last executing test programs: 6m31.902022447s ago: executing program 3 (id=2311): mmap$auto(0x0, 0x800400007, 0x65d, 0xffff, 0xffffffffffffffff, 0x20000000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ram6\x00', 0xc6fc1, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000b80), r0) sendmsg$auto_IOAM6_CMD_DEL_SCHEMA(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000bc0)={0x14, r1, 0x4, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x404c000}, 0x40040) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x1e, 0x4, 0x0) r3 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r3, 0x10f, 0x87, 0x0, 0x14) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000009c0)='/proc/self/net/icmp6\x00', 0x8000, 0x0) read$auto_proc_reg_file_ops_compat_inode(r4, 0x0, 0x0) ioctl$auto(r2, 0x2, 0x6) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) close_range$auto(0x2, 0x8, 0x0) r5 = epoll_create$auto(0x5) fremovexattr$auto(r5, &(0x7f0000000000)='&\x00') mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) r6 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) ioctl$auto_IMDELTIMER(r6, 0x80044941, 0x0) read$auto_v4l2_fops_v4l2_dev(r5, &(0x7f0000000280)=""/54, 0x36) close_range$auto(0x2, 0x8000, 0x0) socket(0xa, 0x2, 0x88) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000003fc0)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x20a02, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0xbff) 6m31.740796467s ago: executing program 3 (id=2312): mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/loop6/queue/rq_affinity\x00', 0x121281, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/pci0000:00/waiting_for_supplier\x00', 0x80800, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/workqueue/nvme-delete-wq/affinity_strict\x00', 0x183042, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000200)='5', 0x1) set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21) socket(0xf, 0x5, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) msgctl$auto_IPC_RMID(0x4, 0x0, &(0x7f0000000240)={{0x0, 0xffffffffffffffff, 0xee00, 0x9, 0x5, 0x8, 0x5}, &(0x7f00000001c0)=0x6, &(0x7f0000000200)=0x1, 0x1, 0xfff, 0x0, 0x7, 0x9, 0x4, 0x9, 0xf}) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004) openat$auto_msft_opcode_fops_(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/bluetooth/hci2/msft_opcode\x00', 0x2, 0x0) socket(0x2, 0x801, 0x100) connect$auto(0x3, &(0x7f00000000c0), 0x55) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) recvmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x2, &(0x7f0000000140)={0x0, 0x4d7}, 0x6, 0x0, 0x8, 0x10007fe}, 0x1000}, 0xffffffff, 0x4, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) unshare$auto(0x40000080) 6m30.73814922s ago: executing program 3 (id=2317): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x3, 0x0, 0x100082) read$auto(0x3, 0x0, 0x7fffffff) (fail_nth: 8) 6m30.336067453s ago: executing program 3 (id=2321): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2, 0x2000de, 0x15, 0x7, 0x28000) write$auto(0xffffffffffffffff, 0x0, 0x7) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptye1\x00', 0x2ee1e39530bbadee, 0x0) ioctl$auto_BLKTRACESETUP32(r0, 0xc0401273, &(0x7f0000000180)={"c211a8ee299b2bc0cc565c842ea324838444c1db480dded45fffeade9720d6fb", 0xffff, 0x6, 0xf03, 0x9, 0x1, 0x0}) time$auto(0x0) prctl$auto_PR_SCHED_CORE_CREATE(0x7fffffff, 0x1, r1, 0x7, 0x8) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/user_reserve_kbytes\x00', 0x103142, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/sctp/udp_port\x00', 0x202, 0x0) sendfile$auto(r3, r2, 0x0, 0x6) prctl$auto(0x23, 0x0, 0x7fffffffefff, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r4 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, 0x0, 0x2081, 0x0) ioctl$auto_USB_RAW_IOCTL_EP_WRITE(r4, 0x40085507, &(0x7f0000000080)={0x1, 0x3, 0x9}) r5 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/input/event2\x00', 0x20881, 0x0) write$auto(r5, &(0x7f0000000040)='/dev/input/event1\x00', 0x10001) 6m29.545009884s ago: executing program 3 (id=2322): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) setresgid$auto(0x81, 0x800000a0, 0x8) socket(0x2, 0x2, 0x1) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) keyctl$auto(0x4, 0xfffffffe, 0xffffffffffffffff, 0xffffffffffffffff, 0x8000000e) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) 6m29.148448536s ago: executing program 3 (id=2326): keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) (async) shmctl$auto_IPC_INFO(0x7, 0x3, &(0x7f0000000100)={{0x4, 0xffffffffffffffff, 0xee01, 0xfff7fff9, 0x7, 0x7, 0x7}, 0x4, 0x9, 0x1, 0x1, @inferred, @raw=0xfffffffc, 0x800, 0x0, 0x0, 0x0}) keyctl$auto(0xb, 0xffffffffffffffff, 0x6, r0, 0x7a) (async) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/net/raw\x00', 0x60080, 0x0) pread64$auto(r1, 0x0, 0x8, 0xffff) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0x400000000e31, 0xffffffffffffffff, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) r2 = io_uring_setup$auto(0x6, 0x0) (async) openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000280)='/dev/etherd/discover\x00', 0x541, 0x0) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x141143, 0x0) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async) close_range$auto(0x2, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) (async) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) (async) ioctl$auto(0x3, 0x400454ca, 0x38) (async) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_IPVS_CMD_GET_SERVICE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x14, 0x0, 0x4, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4004080}, 0x0) recvmmsg$auto(r4, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) (async) write$auto(0x3, 0x0, 0xfdf3) (async) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto_KVM_GET_MSRS(r3, 0x4068aea3, &(0x7f0000000080)={0xc0}) (async) r6 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000000), 0x880183, 0x0) ioctl$auto_USB_RAW_IOCTL_EP0_READ(r6, 0xc0085504, &(0x7f0000000040)={0x6, 0x0, 0x8001}) (async) quotactl_fd$auto(r2, 0x7fffffff, 0x0, 0x0) 6m13.604447749s ago: executing program 32 (id=2326): keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) (async) shmctl$auto_IPC_INFO(0x7, 0x3, &(0x7f0000000100)={{0x4, 0xffffffffffffffff, 0xee01, 0xfff7fff9, 0x7, 0x7, 0x7}, 0x4, 0x9, 0x1, 0x1, @inferred, @raw=0xfffffffc, 0x800, 0x0, 0x0, 0x0}) keyctl$auto(0xb, 0xffffffffffffffff, 0x6, r0, 0x7a) (async) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/net/raw\x00', 0x60080, 0x0) pread64$auto(r1, 0x0, 0x8, 0xffff) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0x400000000e31, 0xffffffffffffffff, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) r2 = io_uring_setup$auto(0x6, 0x0) (async) openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000280)='/dev/etherd/discover\x00', 0x541, 0x0) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x141143, 0x0) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async) close_range$auto(0x2, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) (async) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) (async) ioctl$auto(0x3, 0x400454ca, 0x38) (async) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_IPVS_CMD_GET_SERVICE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x14, 0x0, 0x4, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4004080}, 0x0) recvmmsg$auto(r4, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) (async) write$auto(0x3, 0x0, 0xfdf3) (async) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto_KVM_GET_MSRS(r3, 0x4068aea3, &(0x7f0000000080)={0xc0}) (async) r6 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000000), 0x880183, 0x0) ioctl$auto_USB_RAW_IOCTL_EP0_READ(r6, 0xc0085504, &(0x7f0000000040)={0x6, 0x0, 0x8001}) (async) quotactl_fd$auto(r2, 0x7fffffff, 0x0, 0x0) 3m32.762673338s ago: executing program 4 (id=3065): openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x20400, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000003fc0)='/dev/bus/usb/016/001\x00', 0x84440, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) write$auto(0xca, &(0x7f0000000180)='\x04>2\v\x00\x00\tO\xfdf\xb4\xad\x95\x03\xd66\xca\x96\x18a\x80\xea\xf4\xffo', 0x7e) r0 = waitid$auto_P_ALL(0x0, 0x7, &(0x7f0000000140)={@_si_pad}, 0x4, &(0x7f00000001c0)={{0x5, 0x24}, {0xffffffff}, 0xff, 0x2, 0x2, 0x4, 0x7, 0x101, 0x76, 0x1ff, 0x10000, 0x7, 0x9, 0x7, 0x2, 0x2}) r1 = prctl$auto(0x4, 0x9e9e, r0, 0x4000000d, 0x10100) mmap$auto(0x3, 0x7, 0x7, 0x9b76, 0xffffffffffffffff, 0x3) futex$auto(&(0x7f00000023c0)=0xf6, 0x3, 0x12, 0x0, &(0x7f0000002440)=0x7, 0x71a8dce0) mmap$auto(0x0, 0x5, 0x4000000040e2, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket(0x1e, 0x1, 0x0) bind$auto(r2, &(0x7f0000000040)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x43, 0x3, 0x1}}, 0x66) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x15, 0x3, 0x8000) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/interrupts\x00', 0x18b202, 0x0) pread64$auto(r5, 0x0, 0x400100000001, 0x1ff) read$auto_fuse_dev_operations_fuse_i(r4, &(0x7f00000004c0)=""/192, 0xc0) kexec_load$auto(0x401, 0xf, &(0x7f0000000480)={@buf=&(0x7f0000000400), 0x8000000000000001, 0x8, 0x6}, 0x2) r6 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000580)='/dev/mtd0\x00', 0x1, 0x0) ioctl$auto_MEMERASE64(r6, 0x40104d14, &(0x7f0000000100)={0x4, 0x4}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xffffffffffffff6a, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4000009}, 0x24004880) r7 = socket(0x10, 0x2, 0x0) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r3, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000380)=ANY=[@ANYRES64=r1, @ANYRESHEX=r0, @ANYRESDEC=r7, @ANYRESOCT=r4, @ANYRES32=r4, @ANYRES16=0x0], 0x1c}}, 0x20044880) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=':'], 0x1ac}}, 0x40000) sendmmsg$auto(r7, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0) read$auto(0x3, 0x0, 0xf34) 3m30.637341795s ago: executing program 4 (id=3074): mmap$auto(0x0, 0x8000, 0x3, 0xeb1, 0xfffffffffffffffa, 0x10000000008000) mmap$auto(0x0, 0x20009, 0x50e3, 0x9b7d, 0x401, 0x8000) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/sctp/assocs\x00', 0x80, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000000)={{0x0, 0x8000003, 0x0, 0x7, 0x0, 0x7, 0x201d55}, 0x2}, 0x800, 0x80000000) r1 = socket(0xa, 0x5, 0x84) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x30, r3, 0x1b, 0x74bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f1779048590828848"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) r4 = gettid() close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x1, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710, @host}, 0x55) listen$auto(0x3, 0x81) accept$auto(0x3, 0xffffffffffffffff, 0xffffffffffffffff) kill$auto(r4, 0x11) sendto$auto(r1, 0x0, 0x401, 0x6358c0, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) pread64$auto(r0, 0x0, 0x7, 0xffff) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x10, &(0x7f0000000000)={0x0, 0x10}, 0x2, 0x0, 0xe, 0x4}, 0x8}, 0x200, 0xb07e) r5 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r6 = open(0x0, 0x22240, 0x119) r7 = socket(0x2, 0x80802, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) setsockopt$auto(r7, 0x11, 0x67, 0x0, 0x8) move_mount$auto(r6, &(0x7f0000000040)='./file0\x00', r5, &(0x7f00000000c0)='./file0\x00', 0x100) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 3m30.374418046s ago: executing program 4 (id=3075): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x101002, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x1a1d02, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_STATUS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x14, r1, 0x1, 0x70bd2b, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x8d4) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x622340, 0x0) openat$auto_fuse_conn_congestion_threshold_ops_control(0xffffffffffffff9c, 0x0, 0x20040, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) memfd_secret$auto(0x0) socket(0xa, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_PSAMPLE_CMD_GET_GROUP(r2, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x14, 0x0, 0x200, 0x70bd2d, 0x25dfdbfd, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20008001}, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x8800, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), r3) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES16=r4, @ANYBLOB="01002abd7000fbdbdf25040000002d0011002f50136a450cf972f5a3d28479f92a9b221ca46c2d19fda4f47902c296fa844c12cd83f712d3c41e5d00000010001a80080001008703000004000480bf8329c2fcc76c995453541c97171b17c0b53c50cdf96f6dcd8fbceaf845880d923172c5de38a1dbe6779bfa3030"], 0x54}, 0x1, 0x0, 0x0, 0x4008040}, 0x40800) sendmsg$auto_ETHTOOL_MSG_FEC_SET(0xffffffffffffffff, 0x0, 0x20004000) unshare$auto(0x40000080) r5 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x8100, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r5, 0xc0045516, 0x0) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x80000, 0x2020009, 0x9, 0xeb4, 0xfffffffffffffffa, 0x2000ed) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) 3m28.190372939s ago: executing program 4 (id=3087): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x101002, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x1a1d02, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_STATUS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x14, r1, 0x1, 0x70bd2b, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x8d4) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x622340, 0x0) openat$auto_fuse_conn_congestion_threshold_ops_control(0xffffffffffffff9c, 0x0, 0x20040, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) memfd_secret$auto(0x0) socket(0xa, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_PSAMPLE_CMD_GET_GROUP(r2, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x14, 0x0, 0x200, 0x70bd2d, 0x25dfdbfd, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20008001}, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x8800, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), r3) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000100)=ANY=[@ANYBLOB='T\x00', @ANYRES16=r4, @ANYBLOB="01002abd7000fbdbdf25040000002d0011002f50136a450cf972f5a3d28479f92a9b221ca46c2d19fda4f47902c296fa844c12cd83f712d3c41e5d00000010001a80080001008703000004000480bf8329c2fcc76c995453541c97171b17c0b53c50cdf96f6dcd8fbceaf845880d923172c5de38a1dbe6779bfa3030"], 0x54}, 0x1, 0x0, 0x0, 0x4008040}, 0x40800) sendmsg$auto_ETHTOOL_MSG_FEC_SET(0xffffffffffffffff, 0x0, 0x20004000) unshare$auto(0x40000080) r5 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x8100, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r5, 0xc0045516, 0x0) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x80000, 0x2020009, 0x9, 0xeb4, 0xfffffffffffffffa, 0x2000ed) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) 3m26.549438739s ago: executing program 4 (id=3092): mmap$auto(0x0, 0x2020009, 0x7ff, 0x11, 0xfffffffffffffffa, 0x7fff) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_VHOST_SET_VRING_CALL(r0, 0x4008af21, 0x0) ioctl$auto_PPPIOCSNPMODE(r0, 0x4008744b, &(0x7f0000000000)={0x10000, 0x3}) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x6, 0x0, 0x0, 0xffffffd6) tkill$auto(0x1, 0x7) 3m26.018247424s ago: executing program 4 (id=3095): mmap$auto(0x0, 0x8000, 0x3, 0xeb1, 0xfffffffffffffffa, 0x10000000008000) mmap$auto(0x0, 0x20009, 0x50e3, 0x9b7d, 0x401, 0x8000) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/sctp/assocs\x00', 0x80, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000000)={{0x0, 0x8000003, 0x0, 0x7, 0x0, 0x7, 0x201d55}, 0x2}, 0x800, 0x80000000) r1 = socket(0xa, 0x5, 0x84) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x34, r3, 0x1b, 0x74bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x4}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f1779048590828848"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) r4 = gettid() close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x1, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710, @host}, 0x55) listen$auto(0x3, 0x81) accept$auto(0x3, 0xffffffffffffffff, 0xffffffffffffffff) kill$auto(r4, 0x11) sendto$auto(r1, 0x0, 0x401, 0x6358c0, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) pread64$auto(r0, 0x0, 0x7, 0xffff) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x10, &(0x7f0000000000)={0x0, 0x10}, 0x2, 0x0, 0xe, 0x4}, 0x8}, 0x200, 0xb07e) r5 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r6 = open(0x0, 0x22240, 0x119) r7 = socket(0x2, 0x80802, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) setsockopt$auto(r7, 0x11, 0x67, 0x0, 0x8) move_mount$auto(r6, &(0x7f0000000040)='./file0\x00', r5, &(0x7f00000000c0)='./file0\x00', 0x100) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 3m24.945377165s ago: executing program 33 (id=3095): mmap$auto(0x0, 0x8000, 0x3, 0xeb1, 0xfffffffffffffffa, 0x10000000008000) mmap$auto(0x0, 0x20009, 0x50e3, 0x9b7d, 0x401, 0x8000) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/sctp/assocs\x00', 0x80, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000000)={{0x0, 0x8000003, 0x0, 0x7, 0x0, 0x7, 0x201d55}, 0x2}, 0x800, 0x80000000) r1 = socket(0xa, 0x5, 0x84) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x34, r3, 0x1b, 0x74bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x4}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f1779048590828848"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) r4 = gettid() close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x1, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710, @host}, 0x55) listen$auto(0x3, 0x81) accept$auto(0x3, 0xffffffffffffffff, 0xffffffffffffffff) kill$auto(r4, 0x11) sendto$auto(r1, 0x0, 0x401, 0x6358c0, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) pread64$auto(r0, 0x0, 0x7, 0xffff) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x10, &(0x7f0000000000)={0x0, 0x10}, 0x2, 0x0, 0xe, 0x4}, 0x8}, 0x200, 0xb07e) r5 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r6 = open(0x0, 0x22240, 0x119) r7 = socket(0x2, 0x80802, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) setsockopt$auto(r7, 0x11, 0x67, 0x0, 0x8) move_mount$auto(r6, &(0x7f0000000040)='./file0\x00', r5, &(0x7f00000000c0)='./file0\x00', 0x100) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 3m22.735875428s ago: executing program 0 (id=3103): r0 = socket(0x2a, 0x2, 0x6) connect$auto(0xffffffffffffffff, &(0x7f00000000c0)=@qipcrtr={0x2a, 0x2, 0x1}, 0x9) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) write$auto(r0, &(0x7f0000000040)='\x9a.:^\\-\x00', 0x2d) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0x6, 0x100e) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) syslog$auto(0x3, 0x0, 0x1013) poll$auto(0x0, 0x7f, 0x9) r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, 0x0, 0x20840, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r2, 0xc05c6104, &(0x7f00000000c0)={"58f99464", 0x8, 0x6, 0x1, 0x3, 0x5, "4bb69ec4b3f4c14539898e4c5682f5", "347f00", "a630df9d", "a0ed9959", ["cd9196b8fe1a8a7eb90401a9", "2f9c30017721de33c560b95a", "d3fe6c55a78d6932211c9b69", "ea334f1f1e5e27a1320d6edb"]}) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) sysfs$auto(0x2, 0x4, 0x0) r3 = fsopen$auto(0x0, 0x1) r4 = socket(0x15, 0x5, 0x0) setsockopt$auto(r4, 0x114, 0x8, 0x0, 0x4) fsconfig$auto(r3, 0x8, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.0/urbs\x00', 0x40200, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) pread64$auto(r5, 0x0, 0x3, 0x400001) 3m21.274260517s ago: executing program 0 (id=3108): r0 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$auto(r0, 0x40076f3f, 0x38) 3m20.710153144s ago: executing program 0 (id=3109): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x28, 0x801, 0x0) shutdown$auto(0x200000003, 0xfffffffe) unshare$auto(0x40000080) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC1\x00', 0x800, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000000300)={{@raw=0x1, 0x1, 0x6, 0x6, "ffffe85e0a000000529f895cf5e8e1aa000000000000000000000000f4ffffff00", @inferred=0x0}, 0x6, 0x5, 0x0, @inferred, @integer64={0x7, 0xd36d, 0x100000001}, "a4699d30a05edbe0d28473c399a7dc920b153e9b1675451d7de94b4123f970bedd3460c667373fcc59b584d81592f6ab606c276852295e00af49e6de6e768034"}) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x8000, 0x0) read$auto(r4, 0x0, 0x8) close_range$auto(r1, r4, 0x401) socket(0x18, 0x80000, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto(0x3, 0x40045532, 0x38) r5 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC0D0c\x00', 0x5bcc00, 0x0) r6 = socket(0xf, 0x4, 0x1a5e8) select$auto(0x6, 0x0, 0x0, &(0x7f00000002c0)={[0x202, 0x3, 0x100, 0x1, 0x9, 0x3, 0x7fff, 0xc, 0x8000000000000000, 0x62, 0x400000000000008, 0x7, 0x6d3f, 0xffffffffffffffff, 0x5, 0x9]}, 0x0) close_range$auto(r5, 0x8, 0x2) madvise$auto(0x0, 0xffffffffffff0004, 0x19) r7 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x420000, 0x0) read$auto(r7, &(0x7f0000000040)='\x00', 0xcc) mmap$auto(0x0, 0x101, 0x100000001, 0xeb1, 0x401, 0x8000) r8 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x21ad735d022eab29, 0x0) sendmsg$auto_IPVS_CMD_SET_CONFIG(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f00000008c0)=ANY=[@ANYRES16=r4, @ANYRES16=0x0, @ANYRES16=r3, @ANYRES32=0x0, @ANYBLOB="08003c000300000072abd81008003100", @ANYRESOCT=r6, @ANYBLOB="0400478017857eb675497bc5894ce90b4ca46a5c79e9fd285df8abafe0c57db37c67fbad74f4ca836caf8a124ccbfdc46adc421cacbc6b746377c01e2ac1692f701cf0367993877db1f9dc53d0255356a8096eddfefdb5824ed7f9f1183107483dbd4fec75ac6b7bc356df93ab0240e66594275c0a4ebc2da7f257df84ea041203423e37bea14b9458299f368eb5085407c04323ab3815a9ac010f7014c7382ed5c49cf9ec16058f600739077c535f3a84c007194ec839c264bc524d4ab290c4a49ef0c3169e820d57bb7eb328b7f66a0938c467a104aa717b74fb209e834ba63cc5281c0126b23416110f0067955c10b211debdf1bc065464db6514ff005e800c00ee00800000000000000004009f80eb1f86111ebd817c2cfb1aefb6523cc8996d80d650b616d70418182b374d46ffae5072eaf692526482647358af09543c8072cf9b3f89e0ee650ec2bbadec334a33a37786cf5ae49f16057a96f4c6543bd017af7e75998d1b6f41c7608bc694379f1f471cf3b85c3103bd5796ff196db533e2943d41aacbc79aac4ef373874e12c654025429f51a8bcab1f033e7ad160987df854a2a73dba12f627c9d57bb16b0a4651968d4a26514ccbae4b6644ebdad56a26c37ce24c7bb632d94d92fa3e862eb7237c09036905588ad66cea45ba2f27c6fc970381001015db4e22e524b44e6f9c2221fd355205f3d0ac39ca81f1b97a1d1fb9d80af2aee000800b480040043807c5d4b21af6349a6ea22302c543c3a8efe9aef21ee25f382ec41d7275fe9758a7faa798000cd7cf8befb6c2d7c08e329cef88419c5cc5bdbe8e4f33d684e0bea19a597e22bf8212b02365592130acffd03a35067879c1573e951dba9c82cac3bc40387b329dbd614008800fc000000000000000000000000000001008b9eb2fc1bbf5c414fd600903172e9e93c7a3db828b142a3506a5f82d07e7e442ed23f037ac88aa4e4bef0207012e48bcd2b72bb4badf4b211c885771db8499437b4cb37a0a93f723e01f8dbf8eb8546f83c51503042177433137f70d4cd3f7af1d8f93c1272d62fc4d5a533d54a162e3263df85667ab8f0edb82fd19236c59efe37a469284b938fa0da2995c36d04d6b1ed95732eeb19c0e69f957ff29971ef4f8f0cebd4d776105381d074b6cae413ce0e5021f972944ba286ea3b980c63ddad126313c1cbec4e", @ANYRES32=0x0, @ANYBLOB="ee94831483bb19bd95e453b6bbd32d21abe909939810b6b08ccb8c08000c00", @ANYRESDEC=r6, @ANYRESDEC=r0], 0x2620}, 0x1, 0x0, 0x0, 0x800}, 0x44) ioctl$auto_SNAPSHOT_FREE(r8, 0x3305, 0x0) r9 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r9, &(0x7f0000000040)='7\x00\\\x9c\x04|\x03\xcb4\xd5\x90\x12\xfa\b', 0x81) 3m19.624747427s ago: executing program 0 (id=3112): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) pipe$auto(0x0) rt_sigaction$auto(0x1, &(0x7f00000001c0)={&(0x7f0000000080)=0x0, 0x7fffffffffffffff, 0x0, {0x5}}, 0x0, 0x8) rt_sigaction$auto(0x5, &(0x7f0000000140)={&(0x7f0000000040)=0x0, 0x9, 0x0, {0x81}}, 0x0, 0x8) bind$auto(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x9, "cc00000008f0ffffff000100"}, 0x6b) signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) r0 = gettid() r1 = getpid() rt_tgsigqueueinfo$auto(r1, r0, 0x1, 0x0) rt_sigsuspend$auto(0x0, 0x8) 3m19.454546785s ago: executing program 0 (id=3114): mmap$auto(0x0, 0x2020009, 0x7ff, 0x11, 0xfffffffffffffffa, 0x7fff) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_VHOST_SET_VRING_CALL(r0, 0x4008af21, 0x0) ioctl$auto_PPPIOCSNPMODE(r0, 0x4008744b, &(0x7f0000000000)={0x10000, 0x3}) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x6, 0x0, 0x0, 0xffffffd6) tkill$auto(0x1, 0x7) 3m18.808087005s ago: executing program 0 (id=3118): r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x101002, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) bpf$auto_BPF_MAP_DELETE_BATCH(0x1b, &(0x7f00000000c0)=@link_detach={r0}, 0x9778) io_uring_setup$auto(0x6, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x1a1d02, 0x0) mmap$auto(0x0, 0x400007, 0xe2, 0x9b72, 0xffffffffffffffff, 0x8000) ioctl$auto_PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000100)={0x62, 0x0, 0x2100000, 0x7fffffff, 0xfffffffffffffffe, 0x1, 0x0, 0x2000000000000e8, 0x0, 0x4, 0x0, 0x8}) r1 = socket(0xa, 0x801, 0x84) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) setsockopt$auto(r1, 0x10000000084, 0x9, 0x0, 0x9c) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/midiC2D0\x00', 0x0, 0x0) openat$auto_fuse_conn_congestion_threshold_ops_control(0xffffffffffffff9c, 0x0, 0x20040, 0x0) socket$nl_generic(0x10, 0x3, 0x10) memfd_secret$auto(0x0) socket(0xa, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) eventfd$auto(0xfa5) openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x22080, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x100, 0x0) pipe$auto(0x0) socketpair$auto(0x3, 0x1, 0x4, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0) 3m18.38278214s ago: executing program 34 (id=3118): r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x101002, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) bpf$auto_BPF_MAP_DELETE_BATCH(0x1b, &(0x7f00000000c0)=@link_detach={r0}, 0x9778) io_uring_setup$auto(0x6, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x1a1d02, 0x0) mmap$auto(0x0, 0x400007, 0xe2, 0x9b72, 0xffffffffffffffff, 0x8000) ioctl$auto_PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000100)={0x62, 0x0, 0x2100000, 0x7fffffff, 0xfffffffffffffffe, 0x1, 0x0, 0x2000000000000e8, 0x0, 0x4, 0x0, 0x8}) r1 = socket(0xa, 0x801, 0x84) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) setsockopt$auto(r1, 0x10000000084, 0x9, 0x0, 0x9c) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/midiC2D0\x00', 0x0, 0x0) openat$auto_fuse_conn_congestion_threshold_ops_control(0xffffffffffffff9c, 0x0, 0x20040, 0x0) socket$nl_generic(0x10, 0x3, 0x10) memfd_secret$auto(0x0) socket(0xa, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) eventfd$auto(0xfa5) openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x22080, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x100, 0x0) pipe$auto(0x0) socketpair$auto(0x3, 0x1, 0x4, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0) 28.339084271s ago: executing program 5 (id=3868): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) r0 = syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_PROBE_MESH_LINK(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000002c0)={&(0x7f00000003c0)=ANY=[@ANYRES16=r0, @ANYBLOB="0100050000005038f6ddfbdbdf25880000000400dd00aa6207383d19e1997234ce43264fb759a93242969f802d1c5adc040f7e1cea20b2fb75487da39c179916"], 0x18}, 0x1, 0x0, 0x0, 0x10}, 0x10) listmount$auto(0x0, 0x0, 0xf4240, 0x0) r1 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000011c0)='/dev/snd/pcmC1D1c\x00', 0x0, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_HW_PARAMS_OLD2(r1, 0xc1004111, 0x0) getsockopt$auto_SO_RCVPRIORITY(0xffffffffffffffff, 0x2, 0x52, 0x0, 0x0) setresuid$auto(0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001900)=ANY=[@ANYBLOB='\b\b\x00\x00', @ANYRES16=r0, @ANYBLOB="040029bd7000fedbdf25110001000a0018008765839be1d100000500920005003704ff7fc500d19f3b98daeb63ec7045156a38993e14fc3f2accabf37e8c522d8058e434ec05130794e50800c400090000b50b00ee00340000000400e2001000b000d366b7db35437c4dea30f43bbf066e807d00198008002900", @ANYRES32=0x0, @ANYBLOB="f7b1840e10c37193057e77525de3f9ee243423a5a3239d46e4a7778f37773837bfa5e978c3c25f7bdd320deecd5cfa50088ab114ab2fb9047154a3339ddf60c125a3df53d0394875f6ce6dd05fa3d39e356b94000a8ffcb286df082954cc900f2b046574c181c70ebf0800f60009000000000000610125801400d600fe8000000000000000000000000000bb85f58c546fbbe9347ba3592fcfdb8d309a7fd803c613c6bdf8ab8f90167b7e03990ff504d46bcebc5c22b2052345531a063eb153e5abec3bbad9df4c3ea2e82692723a7b78761772bd869cfcdcc54fce8d2c66d5553d3d53c54f5883ecdfce9c0065075348e9790199ce598c68d37e116f2f22e0b10a511cacb063e9cb23c9479d1327dd03007eb2048a5ecda13d23ba2e95a13ba75404005f80e2afcd6779b89d9f63b2ecd60d25efd1e9ca79912c9a7e9776e1eeab3ae0e60042a3ad1520949f3f6f508c29f4dd5ca612ce73eaa8356baf251c53d43e45dfcf0671f8a3812c8ad64f5f4f09a2d5cb7abfa16505aa9557957406333fe6070b27782550b3b961e736d7f07cfc09906e260ca22aa39aad37433c78c1722797b20255d296f37c20c1936ed1a83418d1abf888071530917573d373ea729d1951b38121cffba58307fa7b6bc4cb1092ff790000001e2778362f4eaad65652c7f5c322bf3bc71512184d4f374784c301dd870ea87631f378825b387dbf85befc1ada5076b9600226a97cf778ae12fe99562984d5c8ec2f41ac9bc01c8e43cebb26a9dbdb45d8bac31d7be8614c231957f33fad2f9551e7c0fc9a7fb9f550601cd7752589a3cc9a8792ced826caa8b932e48c59cc5fe459c80800f400", @ANYRES32, @ANYBLOB="d7000d8062c53941d704eae2b1797d70f53b87586aa0a3715a8ea1e919f492020537f738fbeab2697183619663154409dc5f2397f40287c9122347ede73e4cf763168e1a22a5d130461cd02863c532d21e2cb0cbf6a730344b4927b763a2791edc0de66440f0c927f073649d6c2663a4faa9e1407c89dae116662290b09f9890fc7a618c0324652ab731345db8d282b5c1c101efa751597a79923642c7afcb320210e555b91d65bf7e58efaeb8da7ec41f2121750dcae51ddda6428944b144d60e3cb044b7414306cad6bb5d558a2d05946b66a0aec09200a702eb8064aba5ec5f90e9fac103ed631d74a6cfba6bd220c97def1dcf2840e7550d84b02bc984ba3d650276d02d1c32e1fbd5f4a6196af2d442c534645a1c644f24e545511f55063d628381a3724fa186119459ce70eeabc2475bb40515a75479360cafb8c55b62a8b955d10b7b25722bc791312ce24e8df651b0a826ee6fe4fb780fada2a46acf82e27331ec50c3ed96e31fc2f7d50604349967a038030b34f2bc7bc05aa7f024c1fbcc7af314178a1b3f115bf287243a1213ad33b376533f6e4dcdac84342a73e86b64e20706ec9525868eeab624ca0e8aecb7ad885fbaaaac342f89c953b7205f3d9610b7edc8fc7561ddbee01d2c970e957e15e508669a0cd9eed4b0a172e9320f6fde0678cb8c37a994a9369a69cd1a3eadfa6c8f9b2d71c7f8d529ef75c4883a695c492c1cea554702da19d44cc2cbfb388feee942b58947b495383533056d6e75ab7aaecf4c5ebbdbb127c179c3c9e661d75268ad426e60151c82d09d3356f3b3bac0117367fd0ada0f35c8afcf1a6935fe2a576a6db95278d802292697e3ab6c53e2b05114fff8706bfb68c3ee56fbe5cede0a7561468966cbfd7de54214b7769aff377a858de3a294d73090822e392fec6f5777c2b0880044e6cb5f644249e69f8218f6abec8e15618a41f0ed6b2d85eeae7f5d1ac13734ee91b2576aa03733871645efebe468c0f8ce928b1879cc210e747ca7963a77b29fe259cf966dbc3761e0149e0f309c5f6ca4eb42f4c59824dd8b0a8f99426211182eed3c5f22083675b90b170a821ada334bd3c5eaae138a6f23b52c035f2fa40251573662d83daf7cd72a7eed723c4665302d28d64f45df5a7439bd4bc5abe8c56626e75a08a70dd4806237dd043a52f8dd1bac01386aecdaf7213b6fdc8506f5cc01fc650bf2d170d55f8e953e0c678342fc33d0519934d0a61a3c5bf4ed9eda1390dc001400230000000000000000000000000000000001fdd5e8369df766e2de34655b58146066123bfd4dc97358afeeb4cbc6d774f0ec8b09519bd81f1d7a662578d7d30d2e255bf5b2b3f782626f6c46e4b5629e92f3ae4770ede010a6648d72c1a7a2a3950b33696604ccd04d8a5fd396d023d5dc09040e6448c8821808c44facf22f89eb1fb3c7412f5aa7cd4fc9c6b64cf60acf3d66ff825ecf2ae257714402c08ee7575d4fe58592eae47c5c3b10e6d54b48e1a34a88b018539d13ae3097409d07dcc7116b911ecd67825f1500cb00020198433b45485b0d07f3af16801785094a6587d6303f241689b1d1c9c0c8398b54f43586f91d1324ce74406cf1b171de4a0068812e62f6ee82b56662a4f9f2b45fe2d5efe9c4222554921d37e9804a49ae94bd1ffbe0c245d2c015b1f89d9a5a826ccbd3cb8e7525cb9d7e46d2603719ba2441008a02c106d487e169bc205da6b217a386a17f197ef50047b281fd5b5062d60c793c2a1381b773b456be0344d6dcd2827b8ae029b454d192712a32fa126cbb7c8c1d05103557987a92063f9a5d5d0fdacd32255cf1000800230107ef0000"], 0x808}, 0x1, 0x0, 0x0, 0x8805}, 0x8000) r2 = openat$auto_evm_xattr_ops_evm_secfs(0xffffffffffffff9c, &(0x7f0000000140), 0x189000, 0x0) readv$auto(r2, &(0x7f00000018c0)={0x0, 0x1}, 0x9) mbind$auto(0x2000, 0x100000004, 0x8001, 0x0, 0x5, 0x2) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x40100000001) prctl$auto_PR_SET_MM_START_STACK(0x80000000, 0x5, 0x0, 0x2, 0x1) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/anycast6\x00', 0x181500, 0x0) sched_setattr$auto(r4, &(0x7f0000000340)={0x7, 0x6, 0xfffffffffffffff9, 0xfff, 0xa, 0x1f9, 0x6, 0x9, 0x4, 0x8001}, 0x7b) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mmap$auto(0x0, 0x20010, 0x7, 0xeb1, 0x404, 0x10008000) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) 27.245945671s ago: executing program 5 (id=3873): ioctl$auto_SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x106) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) lsm_list_modules$auto(&(0x7f0000000040)=0x8, &(0x7f00000010c0)=0x7f, 0xd0000000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x80802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x9, 0xdf, 0x1000000eb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/bond0/bonding/miimon\x00', 0x143b42, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x0) socket(0x2, 0x2, 0x1) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x1010) socketpair$auto(0x5b, 0x1, 0x420000, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS2\x00', 0x101f81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) 25.978603931s ago: executing program 5 (id=3878): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x23, 0x80805, 0x0) r1 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/pcmC1D1p\x00', 0x202000, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_LINK(r1, 0x40044160, &(0x7f0000000080)=0xfff) mmap$auto(0x6, 0x8004, 0x386, 0xeb1, r1, 0x7ffe) r2 = getsockopt$auto(0x6, 0x111, 0x14, 0x0, 0x0) set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21) unshare$auto(0x40000080) socket(0x11, 0x3, 0x6) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x4a}) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000804) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0xd, 0x100000001, 0x63, 0x0, 0x0, 0x0, 0x1000000006, 0x6, 0x7, 0x400, 0x7ffffff9, 0x5, 0xffffffff80000000, 0x9, 0x61, 0x105}) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000280), r2) sendmsg$auto_NL80211_CMD_CONNECT(r0, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="18000000", @ANYRES16=r3, @ANYBLOB="02002bbd7000004400"/18], 0x18}, 0x1, 0x0, 0x0, 0x10}, 0x40000) r4 = socket(0x2, 0xa, 0x1) r5 = bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r4, 0x10000}, 0x10) mmap$auto(0x0, 0x2009, 0xfffffffffffffffa, 0x8000200008011, r5, 0x8000) 25.349056519s ago: executing program 5 (id=3882): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nullb0\x00', 0x353e02, 0x0) mmap$auto(0x200000000000004b, 0x810004, 0xffd, 0x8000000008011, r0, 0x2000000000000) mmap$auto(0x7ffffffffeffffff, 0x400003, 0xffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x4) process_madvise$auto_PIDFD_SELF_THREAD(0xffffffffffffd8f0, 0x0, 0x6, 0x2, 0x0) fanotify_init$auto(0x9, 0x3) r1 = getpgrp(0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x1ac}}, 0x40000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x5, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x2, 0x9) mmap$auto(0x0, 0x20009, 0x7, 0x12, 0xffffffffffffffff, 0xf4e) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/004/001\x00', 0x42, 0x0) ioctl$auto_USBDEVFS_SETINTERFACE(r2, 0x80085504, &(0x7f0000000040)={0x1ff, 0x7fff}) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x4, 0x8000000000002, r1, 0x1, 0x3) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4000000040010, 0xdf, 0x9b7f, 0x7, 0x28000) r4 = socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000080)=@xdp={0x2c, 0x2, 0x0, 0x14}, 0x6a) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) sendmsg$auto(r4, &(0x7f0000000180)={&(0x7f0000000140)="1b718435d37c002dfa7ccaf34ef80be1f0798e1fd2ab78e7a5c4ed7fe68f8450f937d2538c9f3b8a00"/52, 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x6}, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D2\x00', 0x501840, 0x0) readv$auto(0x3, 0x0, 0x100000007) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40050) close_range$auto(0x2, 0x8, 0x0) 24.082691584s ago: executing program 5 (id=3887): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x400c000) bpf$auto(0x5, &(0x7f0000000100)=@task_fd_query={0x2, 0x2, 0x4, 0x0, 0x85, 0x7, 0x9, 0x6, 0x8001}, 0x101) openat$auto_tracing_mark_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/trace_marker\x00', 0x301, 0x0) r1 = socket(0x18, 0x3, 0x2) bind$auto(r1, &(0x7f0000000180)=@sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x6a) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r1) sendmsg$auto_NL80211_CMD_DEL_TX_TS(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x810}, 0xc, &(0x7f0000000100)={&(0x7f0000000840)={0x73c, r2, 0x100, 0x70bd27, 0x25dfdbfd, {}, [@NL80211_ATTR_IE_PROBE_RESP={0x727, 0x7f, "7bb6b7578fcfab14217c5e02b5facac955ea63d4de5f6160aaa9afcd602d13956322f5ecbb8366a4bcbcea4af6f33cca664309b19220c27b27f0a0b86d30233414ffd30972e53e5a74d4ada35618dd251183f1b9c431b1dceecddd11068db203fbc4cf5ebe1bed1236e452cdb01f349b6fcda4ba264ade7f02ccbea279aa79be3fd869c66ba5132059f04bd9b6b5f5152031afe60453c66a35504ec95bfc15a56ed55c2a58e6ab0ce765f913c04d6e8c093774a033738f705555d8c325675da8056f2f0386ffec25e32c8347a5753a275c548a9cbe2b28f35f16a43357984622a6033e65d52162e89d436b295a556bd039664be4ef3112e971f7720b07425f87bfc703fffcc224d209d139901cc71c32fb120001ccf820fd81e0bdafa16248937e1b218435b2ec2ff15c7fabf1a8fca23ffdda6f220649cb6ee4ca8981232bac195e9a212f08aeaaf60cf13007251763336458b8b19b11262b94608c801b927f25e7ed5794d1e6be65e72c51e7f584da2b2ec1f1b0ae785c1be36899aff622696f3386ec2f35c2c9cec9cba7e1ecfd3c333dea571a878628d4827c6fd553c122b5a3c03dd57bf57c3fc2bb4894a3235900aecf8a975eed8e2af26ed3d57951343e04b75a29d4c782c6aa2c44ea18926d33c588695fbcd2e78e1b1ab1f5507bfb756d17f9a35e21b6680cb0d9100bd120b6d1889387d5f3e3e2a6bfc5ee7180f0173540de79cd9657a508d7bbbccb42ccc9a06a3dd7f9ac655a9781bb8f38447d9f29eec4bb5bd111d132365872bedd6056abdce1b59369347b2e4daee0aaeee2ed2a49fa0b27c92265ce0ba2a6d8ece870a673948292105981594449535f04931aeabce7875cb033a38a9715864be5e86a89bbccb7f532906714b48d7efb8be7fd211a7c7517533418062e5f8cebc089ac79e5180cf2b1e9ba6f8138d70521113b06465d3d58e1fafc8225d388b379d3a6a75d846f8758e4491cd3c2d546a61e1ecf0c8da6857023727cbf1ef20a14c102e3bedea50854c94e854ca5ef64d7d2459c8cf30f72dd2bd7d9f5d167ea659b2d24541c4d6ac95606b6d50cd525b040f613fce17933e2db48dcb980125dfd8a288cd57351093debad7dcbfc221973483bf9a3f13dc31e8f91dede2630ca5fa1d12ac5acf0e34f302876658df0b9e183649410b103177b0778e757a7044c7b2849390e382b1e113a1ad7da13e4055fabb073a67057a6641a2abae961107092ffa51bec88e0a85a311360393877cfde63048b0ef07ea32524ede6bfa6357b9dcbe4d7903d83bee2c119e28faf82b898d9e7479a1420bb9ca8f6ab9f895eef69547693bef8f94e7f0d8f5c0ea6ef1b329eba94fff1565545bdcb766dbbb85a21d24ddfc1bd3c1ee18c07db166e14157383f488cfed1368d123921a2c2e92eda00b0f30f4a67b959bb2ad5449cb24290d1b3fed62299843e60819c2ff6aaff97fb0eec59e933f67c10ccdb6af8ff964923b8edfe7ff47188c0495d9c2b515b586a60dc46202ae0fabadabac8fd477abc6d40fe824690b1199b73dd94f7699c2d99755ed279887f7fb5dae37ac4618853c925d89178805c175b642f29396de26d1294c1bb07e69030bbfb2ac75799955ed322994dfa7e4b1ba2c634ab9abf75530340fe06dc383e8d7a1523a95a051235d8af52ed29c654ce04890258536876ea008805bdb1ca731141e013bf5f3e96283833f327b4654a9822397267295f1d5039d287660b6e789e6acd18003ecb643421ef3675c36d48f53fa92353aa25ad49e20fddaa1dce0c5528b9314530434b3fedb12568d32fe5d909735d327d27e9efcb4c29c72d2b1f0283024ed84d5b156189d80fa534418b08b33898dd5a29a0e25941f4cbe8c079ce2da89e27eb119ed87cc4399b771758c3b8287a07df6bedd47f3f9630571d3d468a06e13e5259c4902cfab51cea1cb6ad2433968b7bea4160f641f32fc689143ad23340deeb6af526e0d22f00cee4188929d9d90d2a644f8f6be5cee40d08a33e2e2a2c9d8a964d8d895c91f9271dbfff05088a9e19aeccc4ba6c40366feba7787fa206a386a3be71a507b26cb32c20b4b3ed8ea9c06637b62299e2bbb5beeaedb9583d05fe965d03907283666df5a0dadd39391263967530e27f684a5dff4b7516ddd22e4bc5af2ae856797eec1977d6d4837329db1f49d08756fd14f86817d6a20f4437916edb13cb748c18ec928f6adf3a692a83c2fd229657d41b78f63fa3c920f9ffce9b70e921a1dee3ad1f5d8c074f5b610119eb9f897fc383f3207103ee8d6d06ca220ccf886e15c8c9db5badc81626d7d951e1bfaf09549e50d088c77a0f9e9f7b12336529d44063243811d4742fcf6c3046b36f87cd185f3bbfeed353e492d654a520bcd05a780584be224ea1fbcf140716c3e702e82f0b71a68d65d9e8734f0fa1f285fa82fdb8b6cc0302dc9ecb30017910d10666b2ca43535cecbfdeb4e63365b50ad8bbd7ed29f0da8da3ee03d7c563e950548e896f9eac732aeff0e2831775dc4de0455c8200a2cd5ffe19263586c2bfbfa2ee142b495f3ac9b6e832d258613772147a7ea17"}]}, 0x73c}, 0x1, 0x0, 0x0, 0x400c000}, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x1d, 0x2, 0x6) setresuid$auto(0x0, 0x0, 0xffffffffffffffff) read$auto(0xffffffffffffffff, 0x0, 0x20) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) unshare$auto(0x40000080) select$auto(0x6, 0x0, 0x0, &(0x7f0000000040)={[0xfffffffffffffffd, 0xb, 0xa, 0x4, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x5a, 0x80000001, 0x7, 0x2, 0x93, 0x400000001, 0x35]}, 0x0) r3 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_NEXT_DEVICE(r3, 0xc0145401, &(0x7f0000000140)={0x3, 0x7, 0x5, 0x4, 0x7fffffff}) pwrite64$auto(r3, &(0x7f00000000c0)='/sys/kernel/debug/tracing/trace_marker\x00', 0x4, 0x800) socket(0xa, 0x5, 0x0) open(0x0, 0x261c2, 0x84) 23.251926178s ago: executing program 5 (id=3892): openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, 0x0, 0x0, 0x0) fcntl$auto(0x3, 0x4, 0xa553) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/rt_acct\x00', 0x840, 0x0) read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000180)=""/138, 0x8a) r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x20000008000) sysfs$auto(0x0, 0x3e, 0x0) r4 = fsopen$auto(0x0, 0x1) fsconfig$auto_SHMEM_HUGE_NEVER(r4, 0x3, &(0x7f0000001640)='+\x00', &(0x7f0000001680)="df", 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000004240)={0x0, 0x0, &(0x7f0000004200)={&(0x7f00000005c0)=ANY=[@ANYRES16=r2, @ANYBLOB="010029bd7000fedbdf250400000006800b002c290000"], 0x1c}, 0x1, 0x0, 0x0, 0x4000060}, 0x0) sendmsg$auto_HWSIM_CMD_FRAME(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000a80)={0x138, r2, 0x800, 0x70bd2c, 0x25dfdbfd, {}, [@HWSIM_ATTR_CHANNELS={0x8}, @HWSIM_ATTR_ADDR_RECEIVER={0xd1, 0x1, "84b56093ca5714bb39689dda0c2f3f26db5d40a77ba03183cf19239631e5f965324b20ddaed7d37d1b689e58ffeea609debb95f36c29ac47a9225934164660d9097dd928a5dc4344b07bf96d5d042b88baba96e4c167b2ffff79d7296556fb38b4c0ff7d3b7e6e3e389a59b18825d13e2d6647e85bb4857747349c254e74a7d846363b22cc7ef6d3b56ee29492f9a6260500009ef5b1443e5eeffbce45c6d66ef85291a6c363801a293905ab485fd61e5a68f29d3330a66612fef80adf473b0813c4fcd84bad66b39d092a295f"}, @HWSIM_ATTR_FREQ={0x8}, @HWSIM_ATTR_RADIO_NAME={0x24, 0x11, '/proc/sys/kernel/random/boot_id\x00'}, @HWSIM_ATTR_IFTYPE_SUPPORT={0x8, 0x17, 0x5}, @HWSIM_ATTR_SIGNAL={0x8, 0x6, 0x30a549bc}, @HWSIM_ATTR_ADDR_TRANSMITTER={0x4}, @HWSIM_ATTR_IFTYPE_SUPPORT={0x8, 0x17, 0xc0}]}, 0x138}, 0x1, 0x0, 0x0, 0x2}, 0x4048881) ioctl$auto_FS_IOC_ENABLE_VERITY(r1, 0x40806685, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/net/rpc/nfs4.idtoname/channel\x00', 0x8f3b7a51b80ebd01, 0x0) 9.349847033s ago: executing program 2 (id=3941): r0 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYRESDEC=r0, @ANYRES32=r0], 0x1ac}, 0x1, 0x0, 0x0, 0x20008044}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0xfe, 0x0, 0x1, 0x0, 0x3fc0000, 0x8}, 0x803}, 0xfffffff9, 0xe, 0x0) rseq$auto(0x0, 0x8000, 0x0, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x3499c2, 0x0) mmap$auto(0x0, 0xf4, 0xdf, 0xeb1, 0x69a5, 0xa800000000000000) sysfs$auto(0x2, 0x41, 0x0) fsopen$auto(0x0, 0x1) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2b, 0x1, 0xffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) lsm_list_modules$auto(0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f0000002580)={0x24, r2, 0x9ec6579d452c1f15, 0x70bd2c, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x10, 0x1, 0x0, 0x1, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x25, 0x0, 0x0, @uid}]}]}]}, 0x24}, 0x1, 0x0, 0x0, 0xc000}, 0x20000080) r3 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$auto_IMADDTIMER(r3, 0x80044940, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) read$auto(0x3, 0x0, 0x80) openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bluetooth/hci4\x00', 0x2800, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x6) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/net/ipv4/vs/est_nice\x00', 0x40001, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x301000, 0x0) openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000080), 0xa40, 0x0) 8.676455927s ago: executing program 2 (id=3947): close_range$auto(0x2, 0x8, 0x0) socket(0x29, 0x5, 0x0) pipe$auto(&(0x7f0000000140)) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x642, 0x0) acct$auto(&(0x7f0000000180)='/dev/kmsg\x00') bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x200000000000003}, 0x6f3) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000100), 0x80840, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x48140, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, 0x0, 0xc800) socket(0xa, 0x1, 0x100) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/time\x00') r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xa3, 0xeb1, r0, 0x8000) close_range$auto(0x2, 0x8, 0x0) keyctl$auto_KEYCTL_NEGATE(0xd, 0x0, 0x0, 0x0, 0x2) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0x400c840) r1 = socket(0xa, 0x5, 0x84) sendto$auto(r1, 0x0, 0x401, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) mmap$auto(0x0, 0xf4, 0xdf, 0xeb1, 0x69a5, 0xa800000000000000) sysfs$auto(0x2, 0x41, 0x0) r2 = fsopen$auto(0x0, 0x1) fsconfig$auto_SHMEM_HUGE_NEVER(r2, 0x5, &(0x7f0000000180)='+\x00_\xe8\xdb\xff\x0f\\X\xc9#\xa0\xdc\x04\x0f\x99v\xbc\xc3\xf2\x03\xe2T\b\x9c\xe7J\xcd\x00\x00\x00\x00\x00\x00\x00\x00c\x00\x00\x00\x00\x00\x00\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) memfd_create$auto(&(0x7f00000000c0)='\xc4--:\xdd:,./-${\x00', 0x4) socket$nl_generic(0x10, 0x3, 0x10) 8.425789932s ago: executing program 2 (id=3948): r0 = socket(0x2, 0x1, 0x0) bpf$auto_BPF_OBJ_GET_INFO_BY_FD(0xf, &(0x7f00000002c0)=@test={r0, 0x0, 0x856, 0x189, 0x8, 0x7fff, 0x7fff, 0x10000, 0xc91a, 0x7, 0x5, 0x3, 0x3, 0x3, 0x6}, 0x1) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x106) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) lsm_list_modules$auto(&(0x7f0000000040)=0x8, &(0x7f00000010c0)=0x7f, 0xd0000000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) io_uring_setup$auto(0x6, 0x0) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/per_cpu/cpu1/trace\x00', 0x40200, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/input/event0\x00', 0x8000, 0x0) io_uring_setup$auto(0x7, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x8000fffc}, 0x3) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x80802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) 7.983440781s ago: executing program 35 (id=3892): openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, 0x0, 0x0, 0x0) fcntl$auto(0x3, 0x4, 0xa553) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/rt_acct\x00', 0x840, 0x0) read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000180)=""/138, 0x8a) r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x20000008000) sysfs$auto(0x0, 0x3e, 0x0) r4 = fsopen$auto(0x0, 0x1) fsconfig$auto_SHMEM_HUGE_NEVER(r4, 0x3, &(0x7f0000001640)='+\x00', &(0x7f0000001680)="df", 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000004240)={0x0, 0x0, &(0x7f0000004200)={&(0x7f00000005c0)=ANY=[@ANYRES16=r2, @ANYBLOB="010029bd7000fedbdf250400000006800b002c290000"], 0x1c}, 0x1, 0x0, 0x0, 0x4000060}, 0x0) sendmsg$auto_HWSIM_CMD_FRAME(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000a80)={0x138, r2, 0x800, 0x70bd2c, 0x25dfdbfd, {}, [@HWSIM_ATTR_CHANNELS={0x8}, @HWSIM_ATTR_ADDR_RECEIVER={0xd1, 0x1, "84b56093ca5714bb39689dda0c2f3f26db5d40a77ba03183cf19239631e5f965324b20ddaed7d37d1b689e58ffeea609debb95f36c29ac47a9225934164660d9097dd928a5dc4344b07bf96d5d042b88baba96e4c167b2ffff79d7296556fb38b4c0ff7d3b7e6e3e389a59b18825d13e2d6647e85bb4857747349c254e74a7d846363b22cc7ef6d3b56ee29492f9a6260500009ef5b1443e5eeffbce45c6d66ef85291a6c363801a293905ab485fd61e5a68f29d3330a66612fef80adf473b0813c4fcd84bad66b39d092a295f"}, @HWSIM_ATTR_FREQ={0x8}, @HWSIM_ATTR_RADIO_NAME={0x24, 0x11, '/proc/sys/kernel/random/boot_id\x00'}, @HWSIM_ATTR_IFTYPE_SUPPORT={0x8, 0x17, 0x5}, @HWSIM_ATTR_SIGNAL={0x8, 0x6, 0x30a549bc}, @HWSIM_ATTR_ADDR_TRANSMITTER={0x4}, @HWSIM_ATTR_IFTYPE_SUPPORT={0x8, 0x17, 0xc0}]}, 0x138}, 0x1, 0x0, 0x0, 0x2}, 0x4048881) ioctl$auto_FS_IOC_ENABLE_VERITY(r1, 0x40806685, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/net/rpc/nfs4.idtoname/channel\x00', 0x8f3b7a51b80ebd01, 0x0) 7.435671094s ago: executing program 2 (id=3952): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r0, 0x4b32, r1) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000580)={{@raw=0x7fffffff, 0x8, 0x20009, 0x3, "790eaa833e6fc65b6b3cf705001900ffff8eac2cdafc1f64010043eeb0b0530300000000000e00", @raw=0xffffffff}, 0x4, 0x966, 0x800003, @inferred, @integer={0x800000000000400e, 0x2000000b752, 0x4}, "6cc1294d63a4f1b4285854c5368de438f8cc142ef6df12bf3373a1183bedbd31b642b4051b078fa1c1c61c329794e5311121c760cb9611c78e6947a99807bcc1"}) 6.861097937s ago: executing program 1 (id=3954): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, 0x0, 0x0) 3.661977189s ago: executing program 1 (id=3955): openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) (async, rerun: 32) socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x20400, 0x0) (async, rerun: 32) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000003fc0)='/dev/bus/usb/017/001\x00', 0xa300, 0x0) (async, rerun: 32) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000440)='/dev/v4l-subdev4\x00', 0x2aa83, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x82000, 0x0) (async) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0040, 0x0) select$auto(0xf, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x80000000007, 0x7, 0x2a, 0x400000000000948b, 0x3, 0x8, 0x3, 0x3, 0x7, 0x40, 0x400000000000003, 0x4, 0x5, 0x8d, 0xffffffdffffffffe]}, 0x0) (async, rerun: 64) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/bus/usb/038/001\x00', 0xc840, 0x0) (rerun: 64) write$auto(0xca, &(0x7f0000000180)='\x04>2\v\x00\x00\tO\xfdf\xb4\xad\x95\x03\xd66\xca\x96\x18a\x80\xea\xf4\xffo', 0x7e) (async) r0 = waitid$auto_P_ALL(0x0, 0x7, &(0x7f0000000140)={@_si_pad}, 0x4, &(0x7f00000001c0)={{0x5, 0x24}, {0xffffffff}, 0xff, 0x2, 0x2, 0x4, 0x7, 0x0, 0x76, 0x1ff, 0x10000, 0x7, 0x9, 0x7, 0x2, 0x2}) prctl$auto(0x4, 0x2, r0, 0x4000000d, 0x10100) (async) mmap$auto(0x0, 0x6, 0xfffffffffffffff3, 0x9b73, 0xffffffffffffffff, 0x8000) futex$auto(&(0x7f00000023c0)=0xf6, 0x3, 0x12, 0x0, &(0x7f0000002440)=0x7, 0x71a8dce0) (async, rerun: 64) mmap$auto(0x0, 0x5, 0x4000000040e2, 0xeb1, 0xffffffffffffffff, 0x8000) (rerun: 64) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x1e, 0x1, 0x0) bind$auto(r1, &(0x7f0000000040)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x43, 0x3, 0x1}}, 0x66) (async) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) r3 = prctl$auto(0x3e, 0x1, r0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) recvmmsg$auto(r3, &(0x7f0000000380)={{&(0x7f0000000280)="97ef91442d6bc5921ae8428c0a0540800c9d28b2afb741f2f688eee98a950d0c3aaa0ef7b5dae55b29d629b12353cb085049dbd6d78c9f2b4eb31fd0d45fef2f1c6c33042ab8c593262b49f1a3ec4048b16e0867051f516e7bd9e2e138084a1121d996cc4e899fe847cb6adfc7f5dd9c4ff307da2c90a35e07f90e53b2e8e791a1", 0x700, &(0x7f0000000080)={0x0, 0x1}, 0x4, 0x0, 0x2, 0x7fffffff}, 0x7}, 0x6, 0x1, 0x0) (async) socket(0x15, 0x3, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 64) r4 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/interrupts\x00', 0x18b202, 0x0) (rerun: 64) pread64$auto(r4, 0x0, 0x400100000001, 0x1ff) (async, rerun: 32) read$auto_fuse_dev_operations_fuse_i(r3, &(0x7f00000004c0)=""/192, 0xc0) (rerun: 32) kexec_load$auto(0x401, 0xf, &(0x7f0000000480)={@buf=&(0x7f0000000400)="88c3d219f8c354c74416a0fe6cf682572527911fa6ada020bfc070f9d4fb1ebee23c99359f515d0f5b58511a7e90ed08819f45d8ab8b17ee3fe194ffab35a9", 0x8000000000000001, 0x8, 0x6}, 0x2) r5 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000580)='/dev/mtd0\x00', 0x1, 0x0) ioctl$auto_MEMERASE64(r5, 0x40104d14, &(0x7f0000000100)={0x4, 0x4}) 3.647437847s ago: executing program 2 (id=3956): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/wg2/temp_prefered_lft\x00', 0xc0781, 0x0) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82400, 0x0) ioctl$auto_SG_SCSI_RESET(r1, 0x2284, &(0x7f00000001c0)) write$auto_proc_sys_file_operations_proc_sysctl(r0, 0x0, 0x0) 3.48660019s ago: executing program 2 (id=3958): syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) statmount$auto(&(0x7f0000000000)={0x5, @raw=0xd7, 0x3, 0x1, 0x5}, 0x0, 0xe, 0xfffffff8) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = socket(0xa, 0x5, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop13\x00', 0x60742, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) timer_create$auto(0xa49, 0x0, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, 0x0, 0x0) mmap$auto(0x6, 0x4, 0x4000000000dd, 0x40eb1, r1, 0x300000000000) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) mmap$auto(0x0, 0x3, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) io_uring_register$auto(0x2, 0x11, &(0x7f0000000180), 0x83) sendmsg$auto_NL80211_CMD_LEAVE_OCB(r2, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000180)={&(0x7f0000001200)=ANY=[@ANYBLOB="bf6262dc3fe5e80e02b6f542d55ef0b4f254b9bbc7df099749b04577ca353074e46f2ca46e1cca9aa4cbc763d86f942812fe4be1cded0ea608d8b699113790eab2fc3dcc6165c1214aa1cb774c6d01d18ff0b117f0c9f3f03cb17c2d7ea7d88739c46cc3da59bf1b20f10d4ce49a4a9fd903d9a342d18884263805c1c6ce587834172959a5e7be224daee8012ed448b5e27525af64b753570af3e4fe386706e7b366437b72905a2e7185817a116b176a1016399282068abef6776df7559b4d79594ceb71175b3693a73a0730155094932fcbee69463deed29e1068a35b", @ANYRESOCT=r3, @ANYBLOB="000028bd7000fcdbdf256d00000007000a00107c4c000400d1000600b400030000000500020000000000"], 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x40000) mbind$auto(0x8000, 0xfa9d, 0x2, &(0x7f0000000280)=0x20000000000000fb, 0x3, 0x1) set_mempolicy_home_node$auto(0x0, 0x2010001, 0x0, 0x0) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) clone$auto(0x10051c, 0x6, 0x0, 0xffffffffffffffff, 0x80000001) shutdown$auto(r0, 0xfff) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x5, 0xfffffffffffffe01, 0x8011, 0x3, 0x8000) r4 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/numa_maps\x00', 0x22000, 0x0) read$auto_proc_sessionid_operations_base(r4, &(0x7f00000000c0)=""/4096, 0x1000) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) 3.337144392s ago: executing program 1 (id=3959): r0 = openat2$auto(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)={0x21, 0xf61, 0x1}, 0x4) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, r0, 0xb7ca) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bus/usb/034/001\x00', 0x20882, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) msgctl$auto_IPC_RMID(0x4, 0x0, &(0x7f0000000280)={{0x3, 0xee00, 0x0, 0x5, 0xf, 0x4, 0x6}, &(0x7f0000000180)=0x1, &(0x7f00000001c0)=0x8, 0x5, 0x0, 0x7, 0x5, 0x6, 0xfff9, 0x40, 0x5}) r3 = setfsuid$auto(0xee00) setreuid$auto(r3, 0x0) r4 = getegid() r5 = waitid$auto_P_PGID(0x2, 0x0, &(0x7f0000000280)={@_si_pad}, 0x3, &(0x7f0000000440)={{0x8, 0x6}, {0x8, 0xc5e}, 0x100000001, 0x3, 0x1, 0xf9, 0xfffffffffffffffc, 0x5, 0x6274, 0x9, 0x0, 0xb, 0x35d, 0x439c, 0x9, 0x7}) shmctl$auto_SHM_STAT_ANY(0x9, 0xf, &(0x7f00000006c0)={{0x7, r3, r4, 0x4, 0x6, 0x81, 0x48d}, 0x1, 0x5, 0x8, 0x2, @inferred=r5, @raw=0x5, 0x5, 0x0, &(0x7f0000000500)="4f98c640887224e1536d4e40a39d3c81a9c6e8ae66bc479f7d92b6c649f07587e8084d4fd558d54a2ddca9c318eb050342e0fbb295dd58250b8d185616881413c9b3a8bbc9cb6f3059624b9d64d81f5b347672273ff0eac474a4fce025de7972a1b178c920727aab101d7741be7f42a7acc5ee4675ca2c96a2d08ca9a74b323f548afca84b63a71fb65c71061963f9693b6afa898480b20dc6d2e4f35f2381eabde6ac3f3b34948a7014878f346459ef0a11d7cb4fe7732d8d9e95d0cc7450914c2b63b9054c10080ba951b8f095adaead86e8bf209f5a9ecef565321572507c2b71c3a04fe37344218ffc325a27547ba7f31f1edb3ba545", &(0x7f0000000600)="3b4aab5baf7b70279f51554278b9b2497af28d2f68748361dda23b269d8b59ff913dc2ce2f41389066481eb9ea5492d38b5b950569f4d785c41fe5d0ab02234a66c5d804108051813044b3235a4b452ff0c51b938f2f5440d9ecee6cfad16d8271c93fa2488f5af21c4361fca3799a20b53b6f0c6c3b19b35a674aec24b246c982d5f007b2ecde6cab52699af3b1e94e1a42d4e44b022d7d64730dd5127ccd9f02f7590e93c2c7d8eb6e44"}) setresgid$auto(r2, r4, 0x0) read$auto(r1, 0x0, 0x7) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) splice$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x8a5b, 0x401) r6 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) write$auto_snd_seq_f_ops_seq_clientmgr(r6, &(0x7f00000000c0)="621c1bfe595046ab5c98199adf6ad9cdc5b2fc8d6d76e6021e1dcedc", 0x1c) 3.198391589s ago: executing program 1 (id=3960): openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x8002, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x408802, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/rpc/nfs4.idtoname/content\x00', 0x181b80, 0x0) socket(0x1e, 0x3, 0x5ef) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccW\x1c\x94t\x98\xc6\xd7\x9dh\xdf\x91\xd9\x1ew\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5,\xcc\xfa`\xfa\x90\xf0C\xdc\xbebBW\x8a\x95\xf4\x14\xc7\x90V\xe7a\xfb*\xcc6\xba\x9ef\x19R\xff\xd2\xd8\x98\xa8\x17\xcb\x84\xe8\xfb\x00`\xc2\xce~U\xca\\\xc1\xb7\xf1\n\xb9\xbfk\x1e\xdb\xed\x81{\x1f\x18j\x16\rk\x0eO\xe3\xa78&Z\x9e\xbf\x84\xd6\x1f\xe8\x88\x1f\xbc\x1eT\xa6{9hb\xbc\x1a\\\xb3\x846&\x1a\xbb\x9c:e\x9c\x18\x11\xf0\x8eQ\xd8\x8a3^?\x13\x00\xcbx\xb2\x18e\x95$\x9d\x804', 0x100000a3d9) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_LINK_GET(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000051c0)={&(0x7f0000000440)={0x14, r2, 0x301, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x3, 0xdf, 0x400000000009b72, 0x2, 0x8000000000000001) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/virtual/tty/ptyqe/power/control\x00', 0xa0b02, 0x0) r4 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x10000, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000480)={{0x0, 0x250e, &(0x7f00000000c0)={0x0, 0x6}, 0x7, 0x0, 0x2, 0x74}, 0x1003}, 0x7, 0x311) r5 = socket(0x10, 0x3, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1200", @ANYRESHEX=r4, @ANYRES64=r2], 0x1ac}, 0x1, 0x0, 0x0, 0xc000}, 0x40000) recvmmsg$auto(r5, &(0x7f0000000040)={{0x0, 0x4, 0x0, 0x29, 0x0, 0x0, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty22\x00', 0x800, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/virtual/block/ram6/removable\x00', 0x2, 0x0) read$auto(r4, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0xfdef) 2.148744183s ago: executing program 1 (id=3963): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x23, 0x80805, 0x0) r1 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/pcmC1D1p\x00', 0x202000, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_LINK(r1, 0x40044160, &(0x7f0000000080)=0xfff) mmap$auto(0x6, 0x8004, 0x386, 0xeb1, r1, 0x7ffe) r2 = getsockopt$auto(0x6, 0x111, 0x14, 0x0, 0x0) set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21) unshare$auto(0x40000080) r3 = socket(0x11, 0x3, 0x6) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x4a}) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000804) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0xd, 0x100000001, 0x63, 0x0, 0x0, 0x0, 0x1000000006, 0x6, 0x7, 0x400, 0x7ffffff9, 0x5, 0xffffffff80000000, 0x9, 0x61, 0x105}) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000280), r2) sendmsg$auto_NL80211_CMD_CONNECT(r0, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="18000000", @ANYRES16=r4, @ANYBLOB="02002bbd7000004400"/18], 0x18}, 0x1, 0x0, 0x0, 0x10}, 0x40000) r5 = socket(0x2, 0xa, 0x1) r6 = bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r5, 0x10000}, 0x10) mmap$auto(0x0, 0x2009, 0xfffffffffffffffa, 0x8000200008011, r6, 0x8000) munmap$auto(0x0, 0xffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r7, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) sendmmsg$auto(r3, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000180)="e9fa89a53e03ac7aa286", 0x5ea}, 0x5, 0x0, 0x0, 0x1001}, 0x5}, 0x2, 0x140) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x501a00, 0x0) r8 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x191042, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LIST(0xffffffffffffffff, 0xc0505510, 0x0) ioctl$auto_KVM_GET_MSRS(r8, 0xc008ae88, 0x0) mmap$auto(0x7fff, 0x400008, 0x0, 0x9b72, 0x2, 0x8202) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x400000100007) 1.473749394s ago: executing program 6 (id=3967): socket(0x25, 0x1, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000140), 0x180b03, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = socket(0x2, 0x1, 0x145b) setsockopt$auto(r2, 0x0, 0x10, 0x0, 0x17) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008000}, 0x14004811) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/cpu/cpu1/power/pm_qos_resume_latency_us\x00', 0x183042, 0x0) sendfile$auto(r3, r3, 0x0, 0x3) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/phram/parameters/phram\x00', 0x4a481, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r5 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0) writev$auto(r5, &(0x7f0000000080)={&(0x7f0000000280)='{', 0x107}, 0x4) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nbd11/queue/iostats_passthrough\x00', 0x2a001, 0x0) write$auto(r6, &(0x7f0000000040)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) madvise$auto(0x8, 0x200007, 0x19) request_key$auto_KEY_SPEC_THREAD_KEYRING(0x0, 0x0, 0x0, 0xffffffffffffffff) write$auto(r4, &(0x7f0000000040)='7\x02\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket(0x2, 0x1, 0x106) sendmmsg$auto(r4, &(0x7f0000000200)={{&(0x7f00000002c0)="476da6661b8ffb5c07cf7f0c7798e473c57d5e287984b140d8122911a8201b43073b33c12e056355e68533b7b674bdde8a8a9c7d0eef9ffa6317116086cf8ed8a9382332016eeee01ddaf7686c4df34dad5acd16f5f9cba64452fea60c45dcbfe6735f216fefacd3c9c750c48ad5454a3ab36b6fb44cafd5da182a09d8d4faf435c1775bbe6bef5602710317236c844488a10c23c96b6c493ca844dc0ba5b634eb08a4b6c306b83e3a4951707c59d2f9091ff1bf08e071c111c87b34f7692ad009c9c0a83790fb37857ac687eecdbcbf76668f259d7b00853d4da9d29642f30664f3604a7404c0f05be4120de6f58ee8750201c5", 0x7, &(0x7f0000000180)={&(0x7f00000003c0)="4e59423bb2c60dc40c3b35010c22c252cda0a5c95d5a2b95ae4e661ec3ed637ac77fec52fef0288e7e2914d7ed495a2ca184131a65e3699f6914cdfc3996a7ffd0b97d1c1ee17552b239c08144807a14c5a0192804f11534169419bcd6a2ed016ce77991905aa476874bd6ff5781239975ca5813451534a2ac00471db28700236243edb1623a0230e157bf5da777dece682154401d9248e3f008269aae71a783995bebf7c3f6455e255b5b8798a2fd8118e1d8b3247116b7e9ffd35af6724347ac6fa73f117919ef20", 0x3}, 0x2, &(0x7f00000004c0), 0x1, 0x4}, 0x7}, 0xc3af, 0xc) setsockopt$auto(0x3, 0x1, 0xd, 0x0, 0x5) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_UNLOCK(r1, 0x40405515, &(0x7f00000001c0)={@inferred, 0x8, 0xa9, 0x80000000, "6567c07d061a1870257cac15ef8b82064272406a48c16cf61f3f131eaaa68a9a3a87eb7ced32a027b6a48d53"}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) 1.111289489s ago: executing program 6 (id=3968): process_vm_readv$auto(0x0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, 0x0, 0xa, 0x0) r0 = socket(0x2, 0x5, 0x0) setsockopt$auto_SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)='}]\x00', 0x10) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x8, 0x20009, 0x0, 0xeb1, 0x401, 0x8800) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/vlan/config\x00', 0xc0000, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/mmap_min_addr\x00', 0x101300, 0x0) socket(0x1d, 0x2, 0x6) io_uring_setup$auto(0x6, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/026/001\x00', 0xa100, 0x0) io_uring_setup$auto(0x4079, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x4004, 0xf, 0x4, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) ioctl$auto_TCFLSH2(r1, 0x540b, 0x0) 908.075564ms ago: executing program 6 (id=3969): bpf$auto(0x5, &(0x7f0000000000)=@bpf_attr_0={0x0, 0x1, 0xff, 0x5, 0x8006, 0xffffffffffffffff, 0xfffffffb, "04007a0cd9022f362600f4f80a00", 0x0, 0xffffffffffffffff, 0x0, 0x8, 0x1, 0x7}, 0x7) socket(0x1, 0x1, 0x0) r0 = socket(0x10, 0x2, 0x4) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="21022cbc7000ebdbdf2501"], 0x14}, 0x1, 0x0, 0x0, 0x400c050}, 0x4000080) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000014"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) mmap$auto(0x0, 0x4020009, 0x1, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x80, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0xffffffffffffffff, 0x28000) r1 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) write$auto_proc_mem_operations_base(r1, &(0x7f0000001680)="a7", 0xfffffc96) r2 = socket(0xa, 0x1, 0x0) sendmsg$auto_THERMAL_GENL_CMD_CDEV_GET(r2, &(0x7f0000005ac0)={0x0, 0x0, &(0x7f0000005a80)={0x0}}, 0x20000044) write$auto(r0, &(0x7f0000000000)='-\x00', 0x2fb) 688.474699ms ago: executing program 6 (id=3970): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) rseq$auto(&(0x7f00000001c0)={0xe, 0x20401, 0x5fc, 0x10000006, 0xffffffff, 0x6}, 0x8000, 0x0, 0x6) mmap$auto(0x1, 0x400008, 0xdf, 0x9b72, 0x2, 0x7fff) sched_setaffinity$auto(0x0, 0xcf4d, 0x0) memfd_create$auto(0x0, 0x9) fallocate$auto(0x3, 0x0, 0xe, 0x8ec8) socket(0x2, 0x5, 0x0) setsockopt$auto(0x3, 0x0, 0xd, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) socket(0x80000000000000a, 0x4, 0x0) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) mremap$auto(0xfffffffffffffff7, 0x401, 0x6, 0x268, 0x5) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x804, 0x0) execve$auto(0x0, &(0x7f0000000100)=&(0x7f0000000080)='/proc/self/fail-nth\x00', &(0x7f00000001c0)=&(0x7f0000000140)='[#-^##\x00') setsockopt$auto(0x3, 0x0, 0x30, 0x0, 0x1) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) mprotect$auto(0x0, 0x1933, 0x4) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0xc6601, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/kernel/watchdog_cpumask\x00', 0x141241, 0x0) mremap$auto(0x800, 0x4, 0xb91b, 0x8, 0x1) write$auto(r1, 0x0, 0x0) write$auto(r1, &(0x7f00000000c0)='ethtool\x00', 0x3) fdatasync$auto(r0) r2 = socket(0x10, 0x3, 0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002bbd7000fedbdf251600000018000180140002006e657464657673696d3000000000000005000200000000003fa42ab8604cb69fe4fc5b516e18d777f54570f9ec64ac88995966d69f2d48c9e08fcf15142e5095c73fc886f4c12390be626a30f9966309298278"], 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x4044000) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) mlock$auto(0xfffffffffffffffe, 0x3) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="fc000000", @ANYRES16=r5, @ANYBLOB="01002dbd7000fedbdf2505000000e50003800800c200e000000204002a000400110008002e00", @ANYBLOB="8cd5c6faba190b95c0898027b1ece700b1932f99c10cc69a0ec5be21a4a25c12881cb2e52c8a9d410b521858b4aab8625135d4c988635c96163a30faa8f76688f368a3d56a9d42ab78991da6e34a650d8765d6a634d125efb06cb3a118e250bffbe3fe03735ba77b2322c3ff46f03d71c1e0ffb38a214511ca7834a0fe30de288312d371733c0126b4d3802f7678d35d3d90fe7e31bfbc4a1d829d894a61c878957243193cd6c831f00192d92c95781d6dc339ffced20966934683a15be3e6a34349ead37a2cf86aa77925f822d3b71082b78b588a05d331489d21305283da0cbbfe773f", @ANYBLOB="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac4138553ecfbb1b32dd7c33b14cc842bc1e2a5da4203e64ceaa9db5223aa655b6313c011b3e73a75f1aa1f7b2ea43344b15bd494886e355cf6d92c8fe670a42bc677830013e9c4aa4fa30c3e6630bf0ed13206d5a18f6813c6fb03466112aedf5d67bb5b99fe96a6dcd279916b0bce029925b63c48d41ca8a2c0005802400638020009e8008005a002f7d21001000000200000d0006000000000000000400c9800e59fa"], 0xfc}, 0x1, 0x0, 0x0, 0x40000}, 0x2404c810) 212.333621ms ago: executing program 6 (id=3971): mmap$auto(0x0, 0x1, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mremap$auto(0x0, 0x7, 0x3fd6, 0x0, 0x1ffffffe) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80383, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (fail_nth: 1) 147.206674ms ago: executing program 1 (id=3972): mmap$auto(0x0, 0x1, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mremap$auto(0x0, 0x7, 0x3fd6, 0x0, 0x1ffffffe) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x3, 0x8, 0xc, 0x2e, 0x0, 0x3}, 0x6f4) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) keyctl$auto(0x4, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8000000e) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x20800, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) unshare$auto(0x40000080) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, 0x0, 0x101500, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/midiC2D2\x00', 0x80980, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001180)='/sys/devices/virtual/block/zram0/compact\x00', 0x20001, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000000)="b2", 0x1) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv6/conf/macvlan1/accept_ra_pinfo\x00', 0x101202, 0x0) sendfile$auto(r0, r3, 0x0, 0x1) mmap$auto(0x0, 0x20009, 0xdf, 0xebe, 0x401, 0x8001) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000000000), 0xffffffffffffffff) setsockopt$auto(0x3, 0x1, 0x48, 0x0, 0x9) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000200)={{@inferred, 0x1, 0x7fff, 0x5, "313bf5eb195a060000002af9ffb683dba3931f33828bbfba40f03510bf6b7fe5e2f94ba460d57d448667798d"}, 0x401, 0x8, 0x4, @inferred, @integer={0xdbe, 0x255, 0x8}, "7a9fc199a16a2332eacf2fc7ae1d8778dc618090334fdd73340238d21000debe0eda71bdd709254592b67f9cb5adb17884a16f7ce8cbce0bb32791702b8d7c2d"}) bpf$auto(0x8000000, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x5, 0x9, 0x3a8453d3, 0x80, 0x8, 0x7, 0x1, 0x200, 0x8, 0x401, 0x2, 0x2, 0x2, 0xc28}, 0x0) r5 = socket(0x11, 0x3, 0x9) sendmmsg$auto(r5, &(0x7f00000001c0)={{0x0, 0x5ac, &(0x7f0000000100)={&(0x7f0000000200), 0x12}, 0x5, 0x0, 0x5, 0xe}, 0x5}, 0x2, 0x100) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) 0s ago: executing program 6 (id=3973): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f0000006140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x4405}, 0x4c848) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendmsg$auto_NET_SHAPER_CMD_GROUP(r0, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={0x0}, 0x1, 0x0, 0x0, 0x4c000}, 0x14) r1 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/tracing/trace_options\x00', 0x2, 0x0) r2 = pipe$auto(&(0x7f0000000000)) futimesat$auto(0xffffffffffffffff, 0x0, 0x0) write$auto_def_blk_fops_fs(r2, &(0x7f0000000100)="06a4db327516fb11e3ca850989ca82e68a86740e49cfd2abcd668655f247", 0x1e) write$auto(r2, 0x0, 0x109) unshare$auto(0x40000080) read$auto_tracing_iter_fops_trace(r1, 0x0, 0x0) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/arch_status\x00', 0x109480, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_macsec(&(0x7f00000001c0), 0xffffffffffffffff) r3 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/oom_adj\x00', 0x142, 0x0) read$auto(r3, 0x0, 0x4) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r4, &(0x7f00000000c0)={0x0, 0x8}, 0x3) mmap$auto(0x3, 0xc, 0x9c0f, 0x3800000010, 0xffffffffffffffff, 0x300000000000) io_uring_setup$auto(0x6, 0x0) kernel console output (not intermixed with test programs): full) [ 1013.162525][T25961] Tainted: [U]=USER [ 1013.162530][T25961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1013.162540][T25961] Call Trace: [ 1013.162545][T25961] [ 1013.162552][T25961] dump_stack_lvl+0x16c/0x1f0 [ 1013.162573][T25961] should_fail_ex+0x512/0x640 [ 1013.162596][T25961] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 1013.162615][T25961] should_failslab+0xc2/0x120 [ 1013.162635][T25961] __kvmalloc_node_noprof+0x141/0x9c0 [ 1013.162652][T25961] ? trace_kmalloc+0x2b/0xd0 [ 1013.162669][T25961] ? __kvmalloc_node_noprof+0x3c0/0x9c0 [ 1013.162686][T25961] ? io_alloc_cache_init+0x38/0x170 [ 1013.162709][T25961] ? io_alloc_cache_init+0x38/0x170 [ 1013.162728][T25961] io_alloc_cache_init+0x38/0x170 [ 1013.162748][T25961] io_rsrc_cache_init+0x40/0x50 [ 1013.162768][T25961] io_uring_setup+0x68e/0x20e0 [ 1013.162786][T25961] ? __pfx_io_uring_setup+0x10/0x10 [ 1013.162802][T25961] ? do_futex+0x122/0x350 [ 1013.162822][T25961] ? __pfx_do_futex+0x10/0x10 [ 1013.162840][T25961] ? __fget_files+0x204/0x3c0 [ 1013.162863][T25961] ? xfd_validate_state+0x61/0x180 [ 1013.162882][T25961] ? __pfx_do_writev+0x10/0x10 [ 1013.162900][T25961] __x64_sys_io_uring_setup+0xc2/0x170 [ 1013.162918][T25961] do_syscall_64+0xcd/0xfa0 [ 1013.162936][T25961] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1013.162950][T25961] RIP: 0033:0x7f9d88b8f6c9 [ 1013.162963][T25961] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1013.162977][T25961] RSP: 002b:00007f9d86df6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 1013.162991][T25961] RAX: ffffffffffffffda RBX: 00007f9d88de6090 RCX: 00007f9d88b8f6c9 [ 1013.163002][T25961] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 1013.163011][T25961] RBP: 00007f9d88c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1013.163021][T25961] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1013.163030][T25961] R13: 00007f9d88de6128 R14: 00007f9d88de6090 R15: 00007ffdcbc5b1b8 [ 1013.163049][T25961] [ 1015.655771][T26110] FAULT_INJECTION: forcing a failure. [ 1015.655771][T26110] name failslab, interval 1, probability 0, space 0, times 0 [ 1015.742359][T26110] CPU: 0 UID: 0 PID: 26110 Comm: syz.2.3516 Tainted: G U syzkaller #0 PREEMPT(full) [ 1015.742384][T26110] Tainted: [U]=USER [ 1015.742390][T26110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1015.742399][T26110] Call Trace: [ 1015.742404][T26110] [ 1015.742411][T26110] dump_stack_lvl+0x16c/0x1f0 [ 1015.742433][T26110] should_fail_ex+0x512/0x640 [ 1015.742456][T26110] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 1015.742476][T26110] should_failslab+0xc2/0x120 [ 1015.742496][T26110] __kvmalloc_node_noprof+0x141/0x9c0 [ 1015.742512][T26110] ? trace_kmalloc+0x2b/0xd0 [ 1015.742529][T26110] ? __kvmalloc_node_noprof+0x3c0/0x9c0 [ 1015.742545][T26110] ? io_alloc_cache_init+0x38/0x170 [ 1015.742569][T26110] ? io_alloc_cache_init+0x38/0x170 [ 1015.742587][T26110] io_alloc_cache_init+0x38/0x170 [ 1015.742608][T26110] io_rsrc_cache_init+0x40/0x50 [ 1015.742627][T26110] io_uring_setup+0x68e/0x20e0 [ 1015.742646][T26110] ? __pfx_io_uring_setup+0x10/0x10 [ 1015.742676][T26110] ? do_futex+0x122/0x350 [ 1015.742724][T26110] ? __pfx_do_futex+0x10/0x10 [ 1015.742743][T26110] ? __fget_files+0x204/0x3c0 [ 1015.742767][T26110] ? xfd_validate_state+0x61/0x180 [ 1015.742787][T26110] ? __pfx_do_writev+0x10/0x10 [ 1015.742805][T26110] __x64_sys_io_uring_setup+0xc2/0x170 [ 1015.742824][T26110] do_syscall_64+0xcd/0xfa0 [ 1015.742841][T26110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1015.742856][T26110] RIP: 0033:0x7f9d88b8f6c9 [ 1015.742869][T26110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1015.742883][T26110] RSP: 002b:00007f9d86df6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 1015.742897][T26110] RAX: ffffffffffffffda RBX: 00007f9d88de6090 RCX: 00007f9d88b8f6c9 [ 1015.742907][T26110] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 1015.742915][T26110] RBP: 00007f9d88c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1015.742924][T26110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1015.742932][T26110] R13: 00007f9d88de6128 R14: 00007f9d88de6090 R15: 00007ffdcbc5b1b8 [ 1015.742951][T26110] [ 1015.743251][T26088] Invalid ELF header magic: != ELF [ 1016.747888][T26141] FAULT_INJECTION: forcing a failure. [ 1016.747888][T26141] name failslab, interval 1, probability 0, space 0, times 0 [ 1016.803597][T26141] CPU: 0 UID: 0 PID: 26141 Comm: syz.6.3518 Tainted: G U syzkaller #0 PREEMPT(full) [ 1016.803630][T26141] Tainted: [U]=USER [ 1016.803635][T26141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1016.803644][T26141] Call Trace: [ 1016.803649][T26141] [ 1016.803655][T26141] dump_stack_lvl+0x16c/0x1f0 [ 1016.803677][T26141] should_fail_ex+0x512/0x640 [ 1016.803698][T26141] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1016.803716][T26141] should_failslab+0xc2/0x120 [ 1016.803736][T26141] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1016.803750][T26141] ? taskstats_exit+0x654/0xbe0 [ 1016.803776][T26141] ? taskstats_exit+0x654/0xbe0 [ 1016.803796][T26141] ? acct_update_integrals+0x2ce/0x4a0 [ 1016.803808][T26141] taskstats_exit+0x654/0xbe0 [ 1016.803831][T26141] ? __pfx_taskstats_exit+0x10/0x10 [ 1016.803855][T26141] ? exit_signals+0x38e/0xb40 [ 1016.803874][T26141] do_exit+0x5dc/0x2bf0 [ 1016.803897][T26141] ? __pfx_do_exit+0x10/0x10 [ 1016.803916][T26141] ? do_raw_spin_lock+0x12c/0x2b0 [ 1016.803937][T26141] ? find_held_lock+0x2b/0x80 [ 1016.803955][T26141] do_group_exit+0xd3/0x2a0 [ 1016.803976][T26141] get_signal+0x2671/0x26d0 [ 1016.803998][T26141] ? __pfx_get_signal+0x10/0x10 [ 1016.804013][T26141] ? do_futex+0x122/0x350 [ 1016.804033][T26141] ? __pfx_do_futex+0x10/0x10 [ 1016.804053][T26141] arch_do_signal_or_restart+0x8f/0x790 [ 1016.804073][T26141] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1016.804095][T26141] ? set_cred_ucounts+0x10f/0x200 [ 1016.804121][T26141] exit_to_user_mode_loop+0x85/0x130 [ 1016.804143][T26141] do_syscall_64+0x426/0xfa0 [ 1016.804162][T26141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1016.804176][T26141] RIP: 0033:0x7fa3bfb8f6c9 [ 1016.804188][T26141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1016.804202][T26141] RSP: 002b:00007fa3c0a080e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1016.804217][T26141] RAX: fffffffffffffe00 RBX: 00007fa3bfde6188 RCX: 00007fa3bfb8f6c9 [ 1016.804227][T26141] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa3bfde6188 [ 1016.804236][T26141] RBP: 00007fa3bfde6180 R08: 0000000000000000 R09: 0000000000000000 [ 1016.804245][T26141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1016.804253][T26141] R13: 00007fa3bfde6218 R14: 00007fff3debdb90 R15: 00007fff3debdc78 [ 1016.804272][T26141] [ 1017.042071][ C0] vkms_vblank_simulate: vblank timer overrun [ 1020.228114][T26276] FAULT_INJECTION: forcing a failure. [ 1020.228114][T26276] name failslab, interval 1, probability 0, space 0, times 0 [ 1020.340268][T26276] CPU: 0 UID: 0 PID: 26276 Comm: syz.6.3535 Tainted: G U syzkaller #0 PREEMPT(full) [ 1020.340295][T26276] Tainted: [U]=USER [ 1020.340301][T26276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1020.340310][T26276] Call Trace: [ 1020.340315][T26276] [ 1020.340322][T26276] dump_stack_lvl+0x16c/0x1f0 [ 1020.340345][T26276] should_fail_ex+0x512/0x640 [ 1020.340367][T26276] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 1020.340388][T26276] should_failslab+0xc2/0x120 [ 1020.340407][T26276] __kvmalloc_node_noprof+0x141/0x9c0 [ 1020.340423][T26276] ? trace_kmalloc+0x2b/0xd0 [ 1020.340442][T26276] ? io_alloc_cache_init+0x38/0x170 [ 1020.340465][T26276] ? io_alloc_cache_init+0x38/0x170 [ 1020.340484][T26276] io_alloc_cache_init+0x38/0x170 [ 1020.340505][T26276] io_rsrc_cache_init+0x40/0x50 [ 1020.340524][T26276] io_uring_setup+0x68e/0x20e0 [ 1020.340543][T26276] ? __pfx_io_uring_setup+0x10/0x10 [ 1020.340559][T26276] ? do_futex+0x122/0x350 [ 1020.340578][T26276] ? __pfx_do_futex+0x10/0x10 [ 1020.340597][T26276] ? __fget_files+0x204/0x3c0 [ 1020.340620][T26276] ? xfd_validate_state+0x61/0x180 [ 1020.340639][T26276] ? __pfx_do_writev+0x10/0x10 [ 1020.340657][T26276] __x64_sys_io_uring_setup+0xc2/0x170 [ 1020.340675][T26276] do_syscall_64+0xcd/0xfa0 [ 1020.340693][T26276] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1020.340707][T26276] RIP: 0033:0x7fa3bfb8f6c9 [ 1020.340719][T26276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1020.340733][T26276] RSP: 002b:00007fa3c0a29038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 1020.340747][T26276] RAX: ffffffffffffffda RBX: 00007fa3bfde6090 RCX: 00007fa3bfb8f6c9 [ 1020.340757][T26276] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 1020.340765][T26276] RBP: 00007fa3bfc11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1020.340773][T26276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1020.340782][T26276] R13: 00007fa3bfde6128 R14: 00007fa3bfde6090 R15: 00007fff3debdc78 [ 1020.340801][T26276] [ 1020.553409][ C0] vkms_vblank_simulate: vblank timer overrun [ 1021.249121][T26312] KVM: debugfs: duplicate directory 26312-3 [ 1021.702771][T26240] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3524'. [ 1022.232319][T26356] random: crng reseeded on system resumption [ 1022.369593][ T30] audit: type=1800 audit(4294967335.760:123): pid=26362 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.3542" name="discovery_nqn" dev="configfs" ino=98596 res=0 errno=0 [ 1022.461619][T26364] FAULT_INJECTION: forcing a failure. [ 1022.461619][T26364] name failslab, interval 1, probability 0, space 0, times 0 [ 1022.546045][T26364] CPU: 0 UID: 0 PID: 26364 Comm: syz.5.3544 Tainted: G U syzkaller #0 PREEMPT(full) [ 1022.546072][T26364] Tainted: [U]=USER [ 1022.546077][T26364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1022.546088][T26364] Call Trace: [ 1022.546096][T26364] [ 1022.546102][T26364] dump_stack_lvl+0x16c/0x1f0 [ 1022.546124][T26364] should_fail_ex+0x512/0x640 [ 1022.546146][T26364] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1022.546164][T26364] should_failslab+0xc2/0x120 [ 1022.546183][T26364] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1022.546198][T26364] ? prepare_creds+0x2c/0x7d0 [ 1022.546222][T26364] ? prepare_creds+0x2c/0x7d0 [ 1022.546241][T26364] prepare_creds+0x2c/0x7d0 [ 1022.546263][T26364] __sys_setuid+0x9a/0x440 [ 1022.546279][T26364] do_syscall_64+0xcd/0xfa0 [ 1022.546297][T26364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1022.546312][T26364] RIP: 0033:0x7eff5f58f6c9 [ 1022.546324][T26364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1022.546339][T26364] RSP: 002b:00007eff603ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000069 [ 1022.546353][T26364] RAX: ffffffffffffffda RBX: 00007eff5f7e5fa0 RCX: 00007eff5f58f6c9 [ 1022.546362][T26364] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 1022.546371][T26364] RBP: 00007eff5f611f91 R08: 0000000000000000 R09: 0000000000000000 [ 1022.546380][T26364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1022.546388][T26364] R13: 00007eff5f7e6038 R14: 00007eff5f7e5fa0 R15: 00007ffdcf2db438 [ 1022.546407][T26364] [ 1022.707911][ C0] vkms_vblank_simulate: vblank timer overrun [ 1022.721857][T26365] phram: not enough arguments [ 1024.415794][T26426] random: crng reseeded on system resumption [ 1024.462240][ T30] audit: type=1800 audit(4294967337.850:124): pid=26426 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3553" name="discovery_nqn" dev="configfs" ino=98732 res=0 errno=0 [ 1024.519826][T26426] phram: not enough arguments [ 1024.961943][T26437] random: crng reseeded on system resumption [ 1025.096747][ T30] audit: type=1800 audit(4294967338.480:125): pid=26444 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3556" name="discovery_nqn" dev="configfs" ino=98790 res=0 errno=0 [ 1025.266017][T26444] phram: not enough arguments [ 1025.504146][T26475] FAULT_INJECTION: forcing a failure. [ 1025.504146][T26475] name failslab, interval 1, probability 0, space 0, times 0 [ 1025.607644][T26475] CPU: 0 UID: 0 PID: 26475 Comm: syz.6.3560 Tainted: G U syzkaller #0 PREEMPT(full) [ 1025.607670][T26475] Tainted: [U]=USER [ 1025.607675][T26475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1025.607684][T26475] Call Trace: [ 1025.607690][T26475] [ 1025.607696][T26475] dump_stack_lvl+0x16c/0x1f0 [ 1025.607717][T26475] should_fail_ex+0x512/0x640 [ 1025.607748][T26475] ? __kmalloc_cache_node_noprof+0x62/0x7a0 [ 1025.607768][T26475] should_failslab+0xc2/0x120 [ 1025.607788][T26475] __kmalloc_cache_node_noprof+0x75/0x7a0 [ 1025.607805][T26475] ? sched_setaffinity+0x265/0x400 [ 1025.607824][T26475] ? sched_setaffinity+0x265/0x400 [ 1025.607839][T26475] sched_setaffinity+0x265/0x400 [ 1025.607855][T26475] ? __pfx_sched_setaffinity+0x10/0x10 [ 1025.607872][T26475] ? _copy_from_user+0x59/0xd0 [ 1025.607897][T26475] __x64_sys_sched_setaffinity+0x116/0x140 [ 1025.607914][T26475] ? __pfx___x64_sys_sched_setaffinity+0x10/0x10 [ 1025.607933][T26475] ? rcu_is_watching+0x12/0xc0 [ 1025.607950][T26475] do_syscall_64+0xcd/0xfa0 [ 1025.607969][T26475] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1025.607983][T26475] RIP: 0033:0x7fa3bfb8f6c9 [ 1025.607995][T26475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1025.608010][T26475] RSP: 002b:00007fa3c0a29038 EFLAGS: 00000246 ORIG_RAX: 00000000000000cb [ 1025.608025][T26475] RAX: ffffffffffffffda RBX: 00007fa3bfde6090 RCX: 00007fa3bfb8f6c9 [ 1025.608034][T26475] RDX: 0000000000000000 RSI: 000000000000cf4d RDI: 0000000000000000 [ 1025.608043][T26475] RBP: 00007fa3c0a29090 R08: 0000000000000000 R09: 0000000000000000 [ 1025.608052][T26475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1025.608060][T26475] R13: 00007fa3bfde6128 R14: 00007fa3bfde6090 R15: 00007fff3debdc78 [ 1025.608079][T26475] [ 1025.971009][T26475] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3560'. [ 1026.253780][T26487] FAULT_INJECTION: forcing a failure. [ 1026.253780][T26487] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1026.330300][T26487] CPU: 0 UID: 0 PID: 26487 Comm: syz.2.3561 Tainted: G U syzkaller #0 PREEMPT(full) [ 1026.330326][T26487] Tainted: [U]=USER [ 1026.330331][T26487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1026.330340][T26487] Call Trace: [ 1026.330346][T26487] [ 1026.330351][T26487] dump_stack_lvl+0x16c/0x1f0 [ 1026.330373][T26487] should_fail_ex+0x512/0x640 [ 1026.330398][T26487] get_futex_key+0xff0/0x1560 [ 1026.330419][T26487] ? __pfx_get_futex_key+0x10/0x10 [ 1026.330437][T26487] ? __mutex_trylock_common+0xe9/0x250 [ 1026.330462][T26487] futex_wake+0xea/0x530 [ 1026.330486][T26487] ? __pfx_futex_wake+0x10/0x10 [ 1026.330506][T26487] ? __lock_acquire+0xb8a/0x1c90 [ 1026.330533][T26487] do_futex+0x1e3/0x350 [ 1026.330552][T26487] ? __pfx_do_futex+0x10/0x10 [ 1026.330569][T26487] ? __might_fault+0xe3/0x190 [ 1026.330589][T26487] mm_release+0x24e/0x300 [ 1026.330605][T26487] do_exit+0x68e/0x2bf0 [ 1026.330624][T26487] ? __pfx_try_to_wake_up+0x10/0x10 [ 1026.330641][T26487] ? __pfx_do_exit+0x10/0x10 [ 1026.330669][T26487] ? do_raw_spin_lock+0x12c/0x2b0 [ 1026.330690][T26487] ? find_held_lock+0x2b/0x80 [ 1026.330708][T26487] do_group_exit+0xd3/0x2a0 [ 1026.330729][T26487] get_signal+0x2671/0x26d0 [ 1026.330745][T26487] ? lockdep_hardirqs_on+0x7c/0x110 [ 1026.330763][T26487] ? __sched_setaffinity+0x173/0x280 [ 1026.330780][T26487] ? rcu_is_watching+0x12/0xc0 [ 1026.330797][T26487] ? __pfx_get_signal+0x10/0x10 [ 1026.330813][T26487] ? do_futex+0x122/0x350 [ 1026.330832][T26487] ? __pfx_do_futex+0x10/0x10 [ 1026.330852][T26487] arch_do_signal_or_restart+0x8f/0x790 [ 1026.330872][T26487] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1026.330895][T26487] ? xfd_validate_state+0x61/0x180 [ 1026.330919][T26487] exit_to_user_mode_loop+0x85/0x130 [ 1026.330942][T26487] do_syscall_64+0x426/0xfa0 [ 1026.330961][T26487] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1026.330976][T26487] RIP: 0033:0x7f9d88b8f6c9 [ 1026.330988][T26487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1026.331002][T26487] RSP: 002b:00007f9d899530e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1026.331017][T26487] RAX: 0000000000000001 RBX: 00007f9d88de5fa8 RCX: 00007f9d88b8f6c9 [ 1026.331026][T26487] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f9d88de5fac [ 1026.331035][T26487] RBP: 00007f9d88de5fa0 R08: 00007f9d89954000 R09: 0000000000000000 [ 1026.331044][T26487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1026.331053][T26487] R13: 00007f9d88de6038 R14: 00007ffdcbc5b0d0 R15: 00007ffdcbc5b1b8 [ 1026.331072][T26487] [ 1026.622188][T26498] binder: 26496:26498 ioctl c00c620f 200000000680 returned -22 [ 1027.041206][T26514] random: crng reseeded on system resumption [ 1027.133767][ T30] audit: type=1800 audit(4294967340.490:126): pid=26518 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.3571" name="discovery_nqn" dev="configfs" ino=98939 res=0 errno=0 [ 1027.231361][T26518] phram: not enough arguments [ 1027.609510][T26526] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3574'. [ 1028.170424][T26545] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888078002000 pfn:0x78000 [ 1028.232655][T26545] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1028.278091][T26545] memcg:ffff888078bc99c1 [ 1028.306392][T26545] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 1028.353291][T26545] page_type: f5(slab) [ 1028.373638][T26545] raw: 00fff00000000240 ffff88813ffb0500 ffffea000128ee10 ffffea0000d24e10 [ 1028.432502][T26545] raw: ffff888078002000 0000000000040003 00000000f5000000 ffff888078bc99c1 [ 1028.477201][T26545] head: 00fff00000000240 ffff88813ffb0500 ffffea000128ee10 ffffea0000d24e10 [ 1028.522411][T26545] head: ffff888078002000 0000000000040003 00000000f5000000 ffff888078bc99c1 [ 1028.566009][T26545] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 1028.590187][T26561] random: crng reseeded on system resumption [ 1028.610987][T26545] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1028.651547][T26545] page dumped because: unmovable page [ 1028.682846][T26545] page_owner tracks the page as allocated [ 1028.711718][T26545] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd60c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 13243, tgid 13242 (syz.3.1627), ts 551267700180, free_ts 551233466482 [ 1028.820942][T26545] post_alloc_hook+0x1c0/0x230 [ 1028.852993][T26545] get_page_from_freelist+0x10a3/0x3a30 [ 1028.878757][T26545] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 1028.911739][T26545] alloc_pages_mpol+0x1fb/0x550 [ 1028.933723][T26545] new_slab+0x24a/0x360 [ 1028.951388][T26545] ___slab_alloc+0xd79/0x1a50 [ 1028.997184][T26545] __slab_alloc.constprop.0+0x63/0x110 [ 1029.042605][T26545] __kvmalloc_node_noprof+0x5aa/0x9c0 [ 1029.048013][T26545] alloc_netdev_mqs+0xd7/0x1550 [ 1029.078895][T26545] ip6gre_init_net+0x9e/0x440 [ 1029.106426][T26545] ops_init+0x1e2/0x5f0 [ 1029.133760][T26545] setup_net+0x100/0x390 [ 1029.156053][T26545] copy_net_ns+0x2f8/0x690 [ 1029.174435][T26545] create_new_namespaces+0x3ea/0xa90 [ 1029.193705][T26545] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1029.214056][T26545] ksys_unshare+0x45b/0xa40 [ 1029.239351][T26545] page last free pid 13245 tgid 13244 stack trace: [ 1029.263909][T26545] __free_frozen_pages+0x7df/0x1160 [ 1029.291564][T26545] __put_partials+0x130/0x170 [ 1029.318963][T26545] qlist_free_all+0x4d/0x120 [ 1029.337874][T26545] kasan_quarantine_reduce+0x195/0x1e0 [ 1029.357051][T26545] __kasan_slab_alloc+0x69/0x90 [ 1029.374988][T26545] __kmalloc_noprof+0x2e8/0x880 [ 1029.391539][T26545] tomoyo_realpath_from_path+0xc2/0x6e0 [ 1029.410845][T26545] tomoyo_path_number_perm+0x245/0x580 [ 1029.441104][T26545] security_file_ioctl+0x9b/0x240 [ 1029.462467][T26545] __x64_sys_ioctl+0xb7/0x210 [ 1029.480687][T26545] do_syscall_64+0xcd/0xfa0 [ 1029.495436][T26545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1029.809598][T26620] FAULT_INJECTION: forcing a failure. [ 1029.809598][T26620] name failslab, interval 1, probability 0, space 0, times 0 [ 1029.865558][T26620] CPU: 0 UID: 0 PID: 26620 Comm: syz.5.3587 Tainted: G U syzkaller #0 PREEMPT(full) [ 1029.865585][T26620] Tainted: [U]=USER [ 1029.865591][T26620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1029.865601][T26620] Call Trace: [ 1029.865606][T26620] [ 1029.865613][T26620] dump_stack_lvl+0x16c/0x1f0 [ 1029.865636][T26620] should_fail_ex+0x512/0x640 [ 1029.865658][T26620] ? fs_reclaim_acquire+0xae/0x150 [ 1029.865680][T26620] should_failslab+0xc2/0x120 [ 1029.865700][T26620] __kmalloc_noprof+0xdd/0x880 [ 1029.865722][T26620] ? kfree+0x252/0x6d0 [ 1029.865742][T26620] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1029.865762][T26620] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1029.865777][T26620] tomoyo_realpath_from_path+0xc2/0x6e0 [ 1029.865799][T26620] tomoyo_check_open_permission+0x2ab/0x3c0 [ 1029.865821][T26620] ? path_openat+0xda/0x2cb0 [ 1029.865837][T26620] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1029.865859][T26620] ? do_syscall_64+0xcd/0xfa0 [ 1029.865892][T26620] ? do_raw_spin_lock+0x12c/0x2b0 [ 1029.865920][T26620] tomoyo_file_open+0x6b/0x90 [ 1029.865939][T26620] security_file_open+0x84/0x1e0 [ 1029.865955][T26620] do_dentry_open+0x596/0x1530 [ 1029.865977][T26620] vfs_open+0x82/0x3f0 [ 1029.865999][T26620] path_openat+0x1de4/0x2cb0 [ 1029.866020][T26620] ? __pfx_path_openat+0x10/0x10 [ 1029.866036][T26620] ? __lock_acquire+0xb8a/0x1c90 [ 1029.866058][T26620] do_filp_open+0x20b/0x470 [ 1029.866074][T26620] ? __pfx_do_filp_open+0x10/0x10 [ 1029.866102][T26620] ? alloc_fd+0x471/0x7d0 [ 1029.866122][T26620] do_sys_openat2+0x11b/0x1d0 [ 1029.866142][T26620] ? __pfx_do_sys_openat2+0x10/0x10 [ 1029.866169][T26620] __x64_sys_openat+0x174/0x210 [ 1029.866190][T26620] ? __pfx___x64_sys_openat+0x10/0x10 [ 1029.866218][T26620] do_syscall_64+0xcd/0xfa0 [ 1029.866235][T26620] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1029.866250][T26620] RIP: 0033:0x7eff5f58f6c9 [ 1029.866262][T26620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1029.866277][T26620] RSP: 002b:00007eff603ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1029.866292][T26620] RAX: ffffffffffffffda RBX: 00007eff5f7e5fa0 RCX: 00007eff5f58f6c9 [ 1029.866301][T26620] RDX: 0000000000040400 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 1029.866310][T26620] RBP: 00007eff5f611f91 R08: 0000000000000000 R09: 0000000000000000 [ 1029.866319][T26620] R10: 0000000000000048 R11: 0000000000000246 R12: 0000000000000000 [ 1029.866328][T26620] R13: 00007eff5f7e6038 R14: 00007eff5f7e5fa0 R15: 00007ffdcf2db438 [ 1029.866348][T26620] [ 1029.866355][T26620] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1030.204762][T26633] FAULT_INJECTION: forcing a failure. [ 1030.204762][T26633] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1030.257984][T26633] CPU: 0 UID: 0 PID: 26633 Comm: syz.1.3588 Tainted: G U syzkaller #0 PREEMPT(full) [ 1030.258011][T26633] Tainted: [U]=USER [ 1030.258017][T26633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1030.258026][T26633] Call Trace: [ 1030.258031][T26633] [ 1030.258037][T26633] dump_stack_lvl+0x16c/0x1f0 [ 1030.258059][T26633] should_fail_ex+0x512/0x640 [ 1030.258086][T26633] get_futex_key+0x1d0/0x1560 [ 1030.258108][T26633] ? __pfx_get_futex_key+0x10/0x10 [ 1030.258125][T26633] ? find_held_lock+0x2b/0x80 [ 1030.258145][T26633] futex_wake+0xea/0x530 [ 1030.258165][T26633] ? futex_wait+0x120/0x380 [ 1030.258188][T26633] ? __pfx_futex_wake+0x10/0x10 [ 1030.258207][T26633] ? __lock_acquire+0x622/0x1c90 [ 1030.258229][T26633] ? fput+0x9b/0xd0 [ 1030.258260][T26633] do_futex+0x1e3/0x350 [ 1030.258280][T26633] ? __pfx_do_futex+0x10/0x10 [ 1030.258304][T26633] __x64_sys_futex+0x1e0/0x4c0 [ 1030.258327][T26633] ? __pfx___x64_sys_futex+0x10/0x10 [ 1030.258346][T26633] ? __sys_getsockopt+0x144/0x1b0 [ 1030.258374][T26633] do_syscall_64+0xcd/0xfa0 [ 1030.258392][T26633] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1030.258407][T26633] RIP: 0033:0x7f1d1b98f6c9 [ 1030.258418][T26633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1030.258432][T26633] RSP: 002b:00007f1d1c7e70e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1030.258447][T26633] RAX: ffffffffffffffda RBX: 00007f1d1bbe6098 RCX: 00007f1d1b98f6c9 [ 1030.258457][T26633] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1d1bbe609c [ 1030.258466][T26633] RBP: 00007f1d1bbe6090 R08: 00007f1d1c809000 R09: 0000000000000000 [ 1030.258475][T26633] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 1030.258484][T26633] R13: 00007f1d1bbe6128 R14: 00007ffd838192d0 R15: 00007ffd838193b8 [ 1030.258503][T26633] [ 1030.444764][ C0] vkms_vblank_simulate: vblank timer overrun [ 1030.551936][T26653] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 1030.900377][T26667] random: crng reseeded on system resumption [ 1031.452035][T26707] scsi_dev_info_list_add_str: bad dev info string ')zD 5fk+*X#R84*VsndvqQW}~YrȀ-8VGDƘLB%v†v}Ypq|?O[,! 7xWDr%[}E$3?G9Ff=lrGH;2L<=|8 -c Fո"[v9q4Mmvqk[(iNDСMX PSqqX4X`V!;r֍)y]WzfIH0,v{q8שUܹ䑉m؛HTwCz-nR%2]x05oՕ|3>lS*L/Cdgӑ[C=Cwem)l#' ''S.sHgi-TY%ܹF*8nFTH?i{' '' [ 1031.499360][ C0] vkms_vblank_simulate: vblank timer overrun [ 1032.470382][T26745] synth uevent: /devices/platform/vivid.0/video4linux/v4l-touch6: unknown uevent action string [ 1032.493909][T26748] random: crng reseeded on system resumption [ 1032.587417][T26745] video4linux v4l-touch6: uevent: failed to send synthetic uevent: -22 [ 1032.609162][ T30] audit: type=1800 audit(4294967345.990:127): pid=26754 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3607" name="discovery_nqn" dev="configfs" ino=99647 res=0 errno=0 [ 1032.772155][T26754] phram: not enough arguments [ 1033.085579][T26764] block nbd8: NBD_DISCONNECT [ 1033.492272][T26775] FAULT_INJECTION: forcing a failure. [ 1033.492272][T26775] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1033.558878][T26775] CPU: 0 UID: 0 PID: 26775 Comm: syz.2.3613 Tainted: G U syzkaller #0 PREEMPT(full) [ 1033.558903][T26775] Tainted: [U]=USER [ 1033.558908][T26775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1033.558917][T26775] Call Trace: [ 1033.558922][T26775] [ 1033.558928][T26775] dump_stack_lvl+0x16c/0x1f0 [ 1033.558950][T26775] should_fail_ex+0x512/0x640 [ 1033.558981][T26775] _copy_to_user+0x32/0xd0 [ 1033.559006][T26775] simple_read_from_buffer+0xcb/0x170 [ 1033.559031][T26775] proc_fail_nth_read+0x197/0x240 [ 1033.559048][T26775] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1033.559065][T26775] ? rw_verify_area+0xcf/0x6c0 [ 1033.559079][T26775] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1033.559094][T26775] vfs_read+0x1e4/0xcf0 [ 1033.559112][T26775] ? __pfx___mutex_lock+0x10/0x10 [ 1033.559130][T26775] ? __pfx_vfs_read+0x10/0x10 [ 1033.559150][T26775] ? __fget_files+0x20e/0x3c0 [ 1033.559170][T26775] ksys_read+0x12a/0x250 [ 1033.559185][T26775] ? __pfx_ksys_read+0x10/0x10 [ 1033.559205][T26775] do_syscall_64+0xcd/0xfa0 [ 1033.559224][T26775] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1033.559238][T26775] RIP: 0033:0x7f9d88b8e0dc [ 1033.559250][T26775] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1033.559264][T26775] RSP: 002b:00007f9d89953030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1033.559279][T26775] RAX: ffffffffffffffda RBX: 00007f9d88de5fa0 RCX: 00007f9d88b8e0dc [ 1033.559289][T26775] RDX: 000000000000000f RSI: 00007f9d899530a0 RDI: 0000000000000004 [ 1033.559297][T26775] RBP: 00007f9d89953090 R08: 0000000000000000 R09: 0000000000000000 [ 1033.559306][T26775] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001 [ 1033.559314][T26775] R13: 00007f9d88de6038 R14: 00007f9d88de5fa0 R15: 00007ffdcbc5b1b8 [ 1033.559334][T26775] [ 1033.752069][ C0] vkms_vblank_simulate: vblank timer overrun [ 1034.371098][T26791] random: crng reseeded on system resumption [ 1034.528724][ T30] audit: type=1800 audit(4294967347.870:128): pid=26791 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3617" name="discovery_nqn" dev="configfs" ino=99828 res=0 errno=0 [ 1034.559755][T26792] phram: not enough arguments [ 1035.087652][T26805] FAULT_INJECTION: forcing a failure. [ 1035.087652][T26805] name failslab, interval 1, probability 0, space 0, times 0 [ 1035.188847][T26805] CPU: 0 UID: 0 PID: 26805 Comm: syz.2.3619 Tainted: G U syzkaller #0 PREEMPT(full) [ 1035.188875][T26805] Tainted: [U]=USER [ 1035.188880][T26805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1035.188890][T26805] Call Trace: [ 1035.188896][T26805] [ 1035.188902][T26805] dump_stack_lvl+0x16c/0x1f0 [ 1035.188925][T26805] should_fail_ex+0x512/0x640 [ 1035.188947][T26805] ? __kmalloc_cache_noprof+0x5f/0x780 [ 1035.188973][T26805] should_failslab+0xc2/0x120 [ 1035.188992][T26805] __kmalloc_cache_noprof+0x72/0x780 [ 1035.189015][T26805] ? vhost_net_open+0xb9/0x8a0 [ 1035.189039][T26805] ? vhost_net_open+0xb9/0x8a0 [ 1035.189059][T26805] vhost_net_open+0xb9/0x8a0 [ 1035.189080][T26805] ? __pfx_vhost_net_open+0x10/0x10 [ 1035.189104][T26805] misc_open+0x26d/0x450 [ 1035.189126][T26805] ? __pfx_misc_open+0x10/0x10 [ 1035.189146][T26805] chrdev_open+0x234/0x6a0 [ 1035.189163][T26805] ? __pfx_apparmor_file_open+0x10/0x10 [ 1035.189184][T26805] ? __pfx_chrdev_open+0x10/0x10 [ 1035.189202][T26805] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 1035.189222][T26805] do_dentry_open+0x982/0x1530 [ 1035.189238][T26805] ? __pfx_chrdev_open+0x10/0x10 [ 1035.189259][T26805] vfs_open+0x82/0x3f0 [ 1035.189280][T26805] path_openat+0x1de4/0x2cb0 [ 1035.189302][T26805] ? __pfx_path_openat+0x10/0x10 [ 1035.189318][T26805] ? __lock_acquire+0xb8a/0x1c90 [ 1035.189340][T26805] do_filp_open+0x20b/0x470 [ 1035.189355][T26805] ? __pfx_do_filp_open+0x10/0x10 [ 1035.189384][T26805] ? alloc_fd+0x471/0x7d0 [ 1035.189403][T26805] do_sys_openat2+0x11b/0x1d0 [ 1035.189424][T26805] ? __pfx_do_sys_openat2+0x10/0x10 [ 1035.189451][T26805] __x64_sys_openat+0x174/0x210 [ 1035.189471][T26805] ? __pfx___x64_sys_openat+0x10/0x10 [ 1035.189499][T26805] do_syscall_64+0xcd/0xfa0 [ 1035.189517][T26805] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1035.189532][T26805] RIP: 0033:0x7f9d88b8f6c9 [ 1035.189544][T26805] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1035.189558][T26805] RSP: 002b:00007f9d89953038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1035.189573][T26805] RAX: ffffffffffffffda RBX: 00007f9d88de5fa0 RCX: 00007f9d88b8f6c9 [ 1035.189582][T26805] RDX: 0000000000101600 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1035.189592][T26805] RBP: 00007f9d88c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1035.189600][T26805] R10: 0000000000001f00 R11: 0000000000000246 R12: 0000000000000000 [ 1035.189609][T26805] R13: 00007f9d88de6038 R14: 00007f9d88de5fa0 R15: 00007ffdcbc5b1b8 [ 1035.189629][T26805] [ 1035.450792][ C0] vkms_vblank_simulate: vblank timer overrun [ 1036.682737][T26879] deleting an unspecified loop device is not supported. [ 1036.896378][T26889] FAULT_INJECTION: forcing a failure. [ 1036.896378][T26889] name failslab, interval 1, probability 0, space 0, times 0 [ 1036.942806][T26889] CPU: 0 UID: 0 PID: 26889 Comm: syz.2.3628 Tainted: G U syzkaller #0 PREEMPT(full) [ 1036.942833][T26889] Tainted: [U]=USER [ 1036.942838][T26889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1036.942847][T26889] Call Trace: [ 1036.942853][T26889] [ 1036.942860][T26889] dump_stack_lvl+0x16c/0x1f0 [ 1036.942882][T26889] should_fail_ex+0x512/0x640 [ 1036.942904][T26889] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 1036.942925][T26889] should_failslab+0xc2/0x120 [ 1036.942945][T26889] __kvmalloc_node_noprof+0x141/0x9c0 [ 1036.942963][T26889] ? io_uring_setup+0x3ad/0x20e0 [ 1036.942984][T26889] ? io_uring_setup+0x3ad/0x20e0 [ 1036.942999][T26889] io_uring_setup+0x3ad/0x20e0 [ 1036.943017][T26889] ? __pfx_io_uring_setup+0x10/0x10 [ 1036.943033][T26889] ? do_futex+0x122/0x350 [ 1036.943053][T26889] ? __pfx_do_futex+0x10/0x10 [ 1036.943072][T26889] ? __fput+0x68d/0xb70 [ 1036.943090][T26889] ? __pfx___might_resched+0x10/0x10 [ 1036.943112][T26889] ? xfd_validate_state+0x61/0x180 [ 1036.943131][T26889] ? __pfx___do_sys_close_range+0x10/0x10 [ 1036.943151][T26889] __x64_sys_io_uring_setup+0xc2/0x170 [ 1036.943169][T26889] do_syscall_64+0xcd/0xfa0 [ 1036.943187][T26889] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1036.943201][T26889] RIP: 0033:0x7f9d88b8f6c9 [ 1036.943214][T26889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1036.943228][T26889] RSP: 002b:00007f9d89953038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 1036.943242][T26889] RAX: ffffffffffffffda RBX: 00007f9d88de5fa0 RCX: 00007f9d88b8f6c9 [ 1036.943252][T26889] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 1036.943261][T26889] RBP: 00007f9d88c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1036.943269][T26889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1036.943278][T26889] R13: 00007f9d88de6038 R14: 00007f9d88de5fa0 R15: 00007ffdcbc5b1b8 [ 1036.943298][T26889] [ 1037.143902][ C0] vkms_vblank_simulate: vblank timer overrun [ 1037.590617][T26896] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input33 [ 1037.930466][T26914] FAULT_INJECTION: forcing a failure. [ 1037.930466][T26914] name failslab, interval 1, probability 0, space 0, times 0 [ 1038.031699][T26914] CPU: 0 UID: 0 PID: 26914 Comm: syz.6.3631 Tainted: G U syzkaller #0 PREEMPT(full) [ 1038.031730][T26914] Tainted: [U]=USER [ 1038.031736][T26914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1038.031746][T26914] Call Trace: [ 1038.031751][T26914] [ 1038.031758][T26914] dump_stack_lvl+0x16c/0x1f0 [ 1038.031780][T26914] should_fail_ex+0x512/0x640 [ 1038.031802][T26914] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 1038.031822][T26914] should_failslab+0xc2/0x120 [ 1038.031842][T26914] __kvmalloc_node_noprof+0x141/0x9c0 [ 1038.031859][T26914] ? trace_kmalloc+0x2b/0xd0 [ 1038.031875][T26914] ? __kvmalloc_node_noprof+0x3c0/0x9c0 [ 1038.031891][T26914] ? io_alloc_cache_init+0x38/0x170 [ 1038.031915][T26914] ? io_alloc_cache_init+0x38/0x170 [ 1038.031934][T26914] io_alloc_cache_init+0x38/0x170 [ 1038.031955][T26914] io_rsrc_cache_init+0x40/0x50 [ 1038.031974][T26914] io_uring_setup+0x68e/0x20e0 [ 1038.031993][T26914] ? __pfx_io_uring_setup+0x10/0x10 [ 1038.032009][T26914] ? do_futex+0x122/0x350 [ 1038.032029][T26914] ? __pfx_do_futex+0x10/0x10 [ 1038.032047][T26914] ? __fget_files+0x204/0x3c0 [ 1038.032070][T26914] ? xfd_validate_state+0x61/0x180 [ 1038.032089][T26914] ? __pfx_do_writev+0x10/0x10 [ 1038.032107][T26914] __x64_sys_io_uring_setup+0xc2/0x170 [ 1038.032125][T26914] do_syscall_64+0xcd/0xfa0 [ 1038.032143][T26914] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1038.032158][T26914] RIP: 0033:0x7fa3bfb8f6c9 [ 1038.032170][T26914] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1038.032184][T26914] RSP: 002b:00007fa3c0a29038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 1038.032198][T26914] RAX: ffffffffffffffda RBX: 00007fa3bfde6090 RCX: 00007fa3bfb8f6c9 [ 1038.032208][T26914] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 1038.032217][T26914] RBP: 00007fa3bfc11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1038.032226][T26914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1038.032234][T26914] R13: 00007fa3bfde6128 R14: 00007fa3bfde6090 R15: 00007fff3debdc78 [ 1038.032253][T26914] [ 1038.580619][T26943] random: crng reseeded on system resumption [ 1038.684346][ T30] audit: type=1800 audit(4294967352.070:129): pid=26944 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3632" name="discovery_nqn" dev="configfs" ino=100074 res=0 errno=0 [ 1038.858976][T26948] phram: not enough arguments [ 1039.573156][T26899] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input34 [ 1039.950254][T27002] random: crng reseeded on system resumption [ 1040.316537][T27005] zswap: compressor 000 not available [ 1040.850015][T15368] netdevsim netdevsim1335 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1040.895096][T27034] netlink: 334 bytes leftover after parsing attributes in process `syz.5.3641'. [ 1041.231398][T26962] Bluetooth: hci0: command 0x0406 tx timeout [ 1042.299409][T27082] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3645'. [ 1042.764886][T27103] random: crng reseeded on system resumption [ 1042.824425][ T30] audit: type=1800 audit(4294967356.210:130): pid=27103 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3652" name="discovery_nqn" dev="configfs" ino=100487 res=0 errno=0 [ 1042.899856][T27103] phram: not enough arguments [ 1043.377156][T27125] bridge0: port 3(dummy0) entered blocking state [ 1043.383941][T27125] bridge0: port 3(dummy0) entered disabled state [ 1043.420545][T27125] dummy0: entered allmulticast mode [ 1043.448022][T27125] dummy0: entered promiscuous mode [ 1043.482878][T27125] bridge0: port 3(dummy0) entered blocking state [ 1043.489341][T27125] bridge0: port 3(dummy0) entered forwarding state [ 1045.487308][T27179] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3663'. [ 1046.168051][T27182] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3664'. [ 1046.350142][T26962] Bluetooth: hci2: command 0x0406 tx timeout [ 1047.207969][T27288] bridge0: port 3(bond0) entered blocking state [ 1047.228548][T27288] bridge0: port 3(bond0) entered disabled state [ 1047.283285][T27288] bond0: entered allmulticast mode [ 1047.310001][T27288] bond_slave_0: entered allmulticast mode [ 1047.355953][T27288] bond_slave_1: entered allmulticast mode [ 1047.412968][T27288] bond0: entered promiscuous mode [ 1047.437570][T27288] bond_slave_0: entered promiscuous mode [ 1047.449028][T27288] bond_slave_1: entered promiscuous mode [ 1047.466382][T27288] bridge0: port 3(bond0) entered blocking state [ 1047.472728][T27288] bridge0: port 3(bond0) entered forwarding state [ 1047.997698][T27333] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input35 [ 1048.176252][T27335] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input36 [ 1048.375438][T27333] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3674'. [ 1048.414769][T27363] random: crng reseeded on system resumption [ 1048.552592][ T30] audit: type=1800 audit(4294967361.940:131): pid=27363 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3675" name="discovery_nqn" dev="configfs" ino=100991 res=0 errno=0 [ 1048.806830][T27363] phram: not enough arguments [ 1050.829154][T27470] input input37: cannot allocate more than FF_MAX_EFFECTS effects [ 1051.273818][ T30] audit: type=1400 audit(4294967364.660:132): apparmor="DENIED" operation="setprocattr" info="invalid" error=-22 profile="unconfined" pid=27486 comm="syz.6.3695" [ 1052.283336][T27546] random: crng reseeded on system resumption [ 1052.373817][T27499] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3696'. [ 1052.400273][ T30] audit: type=1800 audit(4294967365.790:133): pid=27547 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.3703" name="discovery_nqn" dev="configfs" ino=101485 res=0 errno=0 [ 1052.579063][T27547] phram: not enough arguments [ 1053.434663][T27582] FAULT_INJECTION: forcing a failure. [ 1053.434663][T27582] name failslab, interval 1, probability 0, space 0, times 0 [ 1053.663248][T27582] CPU: 0 UID: 0 PID: 27582 Comm: syz.6.3707 Tainted: G U syzkaller #0 PREEMPT(full) [ 1053.663275][T27582] Tainted: [U]=USER [ 1053.663280][T27582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1053.663290][T27582] Call Trace: [ 1053.663296][T27582] [ 1053.663303][T27582] dump_stack_lvl+0x16c/0x1f0 [ 1053.663325][T27582] should_fail_ex+0x512/0x640 [ 1053.663348][T27582] ? fs_reclaim_acquire+0xae/0x150 [ 1053.663368][T27582] should_failslab+0xc2/0x120 [ 1053.663388][T27582] __kmalloc_noprof+0xdd/0x880 [ 1053.663410][T27582] ? security_inode_init_security+0x13f/0x390 [ 1053.663432][T27582] ? security_inode_init_security+0x13f/0x390 [ 1053.663449][T27582] security_inode_init_security+0x13f/0x390 [ 1053.663469][T27582] ? __pfx_shmem_initxattrs+0x10/0x10 [ 1053.663487][T27582] ? __pfx_security_inode_init_security+0x10/0x10 [ 1053.663506][T27582] ? shmem_get_inode+0x73a/0xfb0 [ 1053.663529][T27582] shmem_symlink+0x135/0x9f0 [ 1053.663546][T27582] ? __pfx_shmem_symlink+0x10/0x10 [ 1053.663560][T27582] ? bpf_lsm_inode_permission+0x9/0x10 [ 1053.663574][T27582] ? security_inode_permission+0xbf/0x260 [ 1053.663597][T27582] ? inode_permission+0x156/0x630 [ 1053.663619][T27582] vfs_symlink+0x403/0x680 [ 1053.663643][T27582] do_symlinkat+0x261/0x310 [ 1053.663661][T27582] ? __pfx_do_symlinkat+0x10/0x10 [ 1053.663678][T27582] ? getname_flags.part.0+0x1c5/0x550 [ 1053.663702][T27582] __x64_sys_symlink+0x75/0x90 [ 1053.663719][T27582] do_syscall_64+0xcd/0xfa0 [ 1053.663738][T27582] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1053.663752][T27582] RIP: 0033:0x7fa3bfb8f6c9 [ 1053.663765][T27582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1053.663780][T27582] RSP: 002b:00007fa3c0a4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 1053.663794][T27582] RAX: ffffffffffffffda RBX: 00007fa3bfde5fa0 RCX: 00007fa3bfb8f6c9 [ 1053.663803][T27582] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180 [ 1053.663812][T27582] RBP: 00007fa3bfc11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1053.663821][T27582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1053.663830][T27582] R13: 00007fa3bfde6038 R14: 00007fa3bfde5fa0 R15: 00007fff3debdc78 [ 1053.663849][T27582] [ 1054.070183][T27620] openvswitch: netlink: Port -2134900732 exceeds max allowable 65535 [ 1054.515062][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.515103][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1055.365366][T27667] random: crng reseeded on system resumption [ 1055.443913][ T30] audit: type=1800 audit(4294967368.830:134): pid=27668 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3715" name="discovery_nqn" dev="configfs" ino=101719 res=0 errno=0 [ 1055.616457][T27591] tty tty58: ldisc open failed (-12), clearing slot 57 [ 1055.684790][T27668] phram: not enough arguments [ 1055.783057][T27675] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3717'. [ 1055.827269][T27675] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1055.861093][T27675] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1055.928843][T27675] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1055.964924][T27675] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1057.831025][T27766] random: crng reseeded on system resumption [ 1057.904713][ T30] audit: type=1800 audit(4294967371.290:135): pid=27766 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3726" name="discovery_nqn" dev="configfs" ino=101897 res=0 errno=0 [ 1057.983052][T27766] phram: not enough arguments [ 1061.068885][T27849] size and base must be multiples of 4 kiB [ 1061.163414][T27849] CPU: 0 UID: 0 PID: 27849 Comm: syz.6.3738 Tainted: G U syzkaller #0 PREEMPT(full) [ 1061.163440][T27849] Tainted: [U]=USER [ 1061.163445][T27849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1061.163455][T27849] Call Trace: [ 1061.163461][T27849] [ 1061.163467][T27849] dump_stack_lvl+0x16c/0x1f0 [ 1061.163489][T27849] mtrr_del+0xd1/0x110 [ 1061.163511][T27849] mtrr_ioctl+0x922/0xcf0 [ 1061.163530][T27849] ? __pfx_mtrr_ioctl+0x10/0x10 [ 1061.163553][T27849] ? find_held_lock+0x2b/0x80 [ 1061.163573][T27849] ? __fget_files+0x20e/0x3c0 [ 1061.163588][T27849] ? __pfx_mtrr_ioctl+0x10/0x10 [ 1061.163607][T27849] proc_reg_unlocked_ioctl+0x229/0x320 [ 1061.163626][T27849] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 1061.163646][T27849] __x64_sys_ioctl+0x18e/0x210 [ 1061.163668][T27849] do_syscall_64+0xcd/0xfa0 [ 1061.163686][T27849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1061.163700][T27849] RIP: 0033:0x7fa3bfb8f6c9 [ 1061.163713][T27849] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1061.163726][T27849] RSP: 002b:00007fa3c0a29038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1061.163741][T27849] RAX: ffffffffffffffda RBX: 00007fa3bfde6090 RCX: 00007fa3bfb8f6c9 [ 1061.163750][T27849] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 1061.163759][T27849] RBP: 00007fa3bfc11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1061.163768][T27849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1061.163777][T27849] R13: 00007fa3bfde6128 R14: 00007fa3bfde6090 R15: 00007fff3debdc78 [ 1061.163796][T27849] [ 1061.332968][ C0] vkms_vblank_simulate: vblank timer overrun [ 1061.519059][T27890] FAULT_INJECTION: forcing a failure. [ 1061.519059][T27890] name failslab, interval 1, probability 0, space 0, times 0 [ 1061.569768][T27890] CPU: 0 UID: 0 PID: 27890 Comm: syz.1.3741 Tainted: G U syzkaller #0 PREEMPT(full) [ 1061.569794][T27890] Tainted: [U]=USER [ 1061.569800][T27890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1061.569809][T27890] Call Trace: [ 1061.569816][T27890] [ 1061.569822][T27890] dump_stack_lvl+0x16c/0x1f0 [ 1061.569844][T27890] should_fail_ex+0x512/0x640 [ 1061.569866][T27890] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 1061.569886][T27890] should_failslab+0xc2/0x120 [ 1061.569906][T27890] __kvmalloc_node_noprof+0x141/0x9c0 [ 1061.569923][T27890] ? trace_kmalloc+0x2b/0xd0 [ 1061.569940][T27890] ? io_alloc_cache_init+0x38/0x170 [ 1061.569964][T27890] ? io_alloc_cache_init+0x38/0x170 [ 1061.569982][T27890] io_alloc_cache_init+0x38/0x170 [ 1061.570003][T27890] io_rsrc_cache_init+0x40/0x50 [ 1061.570023][T27890] io_uring_setup+0x68e/0x20e0 [ 1061.570041][T27890] ? __pfx_io_uring_setup+0x10/0x10 [ 1061.570057][T27890] ? do_futex+0x122/0x350 [ 1061.570077][T27890] ? __pfx_do_futex+0x10/0x10 [ 1061.570096][T27890] ? __fget_files+0x204/0x3c0 [ 1061.570119][T27890] ? xfd_validate_state+0x61/0x180 [ 1061.570138][T27890] ? __pfx_do_writev+0x10/0x10 [ 1061.570156][T27890] __x64_sys_io_uring_setup+0xc2/0x170 [ 1061.570174][T27890] do_syscall_64+0xcd/0xfa0 [ 1061.570192][T27890] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1061.570206][T27890] RIP: 0033:0x7f1d1b98f6c9 [ 1061.570219][T27890] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1061.570233][T27890] RSP: 002b:00007f1d1c7e7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 1061.570257][T27890] RAX: ffffffffffffffda RBX: 00007f1d1bbe6090 RCX: 00007f1d1b98f6c9 [ 1061.570267][T27890] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 1061.570276][T27890] RBP: 00007f1d1ba11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1061.570285][T27890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1061.570294][T27890] R13: 00007f1d1bbe6128 R14: 00007f1d1bbe6090 R15: 00007ffd838193b8 [ 1061.570314][T27890] [ 1061.783002][ C0] vkms_vblank_simulate: vblank timer overrun [ 1062.539491][T27922] FAULT_INJECTION: forcing a failure. [ 1062.539491][T27922] name failslab, interval 1, probability 0, space 0, times 0 [ 1062.686719][T27930] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1062.693565][T27930] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1062.708906][T27930] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1062.724998][T27922] CPU: 0 UID: 0 PID: 27922 Comm: syz.6.3742 Tainted: G U syzkaller #0 PREEMPT(full) [ 1062.725023][T27922] Tainted: [U]=USER [ 1062.725029][T27922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1062.725038][T27922] Call Trace: [ 1062.725044][T27922] [ 1062.725050][T27922] dump_stack_lvl+0x16c/0x1f0 [ 1062.725072][T27922] should_fail_ex+0x512/0x640 [ 1062.725095][T27922] ? __kmalloc_cache_noprof+0x5f/0x780 [ 1062.725120][T27922] should_failslab+0xc2/0x120 [ 1062.725146][T27922] __kmalloc_cache_noprof+0x72/0x780 [ 1062.725169][T27922] ? do_raw_spin_lock+0x12c/0x2b0 [ 1062.725191][T27922] ? alloc_fdtable+0xbd/0x2d0 [ 1062.725206][T27922] ? alloc_fdtable+0xbd/0x2d0 [ 1062.725218][T27922] alloc_fdtable+0xbd/0x2d0 [ 1062.725232][T27922] dup_fd+0x83b/0xb90 [ 1062.725252][T27922] __do_sys_close_range+0x4ca/0x730 [ 1062.725271][T27922] ? __pfx___do_sys_close_range+0x10/0x10 [ 1062.725292][T27922] do_syscall_64+0xcd/0xfa0 [ 1062.725310][T27922] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1062.725324][T27922] RIP: 0033:0x7fa3bfb8f6c9 [ 1062.725336][T27922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1062.725350][T27922] RSP: 002b:00007fa3c09e7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1062.725365][T27922] RAX: ffffffffffffffda RBX: 00007fa3bfde6270 RCX: 00007fa3bfb8f6c9 [ 1062.725376][T27922] RDX: 0000000000000006 RSI: ffffffffffffffff RDI: ffffffffffffffff [ 1062.725389][T27922] RBP: 00007fa3bfc11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1062.725397][T27922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1062.725406][T27922] R13: 00007fa3bfde6308 R14: 00007fa3bfde6270 R15: 00007fff3debdc78 [ 1062.725426][T27922] [ 1062.903123][ C0] vkms_vblank_simulate: vblank timer overrun [ 1063.105833][T27930] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1063.397643][T27930] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1063.421545][T27930] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1063.472141][T27944] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3743'. [ 1064.259054][T28004] random: crng reseeded on system resumption [ 1064.360708][ T30] audit: type=1800 audit(4294967377.750:136): pid=28004 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.3750" name="discovery_nqn" dev="configfs" ino=102394 res=0 errno=0 [ 1064.386755][T28009] netlink: 'syz.1.3751': attribute type 1 has an invalid length. [ 1064.442546][T28004] phram: not enough arguments [ 1064.590645][T26962] Bluetooth: hci1: command 0x0c1a tx timeout [ 1064.751641][T26962] Bluetooth: hci0: command 0x0406 tx timeout [ 1064.757678][T10750] Bluetooth: hci4: command 0x0c1a tx timeout [ 1065.369163][T28026] FAULT_INJECTION: forcing a failure. [ 1065.369163][T28026] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1065.434552][T28026] CPU: 0 UID: 0 PID: 28026 Comm: syz.6.3755 Tainted: G U syzkaller #0 PREEMPT(full) [ 1065.434577][T28026] Tainted: [U]=USER [ 1065.434582][T28026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1065.434592][T28026] Call Trace: [ 1065.434597][T28026] [ 1065.434603][T28026] dump_stack_lvl+0x16c/0x1f0 [ 1065.434624][T28026] should_fail_ex+0x512/0x640 [ 1065.434650][T28026] _copy_from_user+0x2e/0xd0 [ 1065.434672][T28026] copy_msghdr_from_user+0x98/0x160 [ 1065.434688][T28026] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1065.434711][T28026] ___sys_sendmsg+0xfe/0x1d0 [ 1065.434725][T28026] ? __pfx____sys_sendmsg+0x10/0x10 [ 1065.434738][T28026] ? __lock_acquire+0x622/0x1c90 [ 1065.434779][T28026] __sys_sendmsg+0x16d/0x220 [ 1065.434793][T28026] ? __pfx___sys_sendmsg+0x10/0x10 [ 1065.434818][T28026] do_syscall_64+0xcd/0xfa0 [ 1065.434837][T28026] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1065.434852][T28026] RIP: 0033:0x7fa3bfb8f6c9 [ 1065.434925][T28026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1065.434942][T28026] RSP: 002b:00007fa3c0a4a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1065.434957][T28026] RAX: ffffffffffffffda RBX: 00007fa3bfde5fa0 RCX: 00007fa3bfb8f6c9 [ 1065.434967][T28026] RDX: 0000000000040044 RSI: 0000200000002040 RDI: 0000000000000003 [ 1065.434976][T28026] RBP: 00007fa3c0a4a090 R08: 0000000000000000 R09: 0000000000000000 [ 1065.434985][T28026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1065.434994][T28026] R13: 00007fa3bfde6038 R14: 00007fa3bfde5fa0 R15: 00007fff3debdc78 [ 1065.435016][T28026] [ 1065.604096][ C0] vkms_vblank_simulate: vblank timer overrun [ 1065.692493][T28027] netlink: 'syz.5.3752': attribute type 10 has an invalid length. [ 1065.700380][T28027] netlink: 230 bytes leftover after parsing attributes in process `syz.5.3752'. [ 1065.855294][T26962] Bluetooth: hci2: command 0x0406 tx timeout [ 1066.828707][T10750] Bluetooth: hci0: command 0x0406 tx timeout [ 1067.009944][T28072] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE r҄y*"l-y–L̓]' [ 1067.259707][T28072] CPU: 0 UID: 0 PID: 28072 Comm: syz.6.3761 Tainted: G U syzkaller #0 PREEMPT(full) [ 1067.259736][T28072] Tainted: [U]=USER [ 1067.259742][T28072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1067.259752][T28072] Call Trace: [ 1067.259758][T28072] [ 1067.259764][T28072] dump_stack_lvl+0x16c/0x1f0 [ 1067.259788][T28072] sysfs_warn_dup+0x7f/0xa0 [ 1067.259808][T28072] sysfs_do_create_link_sd+0x124/0x140 [ 1067.259830][T28072] sysfs_create_link+0x61/0xc0 [ 1067.259850][T28072] device_add+0x62c/0x1aa0 [ 1067.259888][T28072] ? __pfx_device_add+0x10/0x10 [ 1067.259912][T28072] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1067.259947][T28072] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1067.259973][T28072] wiphy_register+0x1eb0/0x2b20 [ 1067.259995][T28072] ? netdev_run_todo+0x864/0x1320 [ 1067.260018][T28072] ? __pfx_wiphy_register+0x10/0x10 [ 1067.260048][T28072] ieee80211_register_hw+0x253d/0x4120 [ 1067.260077][T28072] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1067.260098][T28072] ? __pfx___debug_object_init+0x10/0x10 [ 1067.260121][T28072] ? find_held_lock+0x2b/0x80 [ 1067.260137][T28072] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1067.260162][T28072] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1067.260182][T28072] ? __hrtimer_setup+0x176/0x280 [ 1067.260207][T28072] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 1067.260236][T28072] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1067.260259][T28072] hwsim_new_radio_nl+0xba2/0x1330 [ 1067.260277][T28072] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1067.260299][T28072] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1067.260320][T28072] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1067.260344][T28072] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1067.260365][T28072] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1067.260391][T28072] ? bpf_lsm_capable+0x9/0x10 [ 1067.260410][T28072] ? security_capable+0x7e/0x260 [ 1067.260432][T28072] ? ns_capable+0xd7/0x110 [ 1067.260450][T28072] genl_rcv_msg+0x55c/0x800 [ 1067.260471][T28072] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1067.260490][T28072] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1067.260513][T28072] netlink_rcv_skb+0x158/0x420 [ 1067.260529][T28072] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1067.260549][T28072] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1067.260573][T28072] ? netlink_deliver_tap+0x1ae/0xd30 [ 1067.260591][T28072] genl_rcv+0x28/0x40 [ 1067.260607][T28072] netlink_unicast+0x5aa/0x870 [ 1067.260627][T28072] ? __pfx_netlink_unicast+0x10/0x10 [ 1067.260643][T28072] ? __pfx___might_resched+0x10/0x10 [ 1067.260666][T28072] netlink_sendmsg+0x8c8/0xdd0 [ 1067.260685][T28072] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1067.260705][T28072] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1067.260731][T28072] ____sys_sendmsg+0xa98/0xc70 [ 1067.260751][T28072] ? copy_msghdr_from_user+0x10a/0x160 [ 1067.260766][T28072] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1067.260784][T28072] ? preempt_schedule_thunk+0x16/0x30 [ 1067.260811][T28072] ? try_to_wake_up+0xa67/0x1870 [ 1067.260830][T28072] ___sys_sendmsg+0x134/0x1d0 [ 1067.260843][T28072] ? find_held_lock+0x2b/0x80 [ 1067.260860][T28072] ? __pfx____sys_sendmsg+0x10/0x10 [ 1067.260873][T28072] ? __lock_acquire+0x622/0x1c90 [ 1067.260918][T28072] __sys_sendmsg+0x16d/0x220 [ 1067.260940][T28072] ? __pfx___sys_sendmsg+0x10/0x10 [ 1067.260957][T28072] ? __x64_sys_futex+0x1e0/0x4c0 [ 1067.260993][T28072] do_syscall_64+0xcd/0xfa0 [ 1067.261013][T28072] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1067.261029][T28072] RIP: 0033:0x7fa3bfb8f6c9 [ 1067.261043][T28072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1067.261058][T28072] RSP: 002b:00007fa3c0a4a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1067.261073][T28072] RAX: ffffffffffffffda RBX: 00007fa3bfde5fa0 RCX: 00007fa3bfb8f6c9 [ 1067.261083][T28072] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000011 [ 1067.261092][T28072] RBP: 00007fa3bfc11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1067.261101][T28072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1067.261110][T28072] R13: 00007fa3bfde6038 R14: 00007fa3bfde5fa0 R15: 00007fff3debdc78 [ 1067.261130][T28072] [ 1067.670527][ C0] vkms_vblank_simulate: vblank timer overrun [ 1068.157091][T10750] Bluetooth: hci2: command 0x0406 tx timeout [ 1068.931798][T28170] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 1068.954480][T28170] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1069.002858][T28170] memcg:ffff888078bc99c1 [ 1069.007106][T28170] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1069.064303][T28170] page_type: f5(slab) [ 1069.104620][T28170] raw: 00fff00000000040 ffff88813ffb0500 0000000000000000 dead000000000001 [ 1069.159083][T28170] raw: 0000000000000000 0000000000040004 00000000f5000000 ffff888078bc99c1 [ 1069.212692][T28170] head: 00fff00000000040 ffff88813ffb0500 0000000000000000 dead000000000001 [ 1069.272787][T28170] head: 0000000000000000 0000000000040004 00000000f5000000 ffff888078bc99c1 [ 1069.332554][T28170] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 1069.392827][T28170] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1069.443865][T28170] page dumped because: unmovable page [ 1069.490532][T28170] page_owner tracks the page as allocated [ 1069.525719][T28170] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd60c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 13243, tgid 13242 (syz.3.1627), ts 551267700180, free_ts 551233466482 [ 1069.642125][T28170] post_alloc_hook+0x1c0/0x230 [ 1069.678124][T28170] get_page_from_freelist+0x10a3/0x3a30 [ 1069.706539][T28170] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 1069.749593][T28170] alloc_pages_mpol+0x1fb/0x550 [ 1069.754477][T28170] new_slab+0x24a/0x360 [ 1069.781687][T28170] ___slab_alloc+0xd79/0x1a50 [ 1069.796876][T28170] __slab_alloc.constprop.0+0x63/0x110 [ 1069.808162][T28170] __kvmalloc_node_noprof+0x5aa/0x9c0 [ 1069.846954][T28170] alloc_netdev_mqs+0xd7/0x1550 [ 1069.868176][T28170] ip6gre_init_net+0x9e/0x440 [ 1069.908768][T28170] ops_init+0x1e2/0x5f0 [ 1069.942168][T28170] setup_net+0x100/0x390 [ 1069.946444][T28170] copy_net_ns+0x2f8/0x690 [ 1069.998833][T28170] create_new_namespaces+0x3ea/0xa90 [ 1070.012792][T28170] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1070.040731][T28170] ksys_unshare+0x45b/0xa40 [ 1070.068227][T28170] page last free pid 13245 tgid 13244 stack trace: [ 1070.094075][T28170] __free_frozen_pages+0x7df/0x1160 [ 1070.120082][T28170] __put_partials+0x130/0x170 [ 1070.151216][T28170] qlist_free_all+0x4d/0x120 [ 1070.184685][T28170] kasan_quarantine_reduce+0x195/0x1e0 [ 1070.202808][T28170] __kasan_slab_alloc+0x69/0x90 [ 1070.229129][T28170] __kmalloc_noprof+0x2e8/0x880 [ 1070.250527][T28170] tomoyo_realpath_from_path+0xc2/0x6e0 [ 1070.272511][T28170] tomoyo_path_number_perm+0x245/0x580 [ 1070.288841][T28170] security_file_ioctl+0x9b/0x240 [ 1070.308395][T28170] __x64_sys_ioctl+0xb7/0x210 [ 1070.318522][T28170] do_syscall_64+0xcd/0xfa0 [ 1070.332336][T28170] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1070.433450][T28195] FAULT_INJECTION: forcing a failure. [ 1070.433450][T28195] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1070.529564][T28195] CPU: 0 UID: 0 PID: 28195 Comm: syz.5.3769 Tainted: G U syzkaller #0 PREEMPT(full) [ 1070.529589][T28195] Tainted: [U]=USER [ 1070.529594][T28195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1070.529603][T28195] Call Trace: [ 1070.529608][T28195] [ 1070.529614][T28195] dump_stack_lvl+0x16c/0x1f0 [ 1070.529636][T28195] should_fail_ex+0x512/0x640 [ 1070.529660][T28195] get_futex_key+0x293/0x1560 [ 1070.529682][T28195] ? __pfx_get_futex_key+0x10/0x10 [ 1070.529700][T28195] ? __mutex_trylock_common+0xe9/0x250 [ 1070.529725][T28195] futex_wake+0xea/0x530 [ 1070.529748][T28195] ? __pfx_futex_wake+0x10/0x10 [ 1070.529768][T28195] ? __lock_acquire+0xb8a/0x1c90 [ 1070.529795][T28195] do_futex+0x1e3/0x350 [ 1070.529814][T28195] ? __pfx_do_futex+0x10/0x10 [ 1070.529831][T28195] ? __might_fault+0xe3/0x190 [ 1070.529851][T28195] mm_release+0x24e/0x300 [ 1070.529867][T28195] do_exit+0x68e/0x2bf0 [ 1070.529891][T28195] ? __pfx_do_exit+0x10/0x10 [ 1070.529909][T28195] ? do_raw_spin_lock+0x12c/0x2b0 [ 1070.529930][T28195] ? find_held_lock+0x2b/0x80 [ 1070.529947][T28195] do_group_exit+0xd3/0x2a0 [ 1070.529968][T28195] get_signal+0x2671/0x26d0 [ 1070.529992][T28195] ? __pfx_get_signal+0x10/0x10 [ 1070.530007][T28195] ? do_futex+0x122/0x350 [ 1070.530026][T28195] ? __pfx_do_futex+0x10/0x10 [ 1070.530046][T28195] arch_do_signal_or_restart+0x8f/0x790 [ 1070.530066][T28195] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1070.530089][T28195] ? xfd_validate_state+0x61/0x180 [ 1070.530113][T28195] exit_to_user_mode_loop+0x85/0x130 [ 1070.530136][T28195] do_syscall_64+0x426/0xfa0 [ 1070.530155][T28195] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1070.530170][T28195] RIP: 0033:0x7eff5f58f6c9 [ 1070.530182][T28195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1070.530196][T28195] RSP: 002b:00007eff6038b0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1070.530210][T28195] RAX: fffffffffffffe00 RBX: 00007eff5f7e6278 RCX: 00007eff5f58f6c9 [ 1070.530220][T28195] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007eff5f7e6278 [ 1070.530229][T28195] RBP: 00007eff5f7e6270 R08: 0000000000000000 R09: 0000000000000000 [ 1070.530238][T28195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1070.530246][T28195] R13: 00007eff5f7e6308 R14: 00007ffdcf2db350 R15: 00007ffdcf2db438 [ 1070.530265][T28195] [ 1071.123576][T28244] blktrace: Concurrent blktraces are not allowed on sg0 [ 1071.223464][T28241] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 1071.926722][T28272] random: crng reseeded on system resumption [ 1071.979041][ T30] audit: type=1800 audit(4294967385.360:137): pid=28272 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3781" name="discovery_nqn" dev="configfs" ino=103097 res=0 errno=0 [ 1072.074055][T28272] phram: not enough arguments [ 1072.226614][T28290] FAULT_INJECTION: forcing a failure. [ 1072.226614][T28290] name failslab, interval 1, probability 0, space 0, times 0 [ 1072.293470][T28290] CPU: 0 UID: 0 PID: 28290 Comm: syz.1.3783 Tainted: G U syzkaller #0 PREEMPT(full) [ 1072.293500][T28290] Tainted: [U]=USER [ 1072.293505][T28290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1072.293514][T28290] Call Trace: [ 1072.293520][T28290] [ 1072.293527][T28290] dump_stack_lvl+0x16c/0x1f0 [ 1072.293549][T28290] should_fail_ex+0x512/0x640 [ 1072.293570][T28290] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 1072.293589][T28290] should_failslab+0xc2/0x120 [ 1072.293609][T28290] __kvmalloc_node_noprof+0x141/0x9c0 [ 1072.293626][T28290] ? io_uring_setup+0x3ad/0x20e0 [ 1072.293647][T28290] ? io_uring_setup+0x3ad/0x20e0 [ 1072.293661][T28290] io_uring_setup+0x3ad/0x20e0 [ 1072.293680][T28290] ? __pfx_io_uring_setup+0x10/0x10 [ 1072.293695][T28290] ? do_futex+0x122/0x350 [ 1072.293715][T28290] ? __pfx_do_futex+0x10/0x10 [ 1072.293733][T28290] ? __fput+0x68d/0xb70 [ 1072.293752][T28290] ? __pfx___might_resched+0x10/0x10 [ 1072.293774][T28290] ? xfd_validate_state+0x61/0x180 [ 1072.293793][T28290] ? __pfx___do_sys_close_range+0x10/0x10 [ 1072.293812][T28290] __x64_sys_io_uring_setup+0xc2/0x170 [ 1072.293830][T28290] do_syscall_64+0xcd/0xfa0 [ 1072.293848][T28290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1072.293862][T28290] RIP: 0033:0x7f1d1b98f6c9 [ 1072.293874][T28290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1072.293888][T28290] RSP: 002b:00007f1d1c808038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 1072.293903][T28290] RAX: ffffffffffffffda RBX: 00007f1d1bbe5fa0 RCX: 00007f1d1b98f6c9 [ 1072.293912][T28290] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 1072.293921][T28290] RBP: 00007f1d1ba11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1072.293930][T28290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1072.293938][T28290] R13: 00007f1d1bbe6038 R14: 00007f1d1bbe5fa0 R15: 00007ffd838193b8 [ 1072.293957][T28290] [ 1073.001982][T28333] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3785'. [ 1073.827634][T28392] FAULT_INJECTION: forcing a failure. [ 1073.827634][T28392] name failslab, interval 1, probability 0, space 0, times 0 [ 1073.913469][T28392] CPU: 0 UID: 0 PID: 28392 Comm: syz.5.3793 Tainted: G U syzkaller #0 PREEMPT(full) [ 1073.913497][T28392] Tainted: [U]=USER [ 1073.913502][T28392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1073.913512][T28392] Call Trace: [ 1073.913517][T28392] [ 1073.913523][T28392] dump_stack_lvl+0x16c/0x1f0 [ 1073.913545][T28392] should_fail_ex+0x512/0x640 [ 1073.913570][T28392] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 1073.913591][T28392] should_failslab+0xc2/0x120 [ 1073.913611][T28392] __kvmalloc_node_noprof+0x141/0x9c0 [ 1073.913629][T28392] ? io_uring_setup+0x3ad/0x20e0 [ 1073.913651][T28392] ? io_uring_setup+0x3ad/0x20e0 [ 1073.913665][T28392] io_uring_setup+0x3ad/0x20e0 [ 1073.913684][T28392] ? __pfx_io_uring_setup+0x10/0x10 [ 1073.913699][T28392] ? do_futex+0x122/0x350 [ 1073.913719][T28392] ? __pfx_do_futex+0x10/0x10 [ 1073.913738][T28392] ? __fput+0x68d/0xb70 [ 1073.913756][T28392] ? __pfx___might_resched+0x10/0x10 [ 1073.913779][T28392] ? xfd_validate_state+0x61/0x180 [ 1073.913798][T28392] ? __pfx___do_sys_close_range+0x10/0x10 [ 1073.913818][T28392] __x64_sys_io_uring_setup+0xc2/0x170 [ 1073.913836][T28392] do_syscall_64+0xcd/0xfa0 [ 1073.913853][T28392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1073.913868][T28392] RIP: 0033:0x7eff5f58f6c9 [ 1073.913880][T28392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1073.913895][T28392] RSP: 002b:00007eff603ee038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 1073.913909][T28392] RAX: ffffffffffffffda RBX: 00007eff5f7e5fa0 RCX: 00007eff5f58f6c9 [ 1073.913919][T28392] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 1073.913928][T28392] RBP: 00007eff5f611f91 R08: 0000000000000000 R09: 0000000000000000 [ 1073.913936][T28392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1073.913945][T28392] R13: 00007eff5f7e6038 R14: 00007eff5f7e5fa0 R15: 00007ffdcf2db438 [ 1073.913964][T28392] [ 1074.234635][T28367] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3790'. [ 1074.666569][T28419] netlink: 206 bytes leftover after parsing attributes in process `syz.5.3797'. [ 1074.950416][T28426] random: crng reseeded on system resumption [ 1075.031094][ T30] audit: type=1800 audit(4294967388.420:138): pid=28426 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3798" name="discovery_nqn" dev="configfs" ino=103451 res=0 errno=0 [ 1075.110499][T28426] phram: not enough arguments [ 1075.381270][T28436] FAULT_INJECTION: forcing a failure. [ 1075.381270][T28436] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1075.489797][T28436] CPU: 0 UID: 0 PID: 28436 Comm: syz.1.3799 Tainted: G U syzkaller #0 PREEMPT(full) [ 1075.489822][T28436] Tainted: [U]=USER [ 1075.489827][T28436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1075.489851][T28436] Call Trace: [ 1075.489857][T28436] [ 1075.489863][T28436] dump_stack_lvl+0x16c/0x1f0 [ 1075.489891][T28436] should_fail_ex+0x512/0x640 [ 1075.489916][T28436] _copy_to_user+0x32/0xd0 [ 1075.489940][T28436] simple_read_from_buffer+0xcb/0x170 [ 1075.489964][T28436] proc_fail_nth_read+0x197/0x240 [ 1075.489981][T28436] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1075.489998][T28436] ? rw_verify_area+0xcf/0x6c0 [ 1075.490011][T28436] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1075.490027][T28436] vfs_read+0x1e4/0xcf0 [ 1075.490045][T28436] ? __pfx___mutex_lock+0x10/0x10 [ 1075.490063][T28436] ? __pfx_vfs_read+0x10/0x10 [ 1075.490084][T28436] ? __fget_files+0x20e/0x3c0 [ 1075.490103][T28436] ksys_read+0x12a/0x250 [ 1075.490118][T28436] ? __pfx_ksys_read+0x10/0x10 [ 1075.490139][T28436] do_syscall_64+0xcd/0xfa0 [ 1075.490157][T28436] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1075.490172][T28436] RIP: 0033:0x7f1d1b98e0dc [ 1075.490184][T28436] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1075.490199][T28436] RSP: 002b:00007f1d1c7e7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1075.490214][T28436] RAX: ffffffffffffffda RBX: 00007f1d1bbe6090 RCX: 00007f1d1b98e0dc [ 1075.490224][T28436] RDX: 000000000000000f RSI: 00007f1d1c7e70a0 RDI: 0000000000000003 [ 1075.490233][T28436] RBP: 00007f1d1c7e7090 R08: 0000000000000000 R09: 0000000000000000 [ 1075.490242][T28436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1075.490250][T28436] R13: 00007f1d1bbe6128 R14: 00007f1d1bbe6090 R15: 00007ffd838193b8 [ 1075.490270][T28436] [ 1075.682161][ C0] vkms_vblank_simulate: vblank timer overrun [ 1075.814023][T28449] FAULT_INJECTION: forcing a failure. [ 1075.814023][T28449] name failslab, interval 1, probability 0, space 0, times 0 [ 1075.826961][T28449] CPU: 0 UID: 0 PID: 28449 Comm: syz.2.3804 Tainted: G U syzkaller #0 PREEMPT(full) [ 1075.826986][T28449] Tainted: [U]=USER [ 1075.826992][T28449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1075.827001][T28449] Call Trace: [ 1075.827006][T28449] [ 1075.827012][T28449] dump_stack_lvl+0x16c/0x1f0 [ 1075.827034][T28449] should_fail_ex+0x512/0x640 [ 1075.827055][T28449] ? __kmalloc_cache_noprof+0x5f/0x780 [ 1075.827082][T28449] should_failslab+0xc2/0x120 [ 1075.827101][T28449] __kmalloc_cache_noprof+0x72/0x780 [ 1075.827124][T28449] ? io_uring_setup+0x278/0x20e0 [ 1075.827143][T28449] ? io_uring_setup+0x278/0x20e0 [ 1075.827160][T28449] io_uring_setup+0x278/0x20e0 [ 1075.827177][T28449] ? __pfx_io_uring_setup+0x10/0x10 [ 1075.827193][T28449] ? do_futex+0x122/0x350 [ 1075.827212][T28449] ? __pfx_do_futex+0x10/0x10 [ 1075.827230][T28449] ? __fput+0x68d/0xb70 [ 1075.827249][T28449] ? __pfx___might_resched+0x10/0x10 [ 1075.827270][T28449] ? xfd_validate_state+0x61/0x180 [ 1075.827289][T28449] ? __pfx___do_sys_close_range+0x10/0x10 [ 1075.827309][T28449] __x64_sys_io_uring_setup+0xc2/0x170 [ 1075.827327][T28449] do_syscall_64+0xcd/0xfa0 [ 1075.827345][T28449] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1075.827359][T28449] RIP: 0033:0x7f9d88b8f6c9 [ 1075.827371][T28449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1075.827385][T28449] RSP: 002b:00007f9d89953038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 1075.827399][T28449] RAX: ffffffffffffffda RBX: 00007f9d88de5fa0 RCX: 00007f9d88b8f6c9 [ 1075.827409][T28449] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 1075.827418][T28449] RBP: 00007f9d88c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1075.827427][T28449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1075.827435][T28449] R13: 00007f9d88de6038 R14: 00007f9d88de5fa0 R15: 00007ffdcbc5b1b8 [ 1075.827454][T28449] [ 1076.023911][ C0] vkms_vblank_simulate: vblank timer overrun [ 1076.105497][T28452] random: crng reseeded on system resumption [ 1076.254814][ T30] audit: type=1800 audit(4294967389.570:139): pid=28455 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.3801" name="discovery_nqn" dev="configfs" ino=103531 res=0 errno=0 [ 1076.502582][T28459] phram: not enough arguments [ 1076.557233][T28455] phram: not enough arguments [ 1077.539582][T28490] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3807'. [ 1078.145268][T28524] netlink: 'syz.2.3814': attribute type 11 has an invalid length. [ 1078.323620][T28534] random: crng reseeded on system resumption [ 1078.436973][ T30] audit: type=1800 audit(4294967391.820:140): pid=28535 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3817" name="discovery_nqn" dev="configfs" ino=103810 res=0 errno=0 [ 1078.660458][T28535] phram: not enough arguments [ 1079.172652][T28562] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3822'. [ 1079.235690][T28583] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3822'. [ 1080.059674][T28583] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1080.095560][T28583] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1080.133437][T28583] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1080.154122][T28583] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1080.198237][T28617] zswap: compressor Oֹ?JJ [ 1080.643101][T28626] dump_stack_lvl+0x16c/0x1f0 [ 1080.643131][T28626] should_fail_ex+0x512/0x640 [ 1080.643154][T28626] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1080.643172][T28626] should_failslab+0xc2/0x120 [ 1080.643192][T28626] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1080.643206][T28626] ? __lock_acquire+0x622/0x1c90 [ 1080.643225][T28626] ? alloc_empty_file+0x55/0x1e0 [ 1080.643248][T28626] ? alloc_empty_file+0x55/0x1e0 [ 1080.643266][T28626] alloc_empty_file+0x55/0x1e0 [ 1080.643286][T28626] path_openat+0xda/0x2cb0 [ 1080.643307][T28626] ? __pfx_path_openat+0x10/0x10 [ 1080.643323][T28626] ? __lock_acquire+0xb8a/0x1c90 [ 1080.643344][T28626] do_filp_open+0x20b/0x470 [ 1080.643360][T28626] ? __pfx_do_filp_open+0x10/0x10 [ 1080.643396][T28626] ? alloc_fd+0x471/0x7d0 [ 1080.643416][T28626] do_sys_openat2+0x11b/0x1d0 [ 1080.643438][T28626] ? __pfx_do_sys_openat2+0x10/0x10 [ 1080.643466][T28626] __x64_sys_openat+0x174/0x210 [ 1080.643487][T28626] ? __pfx___x64_sys_openat+0x10/0x10 [ 1080.643516][T28626] do_syscall_64+0xcd/0xfa0 [ 1080.643534][T28626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1080.643549][T28626] RIP: 0033:0x7f9d88b8f6c9 [ 1080.643561][T28626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1080.643575][T28626] RSP: 002b:00007f9d89953038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1080.643589][T28626] RAX: ffffffffffffffda RBX: 00007f9d88de5fa0 RCX: 00007f9d88b8f6c9 [ 1080.643599][T28626] RDX: 0000000000080802 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1080.643608][T28626] RBP: 00007f9d88c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1080.643617][T28626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1080.643625][T28626] R13: 00007f9d88de6038 R14: 00007f9d88de5fa0 R15: 00007ffdcbc5b1b8 [ 1080.643644][T28626] [ 1080.857014][ C0] vkms_vblank_simulate: vblank timer overrun [ 1081.462457][T28658] FAULT_INJECTION: forcing a failure. [ 1081.462457][T28658] name failslab, interval 1, probability 0, space 0, times 0 [ 1081.477876][T28662] random: crng reseeded on system resumption [ 1081.542549][T28658] CPU: 0 UID: 0 PID: 28658 Comm: syz.5.3834 Tainted: G U syzkaller #0 PREEMPT(full) [ 1081.542577][T28658] Tainted: [U]=USER [ 1081.542582][T28658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1081.542592][T28658] Call Trace: [ 1081.542598][T28658] [ 1081.542604][T28658] dump_stack_lvl+0x16c/0x1f0 [ 1081.542627][T28658] should_fail_ex+0x512/0x640 [ 1081.542648][T28658] ? __kmalloc_cache_noprof+0x5f/0x780 [ 1081.542674][T28658] should_failslab+0xc2/0x120 [ 1081.542693][T28658] __kmalloc_cache_noprof+0x72/0x780 [ 1081.542716][T28658] ? create_filter_start.constprop.0+0x103/0x300 [ 1081.542740][T28658] ? create_filter_start.constprop.0+0x103/0x300 [ 1081.542760][T28658] create_filter_start.constprop.0+0x103/0x300 [ 1081.542783][T28658] apply_subsystem_event_filter+0x188/0x17e0 [ 1081.542806][T28658] ? __might_fault+0xe3/0x190 [ 1081.542820][T28658] ? __might_fault+0x13b/0x190 [ 1081.542834][T28658] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 1081.542858][T28658] ? _copy_from_user+0x59/0xd0 [ 1081.542883][T28658] subsystem_filter_write+0x95/0x120 [ 1081.542904][T28658] ? __pfx_subsystem_filter_write+0x10/0x10 [ 1081.542923][T28658] vfs_write+0x2a0/0x11d0 [ 1081.542942][T28658] ? __pfx___mutex_lock+0x10/0x10 [ 1081.542960][T28658] ? __pfx_vfs_write+0x10/0x10 [ 1081.542981][T28658] ? __fget_files+0x20e/0x3c0 [ 1081.543001][T28658] ksys_write+0x12a/0x250 [ 1081.543016][T28658] ? __pfx_ksys_write+0x10/0x10 [ 1081.543037][T28658] do_syscall_64+0xcd/0xfa0 [ 1081.543055][T28658] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1081.543070][T28658] RIP: 0033:0x7eff5f58f6c9 [ 1081.543082][T28658] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1081.543097][T28658] RSP: 002b:00007eff603ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1081.543118][T28658] RAX: ffffffffffffffda RBX: 00007eff5f7e5fa0 RCX: 00007eff5f58f6c9 [ 1081.543128][T28658] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 000000000000000e [ 1081.543137][T28658] RBP: 00007eff5f611f91 R08: 0000000000000000 R09: 0000000000000000 [ 1081.543146][T28658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1081.543155][T28658] R13: 00007eff5f7e6038 R14: 00007eff5f7e5fa0 R15: 00007ffdcf2db438 [ 1081.543176][T28658] [ 1081.773401][ C0] vkms_vblank_simulate: vblank timer overrun [ 1082.017344][ T30] audit: type=1800 audit(4294967394.890:141): pid=28662 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3835" name="discovery_nqn" dev="configfs" ino=104261 res=0 errno=0 [ 1082.083486][T28659] Bluetooth: hci1: command 0x0c1a tx timeout [ 1082.165455][T28664] phram: not enough arguments [ 1082.207928][T28659] Bluetooth: hci4: command 0x0c1a tx timeout [ 1082.215201][T28659] Bluetooth: hci2: command 0x0406 tx timeout [ 1082.221510][T28659] Bluetooth: hci0: command 0x0406 tx timeout [ 1082.348513][T28674] FAULT_INJECTION: forcing a failure. [ 1082.348513][T28674] name failslab, interval 1, probability 0, space 0, times 0 [ 1082.461971][T28674] CPU: 0 UID: 0 PID: 28674 Comm: syz.6.3836 Tainted: G U syzkaller #0 PREEMPT(full) [ 1082.461999][T28674] Tainted: [U]=USER [ 1082.462004][T28674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1082.462013][T28674] Call Trace: [ 1082.462019][T28674] [ 1082.462026][T28674] dump_stack_lvl+0x16c/0x1f0 [ 1082.462047][T28674] should_fail_ex+0x512/0x640 [ 1082.462069][T28674] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 1082.462089][T28674] should_failslab+0xc2/0x120 [ 1082.462108][T28674] __kvmalloc_node_noprof+0x141/0x9c0 [ 1082.462124][T28674] ? trace_kmalloc+0x2b/0xd0 [ 1082.462142][T28674] ? __kvmalloc_node_noprof+0x3c0/0x9c0 [ 1082.462158][T28674] ? io_alloc_cache_init+0x38/0x170 [ 1082.462183][T28674] ? io_alloc_cache_init+0x38/0x170 [ 1082.462201][T28674] io_alloc_cache_init+0x38/0x170 [ 1082.462222][T28674] io_rsrc_cache_init+0x40/0x50 [ 1082.462241][T28674] io_uring_setup+0x68e/0x20e0 [ 1082.462260][T28674] ? __pfx_io_uring_setup+0x10/0x10 [ 1082.462276][T28674] ? do_futex+0x122/0x350 [ 1082.462296][T28674] ? __pfx_do_futex+0x10/0x10 [ 1082.462314][T28674] ? __fget_files+0x204/0x3c0 [ 1082.462337][T28674] ? xfd_validate_state+0x61/0x180 [ 1082.462356][T28674] ? __pfx_do_writev+0x10/0x10 [ 1082.462374][T28674] __x64_sys_io_uring_setup+0xc2/0x170 [ 1082.462392][T28674] do_syscall_64+0xcd/0xfa0 [ 1082.462411][T28674] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1082.462425][T28674] RIP: 0033:0x7fa3bfb8f6c9 [ 1082.462438][T28674] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1082.462452][T28674] RSP: 002b:00007fa3c0a29038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 1082.462474][T28674] RAX: ffffffffffffffda RBX: 00007fa3bfde6090 RCX: 00007fa3bfb8f6c9 [ 1082.462484][T28674] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 1082.462493][T28674] RBP: 00007fa3bfc11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1082.462502][T28674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1082.462511][T28674] R13: 00007fa3bfde6128 R14: 00007fa3bfde6090 R15: 00007fff3debdc78 [ 1082.462531][T28674] [ 1082.678553][ C0] vkms_vblank_simulate: vblank timer overrun [ 1083.403274][T26962] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 1083.411841][T10750] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 1084.677520][T28771] FAULT_INJECTION: forcing a failure. [ 1084.677520][T28771] name failslab, interval 1, probability 0, space 0, times 0 [ 1084.800319][T28771] CPU: 0 UID: 0 PID: 28771 Comm: syz.6.3847 Tainted: G U syzkaller #0 PREEMPT(full) [ 1084.800346][T28771] Tainted: [U]=USER [ 1084.800352][T28771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1084.800361][T28771] Call Trace: [ 1084.800367][T28771] [ 1084.800374][T28771] dump_stack_lvl+0x16c/0x1f0 [ 1084.800396][T28771] should_fail_ex+0x512/0x640 [ 1084.800417][T28771] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 1084.800437][T28771] should_failslab+0xc2/0x120 [ 1084.800457][T28771] __kvmalloc_node_noprof+0x141/0x9c0 [ 1084.800474][T28771] ? trace_kmalloc+0x2b/0xd0 [ 1084.800492][T28771] ? __kvmalloc_node_noprof+0x3c0/0x9c0 [ 1084.800508][T28771] ? io_alloc_cache_init+0x38/0x170 [ 1084.800532][T28771] ? io_alloc_cache_init+0x38/0x170 [ 1084.800550][T28771] io_alloc_cache_init+0x38/0x170 [ 1084.800579][T28771] io_rsrc_cache_init+0x40/0x50 [ 1084.800601][T28771] io_uring_setup+0x68e/0x20e0 [ 1084.800620][T28771] ? __pfx_io_uring_setup+0x10/0x10 [ 1084.800636][T28771] ? do_futex+0x122/0x350 [ 1084.800656][T28771] ? __pfx_do_futex+0x10/0x10 [ 1084.800674][T28771] ? __fget_files+0x204/0x3c0 [ 1084.800696][T28771] ? xfd_validate_state+0x61/0x180 [ 1084.800715][T28771] ? __pfx_do_writev+0x10/0x10 [ 1084.800733][T28771] __x64_sys_io_uring_setup+0xc2/0x170 [ 1084.800750][T28771] do_syscall_64+0xcd/0xfa0 [ 1084.800768][T28771] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1084.800783][T28771] RIP: 0033:0x7fa3bfb8f6c9 [ 1084.800795][T28771] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1084.800809][T28771] RSP: 002b:00007fa3c0a29038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 1084.800824][T28771] RAX: ffffffffffffffda RBX: 00007fa3bfde6090 RCX: 00007fa3bfb8f6c9 [ 1084.800834][T28771] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 1084.800842][T28771] RBP: 00007fa3bfc11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1084.800851][T28771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1084.800859][T28771] R13: 00007fa3bfde6128 R14: 00007fa3bfde6090 R15: 00007fff3debdc78 [ 1084.800879][T28771] [ 1085.399373][T28805] netlink: 342 bytes leftover after parsing attributes in process `syz.6.3850'. [ 1085.409851][T28806] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3851'. [ 1085.429134][T28805] netlink: 294 bytes leftover after parsing attributes in process `syz.6.3850'. [ 1086.514178][T28818] FAULT_INJECTION: forcing a failure. [ 1086.514178][T28818] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1086.559353][T28830] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3854'. [ 1086.569704][T28818] CPU: 0 UID: 0 PID: 28818 Comm: syz.5.3846 Tainted: G U syzkaller #0 PREEMPT(full) [ 1086.569730][T28818] Tainted: [U]=USER [ 1086.569735][T28818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1086.569744][T28818] Call Trace: [ 1086.569749][T28818] [ 1086.569761][T28818] dump_stack_lvl+0x16c/0x1f0 [ 1086.569784][T28818] should_fail_ex+0x512/0x640 [ 1086.569809][T28818] get_futex_key+0x1d0/0x1560 [ 1086.569831][T28818] ? __pfx_get_futex_key+0x10/0x10 [ 1086.569849][T28818] ? __mutex_trylock_common+0xe9/0x250 [ 1086.569875][T28818] futex_wake+0xea/0x530 [ 1086.569899][T28818] ? __pfx_futex_wake+0x10/0x10 [ 1086.569918][T28818] ? __lock_acquire+0xb8a/0x1c90 [ 1086.569946][T28818] do_futex+0x1e3/0x350 [ 1086.569965][T28818] ? __pfx_do_futex+0x10/0x10 [ 1086.569983][T28818] ? __might_fault+0xe3/0x190 [ 1086.570002][T28818] mm_release+0x24e/0x300 [ 1086.570018][T28818] do_exit+0x68e/0x2bf0 [ 1086.570041][T28818] ? __pfx_do_exit+0x10/0x10 [ 1086.570060][T28818] ? do_raw_spin_lock+0x12c/0x2b0 [ 1086.570081][T28818] ? find_held_lock+0x2b/0x80 [ 1086.570098][T28818] do_group_exit+0xd3/0x2a0 [ 1086.570119][T28818] get_signal+0x2671/0x26d0 [ 1086.570142][T28818] ? __pfx_get_signal+0x10/0x10 [ 1086.570158][T28818] ? do_futex+0x122/0x350 [ 1086.570177][T28818] ? __pfx_do_futex+0x10/0x10 [ 1086.570197][T28818] arch_do_signal_or_restart+0x8f/0x790 [ 1086.570217][T28818] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1086.570239][T28818] ? set_cred_ucounts+0x10f/0x200 [ 1086.570265][T28818] exit_to_user_mode_loop+0x85/0x130 [ 1086.570288][T28818] do_syscall_64+0x426/0xfa0 [ 1086.570306][T28818] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1086.570321][T28818] RIP: 0033:0x7eff5f58f6c9 [ 1086.570333][T28818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1086.570348][T28818] RSP: 002b:00007eff603ac0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1086.570362][T28818] RAX: fffffffffffffe00 RBX: 00007eff5f7e6188 RCX: 00007eff5f58f6c9 [ 1086.570372][T28818] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007eff5f7e6188 [ 1086.570380][T28818] RBP: 00007eff5f7e6180 R08: 0000000000000000 R09: 0000000000000000 [ 1086.570389][T28818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1086.570398][T28818] R13: 00007eff5f7e6218 R14: 00007ffdcf2db350 R15: 00007ffdcf2db438 [ 1086.570417][T28818] [ 1086.814050][ C0] vkms_vblank_simulate: vblank timer overrun [ 1087.289111][T28853] FAULT_INJECTION: forcing a failure. [ 1087.289111][T28853] name failslab, interval 1, probability 0, space 0, times 0 [ 1087.362430][T28853] CPU: 0 UID: 0 PID: 28853 Comm: syz.5.3859 Tainted: G U syzkaller #0 PREEMPT(full) [ 1087.362455][T28853] Tainted: [U]=USER [ 1087.362461][T28853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1087.362470][T28853] Call Trace: [ 1087.362475][T28853] [ 1087.362482][T28853] dump_stack_lvl+0x16c/0x1f0 [ 1087.362503][T28853] should_fail_ex+0x512/0x640 [ 1087.362527][T28853] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 1087.362547][T28853] should_failslab+0xc2/0x120 [ 1087.362567][T28853] __kvmalloc_node_noprof+0x141/0x9c0 [ 1087.362584][T28853] ? trace_kmalloc+0x2b/0xd0 [ 1087.362600][T28853] ? __kvmalloc_node_noprof+0x3c0/0x9c0 [ 1087.362616][T28853] ? io_alloc_cache_init+0x38/0x170 [ 1087.362639][T28853] ? io_alloc_cache_init+0x38/0x170 [ 1087.362658][T28853] io_alloc_cache_init+0x38/0x170 [ 1087.362678][T28853] io_rsrc_cache_init+0x40/0x50 [ 1087.362712][T28853] io_uring_setup+0x68e/0x20e0 [ 1087.362731][T28853] ? __pfx_io_uring_setup+0x10/0x10 [ 1087.362748][T28853] ? do_futex+0x122/0x350 [ 1087.362768][T28853] ? __pfx_do_futex+0x10/0x10 [ 1087.362787][T28853] ? __fget_files+0x204/0x3c0 [ 1087.362810][T28853] ? xfd_validate_state+0x61/0x180 [ 1087.362829][T28853] ? __pfx_do_writev+0x10/0x10 [ 1087.362847][T28853] __x64_sys_io_uring_setup+0xc2/0x170 [ 1087.362865][T28853] do_syscall_64+0xcd/0xfa0 [ 1087.362883][T28853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1087.362898][T28853] RIP: 0033:0x7eff5f58f6c9 [ 1087.362910][T28853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1087.362924][T28853] RSP: 002b:00007eff603cd038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 1087.362939][T28853] RAX: ffffffffffffffda RBX: 00007eff5f7e6090 RCX: 00007eff5f58f6c9 [ 1087.362948][T28853] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 1087.362957][T28853] RBP: 00007eff5f611f91 R08: 0000000000000000 R09: 0000000000000000 [ 1087.362965][T28853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1087.362974][T28853] R13: 00007eff5f7e6128 R14: 00007eff5f7e6090 R15: 00007ffdcf2db438 [ 1087.362993][T28853] [ 1087.578728][ C0] vkms_vblank_simulate: vblank timer overrun [ 1088.432605][T28932] FAULT_INJECTION: forcing a failure. [ 1088.432605][T28932] name failslab, interval 1, probability 0, space 0, times 0 [ 1088.486083][T28932] CPU: 0 UID: 0 PID: 28932 Comm: syz.1.3866 Tainted: G U syzkaller #0 PREEMPT(full) [ 1088.486115][T28932] Tainted: [U]=USER [ 1088.486120][T28932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1088.486129][T28932] Call Trace: [ 1088.486134][T28932] [ 1088.486140][T28932] dump_stack_lvl+0x16c/0x1f0 [ 1088.486161][T28932] should_fail_ex+0x512/0x640 [ 1088.486182][T28932] ? fs_reclaim_acquire+0xae/0x150 [ 1088.486204][T28932] should_failslab+0xc2/0x120 [ 1088.486223][T28932] __kmalloc_noprof+0xdd/0x880 [ 1088.486246][T28932] ? tomoyo_encode2+0x100/0x3e0 [ 1088.486265][T28932] ? tomoyo_encode2+0x100/0x3e0 [ 1088.486280][T28932] tomoyo_encode2+0x100/0x3e0 [ 1088.486298][T28932] tomoyo_encode+0x29/0x50 [ 1088.486313][T28932] tomoyo_realpath_from_path+0x18f/0x6e0 [ 1088.486331][T28932] ? tomoyo_profile+0x47/0x60 [ 1088.486351][T28932] tomoyo_path_number_perm+0x245/0x580 [ 1088.486373][T28932] ? tomoyo_path_number_perm+0x237/0x580 [ 1088.486397][T28932] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1088.486420][T28932] ? find_held_lock+0x2b/0x80 [ 1088.486452][T28932] ? find_held_lock+0x2b/0x80 [ 1088.486465][T28932] ? hook_file_ioctl_common+0x145/0x410 [ 1088.486484][T28932] ? __fget_files+0x20e/0x3c0 [ 1088.486502][T28932] security_file_ioctl+0x9b/0x240 [ 1088.486518][T28932] __x64_sys_ioctl+0xb7/0x210 [ 1088.486540][T28932] do_syscall_64+0xcd/0xfa0 [ 1088.486558][T28932] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1088.486573][T28932] RIP: 0033:0x7f1d1b98f6c9 [ 1088.486586][T28932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1088.486601][T28932] RSP: 002b:00007f1d1c7c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1088.486615][T28932] RAX: ffffffffffffffda RBX: 00007f1d1bbe6180 RCX: 00007f1d1b98f6c9 [ 1088.486625][T28932] RDX: 0000000000000024 RSI: 00000000000089f2 RDI: 0000000000000003 [ 1088.486634][T28932] RBP: 00007f1d1c7c6090 R08: 0000000000000000 R09: 0000000000000000 [ 1088.486642][T28932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1088.486651][T28932] R13: 00007f1d1bbe6218 R14: 00007f1d1bbe6180 R15: 00007ffd838193b8 [ 1088.486670][T28932] [ 1088.703775][ C0] vkms_vblank_simulate: vblank timer overrun [ 1088.943527][T28932] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1089.279440][T10750] Bluetooth: hci1: unexpected event 0x3e length: 728 > 260 [ 1089.279466][T10750] Bluetooth: hci1: unexpected subevent 0x0c length: 727 > 5 [ 1090.180603][T28954] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3869'. [ 1090.237933][T28972] zswap: compressor not available [ 1090.829784][T29005] __vm_enough_memory: pid: 29005, comm: syz.2.3871, bytes: 4398046511104 not enough memory for the allocation [ 1091.061598][T29046] block2mtd: illegal erase size [ 1091.165042][T10750] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 1091.252501][T29068] random: crng reseeded on system resumption [ 1091.335453][ T30] audit: type=1800 audit(4294967297.270:142): pid=29068 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.3876" name="discovery_nqn" dev="configfs" ino=105160 res=0 errno=0 [ 1091.395346][T29068] phram: not enough arguments [ 1093.648016][T29200] random: crng reseeded on system resumption [ 1093.732270][ T30] audit: type=1800 audit(4294967299.660:143): pid=29200 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3886" name="discovery_nqn" dev="configfs" ino=105378 res=0 errno=0 [ 1093.797593][T29200] phram: not enough arguments [ 1094.853385][T29258] FAULT_INJECTION: forcing a failure. [ 1094.853385][T29258] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1094.907353][T29258] CPU: 0 UID: 0 PID: 29258 Comm: syz.6.3895 Tainted: G U syzkaller #0 PREEMPT(full) [ 1094.907380][T29258] Tainted: [U]=USER [ 1094.907385][T29258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1094.907394][T29258] Call Trace: [ 1094.907399][T29258] [ 1094.907406][T29258] dump_stack_lvl+0x16c/0x1f0 [ 1094.907428][T29258] should_fail_ex+0x512/0x640 [ 1094.907453][T29258] should_fail_alloc_page+0xe7/0x130 [ 1094.907475][T29258] prepare_alloc_pages+0x3c2/0x610 [ 1094.907494][T29258] ? rcu_is_watching+0x12/0xc0 [ 1094.907511][T29258] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 1094.907528][T29258] ? rcu_is_watching+0x12/0xc0 [ 1094.907542][T29258] ? trace_sched_exit_tp+0xd1/0x120 [ 1094.907564][T29258] ? __schedule+0x11a3/0x5de0 [ 1094.907585][T29258] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1094.907601][T29258] ? __lock_acquire+0x622/0x1c90 [ 1094.907628][T29258] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1094.907653][T29258] ? policy_nodemask+0xea/0x4e0 [ 1094.907673][T29258] alloc_pages_mpol+0x1fb/0x550 [ 1094.907692][T29258] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1094.907709][T29258] ? __futex_wait+0x24b/0x2f0 [ 1094.907731][T29258] ? __pfx___futex_wait+0x10/0x10 [ 1094.907755][T29258] ___kmalloc_large_node+0xed/0x160 [ 1094.907777][T29258] __kmalloc_large_node_noprof+0x1c/0x70 [ 1094.907802][T29258] __kmalloc_noprof.cold+0xc/0x62 [ 1094.907824][T29258] ? iovec_from_user+0x108/0x140 [ 1094.907840][T29258] ? iovec_from_user+0x108/0x140 [ 1094.907851][T29258] iovec_from_user+0x108/0x140 [ 1094.907866][T29258] __import_iovec+0x88/0x650 [ 1094.907883][T29258] import_iovec+0x86/0xb0 [ 1094.907899][T29258] __do_sys_process_madvise+0x121/0x3c0 [ 1094.907920][T29258] ? __pfx___do_sys_process_madvise+0x10/0x10 [ 1094.907941][T29258] ? __pfx_do_futex+0x10/0x10 [ 1094.907996][T29258] do_syscall_64+0xcd/0xfa0 [ 1094.908016][T29258] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1094.908031][T29258] RIP: 0033:0x7fa3bfb8f6c9 [ 1094.908044][T29258] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1094.908059][T29258] RSP: 002b:00007fa3c0a4a038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b8 [ 1094.908073][T29258] RAX: ffffffffffffffda RBX: 00007fa3bfde5fa0 RCX: 00007fa3bfb8f6c9 [ 1094.908083][T29258] RDX: 00000000000002e5 RSI: 0000000000000000 RDI: ffffffffffffffff [ 1094.908093][T29258] RBP: 00007fa3bfc11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1094.908102][T29258] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000000 [ 1094.908111][T29258] R13: 00007fa3bfde6038 R14: 00007fa3bfde5fa0 R15: 00007fff3debdc78 [ 1094.908132][T29258] [ 1095.166584][ C0] vkms_vblank_simulate: vblank timer overrun [ 1095.447816][T29275] FAULT_INJECTION: forcing a failure. [ 1095.447816][T29275] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1095.461057][T29275] CPU: 0 UID: 0 PID: 29275 Comm: syz.6.3900 Tainted: G U syzkaller #0 PREEMPT(full) [ 1095.461080][T29275] Tainted: [U]=USER [ 1095.461085][T29275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1095.461094][T29275] Call Trace: [ 1095.461099][T29275] [ 1095.461105][T29275] dump_stack_lvl+0x16c/0x1f0 [ 1095.461127][T29275] should_fail_ex+0x512/0x640 [ 1095.461152][T29275] _copy_from_iter+0x29f/0x1720 [ 1095.461177][T29275] ? __alloc_skb+0x200/0x380 [ 1095.461199][T29275] ? __pfx__copy_from_iter+0x10/0x10 [ 1095.461221][T29275] ? netlink_autobind.isra.0+0x158/0x370 [ 1095.461243][T29275] netlink_sendmsg+0x820/0xdd0 [ 1095.461261][T29275] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1095.461279][T29275] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1095.461303][T29275] ____sys_sendmsg+0xa98/0xc70 [ 1095.461321][T29275] ? copy_msghdr_from_user+0x10a/0x160 [ 1095.461334][T29275] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1095.461360][T29275] ___sys_sendmsg+0x134/0x1d0 [ 1095.461375][T29275] ? __pfx____sys_sendmsg+0x10/0x10 [ 1095.461387][T29275] ? __lock_acquire+0x622/0x1c90 [ 1095.461428][T29275] __sys_sendmsg+0x16d/0x220 [ 1095.461442][T29275] ? __pfx___sys_sendmsg+0x10/0x10 [ 1095.461467][T29275] do_syscall_64+0xcd/0xfa0 [ 1095.461485][T29275] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1095.461500][T29275] RIP: 0033:0x7fa3bfb8f6c9 [ 1095.461512][T29275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1095.461527][T29275] RSP: 002b:00007fa3c0a4a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1095.461541][T29275] RAX: ffffffffffffffda RBX: 00007fa3bfde5fa0 RCX: 00007fa3bfb8f6c9 [ 1095.461550][T29275] RDX: 0000000000000800 RSI: 0000200000000dc0 RDI: 0000000000000003 [ 1095.461559][T29275] RBP: 00007fa3c0a4a090 R08: 0000000000000000 R09: 0000000000000000 [ 1095.461568][T29275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1095.461577][T29275] R13: 00007fa3bfde6038 R14: 00007fa3bfde5fa0 R15: 00007fff3debdc78 [ 1095.461596][T29275] [ 1095.670221][ C0] vkms_vblank_simulate: vblank timer overrun [ 1095.699697][T29262] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1095.705830][T29262] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1095.712506][T29262] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1095.863130][T29262] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1095.869321][T29262] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1096.664066][T29278] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3901'. [ 1097.312853][T26962] Bluetooth: hci1: command 0x0c1a tx timeout [ 1097.948956][T10750] Bluetooth: hci0: command 0x0406 tx timeout [ 1097.954976][T10750] Bluetooth: hci4: command 0x0c1a tx timeout [ 1097.961376][T26962] Bluetooth: hci2: command 0x0406 tx timeout [ 1099.280940][T29379] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3912'. [ 1099.553466][T29391] FAULT_INJECTION: forcing a failure. [ 1099.553466][T29391] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1099.566331][T29391] CPU: 0 UID: 0 PID: 29391 Comm: syz.6.3916 Tainted: G U syzkaller #0 PREEMPT(full) [ 1099.566356][T29391] Tainted: [U]=USER [ 1099.566361][T29391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1099.566371][T29391] Call Trace: [ 1099.566382][T29391] [ 1099.566390][T29391] dump_stack_lvl+0x16c/0x1f0 [ 1099.566412][T29391] should_fail_ex+0x512/0x640 [ 1099.566437][T29391] should_fail_futex+0x4c/0x60 [ 1099.566455][T29391] futex_lock_pi_atomic+0x148/0xd50 [ 1099.566481][T29391] futex_lock_pi+0x23f/0x7c0 [ 1099.566505][T29391] ? __pfx_futex_lock_pi+0x10/0x10 [ 1099.566530][T29391] ? __futex_wait+0x24b/0x2f0 [ 1099.566554][T29391] ? lockdep_hardirqs_on+0x7c/0x110 [ 1099.566581][T29391] ? futex_private_hash_put+0xd5/0x190 [ 1099.566602][T29391] ? __pfx_futex_wake_mark+0x10/0x10 [ 1099.566630][T29391] ? ksys_write+0x190/0x250 [ 1099.566649][T29391] do_futex+0x11a/0x350 [ 1099.566668][T29391] ? __pfx_do_futex+0x10/0x10 [ 1099.566691][T29391] __x64_sys_futex+0x1e0/0x4c0 [ 1099.566711][T29391] ? fput+0x9b/0xd0 [ 1099.566729][T29391] ? __pfx___x64_sys_futex+0x10/0x10 [ 1099.566749][T29391] ? xfd_validate_state+0x61/0x180 [ 1099.566769][T29391] ? __pfx_ksys_write+0x10/0x10 [ 1099.566789][T29391] do_syscall_64+0xcd/0xfa0 [ 1099.566807][T29391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1099.566822][T29391] RIP: 0033:0x7fa3bfb8f6c9 [ 1099.566835][T29391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1099.566849][T29391] RSP: 002b:00007fa3c0a4a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1099.566863][T29391] RAX: ffffffffffffffda RBX: 00007fa3bfde5fa0 RCX: 00007fa3bfb8f6c9 [ 1099.566872][T29391] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 1099.566881][T29391] RBP: 00007fa3bfc11f91 R08: 0000000000000000 R09: 000000008000fff5 [ 1099.566891][T29391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1099.566899][T29391] R13: 00007fa3bfde6038 R14: 00007fa3bfde5fa0 R15: 00007fff3debdc78 [ 1099.566919][T29391] [ 1099.771055][ C0] vkms_vblank_simulate: vblank timer overrun [ 1100.084599][T26962] Bluetooth: hci4: command 0x0c1a tx timeout [ 1100.626070][T29402] FAULT_INJECTION: forcing a failure. [ 1100.626070][T29402] name failslab, interval 1, probability 0, space 0, times 0 [ 1100.678072][T29402] CPU: 0 UID: 0 PID: 29402 Comm: syz.2.3919 Tainted: G U syzkaller #0 PREEMPT(full) [ 1100.678097][T29402] Tainted: [U]=USER [ 1100.678102][T29402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1100.678111][T29402] Call Trace: [ 1100.678116][T29402] [ 1100.678122][T29402] dump_stack_lvl+0x16c/0x1f0 [ 1100.678143][T29402] should_fail_ex+0x512/0x640 [ 1100.678165][T29402] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1100.678182][T29402] should_failslab+0xc2/0x120 [ 1100.678201][T29402] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1100.678215][T29402] ? getname_flags.part.0+0x4c/0x550 [ 1100.678239][T29402] ? getname_flags.part.0+0x4c/0x550 [ 1100.678258][T29402] getname_flags.part.0+0x4c/0x550 [ 1100.678281][T29402] getname_flags+0x93/0xf0 [ 1100.678295][T29402] do_sys_openat2+0xb8/0x1d0 [ 1100.678316][T29402] ? __pfx_do_sys_openat2+0x10/0x10 [ 1100.678339][T29402] ? __fget_files+0x20e/0x3c0 [ 1100.678356][T29402] __x64_sys_openat+0x174/0x210 [ 1100.678377][T29402] ? __pfx___x64_sys_openat+0x10/0x10 [ 1100.678397][T29402] ? ksys_write+0x1ac/0x250 [ 1100.678425][T29402] do_syscall_64+0xcd/0xfa0 [ 1100.678443][T29402] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1100.678458][T29402] RIP: 0033:0x7f9d88b8f6c9 [ 1100.678470][T29402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1100.678485][T29402] RSP: 002b:00007f9d89953038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1100.678499][T29402] RAX: ffffffffffffffda RBX: 00007f9d88de5fa0 RCX: 00007f9d88b8f6c9 [ 1100.678509][T29402] RDX: 0000000000080383 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 1100.678518][T29402] RBP: 00007f9d89953090 R08: 0000000000000000 R09: 0000000000000000 [ 1100.678527][T29402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1100.678535][T29402] R13: 00007f9d88de6038 R14: 00007f9d88de5fa0 R15: 00007ffdcbc5b1b8 [ 1100.678554][T29402] [ 1100.868743][ C0] vkms_vblank_simulate: vblank timer overrun [ 1101.391729][T29416] FAULT_INJECTION: forcing a failure. [ 1101.391729][T29416] name failslab, interval 1, probability 0, space 0, times 0 [ 1101.456125][T29422] random: crng reseeded on system resumption [ 1101.470757][T29416] CPU: 0 UID: 0 PID: 29416 Comm: syz.6.3920 Tainted: G U syzkaller #0 PREEMPT(full) [ 1101.470783][T29416] Tainted: [U]=USER [ 1101.470788][T29416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1101.470797][T29416] Call Trace: [ 1101.470803][T29416] [ 1101.470809][T29416] dump_stack_lvl+0x16c/0x1f0 [ 1101.470831][T29416] should_fail_ex+0x512/0x640 [ 1101.470853][T29416] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 1101.470872][T29416] should_failslab+0xc2/0x120 [ 1101.470891][T29416] __kvmalloc_node_noprof+0x141/0x9c0 [ 1101.470908][T29416] ? trace_kmalloc+0x2b/0xd0 [ 1101.470924][T29416] ? __kvmalloc_node_noprof+0x3c0/0x9c0 [ 1101.470940][T29416] ? io_alloc_cache_init+0x38/0x170 [ 1101.470963][T29416] ? io_alloc_cache_init+0x38/0x170 [ 1101.470982][T29416] io_alloc_cache_init+0x38/0x170 [ 1101.471002][T29416] io_rsrc_cache_init+0x40/0x50 [ 1101.471022][T29416] io_uring_setup+0x68e/0x20e0 [ 1101.471040][T29416] ? __pfx_io_uring_setup+0x10/0x10 [ 1101.471056][T29416] ? do_futex+0x122/0x350 [ 1101.471075][T29416] ? __pfx_do_futex+0x10/0x10 [ 1101.471094][T29416] ? __fget_files+0x204/0x3c0 [ 1101.471116][T29416] ? xfd_validate_state+0x61/0x180 [ 1101.471140][T29416] __x64_sys_io_uring_setup+0xc2/0x170 [ 1101.471158][T29416] do_syscall_64+0xcd/0xfa0 [ 1101.471176][T29416] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1101.471190][T29416] RIP: 0033:0x7fa3bfb8f6c9 [ 1101.471203][T29416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1101.471217][T29416] RSP: 002b:00007fa3c0a29038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 1101.471231][T29416] RAX: ffffffffffffffda RBX: 00007fa3bfde6090 RCX: 00007fa3bfb8f6c9 [ 1101.471241][T29416] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 1101.471249][T29416] RBP: 00007fa3bfc11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1101.471258][T29416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1101.471267][T29416] R13: 00007fa3bfde6128 R14: 00007fa3bfde6090 R15: 00007fff3debdc78 [ 1101.471286][T29416] [ 1101.684265][ C0] vkms_vblank_simulate: vblank timer overrun [ 1103.673768][T29474] kAFS: No cell specified [ 1105.274332][T29516] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE r҄y*"l-y–L̓]' [ 1105.299425][T29520] scsi_dev_info_list_add_str: bad dev info string '' '' '' [ 1105.321330][T29516] CPU: 0 UID: 0 PID: 29516 Comm: syz.2.3935 Tainted: G U syzkaller #0 PREEMPT(full) [ 1105.321356][T29516] Tainted: [U]=USER [ 1105.321361][T29516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1105.321370][T29516] Call Trace: [ 1105.321376][T29516] [ 1105.321382][T29516] dump_stack_lvl+0x16c/0x1f0 [ 1105.321404][T29516] sysfs_warn_dup+0x7f/0xa0 [ 1105.321426][T29516] sysfs_do_create_link_sd+0x124/0x140 [ 1105.321446][T29516] sysfs_create_link+0x61/0xc0 [ 1105.321464][T29516] device_add+0x62c/0x1aa0 [ 1105.321489][T29516] ? __pfx_device_add+0x10/0x10 [ 1105.321509][T29516] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1105.321534][T29516] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1105.321556][T29516] wiphy_register+0x1eb0/0x2b20 [ 1105.321575][T29516] ? netdev_run_todo+0x864/0x1320 [ 1105.321597][T29516] ? __pfx_wiphy_register+0x10/0x10 [ 1105.321626][T29516] ieee80211_register_hw+0x253d/0x4120 [ 1105.321654][T29516] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1105.321673][T29516] ? __pfx___debug_object_init+0x10/0x10 [ 1105.321695][T29516] ? find_held_lock+0x2b/0x80 [ 1105.321711][T29516] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1105.321734][T29516] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1105.321754][T29516] ? __hrtimer_setup+0x176/0x280 [ 1105.321778][T29516] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 1105.321806][T29516] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1105.321834][T29516] hwsim_new_radio_nl+0xba2/0x1330 [ 1105.321852][T29516] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1105.321873][T29516] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1105.321893][T29516] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1105.321916][T29516] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1105.321936][T29516] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1105.321960][T29516] ? bpf_lsm_capable+0x9/0x10 [ 1105.321979][T29516] ? security_capable+0x7e/0x260 [ 1105.322000][T29516] ? ns_capable+0xd7/0x110 [ 1105.322022][T29516] genl_rcv_msg+0x55c/0x800 [ 1105.322042][T29516] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1105.322061][T29516] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1105.322083][T29516] netlink_rcv_skb+0x158/0x420 [ 1105.322098][T29516] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1105.322116][T29516] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1105.322140][T29516] ? netlink_deliver_tap+0x1ae/0xd30 [ 1105.322157][T29516] genl_rcv+0x28/0x40 [ 1105.322171][T29516] netlink_unicast+0x5aa/0x870 [ 1105.322189][T29516] ? __pfx_netlink_unicast+0x10/0x10 [ 1105.322204][T29516] ? __pfx___might_resched+0x10/0x10 [ 1105.322225][T29516] netlink_sendmsg+0x8c8/0xdd0 [ 1105.322244][T29516] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1105.322262][T29516] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1105.322286][T29516] ____sys_sendmsg+0xa98/0xc70 [ 1105.322305][T29516] ? copy_msghdr_from_user+0x10a/0x160 [ 1105.322319][T29516] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1105.322336][T29516] ? preempt_schedule_thunk+0x16/0x30 [ 1105.322362][T29516] ? try_to_wake_up+0xa67/0x1870 [ 1105.322380][T29516] ___sys_sendmsg+0x134/0x1d0 [ 1105.322393][T29516] ? find_held_lock+0x2b/0x80 [ 1105.322408][T29516] ? __pfx____sys_sendmsg+0x10/0x10 [ 1105.322420][T29516] ? __lock_acquire+0x622/0x1c90 [ 1105.322464][T29516] __sys_sendmsg+0x16d/0x220 [ 1105.322479][T29516] ? __pfx___sys_sendmsg+0x10/0x10 [ 1105.322492][T29516] ? __x64_sys_futex+0x1e0/0x4c0 [ 1105.322524][T29516] do_syscall_64+0xcd/0xfa0 [ 1105.322542][T29516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1105.322557][T29516] RIP: 0033:0x7f9d88b8f6c9 [ 1105.322569][T29516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1105.322583][T29516] RSP: 002b:00007f9d89953038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1105.322598][T29516] RAX: ffffffffffffffda RBX: 00007f9d88de5fa0 RCX: 00007f9d88b8f6c9 [ 1105.322607][T29516] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000011 [ 1105.322617][T29516] RBP: 00007f9d88c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1105.322626][T29516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1105.322634][T29516] R13: 00007f9d88de6038 R14: 00007f9d88de5fa0 R15: 00007ffdcbc5b1b8 [ 1105.322655][T29516] [ 1105.730844][ C0] vkms_vblank_simulate: vblank timer overrun [ 1109.014468][T29660] random: crng reseeded on system resumption [ 1109.155492][ T30] audit: type=1800 audit(4294967315.090:144): pid=29663 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.3945" name="discovery_nqn" dev="configfs" ino=106378 res=0 errno=0 [ 1109.176480][ C0] vkms_vblank_simulate: vblank timer overrun [ 1109.311716][T29663] phram: not enough arguments [ 1110.328554][T29682] FAULT_INJECTION: forcing a failure. [ 1110.328554][T29682] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1110.421222][T29682] CPU: 0 UID: 0 PID: 29682 Comm: syz.6.3951 Tainted: G U syzkaller #0 PREEMPT(full) [ 1110.421247][T29682] Tainted: [U]=USER [ 1110.421252][T29682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1110.421261][T29682] Call Trace: [ 1110.421267][T29682] [ 1110.421273][T29682] dump_stack_lvl+0x16c/0x1f0 [ 1110.421295][T29682] should_fail_ex+0x512/0x640 [ 1110.421320][T29682] _copy_from_user+0x2e/0xd0 [ 1110.421343][T29682] memdup_user_nul+0x6c/0x120 [ 1110.421361][T29682] handle_policy_update+0x1a8/0x1230 [ 1110.421385][T29682] ? __pfx_handle_policy_update+0x10/0x10 [ 1110.421404][T29682] ? apparmor_capable+0x114/0x1d0 [ 1110.421427][T29682] ? bpf_lsm_capable+0x9/0x10 [ 1110.421445][T29682] ? security_capable+0x7e/0x260 [ 1110.421473][T29682] ? __pfx_safesetid_uid_file_write+0x10/0x10 [ 1110.421491][T29682] safesetid_uid_file_write+0x84/0xc0 [ 1110.421511][T29682] vfs_writev+0x5df/0xde0 [ 1110.421531][T29682] ? __pfx_vfs_writev+0x10/0x10 [ 1110.421544][T29682] ? __mutex_lock+0x1c5/0x1060 [ 1110.421567][T29682] ? __pfx___mutex_lock+0x10/0x10 [ 1110.421592][T29682] ? __fget_files+0x20e/0x3c0 [ 1110.421605][T29682] ? __fget_files+0x1b0/0x3c0 [ 1110.421623][T29682] ? do_writev+0x132/0x340 [ 1110.421636][T29682] do_writev+0x132/0x340 [ 1110.421650][T29682] ? __pfx_do_writev+0x10/0x10 [ 1110.421669][T29682] do_syscall_64+0xcd/0xfa0 [ 1110.421688][T29682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1110.421702][T29682] RIP: 0033:0x7fa3bfb8f6c9 [ 1110.421714][T29682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1110.421729][T29682] RSP: 002b:00007fa3c0a29038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1110.421743][T29682] RAX: ffffffffffffffda RBX: 00007fa3bfde6090 RCX: 00007fa3bfb8f6c9 [ 1110.421753][T29682] RDX: 0000000000000008 RSI: 0000200000000100 RDI: 0000000000000003 [ 1110.421762][T29682] RBP: 00007fa3c0a29090 R08: 0000000000000000 R09: 0000000000000000 [ 1110.421771][T29682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1110.421780][T29682] R13: 00007fa3bfde6128 R14: 00007fa3bfde6090 R15: 00007fff3debdc78 [ 1110.421799][T29682] [ 1110.760249][T10750] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1110.761437][T10750] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1110.762005][T10750] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1110.762620][T10750] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1110.763006][T10750] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1110.822402][T29680] FAULT_INJECTION: forcing a failure. [ 1110.822402][T29680] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1110.822433][T29680] CPU: 0 UID: 0 PID: 29680 Comm: syz.1.3950 Tainted: G U syzkaller #0 PREEMPT(full) [ 1110.822454][T29680] Tainted: [U]=USER [ 1110.822458][T29680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1110.822467][T29680] Call Trace: [ 1110.822472][T29680] [ 1110.822478][T29680] dump_stack_lvl+0x16c/0x1f0 [ 1110.822508][T29680] should_fail_ex+0x512/0x640 [ 1110.822533][T29680] get_futex_key+0x1d0/0x1560 [ 1110.822555][T29680] ? __pfx_get_futex_key+0x10/0x10 [ 1110.822572][T29680] ? __mutex_trylock_common+0xe9/0x250 [ 1110.822598][T29680] futex_wake+0xea/0x530 [ 1110.822621][T29680] ? __pfx_futex_wake+0x10/0x10 [ 1110.822641][T29680] ? __lock_acquire+0xb8a/0x1c90 [ 1110.822668][T29680] do_futex+0x1e3/0x350 [ 1110.822687][T29680] ? __pfx_do_futex+0x10/0x10 [ 1110.822704][T29680] ? __might_fault+0xe3/0x190 [ 1110.822724][T29680] mm_release+0x24e/0x300 [ 1110.822741][T29680] do_exit+0x68e/0x2bf0 [ 1110.822764][T29680] ? __pfx_do_exit+0x10/0x10 [ 1110.822783][T29680] ? do_raw_spin_lock+0x12c/0x2b0 [ 1110.822805][T29680] ? find_held_lock+0x2b/0x80 [ 1110.822822][T29680] do_group_exit+0xd3/0x2a0 [ 1110.822843][T29680] get_signal+0x2671/0x26d0 [ 1110.822866][T29680] ? __pfx_get_signal+0x10/0x10 [ 1110.822882][T29680] ? do_futex+0x122/0x350 [ 1110.822900][T29680] ? __pfx_do_futex+0x10/0x10 [ 1110.822920][T29680] arch_do_signal_or_restart+0x8f/0x790 [ 1110.822940][T29680] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1110.822961][T29680] ? set_cred_ucounts+0x10f/0x200 [ 1110.822988][T29680] exit_to_user_mode_loop+0x85/0x130 [ 1110.823010][T29680] do_syscall_64+0x426/0xfa0 [ 1110.823029][T29680] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1110.823043][T29680] RIP: 0033:0x7f1d1b98f6c9 [ 1110.823055][T29680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1110.823070][T29680] RSP: 002b:00007f1d1c7c60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1110.823084][T29680] RAX: fffffffffffffe00 RBX: 00007f1d1bbe6188 RCX: 00007f1d1b98f6c9 [ 1110.823093][T29680] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f1d1bbe6188 [ 1110.823103][T29680] RBP: 00007f1d1bbe6180 R08: 0000000000000000 R09: 0000000000000000 [ 1110.823114][T29680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1110.823123][T29680] R13: 00007f1d1bbe6218 R14: 00007ffd838192d0 R15: 00007ffd838193b8 [ 1110.823142][T29680] [ 1110.872821][T15360] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1111.005311][T15360] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1111.103792][T15360] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1111.170385][T15360] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1111.516162][T29695] chnl_net:caif_netlink_parms(): no params data found [ 1111.570093][T15360] netdevsim netdevsim1335 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1111.798067][T29695] bridge0: port 1(bridge_slave_0) entered blocking state [ 1111.801512][T29695] bridge0: port 1(bridge_slave_0) entered disabled state [ 1111.802660][T29695] bridge_slave_0: entered allmulticast mode [ 1111.804201][T29695] bridge_slave_0: entered promiscuous mode [ 1111.856827][T29695] bridge0: port 2(bridge_slave_1) entered blocking state [ 1111.856892][T29695] bridge0: port 2(bridge_slave_1) entered disabled state [ 1111.857002][T29695] bridge_slave_1: entered allmulticast mode [ 1111.858002][T29695] bridge_slave_1: entered promiscuous mode [ 1111.936437][T15360] bridge_slave_1: left allmulticast mode [ 1111.936456][T15360] bridge_slave_1: left promiscuous mode [ 1111.936584][T15360] bridge0: port 2(bridge_slave_1) entered disabled state [ 1111.941443][T15360] bridge_slave_0: left allmulticast mode [ 1111.941461][T15360] bridge_slave_0: left promiscuous mode [ 1111.941583][T15360] bridge0: port 1(bridge_slave_0) entered disabled state [ 1112.756286][T15360] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1112.757799][T15360] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1112.759219][T15360] bond0 (unregistering): Released all slaves [ 1112.775535][T29695] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1112.794584][T29695] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1112.835386][T10750] Bluetooth: hci0: command tx timeout [ 1112.870122][T15360] ovs_: left promiscuous mode [ 1112.876450][T29695] team0: Port device team_slave_0 added [ 1112.903866][T29695] team0: Port device team_slave_1 added [ 1113.002580][T29695] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1113.002596][T29695] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1113.002615][T29695] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1113.005534][T29695] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1113.005547][T29695] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1113.005566][T29695] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1113.180495][T29695] hsr_slave_0: entered promiscuous mode [ 1113.181094][T29695] hsr_slave_1: entered promiscuous mode [ 1113.181512][T29695] debugfs: 'hsr0' already exists in 'hsr' [ 1113.181527][T29695] Cannot create hsr debugfs directory [ 1113.396364][ C0] vkms_vblank_simulate: vblank timer overrun [ 1113.643476][T15360] hsr_slave_0: left promiscuous mode [ 1113.647000][T15360] hsr_slave_1: left promiscuous mode [ 1113.647437][T15360] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1113.647453][T15360] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1113.648415][T15360] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1113.648430][T15360] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1113.681511][T15360] veth1_macvtap: left promiscuous mode [ 1113.681565][T15360] veth0_macvtap: left promiscuous mode [ 1113.681668][T15360] veth1_vlan: left promiscuous mode [ 1113.681819][T15360] veth0_vlan: left promiscuous mode [ 1114.021950][T29705] tty tty1: ldisc open failed (-12), clearing slot 0 [ 1114.031054][T29694] ttyprintk ttyprintk: ldisc open failed (-12), clearing slot 0 [ 1114.909024][T10750] Bluetooth: hci0: command tx timeout [ 1115.074039][T15360] team0 (unregistering): Port device team_slave_1 removed [ 1115.446777][T15360] team0 (unregistering): Port device team_slave_0 removed [ 1115.587802][T30106] random: crng reseeded on system resumption [ 1115.952647][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1115.959358][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.356801][T30124] random: crng reseeded on system resumption [ 1116.402836][ T30] audit: type=1800 audit(4294967322.330:145): pid=30124 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.3967" name="discovery_nqn" dev="configfs" ino=107228 res=0 errno=0 [ 1116.459242][T30124] phram: not enough arguments [ 1116.988845][T10750] Bluetooth: hci0: command tx timeout [ 1117.307448][T30174] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3970'. [ 1117.418670][T29695] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1117.472048][T29695] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1117.586070][T29695] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1117.631751][T29695] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1118.184074][T29695] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1118.244423][T29695] 8021q: adding VLAN 0 to HW filter on device team0 [ 1118.260898][T30207] ================================================================== [ 1118.260913][T30207] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0xa03/0xc70 [ 1118.260940][T30207] Read of size 256 at addr ffff8880491163c0 by task syz.1.3972/30207 [ 1118.260954][T30207] [ 1118.260965][T30207] CPU: 0 UID: 0 PID: 30207 Comm: syz.1.3972 Tainted: G U syzkaller #0 PREEMPT(full) [ 1118.260985][T30207] Tainted: [U]=USER [ 1118.260990][T30207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1118.260999][T30207] Call Trace: [ 1118.261004][T30207] [ 1118.261010][T30207] dump_stack_lvl+0x116/0x1f0 [ 1118.261028][T30207] print_report+0xcd/0x630 [ 1118.261047][T30207] ? __virt_addr_valid+0x81/0x610 [ 1118.261066][T30207] ? __phys_addr+0xe8/0x180 [ 1118.261083][T30207] ? fbcon_prepare_logo+0xa03/0xc70 [ 1118.261102][T30207] kasan_report+0xe0/0x110 [ 1118.261120][T30207] ? fbcon_prepare_logo+0xa03/0xc70 [ 1118.261142][T30207] kasan_check_range+0x100/0x1b0 [ 1118.261164][T30207] __asan_memcpy+0x23/0x60 [ 1118.261178][T30207] fbcon_prepare_logo+0xa03/0xc70 [ 1118.261201][T30207] fbcon_init+0xd77/0x1900 [ 1118.261220][T30207] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 1118.261242][T30207] visual_init+0x320/0x620 [ 1118.261262][T30207] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 1118.261279][T30207] store_bind+0x61d/0x760 [ 1118.261293][T30207] ? sysfs_file_kobj+0xe4/0x290 [ 1118.261309][T30207] ? __pfx_store_bind+0x10/0x10 [ 1118.261322][T30207] dev_attr_store+0x58/0x80 [ 1118.261342][T30207] ? __pfx_dev_attr_store+0x10/0x10 [ 1118.261360][T30207] sysfs_kf_write+0xf2/0x150 [ 1118.261376][T30207] kernfs_fop_write_iter+0x3af/0x570 [ 1118.261398][T30207] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1118.261413][T30207] iter_file_splice_write+0xa24/0x12e0 [ 1118.261433][T30207] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1118.261449][T30207] ? __pfx_copy_splice_read+0x10/0x10 [ 1118.261475][T30207] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1118.261490][T30207] direct_splice_actor+0x192/0x6c0 [ 1118.261505][T30207] splice_direct_to_actor+0x345/0xa30 [ 1118.261519][T30207] ? __pfx_direct_splice_actor+0x10/0x10 [ 1118.261534][T30207] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1118.261550][T30207] do_splice_direct+0x174/0x240 [ 1118.261563][T30207] ? __pfx_do_splice_direct+0x10/0x10 [ 1118.261576][T30207] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1118.261600][T30207] ? rw_verify_area+0xcf/0x6c0 [ 1118.261614][T30207] do_sendfile+0xb06/0xe50 [ 1118.261629][T30207] ? __pfx_do_sendfile+0x10/0x10 [ 1118.261644][T30207] ? __x64_sys_futex+0x1e0/0x4c0 [ 1118.261662][T30207] ? __x64_sys_futex+0x1e9/0x4c0 [ 1118.261681][T30207] __x64_sys_sendfile64+0x1d8/0x220 [ 1118.261699][T30207] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1118.261720][T30207] do_syscall_64+0xcd/0xfa0 [ 1118.261745][T30207] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1118.261761][T30207] RIP: 0033:0x7f1d1b98f6c9 [ 1118.261773][T30207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1118.261788][T30207] RSP: 002b:00007f1d1c808038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1118.261802][T30207] RAX: ffffffffffffffda RBX: 00007f1d1bbe5fa0 RCX: 00007f1d1b98f6c9 [ 1118.261812][T30207] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000004 [ 1118.261821][T30207] RBP: 00007f1d1ba11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1118.261830][T30207] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1118.261839][T30207] R13: 00007f1d1bbe6038 R14: 00007f1d1bbe5fa0 R15: 00007ffd838193b8 [ 1118.261854][T30207] [ 1118.261860][T30207] [ 1118.261864][T30207] Allocated by task 21040: [ 1118.261871][T30207] kasan_save_stack+0x33/0x60 [ 1118.261887][T30207] kasan_save_track+0x14/0x30 [ 1118.261901][T30207] __kasan_kmalloc+0xaa/0xb0 [ 1118.261916][T30207] __kmalloc_noprof+0x32f/0x880 [ 1118.261938][T30207] fib6_info_alloc+0x40/0x160 [ 1118.261954][T30207] ip6_route_info_create+0x14c/0x870 [ 1118.261967][T30207] ip6_route_add.part.0+0x22/0x1d0 [ 1118.261987][T30207] ip6_route_add+0x45/0x60 [ 1118.262006][T30207] addrconf_prefix_route+0x2fd/0x510 [ 1118.262020][T30207] addrconf_notify+0x12c6/0x19e0 [ 1118.262039][T30207] notifier_call_chain+0xbc/0x410 [ 1118.262056][T30207] call_netdevice_notifiers_info+0xbe/0x140 [ 1118.262074][T30207] __dev_notify_flags+0x12c/0x2e0 [ 1118.262094][T30207] netif_change_flags+0x108/0x160 [ 1118.262106][T30207] do_setlink.constprop.0+0xb53/0x4380 [ 1118.262120][T30207] rtnl_newlink+0x1446/0x2000 [ 1118.262133][T30207] rtnetlink_rcv_msg+0x95e/0xe90 [ 1118.262146][T30207] netlink_rcv_skb+0x158/0x420 [ 1118.262159][T30207] netlink_unicast+0x5aa/0x870 [ 1118.262172][T30207] netlink_sendmsg+0x8c8/0xdd0 [ 1118.262185][T30207] __sys_sendto+0x4a3/0x520 [ 1118.262204][T30207] __x64_sys_sendto+0xe0/0x1c0 [ 1118.262222][T30207] do_syscall_64+0xcd/0xfa0 [ 1118.262237][T30207] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1118.262250][T30207] [ 1118.262254][T30207] The buggy address belongs to the object at ffff888049116000 [ 1118.262254][T30207] which belongs to the cache kmalloc-512 of size 512 [ 1118.262265][T30207] The buggy address is located 656 bytes to the right of [ 1118.262265][T30207] allocated 304-byte region [ffff888049116000, ffff888049116130) [ 1118.262279][T30207] [ 1118.262284][T30207] The buggy address belongs to the physical page: [ 1118.262291][T30207] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888049117400 pfn:0x49114 [ 1118.262304][T30207] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1118.262316][T30207] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 1118.262330][T30207] page_type: f5(slab) [ 1118.262343][T30207] raw: 00fff00000000240 ffff88813ffa6c80 ffffea00018c7010 ffffea000123b210 [ 1118.262356][T30207] raw: ffff888049117400 000000000010000b 00000000f5000000 0000000000000000 [ 1118.262368][T30207] head: 00fff00000000240 ffff88813ffa6c80 ffffea00018c7010 ffffea000123b210 [ 1118.262381][T30207] head: ffff888049117400 000000000010000b 00000000f5000000 0000000000000000 [ 1118.262394][T30207] head: 00fff00000000002 ffffea0001244501 00000000ffffffff 00000000ffffffff [ 1118.262407][T30207] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 1118.262419][T30207] page dumped because: kasan: bad access detected [ 1118.262426][T30207] page_owner tracks the page as allocated [ 1118.262431][T30207] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5824, tgid 5824 (syz-executor), ts 88584391826, free_ts 27882222292 [ 1118.262457][T30207] post_alloc_hook+0x1c0/0x230 [ 1118.262481][T30207] get_page_from_freelist+0x10a3/0x3a30 [ 1118.262494][T30207] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 1118.262507][T30207] alloc_pages_mpol+0x1fb/0x550 [ 1118.262525][T30207] new_slab+0x24a/0x360 [ 1118.262544][T30207] ___slab_alloc+0xd79/0x1a50 [ 1118.262563][T30207] __slab_alloc.constprop.0+0x63/0x110 [ 1118.262584][T30207] __kmalloc_noprof+0x501/0x880 [ 1118.262604][T30207] fib6_info_alloc+0x40/0x160 [ 1118.262620][T30207] ip6_route_info_create+0x14c/0x870 [ 1118.262633][T30207] addrconf_f6i_alloc+0x2da/0x660 [ 1118.262645][T30207] ipv6_add_addr+0x531/0x1fe0 [ 1118.262659][T30207] inet6_addr_add+0x256/0x960 [ 1118.262675][T30207] inet6_rtm_newaddr+0x1619/0x1c70 [ 1118.262693][T30207] rtnetlink_rcv_msg+0x95e/0xe90 [ 1118.262707][T30207] netlink_rcv_skb+0x158/0x420 [ 1118.262720][T30207] page last free pid 1 tgid 1 stack trace: [ 1118.262734][T30207] __free_frozen_pages+0x7df/0x1160 [ 1118.262754][T30207] free_contig_range+0x183/0x4b0 [ 1118.262772][T30207] destroy_args+0xb69/0x12e0 [ 1118.262790][T30207] debug_vm_pgtable+0x1a32/0x3640 [ 1118.262807][T30207] do_one_initcall+0x123/0x6e0 [ 1118.262825][T30207] kernel_init_freeable+0x5c8/0x920 [ 1118.262846][T30207] kernel_init+0x1c/0x2b0 [ 1118.262866][T30207] ret_from_fork+0x675/0x7d0 [ 1118.262885][T30207] ret_from_fork_asm+0x1a/0x30 [ 1118.262903][T30207] [ 1118.262907][T30207] Memory state around the buggy address: [ 1118.262914][T30207] ffff888049116280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1118.262924][T30207] ffff888049116300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1118.262934][T30207] >ffff888049116380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1118.262942][T30207] ^ [ 1118.262950][T30207] ffff888049116400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1118.262960][T30207] ffff888049116480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1118.262968][T30207] ================================================================== [ 1118.264393][T30207] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1118.264407][T30207] CPU: 0 UID: 0 PID: 30207 Comm: syz.1.3972 Tainted: G U syzkaller #0 PREEMPT(full) [ 1118.264429][T30207] Tainted: [U]=USER [ 1118.264434][T30207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1118.264443][T30207] Call Trace: [ 1118.264449][T30207] [ 1118.264455][T30207] dump_stack_lvl+0x3d/0x1f0 [ 1118.264473][T30207] vpanic+0x640/0x6f0 [ 1118.264495][T30207] panic+0xca/0xd0 [ 1118.264514][T30207] ? __pfx_panic+0x10/0x10 [ 1118.264534][T30207] ? fbcon_prepare_logo+0xa03/0xc70 [ 1118.264555][T30207] ? preempt_schedule_common+0x44/0xc0 [ 1118.264572][T30207] ? preempt_schedule_thunk+0x16/0x30 [ 1118.264595][T30207] check_panic_on_warn+0xab/0xb0 [ 1118.264616][T30207] end_report+0x107/0x170 [ 1118.264634][T30207] kasan_report+0xee/0x110 [ 1118.264653][T30207] ? fbcon_prepare_logo+0xa03/0xc70 [ 1118.264675][T30207] kasan_check_range+0x100/0x1b0 [ 1118.264697][T30207] __asan_memcpy+0x23/0x60 [ 1118.264711][T30207] fbcon_prepare_logo+0xa03/0xc70 [ 1118.264741][T30207] fbcon_init+0xd77/0x1900 [ 1118.264761][T30207] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 1118.264783][T30207] visual_init+0x320/0x620 [ 1118.264806][T30207] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 1118.264823][T30207] store_bind+0x61d/0x760 [ 1118.264837][T30207] ? sysfs_file_kobj+0xe4/0x290 [ 1118.264854][T30207] ? __pfx_store_bind+0x10/0x10 [ 1118.264867][T30207] dev_attr_store+0x58/0x80 [ 1118.264887][T30207] ? __pfx_dev_attr_store+0x10/0x10 [ 1118.264907][T30207] sysfs_kf_write+0xf2/0x150 [ 1118.264923][T30207] kernfs_fop_write_iter+0x3af/0x570 [ 1118.264946][T30207] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1118.264962][T30207] iter_file_splice_write+0xa24/0x12e0 [ 1118.264983][T30207] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1118.265000][T30207] ? __pfx_copy_splice_read+0x10/0x10 [ 1118.265027][T30207] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1118.265043][T30207] direct_splice_actor+0x192/0x6c0 [ 1118.265058][T30207] splice_direct_to_actor+0x345/0xa30 [ 1118.265073][T30207] ? __pfx_direct_splice_actor+0x10/0x10 [ 1118.265089][T30207] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1118.265105][T30207] do_splice_direct+0x174/0x240 [ 1118.265119][T30207] ? __pfx_do_splice_direct+0x10/0x10 [ 1118.265133][T30207] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1118.265157][T30207] ? rw_verify_area+0xcf/0x6c0 [ 1118.265172][T30207] do_sendfile+0xb06/0xe50 [ 1118.265187][T30207] ? __pfx_do_sendfile+0x10/0x10 [ 1118.265203][T30207] ? __x64_sys_futex+0x1e0/0x4c0 [ 1118.265222][T30207] ? __x64_sys_futex+0x1e9/0x4c0 [ 1118.265242][T30207] __x64_sys_sendfile64+0x1d8/0x220 [ 1118.265261][T30207] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1118.265282][T30207] do_syscall_64+0xcd/0xfa0 [ 1118.265300][T30207] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1118.265314][T30207] RIP: 0033:0x7f1d1b98f6c9 [ 1118.265326][T30207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1118.265340][T30207] RSP: 002b:00007f1d1c808038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1118.265355][T30207] RAX: ffffffffffffffda RBX: 00007f1d1bbe5fa0 RCX: 00007f1d1b98f6c9 [ 1118.265365][T30207] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000004 [ 1118.265374][T30207] RBP: 00007f1d1ba11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1118.265384][T30207] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1118.265393][T30207] R13: 00007f1d1bbe6038 R14: 00007f1d1bbe5fa0 R15: 00007ffd838193b8 [ 1118.265407][T30207] [ 1118.265471][T30207] Kernel Offset: disabled