ex+0x512/0x640
[  721.930754][T12504]  ? __pfx___futex_wait+0x10/0x10
[  721.930803][T12504]  get_futex_key+0x49e/0x1000
[  721.930841][T12504]  ? __pfx_futex_wake_mark+0x10/0x10
[  721.930886][T12504]  ? __pfx_get_futex_key+0x10/0x10
[  721.930939][T12504]  futex_wake+0xe7/0x4e0
[  721.930986][T12504]  ? __pfx_futex_wake+0x10/0x10
[  721.931040][T12504]  ? __io_uring_register+0x1d2/0x2310
[  721.931081][T12504]  do_futex+0x1e3/0x350
[  721.931119][T12504]  ? __pfx_do_futex+0x10/0x10
[  721.931157][T12504]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  721.931218][T12504]  __x64_sys_futex+0x1e0/0x4c0
[  721.931263][T12504]  ? __pfx___x64_sys_futex+0x10/0x10
[  721.931302][T12504]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  721.931372][T12504]  do_syscall_64+0xcd/0x230
[  721.931427][T12504]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  721.931461][T12504] RIP: 0033:0x7fcb6238e969
[  721.931488][T12504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  721.931522][T12504] RSP: 002b:00007fcb632b20e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  721.931556][T12504] RAX: ffffffffffffffda RBX: 00007fcb625b5fa8 RCX: 00007fcb6238e969
[  721.931579][T12504] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fcb625b5fac
[  721.931601][T12504] RBP: 00007fcb625b5fa0 R08: 00007fcb632b3000 R09: 0000000000000000
[  721.931622][T12504] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007fcb625b5fac
[  721.931644][T12504] R13: 0000000000000000 R14: 00007fffae7d4280 R15: 00007fffae7d4368
[  721.931688][T12504]  </TASK>
[  722.188104][T12507] input: isc as /devices/virtual/input/input14
[  723.327970][T12500] FAULT_INJECTION: forcing a failure.
[  723.327970][T12500] name failslab, interval 1, probability 0, space 0, times 0
[  723.341079][T12500] CPU: 1 UID: 0 PID: 12500 Comm: syz.1.1210 Tainted: G     U              6.15.0-rc6-syzkaller-00047-ge9565e23cd89 #0 PREEMPT(full) 
[  723.341135][T12500] Tainted: [U]=USER
[  723.341147][T12500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  723.341167][T12500] Call Trace:
[  723.341186][T12500]  <TASK>
[  723.341200][T12500]  dump_stack_lvl+0x16c/0x1f0
[  723.341255][T12500]  should_fail_ex+0x512/0x640
[  723.341304][T12500]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  723.341348][T12500]  should_failslab+0xc2/0x120
[  723.341392][T12500]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  723.341434][T12500]  ? __d_alloc+0x31/0xaa0
[  723.341470][T12500]  ? __pfx_dquot_alloc_inode+0x10/0x10
[  723.341508][T12500]  __d_alloc+0x31/0xaa0
[  723.341549][T12500]  d_alloc_pseudo+0x1c/0xc0
[  723.341595][T12500]  alloc_file_pseudo+0xcf/0x230
[  723.341644][T12500]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  723.341703][T12500]  __shmem_file_setup+0x210/0x300
[  723.341745][T12500]  shmem_zero_setup+0x93/0x1a0
[  723.341790][T12500]  __mmap_region+0x2036/0x27c0
[  723.341836][T12500]  ? __pfx___mmap_region+0x10/0x10
[  723.341875][T12500]  ? trace_sched_exit_tp+0xde/0x130
[  723.341949][T12500]  ? __pfx___schedule+0x10/0x10
[  723.342047][T12500]  ? trace_cap_capable+0x18d/0x200
[  723.342086][T12500]  ? cap_capable+0xb3/0x250
[  723.342129][T12500]  mmap_region+0x1ab/0x3f0
[  723.342184][T12500]  do_mmap+0xd8e/0x11b0
[  723.342245][T12500]  ? __pfx_do_mmap+0x10/0x10
[  723.342298][T12500]  ? __pfx_down_write_killable+0x10/0x10
[  723.342340][T12500]  vm_mmap_pgoff+0x281/0x450
[  723.342398][T12500]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  723.342459][T12500]  ? __x64_sys_futex+0x1e0/0x4c0
[  723.342495][T12500]  ? __x64_sys_futex+0x1e9/0x4c0
[  723.342539][T12500]  ksys_mmap_pgoff+0x7d/0x5c0
[  723.342591][T12500]  ? rcu_is_watching+0x12/0xc0
[  723.342628][T12500]  __x64_sys_mmap+0x125/0x190
[  723.342666][T12500]  do_syscall_64+0xcd/0x230
[  723.342718][T12500]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  723.342749][T12500] RIP: 0033:0x7ffbc378e969
[  723.342776][T12500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  723.342812][T12500] RSP: 002b:00007ffbc4669038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  723.342843][T12500] RAX: ffffffffffffffda RBX: 00007ffbc39b5fa0 RCX: 00007ffbc378e969
[  723.342866][T12500] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000
[  723.342886][T12500] RBP: 00007ffbc3810ab1 R08: fffffffffffffffa R09: 0000000000008000
[  723.342908][T12500] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000
[  723.342928][T12500] R13: 0000000000000000 R14: 00007ffbc39b5fa0 R15: 00007ffc4fde6ac8
[  723.342973][T12500]  </TASK>
[  726.193905][T12536] openvswitch: netlink: Tunnel attr 242 out of range max 16
[  728.214090][T12552] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  729.010368][T12559] can: request_module (can-proto-3) failed.
[  734.400765][T12590] can: request_module (can-proto-3) failed.
[  735.579843][T12604] can: request_module (can-proto-3) failed.
[  738.279685][T12657] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  738.311374][T12657] CIFS mount error: No usable UNC path provided in device string!
[  738.311374][T12657] 
[  738.341914][T12657] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  740.712504][T12696] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1248'.
[  747.286665][T12757] can: request_module (can-proto-3) failed.
[  749.941443][T12777] netlink: 346 bytes leftover after parsing attributes in process `syz.1.1261'.
[  752.375539][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  752.383266][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  754.840303][T12808] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1268'.
[  760.399423][T12869] mmap: syz.1.1277 (12869): VmData 37597184 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data.
[  764.855865][T12333] Bluetooth: hci0: unexpected event 0x07 length: 440 > 255
[  764.992010][T12907] ima: policy update failed
[  765.193725][T12903] could not allocate digest TFM handle 
[  765.282904][   T30] audit: type=1802 audit(6042108051.267:7): pid=12907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.1283" res=0 errno=0
[  766.291033][T12915] can: request_module (can-proto-3) failed.
[  769.571787][T12938] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1289'.
[  770.235171][T12947] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1288'.
[  770.658530][T12947] netdevsim netdevsim15 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  771.246537][T12954] openvswitch: netlink: Tunnel attr 242 out of range max 16
[  771.287155][T12956] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1293'.
[  771.866600][T12956] team0: Port device team_slave_0 removed
[  773.079640][T12972] could not allocate digest TFM handle 
[  775.903467][T13017] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  776.141464][T12333] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  778.191646][T13047] could not allocate digest TFM handle 
[  779.941136][T13066] could not allocate digest TFM handle 
[  781.216793][T13087] random: crng reseeded on system resumption
[  781.361197][T13090] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1316'.
[  781.365377][T13095] HfR: entered promiscuous mode
[  781.424981][T13095] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1317'.
[  781.445646][T13095] HfR: left promiscuous mode
[  785.857733][T13117] ima: policy update failed
[  785.893611][   T30] audit: type=1802 audit(6042108071.857:8): pid=13117 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.1320" res=0 errno=0
[  787.181376][T13127] could not allocate digest TFM handle 
[  789.394638][T13149] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1327'.
[  793.873037][T13185] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1333'.
[  794.786367][T13192] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1336'.
[  797.405767][T13212] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  797.453244][T13212] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  797.942260][T13212] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  797.948550][T13212] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  798.274363][T13212] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  798.283451][T13212] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  798.605191][T13212] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  799.325731][T12333] Bluetooth: hci2: command 0x0c1a tx timeout
[  799.587118][T13234] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  799.627860][T13240] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1345'.
[  799.962328][T12333] Bluetooth: hci1: command 0x0c1a tx timeout
[  800.281078][T12333] Bluetooth: hci0: command 0x0c1a tx timeout
[  800.683831][T12333] Bluetooth: hci3: command 0x0c1a tx timeout
[  801.152582][T13263] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1349'.
[  801.334708][   T30] audit: type=1800 audit(6042108095.316:9): pid=13267 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1350" name="dbroot" dev="configfs" ino=30108 res=0 errno=0
[  801.406679][T12333] Bluetooth: hci2: command 0x0c1a tx timeout
[  802.041603][T12333] Bluetooth: hci1: command 0x0c1a tx timeout
[  802.368515][T12333] Bluetooth: hci0: command 0x0c1a tx timeout
[  803.731160][T13284] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  804.655291][T13300] can: request_module (can-proto-3) failed.
[  807.302548][T13311] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1359'.
[  807.859686][T13319] HfR: entered promiscuous mode
[  807.874681][T13327] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1360'.
[  808.144355][T13327] HfR: left promiscuous mode
[  808.168300][T13334] ubi: mtd0 is already attached to ubi0
[  808.419763][T13333] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1364'.
[  809.282624][T13319] HfR: entered promiscuous mode
[  809.599612][T13343] openvswitch: netlink: Tunnel attr 242 out of range max 16
[  811.872494][T13378] netlink: 346 bytes leftover after parsing attributes in process `syz.0.1369'.
[  812.161173][T13379] can: request_module (can-proto-3) failed.
[  813.400021][T13394] FAULT_INJECTION: forcing a failure.
[  813.400021][T13394] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  813.438657][T13394] CPU: 1 UID: 0 PID: 13394 Comm: syz.0.1371 Tainted: G     U              6.15.0-rc6-syzkaller-00047-ge9565e23cd89 #0 PREEMPT(full) 
[  813.438698][T13394] Tainted: [U]=USER
[  813.438705][T13394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  813.438720][T13394] Call Trace:
[  813.438727][T13394]  <TASK>
[  813.438736][T13394]  dump_stack_lvl+0x16c/0x1f0
[  813.438774][T13394]  should_fail_ex+0x512/0x640
[  813.438818][T13394]  _copy_to_user+0x32/0xd0
[  813.438857][T13394]  simple_read_from_buffer+0xcb/0x170
[  813.438896][T13394]  proc_fail_nth_read+0x197/0x270
[  813.438930][T13394]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  813.438966][T13394]  ? rw_verify_area+0xcf/0x680
[  813.439000][T13394]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  813.439034][T13394]  vfs_read+0x1e1/0xc70
[  813.439060][T13394]  ? __pfx___mutex_lock+0x10/0x10
[  813.439095][T13394]  ? __pfx_vfs_read+0x10/0x10
[  813.439125][T13394]  ? __fget_files+0x20e/0x3c0
[  813.439156][T13394]  ksys_read+0x12a/0x240
[  813.439177][T13394]  ? __pfx_ksys_read+0x10/0x10
[  813.439197][T13394]  ? rcu_is_watching+0x12/0xc0
[  813.439228][T13394]  do_syscall_64+0xcd/0x230
[  813.439264][T13394]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  813.439288][T13394] RIP: 0033:0x7f508b18d37c
[  813.439306][T13394] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  813.439328][T13394] RSP: 002b:00007f508bf12030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  813.439349][T13394] RAX: ffffffffffffffda RBX: 00007f508b3b5fa0 RCX: 00007f508b18d37c
[  813.439365][T13394] RDX: 000000000000000f RSI: 00007f508bf120a0 RDI: 0000000000000003
[  813.439379][T13394] RBP: 00007f508bf12090 R08: 0000000000000000 R09: 0000000000000000
[  813.439393][T13394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  813.439407][T13394] R13: 0000000000000000 R14: 00007f508b3b5fa0 R15: 00007fff06352988
[  813.439437][T13394]  </TASK>
[  813.921583][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  813.927994][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  814.823429][T13397] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1372'.
[  816.819637][T13416] FAULT_INJECTION: forcing a failure.
[  816.819637][T13416] name failslab, interval 1, probability 0, space 0, times 0
[  817.062005][T13416] CPU: 0 UID: 0 PID: 13416 Comm: syz.2.1375 Tainted: G     U              6.15.0-rc6-syzkaller-00047-ge9565e23cd89 #0 PREEMPT(full) 
[  817.062046][T13416] Tainted: [U]=USER
[  817.062054][T13416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  817.062069][T13416] Call Trace:
[  817.062076][T13416]  <TASK>
[  817.062085][T13416]  dump_stack_lvl+0x16c/0x1f0
[  817.062124][T13416]  should_fail_ex+0x512/0x640
[  817.062159][T13416]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  817.062190][T13416]  should_failslab+0xc2/0x120
[  817.062220][T13416]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  817.062246][T13416]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  817.062279][T13416]  ? __kernfs_new_node+0xd2/0x8a0
[  817.062306][T13416]  __kernfs_new_node+0xd2/0x8a0
[  817.062331][T13416]  ? __pfx___kernfs_new_node+0x10/0x10
[  817.062362][T13416]  ? find_held_lock+0x2b/0x80
[  817.062386][T13416]  ? kernfs_root+0xee/0x2a0
[  817.062415][T13416]  kernfs_new_node+0x13c/0x1e0
[  817.062447][T13416]  __kernfs_create_file+0x53/0x350
[  817.062484][T13416]  sysfs_add_file_mode_ns+0x207/0x3c0
[  817.062540][T13416]  sysfs_merge_group+0x1aa/0x340
[  817.062578][T13416]  ? __pfx_sysfs_merge_group+0x10/0x10
[  817.062618][T13416]  ? __pfx_dev_add_physical_location+0x10/0x10
[  817.062663][T13416]  ? bus_to_subsys+0x131/0x160
[  817.062721][T13416]  dpm_sysfs_add+0x237/0x280
[  817.062768][T13416]  device_add+0x9a6/0x1a70
[  817.062821][T13416]  ? __pfx_device_add+0x10/0x10
[  817.062869][T13416]  ? lockdep_init_map_type+0x5c/0x280
[  817.062918][T13416]  ? __init_waitqueue_head+0xca/0x150
[  817.062962][T13416]  rfkill_register+0x1ad/0xb40
[  817.063006][T13416]  nfc_register_device+0x11f/0x3c0
[  817.063066][T13416]  nci_register_device+0x7f1/0xb80
[  817.063112][T13416]  ? __pfx_nci_register_device+0x10/0x10
[  817.063165][T13416]  ? lockdep_init_map_type+0x5c/0x280
[  817.063223][T13416]  virtual_ncidev_open+0x141/0x220
[  817.063274][T13416]  ? __pfx_virtual_ncidev_open+0x10/0x10
[  817.063326][T13416]  misc_open+0x35d/0x420
[  817.063358][T13416]  ? __pfx_misc_open+0x10/0x10
[  817.063388][T13416]  chrdev_open+0x234/0x6a0
[  817.063425][T13416]  ? __pfx_apparmor_file_open+0x10/0x10
[  817.063471][T13416]  ? __pfx_chrdev_open+0x10/0x10
[  817.063520][T13416]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  817.063583][T13416]  do_dentry_open+0x744/0x1c10
[  817.063621][T13416]  ? __pfx_chrdev_open+0x10/0x10
[  817.063669][T13416]  vfs_open+0x82/0x3f0
[  817.063721][T13416]  path_openat+0x1e5e/0x2d40
[  817.063775][T13416]  ? __pfx_path_openat+0x10/0x10
[  817.063823][T13416]  do_filp_open+0x20b/0x470
[  817.063859][T13416]  ? __pfx_do_filp_open+0x10/0x10
[  817.063930][T13416]  ? alloc_fd+0x471/0x7d0
[  817.063999][T13416]  do_sys_openat2+0x11b/0x1d0
[  817.064046][T13416]  ? __pfx_do_sys_openat2+0x10/0x10
[  817.064112][T13416]  __x64_sys_openat+0x174/0x210
[  817.064161][T13416]  ? __pfx___x64_sys_openat+0x10/0x10
[  817.064212][T13416]  ? rcu_is_watching+0x12/0xc0
[  817.064259][T13416]  do_syscall_64+0xcd/0x230
[  817.064314][T13416]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  817.064349][T13416] RIP: 0033:0x7f8ffcb8e969
[  817.064376][T13416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  817.064411][T13416] RSP: 002b:00007f8ffd92b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  817.064444][T13416] RAX: ffffffffffffffda RBX: 00007f8ffcdb6080 RCX: 00007f8ffcb8e969
[  817.064466][T13416] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c
[  817.064488][T13416] RBP: 00007f8ffcc10ab1 R08: 0000000000000000 R09: 0000000000000000
[  817.064520][T13416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  817.064541][T13416] R13: 0000000000000000 R14: 00007f8ffcdb6080 R15: 00007ffeb01c4998
[  817.064588][T13416]  </TASK>
[  823.001892][T13456] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1382'.
[  823.147458][T13463] can: request_module (can-proto-3) failed.
[  824.532822][T13474] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  824.701530][T13479] FAULT_INJECTION: forcing a failure.
[  824.701530][T13479] name failslab, interval 1, probability 0, space 0, times 0
[  824.825280][T13479] CPU: 1 UID: 0 PID: 13479 Comm: syz.0.1385 Tainted: G     U              6.15.0-rc6-syzkaller-00047-ge9565e23cd89 #0 PREEMPT(full) 
[  824.825337][T13479] Tainted: [U]=USER
[  824.825349][T13479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  824.825367][T13479] Call Trace:
[  824.825377][T13479]  <TASK>
[  824.825390][T13479]  dump_stack_lvl+0x16c/0x1f0
[  824.825444][T13479]  should_fail_ex+0x512/0x640
[  824.825494][T13479]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  824.825536][T13479]  should_failslab+0xc2/0x120
[  824.825578][T13479]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  824.825617][T13479]  ? getname_flags.part.0+0x4c/0x550
[  824.825665][T13479]  getname_flags.part.0+0x4c/0x550
[  824.825710][T13479]  getname_flags+0x93/0xf0
[  824.825758][T13479]  do_sys_openat2+0xb8/0x1d0
[  824.825802][T13479]  ? __pfx_do_sys_openat2+0x10/0x10
[  824.825861][T13479]  ? find_held_lock+0x2b/0x80
[  824.825902][T13479]  __x64_sys_openat+0x174/0x210
[  824.825944][T13479]  ? __pfx___x64_sys_openat+0x10/0x10
[  824.825995][T13479]  ? rcu_is_watching+0x12/0xc0
[  824.826041][T13479]  do_syscall_64+0xcd/0x230
[  824.826096][T13479]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  824.826130][T13479] RIP: 0033:0x7f508b18e969
[  824.826156][T13479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  824.826190][T13479] RSP: 002b:00007f508bf12038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  824.826222][T13479] RAX: ffffffffffffffda RBX: 00007f508b3b5fa0 RCX: 00007f508b18e969
[  824.826244][T13479] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffff9c
[  824.826265][T13479] RBP: 00007f508b210ab1 R08: 0000000000000000 R09: 0000000000000000
[  824.826284][T13479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  824.826304][T13479] R13: 0000000000000000 R14: 00007f508b3b5fa0 R15: 00007fff06352988
[  824.826349][T13479]  </TASK>
[  826.768439][T13488] netlink: 346 bytes leftover after parsing attributes in process `syz.2.1389'.
[  827.220123][T13504] openvswitch: netlink: Tunnel attr 242 out of range max 16
[  829.071311][T13517] openvswitch: netlink: Tunnel attr 242 out of range max 16
[  830.950038][T13532] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  841.593636][T13624] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[  841.921623][T13631] can: request_module (can-proto-3) failed.
[  843.162087][T13638] can: request_module (can-proto-3) failed.
[  843.659219][T13644] netlink: 346 bytes leftover after parsing attributes in process `syz.3.1416'.
[  844.304629][T13661] openvswitch: netlink: Tunnel attr 242 out of range max 16
[  846.011012][T13672] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  846.017127][T13672] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  846.023784][T13672] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  846.029948][T13672] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  847.019218][T13701] could not allocate digest TFM handle 
[  848.041145][ T5833] Bluetooth: hci3: command 0x0c1a tx timeout
[  848.044321][T12333] Bluetooth: hci0: command 0x0c1a tx timeout
[  848.047613][ T5833] Bluetooth: hci1: command 0x0c1a tx timeout
[  848.053572][T12333] Bluetooth: hci2: command 0x0c1a tx timeout
[  848.819920][T13725] openvswitch: netlink: Tunnel attr 242 out of range max 16
[  850.878729][T13743] openvswitch: netlink: Tunnel attr 242 out of range max 16
[  851.567934][T13761] can: request_module (can-proto-3) failed.
[  852.928643][T13781] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1440'.
[  853.103214][T13781] macsec0: entered allmulticast mode
[  853.108583][T13781] veth1_macvtap: entered allmulticast mode
[  853.790987][T13788] openvswitch: netlink: Tunnel attr 242 out of range max 16
[  854.223128][T13792] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1441'.
[  857.231617][T13808] could not allocate digest TFM handle 
[  858.946009][T13842] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1452'.
[  863.291815][T13860] netlink: 346 bytes leftover after parsing attributes in process `syz.2.1455'.
[  869.160732][T13919] can: request_module (can-proto-3) failed.
[  872.206618][T13927] netlink: 346 bytes leftover after parsing attributes in process `syz.3.1470'.
[  873.158931][T13941] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137
[  873.200983][T13941] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138
[  873.292794][T13941] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum
[  874.955801][ T5839] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  875.055207][ T5839] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  875.066682][ T5839] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  875.161365][ T5839] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  875.195341][ T5839] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  875.247881][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  875.278423][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  876.071268][T13960] can: request_module (can-proto-3) failed.
[  876.525430][T13952] chnl_net:caif_netlink_parms(): no params data found
[  876.861127][T13967] could not allocate digest TFM handle 
[  877.247436][ T5839] Bluetooth: hci4: command tx timeout
[  877.597310][T13952] bridge0: port 1(bridge_slave_0) entered blocking state
[  877.646634][T13952] bridge0: port 1(bridge_slave_0) entered disabled state
[  877.665053][T13952] bridge_slave_0: entered allmulticast mode
[  877.702974][T13952] bridge_slave_0: entered promiscuous mode
[  877.737900][T13952] bridge0: port 2(bridge_slave_1) entered blocking state
[  877.786598][T13952] bridge0: port 2(bridge_slave_1) entered disabled state
[  877.835538][T13952] bridge_slave_1: entered allmulticast mode
[  877.903119][T13952] bridge_slave_1: entered promiscuous mode
[  878.520508][T13952] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  878.566054][T13952] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  878.688114][T13952] team0: Port device team_slave_0 added
[  878.739067][T13952] team0: Port device team_slave_1 added
[  879.279856][T13952] batman_adv: batadv0: Adding interface: batadv_slave_0
[  879.310347][T13952] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  879.340930][ T5839] Bluetooth: hci4: command tx timeout
[  879.359061][T13952] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  879.373390][T14000] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  879.392634][T13952] batman_adv: batadv0: Adding interface: batadv_slave_1
[  879.415077][T13952] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  879.441092][    C0] vkms_vblank_simulate: vblank timer overrun
[  879.483087][T13952] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  880.146872][T13952] hsr_slave_0: entered promiscuous mode
[  880.261693][T13952] hsr_slave_1: entered promiscuous mode
[  880.359722][T13952] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  880.455147][T13952] Cannot create hsr debugfs directory
[  880.518789][T14016] can: request_module (can-proto-3) failed.
[  881.404783][ T5839] Bluetooth: hci4: command tx timeout
[  882.681591][T13952] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  883.098539][T13952] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  883.369575][T13952] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  883.521317][ T5839] Bluetooth: hci4: command tx timeout
[  883.645020][T13952] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  884.710256][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  885.076230][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  885.464831][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  886.582747][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  886.784274][T13952] 8021q: adding VLAN 0 to HW filter on device bond0
[  886.896044][T13952] 8021q: adding VLAN 0 to HW filter on device team0
[  886.909029][T14064] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  886.943859][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  886.951031][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  886.981193][ T1102] bridge0: port 2(bridge_slave_1) entered blocking state
[  886.988329][ T1102] bridge0: port 2(bridge_slave_1) entered forwarding state
[  887.149065][T13952] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  887.780249][T14074] FAULT_INJECTION: forcing a failure.
[  887.780249][T14074] name failslab, interval 1, probability 0, space 0, times 0
[  887.821003][T14074] CPU: 0 UID: 0 PID: 14074 Comm: syz.2.1495 Tainted: G     U              6.15.0-rc6-syzkaller-00047-ge9565e23cd89 #0 PREEMPT(full) 
[  887.821061][T14074] Tainted: [U]=USER
[  887.821071][T14074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  887.821093][T14074] Call Trace:
[  887.821103][T14074]  <TASK>
[  887.821114][T14074]  dump_stack_lvl+0x16c/0x1f0
[  887.821170][T14074]  should_fail_ex+0x512/0x640
[  887.821217][T14074]  ? fs_reclaim_acquire+0xae/0x150
[  887.821270][T14074]  ? tomoyo_encode2+0x100/0x3e0
[  887.821314][T14074]  should_failslab+0xc2/0x120
[  887.821364][T14074]  __kmalloc_noprof+0xd2/0x510
[  887.821400][T14074]  ? d_absolute_path+0x136/0x1a0
[  887.821448][T14074]  tomoyo_encode2+0x100/0x3e0
[  887.821501][T14074]  tomoyo_encode+0x29/0x50
[  887.821544][T14074]  tomoyo_realpath_from_path+0x18f/0x6e0
[  887.821606][T14074]  tomoyo_path_number_perm+0x245/0x580
[  887.821644][T14074]  ? tomoyo_path_number_perm+0x237/0x580
[  887.821700][T14074]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  887.821741][T14074]  ? find_held_lock+0x2b/0x80
[  887.821831][T14074]  ? find_held_lock+0x2b/0x80
[  887.821862][T14074]  ? hook_file_ioctl_common+0x145/0x410
[  887.821908][T14074]  ? __fget_files+0x20e/0x3c0
[  887.821959][T14074]  security_file_ioctl+0x9b/0x240
[  887.822002][T14074]  __x64_sys_ioctl+0xb7/0x200
[  887.822069][T14074]  do_syscall_64+0xcd/0x230
[  887.822120][T14074]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  887.822153][T14074] RIP: 0033:0x7f8ffcb8e969
[  887.822178][T14074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  887.822211][T14074] RSP: 002b:00007f8ffd94c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  887.822251][T14074] RAX: ffffffffffffffda RBX: 00007f8ffcdb5fa0 RCX: 00007f8ffcb8e969
[  887.822273][T14074] RDX: 0000000000000004 RSI: 0000000040106f52 RDI: 0000000000000003
[  887.822291][T14074] RBP: 00007f8ffd94c090 R08: 0000000000000000 R09: 0000000000000000
[  887.822310][T14074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  887.822329][T14074] R13: 0000000000000000 R14: 00007f8ffcdb5fa0 R15: 00007ffeb01c4998
[  887.822377][T14074]  </TASK>
[  887.829812][T14074] ERROR: Out of memory at tomoyo_realpath_from_path.
[  887.830298][   T13] bridge_slave_1: left allmulticast mode
[  888.091686][   T13] bridge_slave_1: left promiscuous mode
[  888.099783][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  888.107610][T14074] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  888.394624][   T13] bridge_slave_0: left allmulticast mode
[  888.421031][   T13] bridge_slave_0: left promiscuous mode
[  888.426906][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  890.742002][T14110] could not allocate digest TFM handle 
[  895.265653][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  895.295647][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  895.381832][   T13] bond0 (unregistering): Released all slaves
[  895.677015][T13952] 8021q: adding VLAN 0 to HW filter on device batadv0
[  898.221113][T14176] can: request_module (can-proto-3) failed.
[  900.338641][T14205] FAULT_INJECTION: forcing a failure.
[  900.338641][T14205] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  900.411025][T14205] CPU: 0 UID: 0 PID: 14205 Comm: syz.2.1507 Tainted: G     U              6.15.0-rc6-syzkaller-00047-ge9565e23cd89 #0 PREEMPT(full) 
[  900.411083][T14205] Tainted: [U]=USER
[  900.411095][T14205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  900.411116][T14205] Call Trace:
[  900.411126][T14205]  <TASK>
[  900.411138][T14205]  dump_stack_lvl+0x16c/0x1f0
[  900.411193][T14205]  should_fail_ex+0x512/0x640
[  900.411260][T14205]  should_fail_alloc_page+0xe7/0x130
[  900.411307][T14205]  prepare_alloc_pages+0x3c2/0x610
[  900.411359][T14205]  ? rcu_is_watching+0x12/0xc0
[  900.411396][T14205]  __alloc_frozen_pages_noprof+0x18f/0x23a0
[  900.411434][T14205]  ? __kernel_text_address+0xd/0x40
[  900.411465][T14205]  ? unwind_get_return_address+0x59/0xa0
[  900.411506][T14205]  ? arch_stack_walk+0xa6/0x100
[  900.411560][T14205]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  900.411600][T14205]  ? stack_trace_save+0x8e/0xc0
[  900.411635][T14205]  ? __pfx_stack_trace_save+0x10/0x10
[  900.411670][T14205]  ? stack_depot_save_flags+0x28/0xa50
[  900.411722][T14205]  ? find_held_lock+0x2b/0x80
[  900.411760][T14205]  ? kasan_save_stack+0x42/0x60
[  900.411801][T14205]  ? __lock_acquire+0xaa4/0x1ba0
[  900.411843][T14205]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  900.411892][T14205]  ? policy_nodemask+0xea/0x4e0
[  900.411938][T14205]  alloc_pages_mpol+0x1fb/0x550
[  900.411983][T14205]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  900.412023][T14205]  ? __page_table_check_ptes_set+0x1ae/0x420
[  900.412066][T14205]  ? find_held_lock+0x2b/0x80
[  900.412107][T14205]  alloc_pages_noprof+0x131/0x390
[  900.412151][T14205]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[  900.412185][T14205]  get_free_pages_noprof+0xc/0x40
[  900.412228][T14205]  kasan_populate_vmalloc_pte+0x2d/0x160
[  900.412272][T14205]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[  900.412308][T14205]  __apply_to_page_range+0x61a/0xd60
[  900.412367][T14205]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[  900.412409][T14205]  ? __pfx___apply_to_page_range+0x10/0x10
[  900.412465][T14205]  ? alloc_vmap_area+0x872/0x2970
[  900.412523][T14205]  alloc_vmap_area+0x919/0x2970
[  900.412592][T14205]  ? __pfx_alloc_vmap_area+0x10/0x10
[  900.412654][T14205]  __get_vm_area_node+0x1ca/0x330
[  900.412716][T14205]  __vmalloc_node_range_noprof+0x277/0x1540
[  900.412772][T14205]  ? __do_sys_listmount+0x1c2/0xed0
[  900.412838][T14205]  ? __do_sys_listmount+0x1c2/0xed0
[  900.412900][T14205]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  900.412975][T14205]  __kvmalloc_node_noprof+0x2ff/0x600
[  900.413014][T14205]  ? __do_sys_listmount+0x1c2/0xed0
[  900.413065][T14205]  ? __do_sys_listmount+0x1c2/0xed0
[  900.413124][T14205]  ? __do_sys_listmount+0x1c2/0xed0
[  900.413172][T14205]  __do_sys_listmount+0x1c2/0xed0
[  900.413231][T14205]  ? __x64_sys_futex+0x1e0/0x4c0
[  900.413273][T14205]  ? __x64_sys_futex+0x1e9/0x4c0
[  900.413312][T14205]  ? __pfx___do_sys_listmount+0x10/0x10
[  900.413362][T14205]  ? xfd_validate_state+0x5d/0x180
[  900.413413][T14205]  do_syscall_64+0xcd/0x230
[  900.413468][T14205]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  900.413501][T14205] RIP: 0033:0x7f8ffcb8e969
[  900.413528][T14205] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  900.413563][T14205] RSP: 002b:00007f8ffd92b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca
[  900.413596][T14205] RAX: ffffffffffffffda RBX: 00007f8ffcdb6080 RCX: 00007f8ffcb8e969
[  900.413618][T14205] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100
[  900.413639][T14205] RBP: 00007f8ffcc10ab1 R08: 0000000000000000 R09: 0000000000000000
[  900.413660][T14205] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[  900.413681][T14205] R13: 0000000000000000 R14: 00007f8ffcdb6080 R15: 00007ffeb01c4998
[  900.413726][T14205]  </TASK>
[  900.413819][T14205] syz.2.1507: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[  900.899166][T14205] CPU: 0 UID: 0 PID: 14205 Comm: syz.2.1507 Tainted: G     U              6.15.0-rc6-syzkaller-00047-ge9565e23cd89 #0 PREEMPT(full) 
[  900.899220][T14205] Tainted: [U]=USER
[  900.899231][T14205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  900.899250][T14205] Call Trace:
[  900.899261][T14205]  <TASK>
[  900.899273][T14205]  dump_stack_lvl+0x16c/0x1f0
[  900.899325][T14205]  warn_alloc+0x248/0x3a0
[  900.899364][T14205]  ? __pfx_warn_alloc+0x10/0x10
[  900.899405][T14205]  ? kfree+0x2b6/0x4d0
[  900.899445][T14205]  ? __get_vm_area_node+0x208/0x330
[  900.899507][T14205]  __vmalloc_node_range_noprof+0xd31/0x1540
[  900.899578][T14205]  ? __do_sys_listmount+0x1c2/0xed0
[  900.899638][T14205]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  900.899711][T14205]  __kvmalloc_node_noprof+0x2ff/0x600
[  900.899747][T14205]  ? __do_sys_listmount+0x1c2/0xed0
[  900.899797][T14205]  ? __do_sys_listmount+0x1c2/0xed0
[  900.899873][T14205]  ? __do_sys_listmount+0x1c2/0xed0
[  900.899922][T14205]  __do_sys_listmount+0x1c2/0xed0
[  900.899988][T14205]  ? __x64_sys_futex+0x1e0/0x4c0
[  900.900024][T14205]  ? __x64_sys_futex+0x1e9/0x4c0
[  900.900061][T14205]  ? __pfx___do_sys_listmount+0x10/0x10
[  900.900113][T14205]  ? xfd_validate_state+0x5d/0x180
[  900.900164][T14205]  do_syscall_64+0xcd/0x230
[  900.900223][T14205]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  900.900257][T14205] RIP: 0033:0x7f8ffcb8e969
[  900.900282][T14205] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  900.900315][T14205] RSP: 002b:00007f8ffd92b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca
[  900.900347][T14205] RAX: ffffffffffffffda RBX: 00007f8ffcdb6080 RCX: 00007f8ffcb8e969
[  900.900370][T14205] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100
[  900.900390][T14205] RBP: 00007f8ffcc10ab1 R08: 0000000000000000 R09: 0000000000000000
[  900.900411][T14205] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[  900.900430][T14205] R13: 0000000000000000 R14: 00007f8ffcdb6080 R15: 00007ffeb01c4998
[  900.900474][T14205]  </TASK>
[  900.900549][T14205] Mem-Info:
[  901.276823][T14205] active_anon:74113 inactive_anon:35217 isolated_anon:0
[  901.276823][T14205]  active_file:14750 inactive_file:41073 isolated_file:0
[  901.276823][T14205]  unevictable:768 dirty:321 writeback:0
[  901.276823][T14205]  slab_reclaimable:11376 slab_unreclaimable:97821
[  901.276823][T14205]  mapped:33532 shmem:96294 pagetables:1018
[  901.276823][T14205]  sec_pagetables:0 bounce:0
[  901.276823][T14205]  kernel_misc_reclaimable:0
[  901.276823][T14205]  free:1234462 free_pcp:673 free_cma:0
[  901.323979][T13952] veth0_vlan: entered promiscuous mode
[  901.416581][T13952] veth1_vlan: entered promiscuous mode
[  901.443623][T14205] Node 0 active_anon:294352kB inactive_anon:135368kB active_file:59000kB inactive_file:164112kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:134084kB dirty:1276kB writeback:0kB shmem:376440kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10640kB pagetables:4072kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  901.607246][T13952] veth0_macvtap: entered promiscuous mode
[  901.633286][T13952] veth1_macvtap: entered promiscuous mode
[  901.673565][T14205] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:180kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:44kB dirty:8kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  901.794863][   T13] hsr_slave_0: left promiscuous mode
[  901.800813][   T13] hsr_slave_1: left promiscuous mode
[  901.860949][T14205] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  901.877803][   T13] veth1_macvtap: left allmulticast mode
[  901.910688][T14205] lowmem_reserve[]: 0 2484 2486 2486 2486
[  901.916766][T14205] Node 0 DMA32 free:1023448kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:317696kB inactive_anon:106504kB active_file:59048kB inactive_file:162284kB unevictable:1536kB writepending:1252kB present:3129332kB managed:2544156kB mlocked:0kB bounce:0kB free_pcp:7168kB local_pcp:5344kB free_cma:0kB
[  901.961482][T14205] lowmem_reserve[]: 0 0 1 1 1
[  901.978596][   T13] veth1_macvtap: left promiscuous mode
[  901.984733][   T13] veth0_macvtap: left promiscuous mode
[  901.996672][T14205] Node 0 Normal free:24kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1828kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  902.044355][   T13] veth1_vlan: left promiscuous mode
[  902.049810][   T13] veth0_vlan: left promiscuous mode
[  902.182634][T14205] lowmem_reserve[]: 0 0 0 0 0
[  902.220187][T14205] Node 1 Normal free:3908008kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:180kB unevictable:1536kB writepending:8kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  902.343254][T14205] lowmem_reserve[]: 0 0 0 0 0
[  902.348033][T14205] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  902.471348][T14205] Node 0 DMA32: 1857*4kB (UME) 1191*8kB (UME) 968*16kB (UME) 288*32kB (UME) 401*64kB (UME) 508*128kB (UM) 398*256kB (UME) 250*512kB (UME) 63*1024kB (UME) 1*2048kB (E) 152*4096kB (M) = 1051388kB
[  902.491699][T14205] Node 0 Normal: 4*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB
[  902.504538][T14205] Node 1 Normal: 250*4kB (UM) 78*8kB (UME) 49*16kB (UME) 238*32kB (UME) 118*64kB (UME) 34*128kB (UME) 18*256kB (UME) 9*512kB (UM) 4*1024kB (UM) 1*2048kB (U) 945*4096kB (UM) = 3908008kB
[  902.553051][T14205] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  902.600961][T14205] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  902.610327][T14205] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  902.620321][T14205] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  902.633396][T14205] 135008 total pagecache pages
[  902.638215][T14205] 38 pages in swap cache
[  902.661660][T14205] Free swap  = 80604kB
[  902.671570][T14205] Total swap = 124996kB
[  902.681030][T14205] 2097051 pages RAM
[  902.684914][T14205] 0 pages HighMem/MovableOnly
[  902.730981][T14205] 428906 pages reserved
[  902.751010][T14205] 0 pages cma reserved
[  903.079021][T14222] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1509'.
[  906.091951][   T13] team0 (unregistering): Port device team_slave_1 removed
[  909.078380][T13952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  909.121240][T13952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  909.156739][T13952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  909.201090][T13952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  909.254929][T13952] batman_adv: batadv0: Interface activated: batadv_slave_0
[  909.416202][T13952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  909.441031][T13952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  909.471092][T13952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  909.481681][T13952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  909.493937][T13952] batman_adv: batadv0: Interface activated: batadv_slave_1
[  909.645032][T13952] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  909.683995][T13952] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  909.707952][T13952] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  909.752030][T13952] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  910.567106][T14082] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  910.597140][T14082] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  910.698802][ T7552] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  910.724859][ T7552] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  911.816394][T14272] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078016600 pfn:0x78010
[  911.841222][T14272] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  911.848452][T14272] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  911.857822][T14272] raw: ffff888078016600 0000000000000000 00000001ffffffff 0000000000000000
[  911.866902][T14272] page dumped because: unmovable page
[  911.873435][T14272] page_owner tracks the page as allocated
[  911.879212][T14272] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 13944, tgid 13944 (syz-executor), ts 874091855664, free_ts 674138604331
[  911.901691][T14272]  post_alloc_hook+0x181/0x1b0
[  911.906552][T14272]  get_page_from_freelist+0x135c/0x3920
[  911.912687][T14272]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  911.918674][T14272]  alloc_pages_mpol+0x1fb/0x550
[  911.924209][T14272]  alloc_pages_noprof+0x131/0x390
[  911.929298][T14272]  __vmalloc_node_range_noprof+0x732/0x1540
[  911.935776][T14272]  vmalloc_user_noprof+0x6b/0x90
[  911.940779][T14272]  kcov_ioctl+0x4c/0x730
[  911.968756][T14272]  __x64_sys_ioctl+0x190/0x200
[  911.991570][T14272]  do_syscall_64+0xcd/0x230
[  912.001686][T14272]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  912.049967][T14272] page last free pid 5817 tgid 5817 stack trace:
[  912.086206][T14272]  __free_frozen_pages+0x69d/0xff0
[  912.096331][T14272]  kasan_depopulate_vmalloc_pte+0x63/0x80
[  912.141630][T14272]  __apply_to_page_range+0x61a/0xd60
[  912.151355][T14272]  kasan_release_vmalloc+0xd1/0xe0
[  912.401597][T14272]  purge_vmap_node+0x1cb/0xa70
[  912.406958][T14272]  __purge_vmap_area_lazy+0x9d1/0xc90
[  912.482990][T14272]  drain_vmap_area_work+0x27/0x40
[  912.508511][T14272]  process_one_work+0x9cc/0x1b70
[  912.541433][T14272]  worker_thread+0x6c8/0xf10
[  912.546152][T14272]  kthread+0x3c5/0x780
[  912.576275][T14272]  ret_from_fork+0x48/0x80
[  912.611339][T14272]  ret_from_fork_asm+0x1a/0x30
[  914.013193][T14312] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1519'.
[  914.296493][T14317] HfR: entered promiscuous mode
[  914.588052][T14321] [U] 
[  914.588148][T14321] [U] 
[  914.588206][T14321] [U] 
[  914.588262][T14321] [U] 
[  914.588553][T14321] [U] 
[  914.588612][T14321] [U] 
[  914.588671][T14321] [U] 
[  914.588738][T14321] [U] 
[  914.589104][T14321] [U] 
[  914.589167][T14321] [U] 
[  914.589229][T14321] [U] 
[  914.589290][T14321] [U] 
[  914.589581][T14321] [U] 
[  914.589640][T14321] [U] 
[  914.589708][T14321] [U] 
[  914.589769][T14321] [U] 
[  914.590111][T14321] [U] 
[  914.590172][T14321] [U] 
[  914.590231][T14321] [U] 
[  914.590289][T14321] [U] 
[  914.590577][T14321] [U] 
[  914.590635][T14321] [U] 
[  914.590703][T14321] [U] 
[  914.590766][T14321] [U] 
[  914.602325][T14321] [U] 
[  914.602395][T14321] [U] 
[  914.602456][T14321] [U] 
[  914.602519][T14321] [U] 
[  914.602842][T14321] [U] 
[  914.602899][T14321] [U] 
[  914.602955][T14321] [U] 
[  914.603012][T14321] [U] 
[  914.603420][T14321] [U] 
[  914.603484][T14321] [U] 
[  914.603562][T14321] [U] 
[  914.603624][T14321] [U] 
[  914.603910][T14321] [U] 
[  914.603971][T14321] [U] 
[  914.604029][T14321] [U] 
[  914.604089][T14321] [U] 
[  914.604462][T14321] [U] 
[  914.604523][T14321] [U] 
[  914.604593][T14321] [U] 
[  914.604649][T14321] [U] 
[  914.604948][T14321] [U] 
[  914.605007][T14321] [U] 
[  914.605063][T14321] [U] 
[  914.605118][T14321] [U] 
[  914.605373][T14321] [U] 
[  914.605451][T14321] [U] 
[  914.605509][T14321] [U] 
[  914.605568][T14321] [U] 
[  914.605866][T14321] [U] 
[  914.605928][T14321] [U] 
[  914.605986][T14321] [U] 
[  914.606049][T14321] [U] 
[  914.606405][T14321] [U] 
[  914.606469][T14321] [U] 
[  914.606531][T14321] [U] 
[  914.606592][T14321] [U] 
[  914.606877][T14321] [U] 
[  914.606941][T14321] [U] 
[  914.607003][T14321] [U] 
[  914.607064][T14321] [U] 
[  914.607430][T14321] [U] 
[  914.607492][T14321] [U] 
[  914.607554][T14321] [U] 
[  914.607621][T14321] [U] 
[  914.626450][T14321] [U] 
[  914.626518][T14321] [U] 
[  914.626581][T14321] [U] 
[  914.626642][T14321] [U] 
[  914.626959][T14321] [U] 
[  914.627023][T14321] [U] 
[  914.627082][T14321] [U] 
[  914.627142][T14321] [U] 
[  914.627540][T14321] [U] 
[  914.627593][T14321] [U] 
[  914.627646][T14321] [U] 
[  914.627708][T14321] [U] 
[  914.628027][T14321] [U] 
[  914.628083][T14321] [U] 
[  914.628137][T14321] [U] 
[  914.628190][T14321] [U] 
[  914.641638][T14321] [U] 
[  914.641703][T14321] [U] 
[  914.641765][T14321] [U] 
[  914.641825][T14321] [U] 
[  914.645193][T14321] [U] 
[  914.645258][T14321] [U] 
[  914.645319][T14321] [U] 
[  914.645379][T14321] [U] 
[  914.645653][T14321] [U] 
[  914.645721][T14321] [U] 
[  914.645783][T14321] [U] 
[  914.645847][T14321] [U] 
[  914.665650][T14324] [U] 
[  915.693118][T14323] tty tty53: ldisc open failed (-12), clearing slot 52
[  916.335059][T14355] sctp: Changing rto_alpha or rto_beta may lead to suboptimal rtt/srtt estimations!
[  916.951809][T14364] netlink: 346 bytes leftover after parsing attributes in process `syz.2.1527'.
[  922.646618][ T5839] Bluetooth: hci1: unexpected subevent 0x01 length: 5 < 18
[  925.563150][T14449] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1539'.
[  925.951424][T14459] Console: switching to colour VGA+ 80x25
[  931.995018][T14532] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1547'.
[  933.378265][T14502] syz.3.1544 invoked oom-killer: gfp_mask=0x408d40(GFP_NOFS|__GFP_ZERO|__GFP_NOFAIL|__GFP_ACCOUNT), order=0, oom_score_adj=1000
[  933.470927][T14502] CPU: 1 UID: 0 PID: 14502 Comm: syz.3.1544 Tainted: G     U              6.15.0-rc6-syzkaller-00047-ge9565e23cd89 #0 PREEMPT(full) 
[  933.470978][T14502] Tainted: [U]=USER
[  933.470989][T14502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  933.471006][T14502] Call Trace:
[  933.471017][T14502]  <TASK>
[  933.471036][T14502]  dump_stack_lvl+0x16c/0x1f0
[  933.471089][T14502]  dump_header+0x101/0x930
[  933.471136][T14502]  oom_kill_process+0x270/0xa60
[  933.471176][T14502]  ? mem_cgroup_out_of_memory+0x8c/0x270
[  933.471231][T14502]  out_of_memory+0x350/0x1700
[  933.471274][T14502]  ? __lock_acquire+0xaa4/0x1ba0
[  933.471320][T14502]  ? __pfx_out_of_memory+0x10/0x10
[  933.471375][T14502]  mem_cgroup_out_of_memory+0x205/0x270
[  933.471426][T14502]  ? __pfx_mem_cgroup_out_of_memory+0x10/0x10
[  933.471487][T14502]  ? do_raw_spin_unlock+0x172/0x230
[  933.471543][T14502]  try_charge_memcg+0xa07/0x10c0
[  933.471594][T14502]  ? __pfx_try_charge_memcg+0x10/0x10
[  933.471636][T14502]  ? memory_min_write+0x91/0xe0
[  933.471687][T14502]  ? get_mem_cgroup_from_objcg+0xd3/0x330
[  933.471725][T14502]  obj_cgroup_charge+0x298/0x640
[  933.471773][T14502]  __memcg_slab_post_alloc_hook+0x18a/0x940
[  933.471825][T14502]  ? kasan_save_track+0x14/0x30
[  933.471864][T14502]  kmem_cache_alloc_noprof+0x307/0x3b0
[  933.471902][T14502]  ? alloc_buffer_head+0x21/0x160
[  933.471952][T14502]  ? lockdep_hardirqs_on+0x7c/0x110
[  933.472001][T14502]  alloc_buffer_head+0x21/0x160
[  933.472058][T14502]  folio_alloc_buffers+0x2bd/0x830
[  933.472105][T14502]  create_empty_buffers+0x36/0x480
[  933.472155][T14502]  folio_create_buffers+0x109/0x150
[  933.472189][T14502]  __block_write_begin_int+0x320/0x16d0
[  933.472253][T14502]  ? __pfx_ext4_da_get_block_prep+0x10/0x10
[  933.472309][T14502]  ? __pfx___block_write_begin_int+0x10/0x10
[  933.472361][T14502]  ? __pfx___might_resched+0x10/0x10
[  933.472420][T14502]  ? __pfx_ext4_da_get_block_prep+0x10/0x10
[  933.472465][T14502]  block_page_mkwrite+0x3d3/0x4b0
[  933.472510][T14502]  ext4_page_mkwrite+0x8d8/0x1750
[  933.472559][T14502]  ? __pfx_ext4_page_mkwrite+0x10/0x10
[  933.472607][T14502]  do_page_mkwrite+0x174/0x380
[  933.472651][T14502]  do_pte_missing+0x29c/0x3fb0
[  933.472691][T14502]  ? __handle_mm_fault+0x1010/0x2a40
[  933.472730][T14502]  __handle_mm_fault+0x103d/0x2a40
[  933.472788][T14502]  ? __pfx___handle_mm_fault+0x10/0x10
[  933.472845][T14502]  ? find_vma+0xbf/0x140
[  933.472886][T14502]  ? __pfx_find_vma+0x10/0x10
[  933.472933][T14502]  handle_mm_fault+0x3fe/0xad0
[  933.472991][T14502]  do_user_addr_fault+0x7a6/0x1370
[  933.473047][T14502]  exc_page_fault+0x5c/0xc0
[  933.473092][T14502]  asm_exc_page_fault+0x26/0x30
[  933.473123][T14502] RIP: 0033:0x7fcb62260dd1
[  933.473148][T14502] Code: 85 5a ff ff 48 8b 05 a6 49 e8 00 0f b6 4c 24 10 be 08 00 00 00 48 89 df 83 05 82 49 e8 00 01 48 8d 50 ff 48 89 15 87 49 e8 00 <88> 48 ff 8b 2d 6e 49 e8 00 e8 51 5a ff ff 48 8b 05 7a 49 e8 00 41
[  933.473179][T14502] RSP: 002b:00007fffae7d4410 EFLAGS: 00010202
[  933.473203][T14502] RAX: 0000001b2fd60000 RBX: 00007fcb630e5720 RCX: 0000000000000003
[  933.473223][T14502] RDX: 0000001b2fd5ffff RSI: 0000000000000008 RDI: 00007fcb630e5720
[  933.473241][T14502] RBP: 00007fcb625b6118 R08: 0000000000000000 R09: 0000000000000000
[  933.473261][T14502] R10: 00007fcb630e5700 R11: 0000000000000000 R12: 00000000fffffc03
[  933.473280][T14502] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  933.473322][T14502]  </TASK>
[  933.473333][T14502] memory: usage 307200kB, limit 307200kB, failcnt 21842
[  934.151228][T14502] memory+swap: usage 408632kB, limit 9007199254740988kB, failcnt 0
[  934.159207][T14502] kmem: usage 3856kB, limit 9007199254740988kB, failcnt 0
[  934.204800][T14502] Memory cgroup stats for /syz3:
[  934.205132][T14502] cache 310439936
[  934.304227][T14502] rss 126976
[  934.332351][T14502] rss_huge 0
[  934.354234][T14502] shmem 309321728
[  934.361837][T14502] mapped_file 851968
[  934.407655][T14502] dirty 32768
[  934.417346][T14502] writeback 0
[  934.432968][T14502] workingset_refault_anon 5077
[  934.437875][T14502] workingset_refault_file 2334
[  934.483886][T14502] swap 103866368
[  934.487516][T14502] swapcached 57344
[  934.526430][T14502] pgpgin 1843406
[  934.542828][T14502] pgpgout 1773702
[  934.546497][T14502] pgfault 458725
[  934.591948][T14502] pgmajfault 742
[  934.595570][T14502] inactive_anon 102965248
[  934.721030][T14502] active_anon 206278656
[  934.741126][T14502] inactive_file 253952
[  934.778183][T14502] active_file 864256
[  934.786820][T14502] unevictable 0
[  934.804148][T14502] hierarchical_memory_limit 314572800
[  934.861317][T14502] hierarchical_memsw_limit 9223372036854771712
[  934.880960][T14502] total_cache 310439936
[  934.885378][T14502] total_rss 126976
[  934.901508][T14502] total_rss_huge 0
[  934.905383][T14502] total_shmem 309321728
[  934.927152][T14502] total_mapped_file 851968
[  934.932182][T14502] total_dirty 32768
[  934.963574][T14502] total_writeback 0
[  934.994533][T14502] total_workingset_refault_anon 5077
[  934.999896][T14502] total_workingset_refault_file 2334
[  935.006153][T14502] total_swap 103866368
[  935.010274][T14502] total_swapcached 57344
[  935.014768][T14502] total_pgpgin 1843406
[  935.018885][T14502] total_pgpgout 1773702
[  935.062176][T14502] total_pgfault 458725
[  935.098046][T14502] total_pgmajfault 742
[  935.202249][T14502] total_inactive_anon 102965248
[  935.207158][T14502] total_active_anon 206278656
[  935.224695][T14502] total_inactive_file 253952
[  935.240938][T14502] total_active_file 864256
[  935.261936][T14502] total_unevictable 0
[  935.272797][T14502] anon_cost 0
[  935.300953][T14502] file_cost 0
[  935.316840][T14502] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.1480,pid=14024,uid=0
[  935.411664][T14502] Memory cgroup out of memory: Killed process 14024 (syz.3.1480) total-vm:112460kB, anon-rss:1072kB, file-rss:51024kB, shmem-rss:0kB, UID:0 pgtables:232kB oom_score_adj:1000
[  936.678670][T14589] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15
[  936.694329][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  936.700657][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  937.623258][   T32] oom_reaper: reaped process 14024 (syz.3.1480), now anon-rss:32kB, file-rss:49988kB, shmem-rss:0kB
[  938.566082][T14587] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16
[  944.266739][T14654] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1558'.
[  944.931630][T14663] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1559'.
[  947.143090][T14670] FAULT_INJECTION: forcing a failure.
[  947.143090][T14670] name failslab, interval 1, probability 0, space 0, times 0
[  947.183421][T14677] .^: entered promiscuous mode
[  947.980965][T14670] CPU: 0 UID: 0 PID: 14670 Comm: syz.2.1560 Tainted: G     U              6.15.0-rc6-syzkaller-00047-ge9565e23cd89 #0 PREEMPT(full) 
[  947.981020][T14670] Tainted: [U]=USER
[  947.981032][T14670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  947.981050][T14670] Call Trace:
[  947.981061][T14670]  <TASK>
[  947.981073][T14670]  dump_stack_lvl+0x16c/0x1f0
[  947.981125][T14670]  should_fail_ex+0x512/0x640
[  947.981174][T14670]  ? __kmalloc_noprof+0xbf/0x510
[  947.981214][T14670]  ? __register_sysctl_table+0xea2/0x1900
[  947.981252][T14670]  should_failslab+0xc2/0x120
[  947.981292][T14670]  __kmalloc_noprof+0xd2/0x510
[  947.981326][T14670]  ? __register_sysctl_table+0xe8e/0x1900
[  947.981375][T14670]  __register_sysctl_table+0xea2/0x1900
[  947.981425][T14670]  ? __pfx___register_sysctl_table+0x10/0x10
[  947.981463][T14670]  ? is_module_address+0x69/0xf0
[  947.981505][T14670]  ? register_net_sysctl_sz+0x228/0x3e0
[  947.981568][T14670]  __devinet_sysctl_register+0x1b9/0x360
[  947.981622][T14670]  ? __pfx___devinet_sysctl_register+0x10/0x10
[  947.981665][T14670]  ? trace_kmalloc+0x2b/0xd0
[  947.981713][T14670]  ? devinet_init_net+0xeb/0x910
[  947.981777][T14670]  ? __asan_memcpy+0x3c/0x60
[  947.981814][T14670]  devinet_init_net+0x315/0x910
[  947.981862][T14670]  ? __pfx_devinet_init_net+0x10/0x10
[  947.981908][T14670]  ops_init+0x1df/0x5f0
[  947.981969][T14670]  setup_net+0x21e/0x850
[  947.982018][T14670]  ? __pfx_setup_net+0x10/0x10
[  947.982059][T14670]  ? lockdep_init_map_type+0x5c/0x280
[  947.982107][T14670]  ? __pfx_down_read_killable+0x10/0x10
[  947.982144][T14670]  ? debug_mutex_init+0x37/0x70
[  947.982183][T14670]  copy_net_ns+0x2a6/0x5f0
[  947.982235][T14670]  create_new_namespaces+0x3ea/0xad0
[  947.982286][T14670]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  947.982330][T14670]  ksys_unshare+0x45b/0xa40
[  947.982377][T14670]  ? __pfx_ksys_unshare+0x10/0x10
[  947.982421][T14670]  ? xfd_validate_state+0x5d/0x180
[  947.982455][T14670]  ? rcu_is_watching+0x12/0xc0
[  947.982499][T14670]  __x64_sys_unshare+0x31/0x40
[  947.982545][T14670]  do_syscall_64+0xcd/0x230
[  947.982598][T14670]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  947.982632][T14670] RIP: 0033:0x7f8ffcb8e969
[  947.982658][T14670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  947.982692][T14670] RSP: 002b:00007f8ffd94c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  947.982736][T14670] RAX: ffffffffffffffda RBX: 00007f8ffcdb5fa0 RCX: 00007f8ffcb8e969
[  947.982759][T14670] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  947.982778][T14670] RBP: 00007f8ffcc10ab1 R08: 0000000000000000 R09: 0000000000000000
[  947.982797][T14670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  947.982817][T14670] R13: 0000000000000000 R14: 00007f8ffcdb5fa0 R15: 00007ffeb01c4998
[  947.982861][T14670]  </TASK>
[  947.982873][T14670] sysctl could not get directory: /net/ipv4 -12
[  950.979920][T14714] vmstat_refresh: nr_hugetlb -2560
[  953.375668][T12333] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  953.386413][T12333] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  953.394647][T12333] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  953.404551][T12333] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  953.412583][T12333] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  954.571196][T14082] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  954.851413][T14082] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  955.037672][T14082] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  955.148815][T14082] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  955.590898][ T5839] Bluetooth: hci0: command tx timeout
[  956.180243][T14747] chnl_net:caif_netlink_parms(): no params data found
[  956.240442][T14082] bridge_slave_0: left allmulticast mode
[  956.259918][T14082] bridge_slave_0: left promiscuous mode
[  956.294747][T14082] bridge0: port 1(bridge_slave_0) entered disabled state
[  957.651406][ T5839] Bluetooth: hci0: command tx timeout
[  957.957012][T14082] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  957.985504][T14082] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  958.014907][T14082] bond0 (unregistering): Released all slaves
[  958.231377][T14082] HfR: left promiscuous mode
[  958.609177][T14747] bridge0: port 1(bridge_slave_0) entered blocking state
[  958.638073][T14747] bridge0: port 1(bridge_slave_0) entered disabled state
[  958.647109][T14747] bridge_slave_0: entered allmulticast mode
[  958.659825][T14747] bridge_slave_0: entered promiscuous mode
[  958.818694][T14747] bridge0: port 2(bridge_slave_1) entered blocking state
[  958.864702][T14747] bridge0: port 2(bridge_slave_1) entered disabled state
[  958.925004][T14747] bridge_slave_1: entered allmulticast mode
[  958.945919][T14747] bridge_slave_1: entered promiscuous mode
[  959.471774][T14747] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  959.560433][T14747] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  959.731140][ T5839] Bluetooth: hci0: command tx timeout
[  960.416518][T14747] team0: Port device team_slave_0 added
[  960.576562][T14747] team0: Port device team_slave_1 added
[  960.954585][T14844] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  961.092904][T14747] batman_adv: batadv0: Adding interface: batadv_slave_0
[  961.148424][T14747] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  961.294448][T14851] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1577'.
[  961.303773][T14747] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  961.568252][T14747] batman_adv: batadv0: Adding interface: batadv_slave_1
[  961.604656][T14747] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  961.723608][T14747] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  961.770612][T14851] ipvlan1: entered promiscuous mode
[  961.783353][T14851] ipvlan1: entered allmulticast mode
[  961.801390][ T5839] Bluetooth: hci0: command tx timeout
[  961.818349][T14851] veth0_vlan: entered allmulticast mode
[  962.288863][T14747] hsr_slave_0: entered promiscuous mode
[  962.316936][T14867] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1580'.
[  962.340203][T14747] hsr_slave_1: entered promiscuous mode
[  962.966211][T14082] hsr_slave_0: left promiscuous mode
[  963.025531][T14082] hsr_slave_1: left promiscuous mode
[  963.044010][T14082] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  963.065781][T14082] batman_adv: batadv0: Removing interface: batadv_slave_0
[  963.199265][T14082] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  963.249903][T14082] batman_adv: batadv0: Removing interface: batadv_slave_1
[  963.782010][T14082] veth0_macvtap: left promiscuous mode
[  963.787690][T14082] veth1_vlan: left promiscuous mode
[  963.874488][T14082] veth0_vlan: left promiscuous mode
[  966.584618][T14082] team0 (unregistering): Port device team_slave_1 removed
[  966.843344][T14082] team0 (unregistering): Port device team_slave_0 removed
[  969.793295][T14912] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1586'.
[  970.571398][T14747] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  970.592292][T14747] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  970.708500][T14747] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  970.805473][T14747] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  971.627118][T14747] 8021q: adding VLAN 0 to HW filter on device bond0
[  971.854517][T14747] 8021q: adding VLAN 0 to HW filter on device team0
[  971.955015][ T5882] bridge0: port 1(bridge_slave_0) entered blocking state
[  971.962233][ T5882] bridge0: port 1(bridge_slave_0) entered forwarding state
[  972.002463][ T1102] bridge0: port 2(bridge_slave_1) entered blocking state
[  972.009696][ T1102] bridge0: port 2(bridge_slave_1) entered forwarding state
[  973.356893][T14747] 8021q: adding VLAN 0 to HW filter on device batadv0
[  973.763885][T14969] can: request_module (can-proto-3) failed.
[  974.733093][T14747] veth0_vlan: entered promiscuous mode
[  974.794575][T14747] veth1_vlan: entered promiscuous mode
[  974.898795][T14747] veth0_macvtap: entered promiscuous mode
[  974.923474][T14997] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1595'.
[  974.953991][T14747] veth1_macvtap: entered promiscuous mode
[  975.053014][T14747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  975.077742][T14747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  975.119363][T14747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  975.170869][T14747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  975.215868][T14747] batman_adv: batadv0: Interface activated: batadv_slave_0
[  975.301672][T15007] Invalid ELF header magic: != ELF
[  975.373823][T14747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  975.398923][T14747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  975.416961][T14747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  975.526207][T14747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  975.636930][T14747] batman_adv: batadv0: Interface activated: batadv_slave_1
[  975.740373][T14747] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  975.824990][T14747] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  975.904813][T14747] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  975.991067][T14747] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  976.467131][ T7552] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  976.488345][ T7552] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  976.629129][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  976.648433][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  980.773072][T15095] bridge0: port 3(hsr_slave_1) entered blocking state
[  980.827839][T15095] bridge0: port 3(hsr_slave_1) entered disabled state
[  980.882031][T15095] hsr_slave_1: entered allmulticast mode
[  980.927317][T15095] hsr_slave_1: left allmulticast mode
[  981.896891][T15104] FAULT_INJECTION: forcing a failure.
[  981.896891][T15104] name failslab, interval 1, probability 0, space 0, times 0
[  981.935882][T15104] CPU: 1 UID: 0 PID: 15104 Comm: syz.4.1609 Tainted: G     U              6.15.0-rc6-syzkaller-00047-ge9565e23cd89 #0 PREEMPT(full) 
[  981.935936][T15104] Tainted: [U]=USER
[  981.935946][T15104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  981.935965][T15104] Call Trace:
[  981.935975][T15104]  <TASK>
[  981.935987][T15104]  dump_stack_lvl+0x16c/0x1f0
[  981.936039][T15104]  should_fail_ex+0x512/0x640
[  981.936087][T15104]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  981.936123][T15104]  should_failslab+0xc2/0x120
[  981.936165][T15104]  __kmalloc_cache_noprof+0x6a/0x3e0
[  981.936199][T15104]  ? alloc_pipe_info+0x10e/0x590
[  981.936240][T15104]  alloc_pipe_info+0x10e/0x590
[  981.936282][T15104]  splice_direct_to_actor+0x77d/0xa30
[  981.936334][T15104]  ? __pfx_direct_splice_actor+0x10/0x10
[  981.936390][T15104]  ? __pfx_aa_file_perm+0x10/0x10
[  981.936438][T15104]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  981.936485][T15104]  ? get_pid_task+0xfc/0x250
[  981.936542][T15104]  do_splice_direct+0x174/0x240
[  981.936596][T15104]  ? __pfx_do_splice_direct+0x10/0x10
[  981.936645][T15104]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  981.936703][T15104]  ? rw_verify_area+0xcf/0x680
[  981.936756][T15104]  do_sendfile+0xafd/0xe50
[  981.936795][T15104]  ? __pfx_do_sendfile+0x10/0x10
[  981.936827][T15104]  ? __fget_files+0x20e/0x3c0
[  981.936876][T15104]  __x64_sys_sendfile64+0x1d8/0x220
[  981.936915][T15104]  ? ksys_write+0x1b9/0x240
[  981.936948][T15104]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[  981.936986][T15104]  ? rcu_is_watching+0x12/0xc0
[  981.937030][T15104]  do_syscall_64+0xcd/0x230
[  981.937083][T15104]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  981.937117][T15104] RIP: 0033:0x7fb75e38e969
[  981.937142][T15104] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  981.937180][T15104] RSP: 002b:00007fb75f290038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  981.937210][T15104] RAX: ffffffffffffffda RBX: 00007fb75e5b5fa0 RCX: 00007fb75e38e969
[  981.937230][T15104] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003
[  981.937250][T15104] RBP: 00007fb75f290090 R08: 0000000000000000 R09: 0000000000000000
[  981.937269][T15104] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[  981.937288][T15104] R13: 0000000000000000 R14: 00007fb75e5b5fa0 R15: 00007ffe1d9893f8
[  981.937331][T15104]  </TASK>
[  983.298390][T15113] can: request_module (can-proto-3) failed.
[  985.610760][T15145] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1614'.
[  985.964353][T15127] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  985.996110][T15127] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  986.171176][T15127] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  986.177295][T15127] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  986.662119][T15127] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  986.982321][T15127] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  986.988358][T15127] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  987.174779][T15127] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  987.711739][T15171] random: crng reseeded on system resumption
[  987.970900][ T5839] Bluetooth: hci1: command 0x0c1a tx timeout
[  988.040991][ T5839] Bluetooth: hci3: command 0x0c1a tx timeout
[  988.204855][ T5839] Bluetooth: hci4: command 0x0c1a tx timeout
[  989.000937][ T5839] Bluetooth: hci0: command 0x0c1a tx timeout
[  989.440517][T15191] synth uevent: /module/l2tp_ip6: unknown uevent action string
[  990.287275][ T5839] Bluetooth: hci4: command 0x0c1a tx timeout
[  991.130352][ T5839] Bluetooth: hci0: command 0x0c1a tx timeout
[  992.361032][ T5839] Bluetooth: hci4: command 0x0c1a tx timeout
[  993.162015][ T5839] Bluetooth: hci0: command 0x0c1a tx timeout
[  993.266969][T15245] netlink: 346 bytes leftover after parsing attributes in process `syz.4.1625'.
[  994.742058][T15271] FAULT_INJECTION: forcing a failure.
[  994.742058][T15271] name failslab, interval 1, probability 0, space 0, times 0
[  995.058473][T15271] CPU: 1 UID: 0 PID: 15271 Comm: syz.5.1629 Tainted: G     U              6.15.0-rc6-syzkaller-00047-ge9565e23cd89 #0 PREEMPT(full) 
[  995.058513][T15271] Tainted: [U]=USER
[  995.058520][T15271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  995.058534][T15271] Call Trace:
[  995.058541][T15271]  <TASK>
[  995.058550][T15271]  dump_stack_lvl+0x16c/0x1f0
[  995.058588][T15271]  should_fail_ex+0x512/0x640
[  995.058622][T15271]  ? __kmalloc_noprof+0xbf/0x510
[  995.058650][T15271]  ? copy_splice_read+0x1a8/0xba0
[  995.058683][T15271]  should_failslab+0xc2/0x120
[  995.058712][T15271]  __kmalloc_noprof+0xd2/0x510
[  995.058745][T15271]  copy_splice_read+0x1a8/0xba0
[  995.058793][T15271]  ? __pfx_copy_splice_read+0x10/0x10
[  995.058830][T15271]  ? look_up_lock_class+0x59/0x150
[  995.058867][T15271]  ? lockdep_init_map_type+0x5c/0x280
[  995.058902][T15271]  ? __pfx_pipe_lock_cmp_fn+0x10/0x10
[  995.058926][T15271]  ? __pfx_copy_splice_read+0x10/0x10
[  995.058960][T15271]  do_splice_read+0x282/0x370
[  995.058997][T15271]  splice_direct_to_actor+0x2a1/0xa30
[  995.059034][T15271]  ? __pfx_direct_splice_actor+0x10/0x10
[  995.059076][T15271]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  995.059110][T15271]  ? get_pid_task+0xfc/0x250
[  995.059150][T15271]  do_splice_direct+0x174/0x240
[  995.059185][T15271]  ? __pfx_do_splice_direct+0x10/0x10
[  995.059221][T15271]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  995.059260][T15271]  ? rw_verify_area+0xcf/0x680
[  995.059298][T15271]  do_sendfile+0xafd/0xe50
[  995.059324][T15271]  ? __pfx_do_sendfile+0x10/0x10
[  995.059346][T15271]  ? __fget_files+0x20e/0x3c0
[  995.059375][T15271]  __x64_sys_sendfile64+0x1d8/0x220
[  995.059402][T15271]  ? ksys_write+0x1b9/0x240
[  995.059423][T15271]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[  995.059451][T15271]  ? rcu_is_watching+0x12/0xc0
[  995.059481][T15271]  do_syscall_64+0xcd/0x230
[  995.059520][T15271]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  995.059543][T15271] RIP: 0033:0x7f318898e969
[  995.059561][T15271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  995.059584][T15271] RSP: 002b:00007f3189872038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  995.059606][T15271] RAX: ffffffffffffffda RBX: 00007f3188bb5fa0 RCX: 00007f318898e969
[  995.059622][T15271] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003
[  995.059635][T15271] RBP: 00007f3189872090 R08: 0000000000000000 R09: 0000000000000000
[  995.059649][T15271] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[  995.059662][T15271] R13: 0000000000000000 R14: 00007f3188bb5fa0 R15: 00007ffd427d1288
[  995.059691][T15271]  </TASK>
[  998.146578][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  998.152954][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  998.762284][T15326] netlink: 346 bytes leftover after parsing attributes in process `syz.4.1637'.
[  998.871046][T15337] kernel read not supported for file /set_event_notrace_pid (pid: 15337 comm: syz.2.1634)
[  999.446861][   T30] audit: type=1800 audit(6042108293.426:10): pid=15337 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1634" name="set_event_notrace_pid" dev="tracefs" ino=1063 res=0 errno=0
[ 1001.258471][T15335] ubi: mtd0 is already attached to ubi0
[ 1002.104458][T15384] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1645'.
[ 1003.671136][T15405] can: request_module (can-proto-3) failed.
[ 1011.763370][T15500] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1655'.
[ 1014.171735][T15532] random: crng reseeded on system resumption
[ 1020.288897][T15592] FAULT_INJECTION: forcing a failure.
[ 1020.288897][T15592] name failslab, interval 1, probability 0, space 0, times 0
[ 1020.458391][T15592] CPU: 1 UID: 0 PID: 15592 Comm: syz.3.1666 Tainted: G     U              6.15.0-rc6-syzkaller-00047-ge9565e23cd89 #0 PREEMPT(full) 
[ 1020.458447][T15592] Tainted: [U]=USER
[ 1020.458458][T15592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1020.458477][T15592] Call Trace:
[ 1020.458488][T15592]  <TASK>
[ 1020.458500][T15592]  dump_stack_lvl+0x16c/0x1f0
[ 1020.458554][T15592]  should_fail_ex+0x512/0x640
[ 1020.458601][T15592]  ? __kmalloc_noprof+0xbf/0x510
[ 1020.458643][T15592]  ? ops_init+0x77/0x5f0
[ 1020.458681][T15592]  should_failslab+0xc2/0x120
[ 1020.458720][T15592]  __kmalloc_noprof+0xd2/0x510
[ 1020.458757][T15592]  ? __raw_spin_lock_init+0x3a/0x110
[ 1020.458836][T15592]  ops_init+0x77/0x5f0
[ 1020.458884][T15592]  setup_net+0x21e/0x850
[ 1020.458931][T15592]  ? __pfx_setup_net+0x10/0x10
[ 1020.458972][T15592]  ? lockdep_init_map_type+0x5c/0x280
[ 1020.459020][T15592]  ? __pfx_down_read_killable+0x10/0x10
[ 1020.459059][T15592]  ? debug_mutex_init+0x37/0x70
[ 1020.459097][T15592]  copy_net_ns+0x2a6/0x5f0
[ 1020.459158][T15592]  create_new_namespaces+0x3ea/0xad0
[ 1020.459209][T15592]  unshare_nsproxy_namespaces+0xc0/0x1f0
[ 1020.459251][T15592]  ksys_unshare+0x45b/0xa40
[ 1020.459299][T15592]  ? __pfx_ksys_unshare+0x10/0x10
[ 1020.459341][T15592]  ? xfd_validate_state+0x5d/0x180
[ 1020.459376][T15592]  ? rcu_is_watching+0x12/0xc0
[ 1020.459419][T15592]  __x64_sys_unshare+0x31/0x40
[ 1020.459465][T15592]  do_syscall_64+0xcd/0x230
[ 1020.459520][T15592]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1020.459554][T15592] RIP: 0033:0x7fcb6238e969
[ 1020.459582][T15592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1020.459615][T15592] RSP: 002b:00007fcb63291038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[ 1020.459648][T15592] RAX: ffffffffffffffda RBX: 00007fcb625b6080 RCX: 00007fcb6238e969
[ 1020.459670][T15592] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[ 1020.459692][T15592] RBP: 00007fcb62410ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1020.459712][T15592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1020.459732][T15592] R13: 0000000000000000 R14: 00007fcb625b6080 R15: 00007fffae7d4368
[ 1020.459777][T15592]  </TASK>
[ 1021.202487][T15596] netlink: 330 bytes leftover after parsing attributes in process `syz.5.1667'.
[ 1026.607632][T15639] input: jJǸ-���9�%v����l��Q�	J86�� as /devices/virtual/input/input17
[ 1030.328625][T15677] openvswitch: netlink: Tunnel attr 242 out of range max 16
[ 1033.408294][T15705] sctp: [Deprecated]: syz.2.1688 (pid 15705) Use of int in max_burst socket option deprecated.
[ 1033.408294][T15705] Use struct sctp_assoc_value instead
[ 1036.287777][T15738] netlink: 'syz.2.1692': attribute type 2 has an invalid length.
[ 1036.468826][T15738] FAULT_INJECTION: forcing a failure.
[ 1036.468826][T15738] name failslab, interval 1, probability 0, space 0, times 0
[ 1036.636909][T15738] CPU: 0 UID: 0 PID: 15738 Comm: syz.2.1692 Tainted: G     U              6.15.0-rc6-syzkaller-00047-ge9565e23cd89 #0 PREEMPT(full) 
[ 1036.636969][T15738] Tainted: [U]=USER
[ 1036.636981][T15738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1036.637001][T15738] Call Trace:
[ 1036.637012][T15738]  <TASK>
[ 1036.637024][T15738]  dump_stack_lvl+0x16c/0x1f0
[ 1036.637079][T15738]  should_fail_ex+0x512/0x640
[ 1036.637127][T15738]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 1036.637171][T15738]  should_failslab+0xc2/0x120
[ 1036.637216][T15738]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1036.637254][T15738]  ? __proc_create+0xc3/0x8c0
[ 1036.637292][T15738]  ? __proc_create+0x2ce/0x8c0
[ 1036.637337][T15738]  __proc_create+0x2ce/0x8c0
[ 1036.637378][T15738]  ? __pfx___proc_create+0x10/0x10
[ 1036.637425][T15738]  ? _raw_write_unlock+0x28/0x50
[ 1036.637471][T15738]  ? proc_register+0x314/0x5f0
[ 1036.637516][T15738]  proc_create_reg+0x7d/0x180
[ 1036.637572][T15738]  proc_create_seq_private+0x8e/0x1d0
[ 1036.637616][T15738]  ? __pfx_proc_create_seq_private+0x10/0x10
[ 1036.637669][T15738]  ? __pfx_nl_fib_input+0x10/0x10
[ 1036.637716][T15738]  ? __pfx_ip_rt_do_proc_init+0x10/0x10
[ 1036.637760][T15738]  ip_rt_do_proc_init+0xac/0x1b0
[ 1036.637812][T15738]  ops_init+0x1df/0x5f0
[ 1036.637856][T15738]  setup_net+0x21e/0x850
[ 1036.637901][T15738]  ? __pfx_setup_net+0x10/0x10
[ 1036.637942][T15738]  ? lockdep_init_map_type+0x5c/0x280
[ 1036.637984][T15738]  ? __pfx_down_read_killable+0x10/0x10
[ 1036.638020][T15738]  ? debug_mutex_init+0x37/0x70
[ 1036.638052][T15738]  copy_net_ns+0x2a6/0x5f0
[ 1036.638097][T15738]  create_new_namespaces+0x3ea/0xad0
[ 1036.638129][T15738]  unshare_nsproxy_namespaces+0xc0/0x1f0
[ 1036.638156][T15738]  ksys_unshare+0x45b/0xa40
[ 1036.638187][T15738]  ? __pfx_ksys_unshare+0x10/0x10
[ 1036.638234][T15738]  ? xfd_validate_state+0x5d/0x180
[ 1036.638258][T15738]  ? rcu_is_watching+0x12/0xc0
[ 1036.638287][T15738]  __x64_sys_unshare+0x31/0x40
[ 1036.638318][T15738]  do_syscall_64+0xcd/0x230
[ 1036.638355][T15738]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1036.638378][T15738] RIP: 0033:0x7f8ffcb8e969
[ 1036.638396][T15738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1036.638419][T15738] RSP: 002b:00007f8ffd94c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[ 1036.638440][T15738] RAX: ffffffffffffffda RBX: 00007f8ffcdb5fa0 RCX: 00007f8ffcb8e969
[ 1036.638455][T15738] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[ 1036.638469][T15738] RBP: 00007f8ffcc10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1036.638483][T15738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1036.638497][T15738] R13: 0000000000000000 R14: 00007f8ffcdb5fa0 R15: 00007ffeb01c4998
[ 1036.638526][T15738]  </TASK>
[ 1037.727860][T15746] FAULT_INJECTION: forcing a failure.
[ 1037.727860][T15746] name failslab, interval 1, probability 0, space 0, times 0
[ 1037.791850][T15746] CPU: 0 UID: 0 PID: 15746 Comm: syz.5.1694 Tainted: G     U              6.15.0-rc6-syzkaller-00047-ge9565e23cd89 #0 PREEMPT(full) 
[ 1037.791908][T15746] Tainted: [U]=USER
[ 1037.791918][T15746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1037.791938][T15746] Call Trace:
[ 1037.791949][T15746]  <TASK>
[ 1037.791962][T15746]  dump_stack_lvl+0x16c/0x1f0
[ 1037.792014][T15746]  should_fail_ex+0x512/0x640
[ 1037.792059][T15746]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1037.792098][T15746]  should_failslab+0xc2/0x120
[ 1037.792141][T15746]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1037.792174][T15746]  ? _raw_spin_unlock+0x28/0x50
[ 1037.792212][T15746]  ? snd_ctl_open+0x174/0x5e0
[ 1037.792256][T15746]  snd_ctl_open+0x174/0x5e0
[ 1037.792294][T15746]  ? __pfx_snd_ctl_open+0x10/0x10
[ 1037.792330][T15746]  snd_open+0x1fe/0x450
[ 1037.792375][T15746]  ? __pfx_snd_open+0x10/0x10
[ 1037.792416][T15746]  chrdev_open+0x234/0x6a0
[ 1037.792450][T15746]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1037.792494][T15746]  ? __pfx_chrdev_open+0x10/0x10
[ 1037.792534][T15746]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 1037.792601][T15746]  do_dentry_open+0x744/0x1c10
[ 1037.792637][T15746]  ? __pfx_chrdev_open+0x10/0x10
[ 1037.792683][T15746]  vfs_open+0x82/0x3f0
[ 1037.792731][T15746]  path_openat+0x1e5e/0x2d40
[ 1037.792780][T15746]  ? __pfx_path_openat+0x10/0x10
[ 1037.792825][T15746]  do_filp_open+0x20b/0x470
[ 1037.792859][T15746]  ? __pfx_do_filp_open+0x10/0x10
[ 1037.792925][T15746]  ? alloc_fd+0x471/0x7d0
[ 1037.792988][T15746]  do_sys_openat2+0x11b/0x1d0
[ 1037.793034][T15746]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1037.793096][T15746]  __x64_sys_openat+0x174/0x210
[ 1037.793143][T15746]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1037.793193][T15746]  ? rcu_is_watching+0x12/0xc0
[ 1037.793249][T15746]  do_syscall_64+0xcd/0x230
[ 1037.793299][T15746]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1037.793331][T15746] RIP: 0033:0x7f318898e969
[ 1037.793373][T15746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1037.793406][T15746] RSP: 002b:00007f3189872038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1037.793448][T15746] RAX: ffffffffffffffda RBX: 00007f3188bb5fa0 RCX: 00007f318898e969
[ 1037.793468][T15746] RDX: 0000000000002000 RSI: 0000200000000040 RDI: ffffffffffffff9c
[ 1037.793489][T15746] RBP: 00007f3188a10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1037.793507][T15746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1037.793545][T15746] R13: 0000000000000000 R14: 00007f3188bb5fa0 R15: 00007ffd427d1288
[ 1037.793594][T15746]  </TASK>
[ 1040.053391][T15762] openvswitch: netlink: Tunnel attr 242 out of range max 16
[ 1046.043271][T15816] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1707'.
[ 1054.608332][T15864] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1713'.
[ 1059.603103][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[ 1059.609658][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[ 1060.321136][T15920] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[ 1062.511768][   T30] audit: type=1804 audit(6042108356.476:11): pid=15944 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1727" name="/newroot/408/file0" dev="tmpfs" ino=2269 res=1 errno=0
[ 1062.601078][   T30] audit: type=1800 audit(6042108356.526:12): pid=15944 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1727" name="file0" dev="tmpfs" ino=2269 res=0 errno=0
[ 1069.751233][T16025] can: request_module (can-proto-3) failed.
[ 1071.992861][T16037] FAULT_INJECTION: forcing a failure.
[ 1071.992861][T16037] name failslab, interval 1, probability 0, space 0, times 0
[ 1072.130874][T16037] CPU: 0 UID: 0 PID: 16037 Comm: syz.4.1743 Tainted: G     U              6.15.0-rc6-syzkaller-00047-ge9565e23cd89 #0 PREEMPT(full) 
[ 1072.130927][T16037] Tainted: [U]=USER
[ 1072.130937][T16037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1072.130956][T16037] Call Trace:
[ 1072.130966][T16037]  <TASK>
[ 1072.130978][T16037]  dump_stack_lvl+0x16c/0x1f0
[ 1072.131029][T16037]  should_fail_ex+0x512/0x640
[ 1072.131076][T16037]  ? __kvmalloc_node_noprof+0x122/0x600
[ 1072.131116][T16037]  should_failslab+0xc2/0x120
[ 1072.131156][T16037]  __kvmalloc_node_noprof+0x135/0x600
[ 1072.131190][T16037]  ? find_held_lock+0x2b/0x80
[ 1072.131220][T16037]  ? seq_read_iter+0x826/0x12c0
[ 1072.131277][T16037]  ? seq_read_iter+0x826/0x12c0
[ 1072.131320][T16037]  ? aa_file_perm+0x4d6/0xfb0
[ 1072.131363][T16037]  seq_read_iter+0x826/0x12c0
[ 1072.131412][T16037]  ? register_lock_class+0x41/0x4c0
[ 1072.131470][T16037]  seq_read+0x39e/0x4e0
[ 1072.131536][T16037]  ? __pfx_seq_read+0x10/0x10
[ 1072.131583][T16037]  ? get_pid_task+0xfc/0x250
[ 1072.131632][T16037]  ? __mutex_trylock_common+0xe9/0x250
[ 1072.131694][T16037]  ? rw_verify_area+0xcf/0x680
[ 1072.131742][T16037]  ? __pfx_seq_read+0x10/0x10
[ 1072.131800][T16037]  vfs_read+0x1e1/0xc70
[ 1072.131839][T16037]  ? __pfx___mutex_lock+0x10/0x10
[ 1072.131889][T16037]  ? __pfx_vfs_read+0x10/0x10
[ 1072.131944][T16037]  ? __fget_files+0x20e/0x3c0
[ 1072.131986][T16037]  ksys_read+0x12a/0x240
[ 1072.132016][T16037]  ? __pfx_ksys_read+0x10/0x10
[ 1072.132043][T16037]  ? rcu_is_watching+0x12/0xc0
[ 1072.132086][T16037]  do_syscall_64+0xcd/0x230
[ 1072.132136][T16037]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1072.132167][T16037] RIP: 0033:0x7fb75e38e969
[ 1072.132191][T16037] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1072.132222][T16037] RSP: 002b:00007fb75f26f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1072.132251][T16037] RAX: ffffffffffffffda RBX: 00007fb75e5b6080 RCX: 00007fb75e38e969
[ 1072.132271][T16037] RDX: 00000000000000e4 RSI: 0000200000000040 RDI: 0000000000000002
[ 1072.132291][T16037] RBP: 00007fb75f26f090 R08: 0000000000000000 R09: 0000000000000000
[ 1072.132310][T16037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1072.132329][T16037] R13: 0000000000000000 R14: 00007fb75e5b6080 R15: 00007ffe1d9893f8
[ 1072.132371][T16037]  </TASK>
[ 1079.351522][T16071] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[ 1082.322960][T16101] FAULT_INJECTION: forcing a failure.
[ 1082.322960][T16101] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1082.380120][T16101] CPU: 1 UID: 0 PID: 16101 Comm: syz.4.1754 Tainted: G     U              6.15.0-rc6-syzkaller-00047-ge9565e23cd89 #0 PREEMPT(full) 
[ 1082.380158][T16101] Tainted: [U]=USER
[ 1082.380165][T16101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1082.380179][T16101] Call Trace:
[ 1082.380186][T16101]  <TASK>
[ 1082.380195][T16101]  dump_stack_lvl+0x16c/0x1f0
[ 1082.380235][T16101]  should_fail_ex+0x512/0x640
[ 1082.380274][T16101]  _copy_to_iter+0x477/0x15a0
[ 1082.380318][T16101]  ? __pfx__copy_to_iter+0x10/0x10
[ 1082.380353][T16101]  ? proc_pid_ksm_stat+0x201/0x2c0
[ 1082.380389][T16101]  ? mmput+0x49/0x70
[ 1082.380416][T16101]  ? proc_pid_ksm_stat+0x20e/0x2c0
[ 1082.380452][T16101]  seq_read_iter+0xcf8/0x12c0
[ 1082.380500][T16101]  seq_read+0x39e/0x4e0
[ 1082.380534][T16101]  ? __pfx_seq_read+0x10/0x10
[ 1082.380567][T16101]  ? get_pid_task+0xfc/0x250
[ 1082.380609][T16101]  ? __mutex_trylock_common+0xe9/0x250
[ 1082.380652][T16101]  ? rw_verify_area+0xcf/0x680
[ 1082.380686][T16101]  ? __pfx_seq_read+0x10/0x10
[ 1082.380721][T16101]  vfs_read+0x1e1/0xc70
[ 1082.380753][T16101]  ? __pfx___mutex_lock+0x10/0x10
[ 1082.380803][T16101]  ? __pfx_vfs_read+0x10/0x10
[ 1082.380843][T16101]  ? __fget_files+0x20e/0x3c0
[ 1082.380873][T16101]  ksys_read+0x12a/0x240
[ 1082.380895][T16101]  ? __pfx_ksys_read+0x10/0x10
[ 1082.380916][T16101]  ? rcu_is_watching+0x12/0xc0
[ 1082.380946][T16101]  do_syscall_64+0xcd/0x230
[ 1082.380982][T16101]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1082.381005][T16101] RIP: 0033:0x7fb75e38e969
[ 1082.381023][T16101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1082.381045][T16101] RSP: 002b:00007fb75f26f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1082.381066][T16101] RAX: ffffffffffffffda RBX: 00007fb75e5b6080 RCX: 00007fb75e38e969
[ 1082.381081][T16101] RDX: 00000000000000e4 RSI: 0000200000000040 RDI: 0000000000000002
[ 1082.381096][T16101] RBP: 00007fb75f26f090 R08: 0000000000000000 R09: 0000000000000000
[ 1082.381109][T16101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1082.381123][T16101] R13: 0000000000000000 R14: 00007fb75e5b6080 R15: 00007ffe1d9893f8
[ 1082.381153][T16101]  </TASK>
[ 1085.517371][T16131] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1761'.
[ 1085.663562][T16134] can: request_module (can-proto-3) failed.
[ 1088.839706][T16163] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4)
[ 1094.893023][T16207] openvswitch: netlink: Tunnel attr 242 out of range max 16
[ 1095.809442][T16216] ==================================================================
[ 1095.817547][T16216] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0
[ 1095.825306][T16216] Read of size 8 at addr ffff888029c9ae18 by task syz.3.1778/16216
[ 1095.833200][T16216] 
[ 1095.835524][T16216] CPU: 1 UID: 0 PID: 16216 Comm: syz.3.1778 Tainted: G     U              6.15.0-rc6-syzkaller-00047-ge9565e23cd89 #0 PREEMPT(full) 
[ 1095.835557][T16216] Tainted: [U]=USER
[ 1095.835563][T16216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1095.835576][T16216] Call Trace:
[ 1095.835583][T16216]  <TASK>
[ 1095.835592][T16216]  dump_stack_lvl+0x116/0x1f0
[ 1095.835652][T16216]  print_report+0xc3/0x670
[ 1095.835678][T16216]  ? __virt_addr_valid+0x5e/0x590
[ 1095.835706][T16216]  ? __phys_addr+0xc6/0x150
[ 1095.835735][T16216]  ? dvb_device_open+0x36a/0x3b0
[ 1095.835767][T16216]  kasan_report+0xe0/0x110
[ 1095.835793][T16216]  ? dvb_device_open+0x36a/0x3b0
[ 1095.835826][T16216]  ? __pfx_dvb_device_open+0x10/0x10
[ 1095.835857][T16216]  dvb_device_open+0x36a/0x3b0
[ 1095.835888][T16216]  ? __pfx_dvb_device_open+0x10/0x10
[ 1095.835919][T16216]  chrdev_open+0x234/0x6a0
[ 1095.835942][T16216]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1095.835972][T16216]  ? __pfx_chrdev_open+0x10/0x10
[ 1095.835996][T16216]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 1095.836052][T16216]  do_dentry_open+0x744/0x1c10
[ 1095.836076][T16216]  ? __pfx_chrdev_open+0x10/0x10
[ 1095.836104][T16216]  vfs_open+0x82/0x3f0
[ 1095.836135][T16216]  path_openat+0x1e5e/0x2d40
[ 1095.836162][T16216]  ? __pfx_path_openat+0x10/0x10
[ 1095.836188][T16216]  do_filp_open+0x20b/0x470
[ 1095.836210][T16216]  ? __pfx_do_filp_open+0x10/0x10
[ 1095.836242][T16216]  ? alloc_fd+0x471/0x7d0
[ 1095.836281][T16216]  do_sys_openat2+0x11b/0x1d0
[ 1095.836312][T16216]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1095.836342][T16216]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1095.836410][T16216]  __x64_sys_openat+0x174/0x210
[ 1095.836444][T16216]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1095.836478][T16216]  ? rcu_is_watching+0x12/0xc0
[ 1095.836504][T16216]  do_syscall_64+0xcd/0x230
[ 1095.836541][T16216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1095.836565][T16216] RIP: 0033:0x7fcb6238e969
[ 1095.836585][T16216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1095.836608][T16216] RSP: 002b:00007fcb63291038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1095.836637][T16216] RAX: ffffffffffffffda RBX: 00007fcb625b6080 RCX: 00007fcb6238e969
[ 1095.836653][T16216] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1095.836669][T16216] RBP: 00007fcb62410ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1095.836683][T16216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1095.836697][T16216] R13: 0000000000000000 R14: 00007fcb625b6080 R15: 00007fffae7d4368
[ 1095.836720][T16216]  </TASK>
[ 1095.836728][T16216] 
[ 1096.095515][T16216] Allocated by task 1:
[ 1096.099601][T16216]  kasan_save_stack+0x33/0x60
[ 1096.104321][T16216]  kasan_save_track+0x14/0x30
[ 1096.109026][T16216]  __kasan_kmalloc+0xaa/0xb0
[ 1096.113638][T16216]  dvb_register_device+0x1e4/0x2370
[ 1096.118872][T16216]  dvb_register_frontend+0x5a6/0x880
[ 1096.124199][T16216]  vidtv_bridge_probe+0x459/0xa90
[ 1096.129255][T16216]  platform_probe+0xff/0x1f0
[ 1096.133859][T16216]  really_probe+0x241/0xa90
[ 1096.138391][T16216]  __driver_probe_device+0x1de/0x440
[ 1096.143701][T16216]  driver_probe_device+0x4c/0x1b0
[ 1096.148746][T16216]  __driver_attach+0x283/0x580
[ 1096.153532][T16216]  bus_for_each_dev+0x13e/0x1d0
[ 1096.158416][T16216]  bus_add_driver+0x2e9/0x690
[ 1096.163111][T16216]  driver_register+0x15c/0x4b0
[ 1096.167901][T16216]  vidtv_bridge_init+0x45/0x80
[ 1096.172779][T16216]  do_one_initcall+0x120/0x6e0
[ 1096.177573][T16216]  kernel_init_freeable+0x5c2/0x900
[ 1096.182820][T16216]  kernel_init+0x1c/0x2b0
[ 1096.187167][T16216]  ret_from_fork+0x48/0x80
[ 1096.191608][T16216]  ret_from_fork_asm+0x1a/0x30
[ 1096.196402][T16216] 
[ 1096.198734][T16216] Freed by task 16163:
[ 1096.202829][T16216]  kasan_save_stack+0x33/0x60
[ 1096.207537][T16216]  kasan_save_track+0x14/0x30
[ 1096.212230][T16216]  kasan_save_free_info+0x3b/0x60
[ 1096.217288][T16216]  __kasan_slab_free+0x51/0x70
[ 1096.222081][T16216]  kfree+0x2b6/0x4d0
[ 1096.226019][T16216]  dvb_device_put.part.0+0x60/0x90
[ 1096.231162][T16216]  dvb_device_open+0x2a4/0x3b0
[ 1096.235954][T16216]  chrdev_open+0x234/0x6a0
[ 1096.240398][T16216]  do_dentry_open+0x744/0x1c10
[ 1096.245195][T16216]  vfs_open+0x82/0x3f0
[ 1096.249290][T16216]  path_openat+0x1e5e/0x2d40
[ 1096.253904][T16216]  do_filp_open+0x20b/0x470
[ 1096.258432][T16216]  do_sys_openat2+0x11b/0x1d0
[ 1096.263139][T16216]  __x64_sys_openat+0x174/0x210
[ 1096.268024][T16216]  do_syscall_64+0xcd/0x230
[ 1096.272559][T16216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1096.278474][T16216] 
[ 1096.280808][T16216] The buggy address belongs to the object at ffff888029c9ae00
[ 1096.280808][T16216]  which belongs to the cache kmalloc-256 of size 256
[ 1096.294880][T16216] The buggy address is located 24 bytes inside of
[ 1096.294880][T16216]  freed 256-byte region [ffff888029c9ae00, ffff888029c9af00)
[ 1096.308605][T16216] 
[ 1096.310945][T16216] The buggy address belongs to the physical page:
[ 1096.317371][T16216] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29c9a
[ 1096.326322][T16216] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1096.334839][T16216] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1096.342407][T16216] page_type: f5(slab)
[ 1096.346404][T16216] raw: 00fff00000000040 ffff88801b441b40 dead000000000122 0000000000000000
[ 1096.355015][T16216] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 1096.363631][T16216] head: 00fff00000000040 ffff88801b441b40 dead000000000122 0000000000000000
[ 1096.372323][T16216] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 1096.381045][T16216] head: 00fff00000000001 ffffea0000a72681 00000000ffffffff 00000000ffffffff
[ 1096.389742][T16216] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 1096.398425][T16216] page dumped because: kasan: bad access detected
[ 1096.404850][T16216] page_owner tracks the page as allocated
[ 1096.410586][T16216] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 24962374776, free_ts 0
[ 1096.430327][T16216]  post_alloc_hook+0x181/0x1b0
[ 1096.435129][T16216]  get_page_from_freelist+0x135c/0x3920
[ 1096.440712][T16216]  __alloc_frozen_pages_noprof+0x263/0x23a0
[ 1096.446643][T16216]  alloc_pages_mpol+0x1fb/0x550
[ 1096.451529][T16216]  new_slab+0x244/0x340
[ 1096.455711][T16216]  ___slab_alloc+0xd9c/0x1940
[ 1096.460405][T16216]  __slab_alloc.constprop.0+0x56/0xb0
[ 1096.465804][T16216]  __kmalloc_cache_noprof+0xfb/0x3e0
[ 1096.471106][T16216]  bus_add_driver+0x92/0x690
[ 1096.475710][T16216]  driver_register+0x15c/0x4b0
[ 1096.480505][T16216]  usb_register_driver+0x216/0x4d0
[ 1096.485647][T16216]  do_one_initcall+0x120/0x6e0
[ 1096.490443][T16216]  kernel_init_freeable+0x5c2/0x900
[ 1096.495672][T16216]  kernel_init+0x1c/0x2b0
[ 1096.500021][T16216]  ret_from_fork+0x48/0x80
[ 1096.504455][T16216]  ret_from_fork_asm+0x1a/0x30
[ 1096.509247][T16216] page_owner free stack trace missing
[ 1096.514626][T16216] 
[ 1096.516963][T16216] Memory state around the buggy address:
[ 1096.522703][T16216]  ffff888029c9ad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1096.530789][T16216]  ffff888029c9ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1096.538876][T16216] >ffff888029c9ae00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1096.546947][T16216]                             ^
[ 1096.551805][T16216]  ffff888029c9ae80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1096.559878][T16216]  ffff888029c9af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1096.567948][T16216] ==================================================================
[ 1096.871684][T16216] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1096.878916][T16216] CPU: 1 UID: 0 PID: 16216 Comm: syz.3.1778 Tainted: G     U              6.15.0-rc6-syzkaller-00047-ge9565e23cd89 #0 PREEMPT(full) 
[ 1096.892558][T16216] Tainted: [U]=USER
[ 1096.896364][T16216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1096.906430][T16216] Call Trace:
[ 1096.909710][T16216]  <TASK>
[ 1096.912645][T16216]  dump_stack_lvl+0x3d/0x1f0
[ 1096.917268][T16216]  panic+0x71c/0x800
[ 1096.921218][T16216]  ? __pfx_panic+0x10/0x10
[ 1096.925690][T16216]  ? mark_held_locks+0x49/0x80
[ 1096.930514][T16216]  ? preempt_schedule_thunk+0x16/0x30
[ 1096.935964][T16216]  ? dvb_device_open+0x36a/0x3b0
[ 1096.940986][T16216]  ? preempt_schedule_common+0x44/0xc0
[ 1096.946522][T16216]  ? dvb_device_open+0x36a/0x3b0
[ 1096.951524][T16216]  check_panic_on_warn+0xab/0xb0
[ 1096.956523][T16216]  end_report+0x107/0x170
[ 1096.960915][T16216]  kasan_report+0xee/0x110
[ 1096.965382][T16216]  ? dvb_device_open+0x36a/0x3b0
[ 1096.970361][T16216]  ? __pfx_dvb_device_open+0x10/0x10
[ 1096.975679][T16216]  dvb_device_open+0x36a/0x3b0
[ 1096.980477][T16216]  ? __pfx_dvb_device_open+0x10/0x10
[ 1096.985801][T16216]  chrdev_open+0x234/0x6a0
[ 1096.990244][T16216]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1096.995828][T16216]  ? __pfx_chrdev_open+0x10/0x10
[ 1097.000788][T16216]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 1097.007587][T16216]  do_dentry_open+0x744/0x1c10
[ 1097.012372][T16216]  ? __pfx_chrdev_open+0x10/0x10
[ 1097.017333][T16216]  vfs_open+0x82/0x3f0
[ 1097.021440][T16216]  path_openat+0x1e5e/0x2d40
[ 1097.026060][T16216]  ? __pfx_path_openat+0x10/0x10
[ 1097.031025][T16216]  do_filp_open+0x20b/0x470
[ 1097.035556][T16216]  ? __pfx_do_filp_open+0x10/0x10
[ 1097.040616][T16216]  ? alloc_fd+0x471/0x7d0
[ 1097.044985][T16216]  do_sys_openat2+0x11b/0x1d0
[ 1097.049694][T16216]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1097.054915][T16216]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1097.060171][T16216]  __x64_sys_openat+0x174/0x210
[ 1097.065055][T16216]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1097.070511][T16216]  ? rcu_is_watching+0x12/0xc0
[ 1097.075306][T16216]  do_syscall_64+0xcd/0x230
[ 1097.079862][T16216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1097.085779][T16216] RIP: 0033:0x7fcb6238e969
[ 1097.090270][T16216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1097.109915][T16216] RSP: 002b:00007fcb63291038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1097.118349][T16216] RAX: ffffffffffffffda RBX: 00007fcb625b6080 RCX: 00007fcb6238e969
[ 1097.126333][T16216] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1097.134321][T16216] RBP: 00007fcb62410ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1097.142310][T16216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1097.150305][T16216] R13: 0000000000000000 R14: 00007fcb625b6080 R15: 00007fffae7d4368
[ 1097.158305][T16216]  </TASK>
[ 1097.161700][T16216] Kernel Offset: disabled
[ 1097.166038][T16216] Rebooting in 86400 seconds..