last executing test programs:

22.002647835s ago: executing program 2 (id=1354):
close_range$auto(0x2, 0x8, 0x0) (async)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x242a82, 0x0) (async)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001d80)='/sys/devices/pci0000:00/0000:00:00.0/msi_bus\x00', 0x101101, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
open(&(0x7f00000001c0)='./cgroup.cpu/cgroup.procs\x00', 0x80842, 0x91)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
move_pages$auto(0x0, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000)
mmap$auto(0x0, 0x40007, 0xdf, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
mmap$auto(0x0, 0xe980, 0xdf, 0xeb1, 0x401, 0x8000) (async)
read$auto(r0, 0x0, 0xe4) (async)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0302, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) (async)
syz_genetlink_get_family_id$auto_gtp(&(0x7f0000000000), 0xffffffffffffffff) (async, rerun: 64)
openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, 0x0, 0x109041, 0x0) (async, rerun: 64)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async)
close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async)
r2 = socket(0x2, 0x2, 0x1)
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r2, 0x10000}, 0x10) (async)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async, rerun: 64)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) (async, rerun: 64)
sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) (async)
bpf$auto(0x3, 0x0, 0x6f0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async)
clone$auto(0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x100000000) (async)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
close_range$auto(0x2, 0xa, 0x0)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) (async)
fanotify_init$auto(0x65, 0x2)

20.027650197s ago: executing program 2 (id=1363):
sysfs$auto(0x2, 0x10000000000002a, 0x0)
recvmmsg$auto(0xffffffffffffffff, 0x0, 0xf1, 0x0, 0x0)
sendto$auto(0x3, 0x0, 0x2000f, 0x0, 0x0, 0x1c)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/virtual/block/nbd3/queue/iosched/front_merges\x00', 0x2041, 0x0)
write$auto(r0, &(0x7f0000000140)='7\x00\xb1\x9a\xc0\xf9\xc0e\xd2T\xbe\xb6I\x9d\xd9\x18\xf5\x91\xbfq\xfe\xf2\x9a\x02\x9fC0xb\xccW(\xc1n+\n|5\xa5\x9c=^\xf1\x11H\x1c\xf73\x16\xd2\a\xfaw\xcc\xf1\xff7\xab\xa1\xeaF\x04\x17\x99\xd3\xd1\x83\xccG^\xbbdC\x8a\n\x88\xbcW@+\xafD\xd1\x8a\xc13W\xf66\x86\xe5\xee\xa7\x1d\x0f\x90\x00\xcf\xdb\xf5\xbf\xd4\xc8\x84\xb3\xeeb\xb0\xc7kN\x80\x93\xfd\x89\xe1\xc9tp\xd4jm\x7f\xf0a\xc3\x02\x14\xcf\xcf\\e!\a\x82\t,\xa7\x00\xbd&\xcax\xf8P\xc1\x8f\x87\x83\x0f\x93z', 0x1)
sendmsg$auto_NL802154_CMD_DEL_SEC_LEVEL(0xffffffffffffffff, 0x0, 0x8000800)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram7\x00', 0x60742, 0x0)
r1 = socket(0x2, 0x810, 0xfffffff8)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3, 0x4, 0x0, 0xfffffffffffffffe, 0x20100000001)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc3\xdd\xa7\xee$\xf5\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xe6\x06g\x1a\xfc\xa8\x02\vw\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
connect$auto(0x3, 0x0, 0x8)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x19, 0x8, 0x4000000000db, 0xeb1, r1, 0x8000)
madvise$auto(0x0, 0x5, 0x15)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/bus/scsi/drivers/st/fixed_buffer_size\x00', 0x0, 0x0)
read$auto(r4, 0x0, 0x3)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x89fc, &(0x7f0000000180))
msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004)
read$auto_nvram_misc_fops_nvram(0xffffffffffffffff, 0x0, 0x0)
sendmsg$auto_GTP_CMD_NEWPDP(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x200040c4}, 0x40040d5)
lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x4, 0x100000001, 0xfffffffc, 0x0, 0x0, 0x0, 0x9, 0x10001, 0x7, 0x400, 0x7ffffff8, 0x5, 0x7, 0x5, 0x61, 0x103})
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x89fc, &(0x7f0000000040)={'bridge0\x00'})
prctl$auto(0x43, 0x0, 0x0, 0x0, 0x8658)
r5 = socket(0x2, 0x801, 0x102)
r6 = open(&(0x7f0000000080)='./cgroup.cpu/cgroup.procs\x00', 0xa0400, 0x8)
r7 = open_by_handle_at$auto(r6, &(0x7f0000000040)={0x8, 0x2, "0200000000000000"}, 0x2)
sendfile$auto(r5, r7, 0x0, 0xffff)
openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000001580)='/sys/kernel/debug/tracing/events/vmalloc/enable\x00', 0x204, 0x1a00)

18.858280294s ago: executing program 2 (id=1366):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto_VHOST_SET_VRING_ERR2(0xffffffffffffffff, 0x4008af22, 0x0)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, 0x0, 0x0)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x100001000000032, 0x0)
r0 = fsopen$auto(0x0, 0x1)
fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000640)='/sys/devices/platform/dummy_hcd.1/usb2/bmAttributes\x00', 0x0, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x401bf, 0x7352, 0x43, 0x6, 0x1ffde, 0x7, 0x3, 0x2, 0x9, 0x3, 0x5, 0x4, 0x3000, 0x200, 0x6, 0x10003, 0x83, 0x4000000004, 0x0, 0x7, 0x1ffc, 0x203, 0x400, 0x84}, 0x1fe, 0xd)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000d80), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_ETHTOOL_MSG_PLCA_SET_CFG(r2, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000001040)={0x2c, r1, 0x1, 0x70bd2c, 0x25dfdbfd, {0x28, 0x0, 0x300}, [@ETHTOOL_A_PLCA_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x20008800)

18.125521152s ago: executing program 2 (id=1367):
r0 = prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x4000000000000005, 0x2020009, 0x5, 0xf8, r1, 0x101)
madvise$auto(0x0, 0x2000040080000004, 0xe)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3)
mbind$auto(0xf000, 0x8000000000000001, 0x100000000, 0x0, 0x6, 0x2)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r2, 0x0, 0x20)
r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3)
ioctl$auto_TUNSETLINK(r0, 0x400454cd, &(0x7f0000000140)=0xb2)
mmap$auto(0x0, 0x100, 0x1000000007fff, 0x12, r1, 0x8000)
r4 = openat$auto_udf_dir_operations_udfdecl(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/bluetooth/hci4\x00', 0xa00000, 0x0)
ioctl$auto_UDF_GETEABLOCK(r4, 0x80086c41, &(0x7f0000000100)=&(0x7f00000000c0)="269906287be961454910b3bb055196c7fedf1f07c8")
ioctl$auto(0xffffffffffffffff, 0x8001, r2)
close_range$auto(0x2, 0x8, 0x0)
socket(0x29, 0x5, 0x0)
r5 = openat$auto_proc_pid_set_comm_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/comm\x00', 0x1, 0x0)
write$auto_proc_pid_set_comm_operations_base(r5, &(0x7f0000000480)="cb6661dc", 0x4)
statmount$auto(0x0, &(0x7f0000000180)={0x3, 0x8, 0x1ff, 0x7, 0x5, 0x7181, 0xa34e, 0x7, 0x3, 0x9, 0x6, 0x80003, 0x4, 0x1ffffffffffd, 0xb4, 0xffffffffffffffff, 0x9, 0x10007, 0x2, 0x4, 0xfffffffe, 0x8, 0x1, 0x7, 0x0, 0x84, 0x0, 0xffffff01, 0x1, 0x0, 0xaf3, [0x9a8, 0x0, 0x20000000000000, 0xb0a3, 0x0, 0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x9e2f, 0xe42, 0x0, 0xe9ba, 0x0, 0x0, 0x0, 0x10000]}, 0x1fe, 0xd)
r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0)
readv$auto(r6, 0x0, 0x3)
ioctl$auto_TIOCVHANGUP2(r6, 0x5437, 0x0)
r7 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/ksm/general_profit\x00', 0xa800, 0x0)
ioctl$auto__ctl_fops_dm_ioctl(r7, 0xfffffffffffffd03, &(0x7f00000001c0))

17.067917156s ago: executing program 2 (id=1369):
r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/irq/13/effective_affinity_list\x00', 0x2000, 0x0)
pread64$auto(r0, 0x0, 0x1, 0xff)
r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/v4l-touch4\x00', 0x121900, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_EXTERNAL_AUTH(r2, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x134, 0x0, 0x800, 0x70bd2d, 0x25dfdbfb, {}, [@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6f9b}, @NL80211_ATTR_NAN_FUNC={0x117, 0xf0, 0x0, 0x1, [@generic="5b676bfe58d1cd7aa5de2188f3bf9468879b3e38e4d1", @generic="93235ddfa3b5756d064c53d5861a802b42256f660dd58faa41cbd6a1c753bd73d7a116c4ca239c2dfa0cfb1cd9013eb38adc2284679235b233679acd0b383617691d78a19e1d56585982f4099ea67fae13f0a87175f2512993e744769ee276437c69d0921fd59f614fa350314782d472150a2de5a19385ac0023e3e48db2061abe4cda6ae3f2", @typed={0x14, 0x33, 0x0, 0x0, @ipv6=@private2}, @generic="c92081ccdd8afdc1f8f1ea18bc2c111a2cb3b27de5f57fa13248302f1aa3879c8ac300211a561ff265e587144d82e47f7a8e66a43006d84a5505b2009871eda9785a8f72564bd7a6d7cf40028d20380aa5137f7600e0320bd7819024146551fb2a9e20"]}]}, 0x134}, 0x1, 0x0, 0x0, 0x40004}, 0x4001)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x5, 0x0)
setsockopt$auto(0x3, 0x10000000084, 0xa, 0x0, 0x20)
ppoll$auto(&(0x7f0000000040)={<r3=>r1, 0x6, 0x6}, 0xc, 0x0, 0x0, 0x8)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video43\x00', 0x129900, 0x0)
close_range$auto(0x2, 0x8, 0x0)
ioctl$auto_BTRFS_IOC_SEND(r3, 0x40489426, &(0x7f0000000300)={@inferred=r3, 0x100000001, &(0x7f0000000280)=0x7, 0x0, 0x553, 0x41c7, "0be8ba88ba486480dbfafb00be0bcc8c1927a757ecaa29730c16aaf2"})

16.797644512s ago: executing program 2 (id=1372):
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000)
socket(0x2, 0x2, 0x88)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
write$auto(0x3, 0x0, 0xfdf3)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/hci6/force_devcoredump\x00', 0x100, 0x0)
ioctl$auto_BTRFS_IOC_SNAP_DESTROY_V2(r0, 0x5000943f, &(0x7f0000000180)={@inferred=r1, 0x7fffffffffffffff, 0x80000000, @btrfs_ioctl_vol_args_v2_3_0={0x9, &(0x7f0000000100)={0x17f3, 0x401, 0x1, 0x3b9, {0x8, 0x6, 0x0, 0x5, 0x4}, [0x6, 0x3, 0x523e, 0x3, 0x8000000000000001, 0xb0]}}, @subvolid=0x8})
mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000001040), 0xffffffffffffffff)
sendmsg$auto_GTP_CMD_GETPDP(r2, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000001100)={&(0x7f0000001080)={0x14, r3, 0x1, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x24040814)
r4 = pipe$auto(&(0x7f0000000040))
r5 = setfsgid$auto(0xee01)
setresgid$auto(r5, 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000680)='/dev/v4l-subdev5\x00', 0x20281, 0x0)
ioctl$auto(r7, 0x40085618, r6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
capget$auto(0x0, 0xfffffffffffffffe)
capset$auto(0x0, &(0x7f0000000100)={0x1ff, 0xfff, 0x1000})
r8 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/kernel/seccomp/actions_logged\x00', 0x8202, 0x0)
sendfile$auto(r8, r8, 0x0, 0x1048)
fsconfig$auto_FSCONFIG_SET_FD(r4, 0x5, &(0x7f00000010c0)='\x00', &(0x7f0000001100), r5)
fsconfig$auto_FSCONFIG_SET_PATH(r2, 0x3, &(0x7f0000000040)='/sys/kernel/debug/bluetooth/hci6/force_devcoredump\x00', &(0x7f0000001180)="33ab555295ada294629f68635eceb5cb213dc987a3d04822035c9f9635e61fc5027661f611ec1fc5788c291cd935ea2d447d7691c8b54bb7899dcafa09f47a0c73ce239c5e8ff59f604a6de70435b3ca822e08325396448e3e8873238f7f0359d1cd6a03ad011d0dcd47ef392d0a136c7c81eeea63c10bae906eb98fb99628bc203d13282f0c09b047aed055f6c7eee882a838cd4037279a1156d03b4858a5060a31b2db18b30ef365305c8b00f10493b522240f0782314afab1d1b2ae5ebf616b9bfc396173aa0cbb56ffdae89b78076ae6", r5)
madvise$auto(0x0, 0x200007, 0x19)
io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x4002, 0x6, 0x4, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0xf, 0x29f, 0x1, 0x7f, 0x101, 0x4000006, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x104, 0x8, 0x100000000}})
syz_clone(0x5086000, 0x0, 0xffffff27, 0x0, 0x0, 0x0)

4.913885146s ago: executing program 3 (id=1413):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto_VHOST_SET_VRING_ERR2(0xffffffffffffffff, 0x4008af22, 0x0)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, 0x0, 0x0)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x100001000000032, 0x0)
r0 = fsopen$auto(0x0, 0x1)
fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000640)='/sys/devices/platform/dummy_hcd.1/usb2/bmAttributes\x00', 0x0, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x401bf, 0x7352, 0x43, 0x6, 0x1ffde, 0x7, 0x3, 0x2, 0x9, 0x3, 0x5, 0x4, 0x3000, 0x200, 0x6, 0x10003, 0x83, 0x4000000004, 0x0, 0x7, 0x1ffc, 0x203, 0x400, 0x84}, 0x1fe, 0xd)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000d80), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_ETHTOOL_MSG_PLCA_SET_CFG(r2, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000001040)={0x2c, r1, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@ETHTOOL_A_PLCA_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x300, 0x1}, 0x20008800)

4.575787163s ago: executing program 3 (id=1415):
fchdir$auto(0xffffffffffffffff)
mmap$auto(0xfffffffffffffffc, 0xa00008, 0x400002, 0x40eb1, 0xffffffffffffffff, 0x1)
getpid()
unshare$auto(0x40000080)
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0x42001, 0x0)
readv$auto(r1, &(0x7f0000000680)={&(0x7f0000000300)="64074c974bc700bf3e0ea3cb2a0e6fb39becec71e3a4d0a56fd330f661933ddee8f7e24e910a635beff3ee8ee14b1c06ea42210c954dbb2646ec4926a181e72e60e162246177fab5b4ca997754a8c9cddab6d3c54cbfb66c3783772d50cc1e5778975d5b19cb2cf6de8f594e2311768d1b3d94adef00"/136, 0x40200}, 0x3)
sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000006c0)=ANY=[], 0x68}, 0x1, 0x0, 0x0, 0x40440d9}, 0x44098)
socket(0x18, 0x3, 0x100)
fsconfig$auto_FSCONFIG_CMD_CREATE(r0, 0x6, &(0x7f0000000080)='/proc/thread-self/clear_refs\x00', &(0x7f0000000200)="98965de6ffbf9e8c602f478e743ac45457cf76a4c0a8bee60c6f2243f62b21e691b2206310880c73b532354e389b7e9183c20a928137a903e930e783ddcb1b887ed374ab65575cc3d094498586d8d7c5d5f82cc23d31cf94e0291a9ac465c0b5cfa45fda451fa9244fa87d8cc60145cdb99952b07153e3247329b91fe3503b218bcdefd7a227fa7756d39be75f91715c233175ccf85587723d1e930fc8ae6b0d92a5b491a79f91fcde9b7339720b33794eadc1d46e51e6c24279980112e09702e94bac17849dd5b3e218f85767c2bb4956", 0x10001)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4004)
r2 = socket(0xa, 0x5, 0x84)
mmap$auto(0xb, 0x7ffffffffffffffd, 0x0, 0x29b72, r2, 0x3ff)
mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8001)
setresuid$auto(0xd, 0x0, 0x221)
setrlimit$auto(0x6, 0x0)
r3 = getuid()
syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff)
setreuid$auto(r3, r3)
io_uring_setup$auto(0x6, 0x0)
socket(0x22, 0x80002, 0x3)
r4 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x42, 0x0)
exit$auto(0x6)
write$auto(r4, &(0x7f0000000340)='3\x00', 0x6)
setsockopt$auto(0x3, 0x10000000084, 0x7e, 0x0, 0x7)
fsmount$auto(0xffffffffffffffff, 0xfff, 0x7)
bind$auto(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311)
openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000040), 0x101002, 0x0)
setsockopt$auto(r2, 0x10000000084, 0x23, 0x0, 0x8)

3.590960804s ago: executing program 3 (id=1419):
unshare$auto(0x40000080)
move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000)
rt_tgsigqueueinfo$auto(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000100)={@siginfo_0_0={0x6, 0xe, 0x5, @_sigchld={0x0, 0x0, 0x401, 0x5, 0x3}}})
syz_genetlink_get_family_id$auto_ovs_vport(0x0, 0xffffffffffffffff)
open(0x0, 0x2a4c0, 0x40)
execve$auto(0x0, &(0x7f0000000100)=0x0, &(0x7f0000000000)=&(0x7f0000000200)=' ')
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/kernel/sched_rt_period_us\x00', 0x2000, 0x0)
read$auto(r1, 0x0, 0x1ff)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
io_setup$auto(0x7ffe, 0x0)
io_setup$auto(0x7ffe, &(0x7f0000000000))
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptyq5\x00', 0xa40, 0x0)
mlockall$auto(0x7)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x4, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket(0x1e, 0x4, 0x0)
get_robust_list$auto(0x0, 0x0, 0x0)
setsockopt$auto(r2, 0x10f, 0x87, 0x0, 0x14)
setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14)
recvmmsg$auto(0x4, &(0x7f0000000200)={{0x0, 0x4, &(0x7f0000000140)={0x0, 0x4da}, 0x4, 0x0, 0x8, 0x800}, 0x1000}, 0xffffffff, 0x0, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
r3 = socket(0xa, 0x801, 0x84)
getsockopt$auto(r3, 0x84, 0x9, 0x0, &(0x7f0000000280)=0x5000c0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x20342, 0x0)

2.999286389s ago: executing program 0 (id=1422):
mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
socket(0x2, 0x5, 0x2)
bpf$auto(0x0, 0x0, 0xa3)
socket(0x2, 0x801, 0x100)
socket(0x25, 0x1, 0x0)
ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r0 = openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000000), 0x101002, 0x0)
pread64$auto(r0, 0x0, 0x100000, 0x7fff)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000)
openat$auto_nst_seq_fops_netdebug(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
r2 = openat$auto_nst_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000100), 0x20200, 0x0)
read$auto_nst_seq_fops_netdebug(r2, &(0x7f0000000140)=""/246, 0xf6)
io_uring_setup$auto(0x82, 0x0)
unshare$auto(0x9)
socket(0x2, 0x3, 0x2)
setsockopt$auto(0x3, 0x0, 0xc8, 0xfffffffffffffffc, 0x4)

2.672575383s ago: executing program 1 (id=1424):
mmap$auto(0x0, 0xfffffffffffffff8, 0xffffffffffffff9f, 0x40000000eb1, 0x6, 0x13d)
write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0)
pread64$auto(0xffffffffffffffff, 0x0, 0x3ff, 0x9)
move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000)

2.562195746s ago: executing program 0 (id=1425):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x2, 0x3a)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket(0x10, 0x2, 0x4)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0xc)
sendmsg$auto_TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000003740)={&(0x7f0000000000)=ANY=[@ANYBLOB="b1000000", @ANYRES16, @ANYBLOB="01002dbd7000fddbdf25030000"], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x40080)
r3 = socket(0xa, 0x2, 0x73)
r4 = openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000380), 0x400, 0x0)
read$auto_dvb_dvr_fops_dmxdev(r4, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01002dbd7000f9dbdf250100000008000a0008000000050007003b000000080009009c781e01060002000100000008001700", @ANYRES32=r3], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x48080)
syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000040), r1)
close_range$auto(0x2, 0x8, 0x0)
write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef)

2.489255307s ago: executing program 1 (id=1426):
syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$auto_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000b40)={"370127c40b2421bafec713eab74d6e158df075b94202a4492412e23483f7bd45", 0x6, 0x4, 0x9, 0x8000000000000001, 0x7})
r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0)
mmap$auto(0x2000, 0x80009, 0xb, 0x8000000008011, r0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

2.296168069s ago: executing program 0 (id=1428):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto_VHOST_SET_VRING_ERR2(0xffffffffffffffff, 0x4008af22, 0x0)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, 0x0, 0x0)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x100001000000032, 0x0)
r0 = fsopen$auto(0x0, 0x1)
r1 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0x0)
prctl$auto(0x1000000001c, 0x5, 0x100000000, 0x400000000009, 0x3fffffffff)
setreuid$auto(0x0, 0x5)
fcntl$auto(r1, 0x400, 0x1)
openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40342, 0x167)
close_range$auto(0x2, 0x8, 0x0)
fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000640)='/sys/devices/platform/dummy_hcd.1/usb2/bmAttributes\x00', 0x0, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x401bf, 0x7352, 0x43, 0x6, 0x1ffde, 0x7, 0x3, 0x2, 0x9, 0x3, 0x5, 0x4, 0x3000, 0x200, 0x6, 0x10003, 0x83, 0x4000000004, 0x0, 0x7, 0x1ffc, 0x203, 0x400, 0x84}, 0x1fe, 0xd)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000d80), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_ETHTOOL_MSG_PLCA_SET_CFG(r3, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000001040)={0x2c, r2, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@ETHTOOL_A_PLCA_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x20008800)

2.218347377s ago: executing program 1 (id=1429):
r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/ptyt6\x00', 0x0, 0x0) (async)
setreuid$auto(0x3, 0x7)
mmap$auto(0x0, 0x1, 0xe1, 0xeb1, 0x401, 0x8000)
syz_clone3(&(0x7f00000004c0)={0x82000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58)
futex_waitv$auto(&(0x7f0000000300)={0x0, 0x4, 0x2}, 0x1, 0x0, 0x0, 0x0) (async)
openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) (async)
kill$auto(0x1, 0x12) (async)
mmap$auto(0x3a53dc36, 0x6, 0xde, 0x19, 0x401, 0x7) (async)
ioctl$auto_TIOCGETD(r0, 0x5424, 0x0)

1.901057367s ago: executing program 1 (id=1430):
r0 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000002a00)='/sys/kernel/debug/kvm/pages_1g\x00', 0x8001, 0x0)
r1 = socket(0x2, 0x2, 0x0)
bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
r2 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
r3 = openat$auto_force_suspend_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/bluetooth/hci1/force_suspend\x00', 0x121401, 0x0)
write$auto_force_suspend_fops_hci_vhci(r3, 0x0, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(r2, r1, 0x5)
mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x7f, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
r4 = bpf$auto_BPF_LINK_CREATE(0x1c, &(0x7f0000000000)=@raw_tracepoint={0x5, r0, 0x0, 0x100000000}, 0x0)
ioctl$auto_I2C_PEC(r4, 0x708, &(0x7f00000000c0)="2632931bc5833c50994da454cc254df4412c5c0bef0463c8ff2f4818137d7ea693b07cd660a9a4409afe45c6f51a9ec8f6464844885713bfa6dda37b148e3bec662bb8a762bedd060830d447cb6acdc2b4a4db9efff0dd77d06f05248ffb7dfde6fb2b6f612c459e39cd0792e2c751e317e98aabdbea22ff80cbc23acfce3882527351f062ddf09c384bcab5dc08f5327028eb7ac971a5d4e8bd6c9d57076fac47dacaa670f8e52ced31ddb0b9fabc1376397ee301359a0e48d3054b1ddcd67906b68c8fe71edeab4e22e39b32a625f7ff51bbe6f65a202d68d7a7ea5f780024770c9b4a7150f0270fcb1359dd45a9285bc9742c76407d3d443d0a")

1.795917836s ago: executing program 0 (id=1431):
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/mountinfo\x00', 0xe0000, 0x0)
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000001b40)='/dev/cuse\x00', 0x40, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x40000000000002e}, 0x8000040000000001)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)

1.70285791s ago: executing program 32 (id=1372):
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000)
socket(0x2, 0x2, 0x88)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
write$auto(0x3, 0x0, 0xfdf3)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/hci6/force_devcoredump\x00', 0x100, 0x0)
ioctl$auto_BTRFS_IOC_SNAP_DESTROY_V2(r0, 0x5000943f, &(0x7f0000000180)={@inferred=r1, 0x7fffffffffffffff, 0x80000000, @btrfs_ioctl_vol_args_v2_3_0={0x9, &(0x7f0000000100)={0x17f3, 0x401, 0x1, 0x3b9, {0x8, 0x6, 0x0, 0x5, 0x4}, [0x6, 0x3, 0x523e, 0x3, 0x8000000000000001, 0xb0]}}, @subvolid=0x8})
mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000001040), 0xffffffffffffffff)
sendmsg$auto_GTP_CMD_GETPDP(r2, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000001100)={&(0x7f0000001080)={0x14, r3, 0x1, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x24040814)
r4 = pipe$auto(&(0x7f0000000040))
r5 = setfsgid$auto(0xee01)
setresgid$auto(r5, 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000680)='/dev/v4l-subdev5\x00', 0x20281, 0x0)
ioctl$auto(r7, 0x40085618, r6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
capget$auto(0x0, 0xfffffffffffffffe)
capset$auto(0x0, &(0x7f0000000100)={0x1ff, 0xfff, 0x1000})
r8 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/kernel/seccomp/actions_logged\x00', 0x8202, 0x0)
sendfile$auto(r8, r8, 0x0, 0x1048)
fsconfig$auto_FSCONFIG_SET_FD(r4, 0x5, &(0x7f00000010c0)='\x00', &(0x7f0000001100), r5)
fsconfig$auto_FSCONFIG_SET_PATH(r2, 0x3, &(0x7f0000000040)='/sys/kernel/debug/bluetooth/hci6/force_devcoredump\x00', &(0x7f0000001180)="33ab555295ada294629f68635eceb5cb213dc987a3d04822035c9f9635e61fc5027661f611ec1fc5788c291cd935ea2d447d7691c8b54bb7899dcafa09f47a0c73ce239c5e8ff59f604a6de70435b3ca822e08325396448e3e8873238f7f0359d1cd6a03ad011d0dcd47ef392d0a136c7c81eeea63c10bae906eb98fb99628bc203d13282f0c09b047aed055f6c7eee882a838cd4037279a1156d03b4858a5060a31b2db18b30ef365305c8b00f10493b522240f0782314afab1d1b2ae5ebf616b9bfc396173aa0cbb56ffdae89b78076ae6", r5)
madvise$auto(0x0, 0x200007, 0x19)
io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x4002, 0x6, 0x4, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0xf, 0x29f, 0x1, 0x7f, 0x101, 0x4000006, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x104, 0x8, 0x100000000}})
syz_clone(0x5086000, 0x0, 0xffffff27, 0x0, 0x0, 0x0)

1.668067796s ago: executing program 3 (id=1433):
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
socket(0x1f, 0x5, 0x3a)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x38d400, 0x0)
r0 = semctl$auto_GETPID(0xe, 0x2, 0xb, 0x1)
prctl$auto(0x3e, 0x1, r0, 0x1, 0x0)
msync$auto(0x0, 0x2000000005, 0x6)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/i8042/serio0/description\x00', 0x20000, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000001c00)=""/4111, 0x100f)
socket(0xa, 0x3, 0x3b)
socket(0x10, 0x2, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0x6, 0x8000)
userfaultfd$auto(0x1)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
socket(0xa, 0x801, 0x84)
socket(0xd, 0x800, 0x810001)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1, 0x1, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x801, 0x84)
socket(0x2, 0x801, 0x106)
io_uring_setup$auto(0x5, 0x0)
socket(0xa, 0x2, 0x0)
socket(0xa, 0x2, 0x3a)
io_uring_setup$auto(0x600000, 0x0)
r2 = socket(0xa, 0x2, 0x88)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
bpf$auto(0x0, &(0x7f0000000000)=@link_update={r2, @new_prog_fd=0x4, 0x4, @old_prog_fd=r2}, 0xa3)
bpf$auto(0x4, &(0x7f0000000040)=@query={@target_ifindex, 0x7, 0x6, 0x9, 0x9, @prog_cnt=0x4, 0x0, 0x80000000, 0xc, 0x9, 0xffffffffffffff66}, 0x7)

1.619399193s ago: executing program 0 (id=1434):
r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x6)
unshare$auto(0x40000080)
r1 = socket(0x10, 0x3, 0x208f)
bind$auto(r1, &(0x7f0000000080)=@generic={0x29, "ffffff0b000000000000000700"}, 0x13)
socket(0x15, 0x800, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r3 = prctl$auto(0x3e, 0x1, 0x0, 0x0, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
r4 = prctl$auto(0x19, 0x3, 0x0, 0x384, 0x6cfa)
r5 = waitid$auto_P_PIDFD(0x3, r4, &(0x7f0000000240)={@_si_pad}, 0x31d6, &(0x7f00000003c0)={{0x9, 0xf}, {0x7, 0x9}, 0x7f, 0x9, 0xa14, 0x0, 0x2, 0x4010000, 0x6d7b, 0x0, 0x0, 0x5, 0x0, 0x670f, 0x0, 0x6f})
sendmsg$auto_ETHTOOL_MSG_RSS_GET(r4, &(0x7f0000000280)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYRES64=r3, @ANYRES16=0x0, @ANYRESOCT=r5, @ANYRES8=r3], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x20004080)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000005800), r3)
syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e</\xfd\x9b\xe4\x99G\xeaS\x9a\xadu(:\x94:\xaf\x06c=3>1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5)
r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/workqueue/parameters/default_affinity_scope\x00', 0x1a9242, 0x0)
sendfile$auto(r6, r6, 0x0, 0x46)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x20000000001eb1, 0x401, 0x8000)
r7 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x1, 0x0)
mmap$auto(0xffffffffffbffff9, 0x4, 0x9, 0x90, r3, 0x20000000002)
tgkill$auto(0x0, 0x1, 0x1)
clone$auto(0x100000000021, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x4)
openat$auto_full_fops_mem(0xffffffffffffff9c, &(0x7f0000000040), 0x10000, 0x0)
r8 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$auto_PPPIOCSPASS(r8, 0x40107447, &(0x7f0000000080)={0x6, 0x0})
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r9 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$auto_VHOST_SET_OWNER(r9, 0xaf01, 0x5)
ioctl$auto(r7, 0xc004af08, r9)
ioctl$auto_PPPIOCSPASS(r8, 0x40107447, &(0x7f0000000380)={0x8009, &(0x7f0000000040)={0x12, 0x3, 0x1, @inferred=r4}})

1.430527461s ago: executing program 1 (id=1435):
socket(0x10, 0x4, 0xa)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x2, 0x15)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1000afd003a5394e965231da1bd312e7af6d67d09340d0a4bd7805e18ac78f35cb77d1029c69e7270148078c13a91f6dff64055ad11608f0fb"], 0x1ac}, 0x1, 0x0, 0x0, 0x22004840}, 0x4001)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000080)='/proc/kpageflags\x00', 0x2, 0x0)
readv$auto(0x3, &(0x7f00000000c0)={0x0, 0x101d0}, 0x400)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram11\x00', 0x14be02, 0x0)
syz_clone3(0x0, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/system/cpu/cpu0/topology/physical_package_id\x00', 0x8c00, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000100)=""/4096, 0x1000)
preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/can/rcvlist_sff\x00', 0x100, 0x0)

1.135354316s ago: executing program 3 (id=1436):
r0 = socket(0xa, 0x1, 0x100)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x8000)
openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0)
r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/conf/dummy0/forwarding\x00', 0x202, 0x0)
sendfile$auto(r4, r3, 0x0, 0x48)
select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x3fdafc9, 0x7, 0xd, 0x1, 0x9487, 0x3, 0x15f4da0a, 0x3, 0x3, 0x66, 0x8000001f, 0x7, 0x6d3e, 0xc, 0x2, 0x6]}, 0x0)
r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0)
writev$auto(r5, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3)
r6 = socket(0x18, 0x5, 0x1)
connect$auto(r6, &(0x7f0000000000)=@in={0x2, 0x100}, 0x3a)
socket(0x28, 0x1, 0x0)
connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710, @my=0x1}, 0x55)
r7 = syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f0000000240), r0)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f00000006c0), 0x2202, 0x0)
sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(r6, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x14, r7, 0x100, 0x70bd25, 0x25dfdbfc, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x30004850)
msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r8 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0)
ioctl$auto_TCSBRKP2(r8, 0x5425, 0x0)
ioctl$auto_userfaultfd_dev_fops_userfaultfd(r2, 0x0, &(0x7f0000000180)="dc100debc7fd2c4fa89d950e1933e53f8a7a4ce5ce731ee4a3e31a7b62979e93c11e0853962e1f52fca001d62735f7a14fa942a74a70f490f73180a5b476885471f52edabde6ea5d51ad5c1e7a750984447a64bb9ff1d3a7")
r9 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00')
ioctl$auto(r8, 0x6, r9)

664.452804ms ago: executing program 1 (id=1437):
mmap$auto(0x0, 0x0, 0xc00000072, 0xfffffffffffffff7, 0x1000000002, 0x8000)
r0 = io_uring_setup$auto(0x86, 0x0)
prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x6)
socket(0x28, 0x4, 0xffffffc0)
r1 = prctl$auto(0x42, 0x23, 0x0, 0x1, 0x2)
ustat$auto(0x12, &(0x7f0000000340)={0x2, 0x80, "417acc60693d"})
write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nlctrl(0x0, 0xffffffffffffffff)
socket(0x15, 0x5, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
socket(0xa, 0x5, 0x0)
splice$auto(r0, &(0x7f0000000200)=0x2, 0xffffffffffffffff, &(0x7f0000000240)=0x9, 0x4dc0000000000000, 0x2)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000540)='/sys/devices/virtual/net/bond0/queues/tx-9/xps_rxqs\x00', 0x1a1842, 0x0)
sendmsg$auto_TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f00000079c0)={0x0, 0x0, &(0x7f0000007980)={&(0x7f0000000040)=ANY=[@ANYBLOB="ff7e64c2", @ANYRES16=0x0, @ANYBLOB="01002cbd7000ffdbdf250f0000000c00078008000200", @ANYRES32=0xee00, @ANYBLOB], 0x20}, 0x1, 0x0, 0x0, 0x40010}, 0x2)
lstat$auto(&(0x7f0000000040)='./file0\x00', &(0x7f0000000580)={0x80000000, 0x1, 0xffffffffffffff00, 0x5e7a, <r2=>0x0, 0xffffffffffffffff, 0x0, 0x7, 0x2, 0x9, 0x100, 0x0, 0xb4c, 0x5811, 0x6, 0x4, 0x9})
r3 = syz_clone(0x20a08200, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$auto(0x10, r3, 0x4, 0x8000040006)
sendmsg$auto_TIPC_NL_BEARER_ENABLE(r1, &(0x7f0000000700)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000180)={&(0x7f0000000840)=ANY=[@ANYBLOB="b8000000", @ANYRES16=0x0, @ANYBLOB="200028bd7000fbdbdf2503000000a40007800f90bbd07f258620a2eea07a5a79fa58e3fa8aca631e7b0e53e364817a4934495dcb56852fe69996fd432e413584f50f88cc02f6e2ff37ef008270f3d219b3eb54f12873ad94f14e3226b0756a56289ac2ae5c855e11f38977e9cee5bf01c8fb30a6d15c8bb76a9454a4b35113b3a6d3c846592bbbaef7a5190cad684dce2111e036314414009c8008000b00", @ANYRES32=r2, @ANYBLOB="040053800400758008003000de7e09cb1951b0e7c0629d83718edaac743c8fb0c4748943ba6e4285729acf79d3f5332c3537d98c38ed68e00991b8a184f15f1448453a86697fcd1374bdd5dce26c757bf99498286e69cfe2", @ANYRES32=r3, @ANYBLOB], 0xb8}, 0x1, 0x0, 0x0, 0x4000000}, 0x40084)
unshare$auto(0x40000080)
r4 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff)
msgctl$auto_MSG_INFO(0x8, 0xc, &(0x7f00000004c0)={{0x1, 0x0, 0x0, 0x9, 0x5c, 0x4, 0xffff}, &(0x7f0000000440)=0xf8, &(0x7f0000000480)=0x6, 0x2, 0x4, 0xfffffffffffffff8, 0xd3, 0x5, 0xb, 0x101, 0x7, @inferred, @inferred=0xffffffffffffffff})
sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="34ed35f1", @ANYRES16=r6, @ANYBLOB], 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x4040000)
write$auto_console_fops_tty_io(r4, &(0x7f0000000e00)="51426572911c17e9dd66bf94ea32689283bb895dbc0a97721ed6e250c974356905898b7d48acecddf280cf6dd4ba18c1aa3928071c6585025ceab0e2f34f37ddec138ea587fc4def825608b0ab2a6ecac42062bd3c58ba606307b7471b20a40ffa168b91dde4727571c4ec94bfbde1df90ccb265ffda374c98ffb1ee22069af38a3f200532dbbe5e98f4455170e9a137517b9b7b8840359940ab00f37125c2bec0ac36606b6c69edb35967d723fb81a15faea2bd280d1581ad1ef597bb4dc09f6a5d53aaff1877b77c4e425761dc09d34498c1fce72c0ba1041a99b8748a37597b9567cda1de2cbf6962798e5ee11bf7cb2c70a9502f33c43b8e5dc54de743a2e24cb94c22d669b434888a7ce4cb16cd77b324258e07af32adc0cb38f8c622085783f6804edc3913fb9e98c55713fa0bf8101ad0f6f43407ce4be0001d1bb201bec283ade79ab23484c1076e703864629ac9a6031533dc956f705f89f0e0ef7d3109e46859d1f2ad1b8cb3cfcedf868a3be101e8b9acd75e39e6a27a541aa9fe86ad3119b7049c3fad2a901222eb948cabb4b5c3e5ba6ffc02a15bf7d550b00ab0f3dd3002924f7bd0701269ae293c4cb231b9127d1f6b38dd6fbb3429905384eed7eed9330a9c5e732bdd510169d9ca3e420ea2102be3770a0ab598c037b8f01e8910cf8b0942aafb156ac90724cf552df158a7f59c26e62f3fcf32d860c2259cb1b3118a773ff3cfbaf9c5b068dade5cd7778f1ea98700629b62534735fef3071c30afa6ea26f7e651ec140936c07d9e90f1c9faef3e05376b1e121af6a6691616c10e19fd4f16b1858b44d99e597908cda0e8fa8c21d8b700987d7723a4b5a4ff3c371f2d1cb9fb2f054abc58727239ba67a173f1431083fedc7c4304488c13c75e4995a58ac9de085377356ddc5338aeb44e7f3d06f82a5e0c846159c881a0395a3dbf32a9f2530a520721431a752b13b01a89bdf2b38387b72e8a533936623ec396f6ef94ddfcca047bf20a6fe450a03dedb36a57355e2519ff579b5c63095f48407ece8a7c6c4f5b2582616f0a6bba059810c0a28355fb08dceec9e290026452c3135f8ad93f9617f22e590122d43f6fdc1ea0f9ec12c551b5127108443bb081f7a89660034ea4f3c4305108428cc91918dbb28c2a117f09609e40903b13055e92a727afa767b1f97df335ee729686c0113e4cc18aa50f4ad82b1d403cc6c11ac3bf63415560417d7d488df01b69c925ca3fce60ca7ac767fd11df61caf62f3ab67dad043faf1cc334903e0f419c2e97553ecaad5814bf097192e76e9a16bc5c9be932718aba32cd7dbcc6bc634a463c6f709cc81963b39442e710c14c7e107b0aeb7b6a0e3f3757860d10dd741863277c43ce4dcec49f4558959b08f59182baf4f250aa045fee383ceaec280817bf222dfbeeca8c1ec8473176326c1ffd49ea072b5f3c73f36865b6052a1595c1bb76cfe37f976848fbcb408381ddeff9c318a2e6bbfe6c18ef16531fec3c47874a5391238c0d6b0e033db3fce94127cc9c98a4211e5d873f7b4810846d96be2d6cac532fce0ddee737e4d1ddb65b8b2449984a897e4090449ed4fb4006fb9d133e51396d4664a3f0c395c5b24781f8389979ccb565c6461b66db7134d15cff5ae8f935a5bcb23caace2edd2b37a726575e3cb0528de05edd9f03e30feb617767b6a557280a0a288b52af44a1607b6063867e5c9d8d56c44968fd509b5983fa06e6b1eefb2f8cee0c1cb49b8b569cf13b77adbc22ce972cd718167ac571ee41a446d13931f849d5636c729996b36ec84171fde260a4e01e9770cf687591a79833ae6473c51e12c0faab96ef093e6178d485526dbf775c94324c76bd4af2652e9036b1cc0d3df05c9232ee6eef7c4f46a6cf8ad160ad087aba6928bf156bf3ade1d135a965c4a2b283485737da67fe99227f2fbfb3baa74d75fe29122adfd82fcb9325b7ea826a52559654e76d494a374d9535facfcd4ab248e388c516bb8a0dc151b1557e418fd7c625c67ab1c50d6f05b97ba15c55631aeea44b21131aa93ead176f7bfd1418856e28782f004f272738827a64bb695f6b6a08cff8d1917be52a8851bd2bfd57d08bb0660e2ffc23792a419c2e9b006e3b0ad05044d99b97391fd2cceb86cf26acebe089a861340b04fd01e1baa70583032a30ea2e605217b80f7ee16d7e28be43d12bb2b67937dd26a8aeb84fef2f2d52f75232a400e7b279dcfc01953b0c46203477a50b5853e8f7b14b2ba31db742504bca6ed95b18846706c9fd85bf2a3a2642029b9ff2828bf0f7cbd96109a237961be8fe5c62f0fcc04c994f123f4a22f048403eac9308cfd2f2e4350c72e9ef83416ce973d3aa90d281a0275886dd3858b5869784ae58e257aa5af6d373dcc9cf520e364be748833adbb10daa6f6a334b51d27529d86ea5ce874562f9f93da45d244224b936fced3b658abbe7aa1f0d502fffce823f528ab47ea3540722f144733666229ae08cfc7e61247742ea4e3c180938ae7c7b81c1ee975c831f79672e044cefc49894c2ab73bba2580ac476cc0e56b6748b8edbb37a3f8dda7ffad4ec07abce7c4d10fc32e40d5a9db37f7b1e3a6eabedbefa9dd8eef189b92363d3391d384af26b7d47958d3d82845c9b668da5bcbd64058dc9e1c6d903ab5d2aa049d197116a11309a1abe9e5b3f9e7f1c623242b1d8089bc369d145a7070e8a9bdf543dbffe899ff9366009a3b0424a634681b530dad9ef23f136a10c7287068e57f3c2de45adf0a105c328e0035b97168f4c17aa4610b2e6e1a6ba0b71c06417b7a9497be4a009b19d7162adfd4d7b6490faf3782a920281333ad09b848ab5f4d15534b8c4e43dc9604b0630f8d349b2c80a98fde04693c31cbed7d460edfc0138dcc5d3974e682bbd555ac19625bf6e0607d8803391ec9c2dc41fc4e8bceae4f53507137324dd02914a067d52a577b812ddac4a34765c26a98839b3edb6290abff0c75991d6f8c1bd7540f38a7f25fec2f3539f894c938e1f3cf0ff1e6994d6a6ecc457a482f045ba712a85e8e31afd49c8e3480dc1c36d56ab2eceac6e5a847455d8ef4e3d45cd463c421bd1bce2ca57dd88f0e7ab3446cdfa8cb3914c240936f1738af7009e9131b240b59af55d7e38307b91fc8f00410cfdcfacaa341607a801afa63640091eb00b860700ea882878a8d9838f5597b970366be7d167ddebfe3c9253b5dbf7f30a67ee4d87dccb3c723c20200aa5fc036caf12811b19ce49c81ce328d7b24587353ecb99bafd327e33303cf447b36800d1bed8ee10df527d55c0d5f7506fb11cb1338074113579e665c6f3cffde5a8ee98a7bf3f8157986cf7c1c5dbdedaacbe3946b3d8809dec7387f006c062b93b6b481a806e5544ddeea7218fcc15c25a88164bfd0735e6290167cb2dbf4b4a317ba00b1fc27d203a6cff71ef8fe97a97d8e07af2ce1d0a0a2aa9ede7dd0572325075c83c2ecf866aa01654eff55ebe4e489e72152e6a3090e2348732704eb02997ffd23a63faabfbbbd1fb124cab606faed24a393058cea1c1286001ee5c0c1fa26b6a81ebdd4718a94cebdb45bfe812c771df398d3305da03d37ced9d0242b6da212dc9f5c14d7ff999bee20f6621792d1442e449eba8589a823e5e99c65fdffbaefe89e2e32406ec4cf574e335e2d288e4cdad56f4b1b57c364ed3e28809e480d6f410c7ebf43bd2a605d6a8c9facae6b7f8f2c56f792ae21fc0cc5dd9beae0cab3547ebb5467183c2f01bc315bd7bd191088886752dc5108093bdbc91348743440130f33d3dfa9c25490245e5fa904f8660e82253c826b7bea4e9a7a1c627e10c56d71878a644bd176016f29cf5398be14cc0fdec45c65e2b967aedb75212eed1eb05a44da62190009d1c08163b74813b82c27f1e6cd681a4b5150f967444b7bc930da68603fd706e96ba8663b2e50ef0a9b04e321a8a337b08fea7288a3fef5062c7e4c17ad3d490870d39c10b78a74eab25c993527e313a4f59d86de55aa9a8a63f734c2db556692fe993b0cd08e0ab5434c9ec02d5127354f55e6b5d5a7b61685d02edae21ece71d203abf7408211229a9ebbfdeffa2c0f38db274066d0706d80398c172e6daf4a0dce62c2287cbf0d30cfa313d7baf4e5caa18f594f0ab0d854f3cef76ff83e96fa49d0e0f8a47193b51a0a45aee2e1d9a5b372b8ee828f645a06979ec351d798480c7824e846028c02f58b5641acbae1e2079abd86182a662bb1642c9346d7fba628fb012da293acef33b8b76a8885c2e5d685348b6148c5b44409f58d8d5f29344fe8a2e4c2432ae622bb1912ea65d5574bff895025bd72cd780d59cbaa0886afd5d6676d2de6266903115525c075cc3f75ce9eba3787a890e1f758f0e502c4c9c0538dc942cf4e2d69742edeeddb66b1d459fcf6f744b2c40111104ab21fd4e99b4477e25cc5a9af59108c8b2f569d4ba227c754f294fdc1e6b383fd89861a203f4d4ee33814aeb21ee411a0d6918533aa2450b1e35c97ab6f01f3829c8a4c33fe0fbc81dd579bbdb44eda4f335d2bc512ca7f38f603c29033c94df2c9533f4422432f574a021e90a0fe3a4cf54", 0xcb6)
socket(0x8, 0x2, 0x1)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
process_madvise$auto_MADV_GUARD_INSTALL(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000380)="eef23fc90067aa2fdccd989e29b584572416c0feee3240a47f8f221b4a404187cccdcc39cbebf20354d0b8db41ea35d448c3f450afcd795441029706828c7ea46d2db14d63f2733a16aaac8d55a5a5d812ad8f33523bd67e05d2f417111f889ed50f33a7e508802188a5d9aef9cc0370cdafe375d281abad8086afe41087066f33a0", 0x8}, 0x1, 0x66, 0x4)

17.132553ms ago: executing program 0 (id=1438):
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
r0 = socket(0x23, 0x2, 0x0)
move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000)
ioctl$auto(r0, 0x89ef, 0x74)
openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/mountinfo\x00', 0xe0000, 0x0)
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000001b40)='/dev/cuse\x00', 0x40, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x40000000000002e}, 0x8000040000000001)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'veth0_vlan\x00', <r2=>0x0})
rseq$auto(&(0x7f00000001c0)={0x0, 0x9, 0x2, 0xffff, 0x0, 0x101, "6b4758983b6b11981f94527b5e"}, 0x6, 0x5, 0x8)
sendmsg$auto_ETHTOOL_MSG_EEE_GET(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000126bd7000ffdbdf25178008000100", @ANYRES32=r2, @ANYBLOB="14000200776732000000000000000000000000001400020070696d72656700000000000000000000080003003095627d1400020064766d727031000000000000000000001400020069703665727370616e30000000000000"], 0x78}, 0x1, 0x0, 0x0, 0x8011}, 0x44004)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, r3, 0x8000)
r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000240), r1)
sendmsg$auto_NL80211_CMD_DEL_MPATH(r3, &(0x7f0000000940)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x90600021}, 0xc, &(0x7f0000000900)={&(0x7f0000000280)={0x664, r4, 0x2, 0x70bd29, 0x25dfdbfc, {}, [@NL80211_ATTR_IE_ASSOC_RESP={0x63f, 0x80, "713142ea9ec37dd5cad9c2766bfbf52f70931be3a1ea67a86ca4874d588569b21cf7293cc0cbe1ba935bb600e9a07cb3fb78f560c5f162847841855ae426abbecae17ed7024d33adf1d75fd76b43b9ac2b64c37544732e73bf48379b22c55c1e0c5967b93980cfeb90a133d6fcff7edb1040ada3f5c44e1cd33873b16a59e43c3dc53ad4426808bebdc62c07831ce1874eabeee7441ce57bd62c908aa7853ab77cd7e9f1ce1a75fd58c89d576e4bda293c1bc68b9776b266c3c1513b3427cab753492d332df938c3432b2ebc6f3190ed89fe09d29e6d51a3fbb7b38e545cacae46289ae9897c942b7f0e44e56541477dc33db5b6e56b26efe85361afe761d3121e42722a9ba522c05f58b39f933a266103fc8ba7df1fe813d5315aa4dd580e1ebfbdeb4800a146e23a3abd974378aa5bb47e10809dcc9885448917d718b35233e1b55e01b1f2a69bd74477e43c7ea70de87824a84973f70b05733a739d7ffcb5c299f3fd8309543fbcab316dbadabc09bbbb7f4ac1de153c3f6135ef74c9f2159170780de2f1a9cbbef3b0f36992c25c1bc5c2ff608bd347cc123f1d54422f11604fa2d12d191ab88af1db0c237bddfe93f12cce24fb0bdd6acde4c9ce7b3317724bc43914fc8b4da6da39380b31aff80ca60f306af285af4d28630c10de0bd10903f207bfe9a39f9370d685bcbdc764c58dd197b6ae03ab877233b736e3df8c8314503344f8cf41ebf4f786bf34eec07ad2897f923530da98467168a4105fccaa15c3431e6447644fd2208a043d4def0e6813c3777bff0a8af5e03a1c698eaef61743d00939327aa5ca3b94e3c8016cb27bd9905b4953a8ba557a74de1640193e2a63c26cc748c1e4c7eaa66e92af6c48de7c94e7ebb1c1e444f98af3248cd801e4f83f16a299a897f6621f90f07cee8e87d03eff4475220d444e941914508d3d9a9cc54c9339c41f2ceaaa600def5a7623c4e6445b8cda01c18cfed2809ae958faab664ef3e79b7f9da3e1c94c5744571fefbafe63195e861a8ca391ef6decbd477b519873b042757a2fe628f265597cf7eb3624a5657acc24fa7d0bf775443baf7ea0b12bac5c7324c9a202110d1ba7499fe7aaf65f92033c2f2bae8aeb420aa806b678cbf87305c603e19a35fee9cbb4e762b07008431b026174e7b0eb9417a8529c3f0ba67e19ceda457b63e651ebabce283c2f281bcd077922f5b6da1fae25a575367e09b3016df50eae04784315c9d242e255db1ef23f6cc8fe7cb16e2a33277d362dcdecfca1db3d039d7f41571164950caf28de31afcd7ad3e2245ea3ed888230a6e04d6784288b13c02138066143e638439f3e38599f882a5cc3b2f4692048ef999a4885332e47d88e8a55a5d8456c45643026fdb48d18aabb62e8b4d02dd1aba82fd752360ef536544b89b18046dbdd6cbb7d55b59784295804c6a91ec9184f3e5eef6ba8301ef9e8f50835687da39bbc09172958ee981d36287f676c83b4e43644066d3d743a5d5e82f8e819d871a9fe7b469c68d313bfa50607ecbdbca74b54109cb3f2871e32af15b121e83f084b43b72df04d8511295bf069653cdf12200b71130fc58d3956e47755f238a438aa6658a1f973d6991f0dd12358d80df1a72ab92af113ca70054c6bc0d73df79ef8353758e1dddbf7a6914c75599ae26ecf3e29cea86c43b143d44fd7d97c7de4cb844f9aa3e1f906a153d95f636924afae8105830623ff0d1bdac90c9170fe0733a15b7f8c7fbd226c65668b3a9e185c0fde0cc81d5fd41e0827a9f16f840e2c1621ca3d1ba0cb270a87e189234e45936f1630daa9405ff89219b27ae96e040d73db185fb1f8a6029f93d24e03e1cecc96825888b5cd39b8e5747a809e56268218fd94ca21f9e0062aca4b4040646b71e45941f0c0cb4ffb0624ff82ffd8f4e14cb0cedcc0ae709315a7f35060a088f134f89f2b52baef8822367798b205248a09809e75503ff03cc3412681fef9ee1d03a3da5e67fc5470ce1df69dd7403abd61af6dd42d5287b121f1e0836829da36aa9eb45126bb23575b8ce2382127c21f9ef85af7d5228f39671df4fefd7ef2b362d537510898f0a70b1996ef2935ab060489a0f7c373ebfe8acc49f340b8ed3535018d572068bcc0bfeba6be9c9f34240b37bd3e77eadaa7012d854cdef8073fd3f66e31c1432bdee82bbfe7ea66357ed70e55693349c88a5455cca6e40ab7f4a60e249e93df407f9029e97826494e1430c7a9553d42e5"}, @NL80211_ATTR_TXQ_LIMIT={0x8, 0x10a, 0x5}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x6}]}, 0x664}}, 0x8040)

0s ago: executing program 3 (id=1439):
r0 = socket(0x11, 0x80003, 0x300)
r1 = openat$auto_suspend_stats_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x440, 0x0)
pread64$auto(r0, &(0x7f00000000c0)='/dev/nvme-fabrics\x00', 0x10, 0xfffefffffffff72f)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/queues/tx-9/xps_rxqs\x00', 0x1a1842, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, 0x0, 0x100, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000003c0)=""/192, 0xc0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3)
syz_clone3(&(0x7f0000000400)={0x9840100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58)
mmap$auto(0x0, 0xfffffffffffffd6d, 0x2, 0xeb0, r1, 0x8000)
madvise$auto(0x0, 0x200007, 0x19)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
msgctl$auto_IPC_SET(0xf592, 0x1, &(0x7f00000009c0)={{0x9, 0x0, 0x0, 0x1ff, 0x8, 0x1, 0x1}, &(0x7f0000000940)=0x77, &(0x7f0000000980)=0x8, 0x3, 0x9, 0x200, 0x4e7, 0x8001, 0x7a, 0x2, 0x0, @raw=0x2, @raw=0x8})
r3 = socket(0x11, 0x80003, 0x200300)
setsockopt$auto(r3, 0x107, 0x18, 0x0, 0x9)
sendmsg$auto_NL80211_CMD_UPDATE_FT_IES(r2, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000001a00)=ANY=[@ANYBLOB="4c150000", @ANYRES16=0x0, @ANYBLOB="000427bd7000fcdbdf2560000000e9002d80200020800c004a0002000000000000000c004800f9ffffffffffffff04000f8008009000ac1414aa9c8119f02047909df2988a2d1d3b733947e88f8f952cbe4e6c45dc0e642702c4df0389e767578e4c4fef89d27d4fe994350cf280e57dd16d6b3c8ca065812bf28d0f801543b86bbad41b041ec1b398115a43b2f3bdfe0193cb5bb4795f3f2cac825a7801e70102a55998d3ad1da720fa1ba5dcc81c60bed8c2575942adb6629f609c49a345546927b0fd688a750192d96da6796131239eee324a92fe040d5c3a0aa95963d23ab082eba0484923264235c2b0c19b003f2c9979d6e957e4000000040067000500c200070000000500a20000000000f5131180cd53f7674395c0b9a50b0efbe4ff64bc7e9fe6d4543288b7ab3552654c00a2800400a480240002002f7379732f6b65726e656c2f64656275672f73757370656e645f73746174730008005300", @ANYRES32=0x0, @ANYBLOB="04009f8014006500ff0200000000000000000000000000017cf1bc83b3d55dbe110ad14c13acde3f3cfcec08a8b3b82a641f1d10ae243a3007541d6d14758db68ae6f3a1184c5715d8f760a078239f6f9f8d0808b0f3a8fe51fafce938b244a2950b9f1586ee08128f1f56aa6c5b39d66ebf581f37d2fe0fc9c8839bdc21a8c4346a6d53221c3efb643778481bdf23da2c6cfb2cfae06d15f1f2708a70bbac48f204a0e7eb4e8552d0ac4299d0c376dbe98575d31df04cfbc6936c820bec65ae1982c9cbd5d477355116e5abee00e87ff063e72f5a48e3669017c4e2467a2bf4400c219f75be4ae3313dc405000000d800229f62d1b8536517369639d64ed853efd16da7b7d46c638322a41000a6800c0044000000000000000000a301e28092bbb34b86759efa742abadad26d57a8aa9aa90bcc717385b893a1795ce1ccc30270bcaf93eb0d875489c94f6fa75921dd2b97e376e62bbbd63c4ea0fc86ce11fbdf9554a6e42eaabb3fbf23d0b23a1936fb46295808004c00e00000010400af0008003c000000000000000000000053e9abfe2534ec0725645d45a25ccea2a2ab25b7523ef3b4e9167ad71347e2300207411f8b14116e8615487210f3917efe69ed0af1ff44550b391456be5ac61837534f4a22db4e044a4149b9f24fd325e29e9eb7a1356b8c530792887762e944f5dc30ee83912e4bd3bcb26ba05829e4bee1b067b24f9af10c3db46877e0c3dab96c3142d0706083a16fcb14dae7849884cafa58f1f3e5824cf9f0f80497405a61bc80e9ceae1229b950dce2693a22d24e2b930bdf7e2ec17ca4ad624b404d4123b609325c3190375e3c40f01cd2966c9ebe4716dfad5aee57a253e769bfe7f90048cecffff79cc47ec938e1f295669c8e18af551bae3ba52d3e4637b3c6547baecca8f324fb34f83591b6530d3ae16123951ece7b8ae055c560d539e914fc0ab7952365def4caf32a24d10a2d9c895d183005b22e2226bdf93721e437fdb7c929ab302167905354b13b61df9275d004fcd33e8bfe848db498c7595256dd7179ccb8cdb92abc77ed1aea469f184dcadb604b240784701264f8412aca5f482f52dea34200"/808, @ANYRES32=0x0, @ANYBLOB="23c72f978c6bfcbed441d9bd39b6bc45da27323f91f06c4df4ad886b964aba5166e68ab98e907c827c6ffcd0e65f560f0b78536b1765e187276829c5b5c058a669808d2a6bc57b9a9b3841e399b29737f129a60d9370bc6169a40133596b2319bb7924b64cb83715499b9742f12b295dfac21812ed89eba0001e3d524fd9d696782ae5a237916e3dc90e6da6962a4acbbf055a3c2fad1aeed69ba0e16af588ccab4bf9fc38b2b0ea25d95562fab676ae2fe707a389df4f98b73c7da056882d0ae67590135bc9d156c23b6cf44fa584c4f14070c883c1b7879ca05ff83608ad9db6fcaf9582f9d820068fdd27709b89036f77cab99e15c5a96effbc0099af3c97b54ad98b1e13934c3d205ce35ae8c20800f800", @ANYRES32=r3, @ANYBLOB="0400128004007b8000d61002800400fe8008003e000200000076a297fcd44fa651e79a8a32b6f87b2d8ef3267860ec1ef7aa642d145940ae0256c5ed44fd5f49e6561bc2ac52fcdb866e90b70ed1b8bdd5a7868a98776c0596a36667c7ad15815d6b819736881f80539b170dd35cc019fcbcd104606edc0dbb0c42343951f6090169116d2a32684a0b6564aa5d9c3b9ed3700ce4212a02507bf12360528dc6dadbdb8e8337df81b5262a5fbb748fb4c4a5b4f276c4967740a401f5a66ccb4d5d68e0aee61444fe54c658b6c6033b02720d0a7c1380fd5305bffa991932e6a106ac65a2615cf2be7bea3cc30199de1878f8c65dc6e5ae0e3d699a24a7963c693e8e14fc6f1be03ae97bd3a30335c44d02acb7ab15b103add98a545aa68db71974c30777909f04564e3b960e435c2b17cc6f865f5ca095cbd9d4913462167efe82082ed866d743d12172cc2b82b554437b19745e2aa5ea25317539080fd0438a7597dc5d633a3780ddd4066126be38b9a41240426aa2fab0040c4600ee8c91cc12c2b769b903a46d13d2e92768beb90df6dd6acea86b59dda2e79e62af2c0d9758d09d1b49e57cdf874268202fd90622fcd207231dd3b4f2934d8d9fddce6fb2ce4376ca6452b56aabc169ec9d9f24c1ed2b1270c00d4c494ee4816de0b1ab073adbafb3ae0bdf66a13130135daef5a8b156cc4472737aa7d3bc25da7e5121948879b846b55c425706fbf5dfecf339afcd33a9724d20603aa3f2bca8974b4da25e3b8662c3b26319445458a650baabf2ab17b87edd2b1414da30cf0c6ff39fc3c082829839f3273916b22463febbd49e81f206516c0881987352a835f22e366b75ce3073622d0a9744ff31f27e0f8f5e6ad6ced717c1f34d5954779e5dfb0ddf0b8badcb74219b76dd93ff6c794e79b0c4bc26e47d124353706998d66c651e03f34df92d7bfb6735641077557181e5cb6dff5727b3c15282762aa9d0e8dcef877f67539e5aa6f235452e649b723a8f89ae8a157a2bd22ec325b7049d26ee952dc2563c809af3759654b4492bcb7dec49daabe893d4d80e2fe292549065eb75cf848ce54f7c51f530cdfe1be14e0d06e5393d6b2e0a4bd383fc08f09b4bb7409718aee29086911eb401fca883acd34dbfb069b799e2c00569d93fee72d9375bb19f11b91adad0e990fe16f4d0a64e0b18bb86e0497de70164a3b0d6ccfa3a24122c96ee756c4d436a1446f5ab6ab77c38182d7a452566dae4219859d78035290321724e5f771b174289f063bafb8912d94e91ea096b0aec744b6fc86282f84dfcb8f2948cbbc1e465c63c941a8cc0a89a1c68ac23d2652099ab9e198725b50b5a624a5dba61ea4130577d8ccf8e2196939ac0aabe415556f7418b2f53280407a14b65f4ce7dd04042960fdf6c5cdffc8c0b2c25e5ebf3d0177df316f858d914441977c6317851b895714ab3836a6b0d72a18caf02233043887d5b9df9afbec0d429af07cf81c0b67f4565f48d3a6f782ec32b1ea39dd3da6d99826a893457db889a5f1c65a5c227a79a09524b20cee00c086b562c8e5477bd4c24f07222c7e2949174cc95a5c03f0860988fc2bf34eaf246d6083c96cc88e65dd1ef8df7b859da739e8f3df888801f387a3faa922b28d41adaf02b8b8b30f17359fcd2ad9b4dd25cd12a24fc9343022670d2c61d5696ceeebe4301953c5a57b76e728649c22c1e684cdc0f50dcfc6498dc909897b41375313121747b55389b84ce1beaca9b01a11e478b1fe0dccb348a41f8a8a2a2b5cb5d714a72e1c123b0ab2fe54bd27ae2efda0459a0e053293528f54888793da48144719f79f3cad42ec01a1b9c6059f38cdaf52a0aa9156589b7e2f710333e476e5f3e2933a2b084dc3649031a7cd09d3a84ffabb89613692f21e2ae360621a0b53383f3f13eb3f1093aee99b736969d6599edbad27d838545bc68053f8029ad1cd1fda2d6e179433b105033da7a00cb02a028678fcdb58189e306549b6144770a442b3872fefef1595f26ec18e1eedcc7e6d4f4cafc741b2f08672aa220b9b308583c1aa70cfef7e7b3fd3ccd014269c365dd34b04ed8a76f9dad19dd3dc5fb444be39201752bc01efdf2b310cdc0b835e87f9098909398c28be8891774dc7450330951f729cc5116a453a37aa1ef9e6dbdf1fe0533c527e9ec404a720c7b15fe5886282c0600ecd4d3427d6e3d859807cba12b016434fa2cab4de9a9bef6ec8d4c84b46c5f000ca715e73520153ae093d4530da703e2f21aeb16b560fa785da867a9e596ac662be72238da060f1b66ba2cfab46b43f7496254ee72042343083ff148f0de03c10b02a15a61b4fe40fed7cbd9cd249798f888a104de6e4af22e8e2dbfcb0462a8221a0c4d9088f23ccd126a6091de3425a58c62b1720de6c2fbe4323c00821f73326853f9d94c6a034d457d25d2c0674c06587f42c0fc01eb34af9a6e19cb7dd6bf05408d3b109597a06fe3db208b8af64bf9983c9c453bf695d20fd8ab1c24c1840b1b87bb36b2c1afd0215d2e4d8a6dcf77867619c1d137be8d2c01f393428e1ddf585fc7933438997d4b34967809036584b063da152351fbc938ed16a7569dcf7ffac737b444bf970bd4d8a394482a3497e80d90d8c2ca053d051fc5ee6827929d4ad16288dbdd6837adc14ac5e9d59c53dd6bc05443b39caa2bcc74a83617260a7d6f8ad25d16d0e2341c5399f3684ac3e5996a95f346af5d15f50c6fd41b742fd1a51f5a3ee72db38ed8776118ccd743fcba8497aa93f201955d52cf92252fdf7bfc68a9a3842794d2ed0e7d05a4b9eed159385a76181f1f421ffcb439aa8716a9b31c3afcccedd5d701fde680fe5fa20b94289c550da2e49a1b4e1e897c4faa2084547e3318bd7ba704a3a79040f08c72452adcef65ca080d3c043b4c82548275c2431a033afb246a61b1416ceafdba8c723c05582f7ce561de360ca4ca2162776374a8d6db86e348c986a63aee605b6883deab91b90fca1525cfcd609940d8ea8b8731c76138c32f0324f9b490117fdd94436e03f0dbc0bed5ed50c6d5a96f955adafedadbba684b57cdd9dc3143d157671849c84aa31d66e888b29900105faa1bb980cfd3d984b0239d1052c6366045870519d39b90945d736f24c843b3fa7bd7c193b2104e1ffb4ac995c7db8883cded008cedacc318dcc2cb113f11a75a48330e379b74efebf80f44934c3233281b8721662d2b5b1b94a206608ea3186cf09b1d1bd9221f0d452bfa82442f08b25c93913b402ffdf0b8a786c31bc3a844864c9295df3daa472ddffd6c8752dad4c435bf450638e99592832c2f172bf03e47c883d19cf99e5fc1816ac002f0c3ba9f13a9b09e6bae96bcf4e5ab68befa7ce324ba916c408a312843735a3b3011c64f044c586986ee65c422976788d16f69dea52778a69d6e27f5544ef6532c5a5ad37070fd4fd5a5f35562fe2476acb13e998e1b5d08605678f60a7dd1ddce97f86c3af37c4ad411dea376120637e4638031a70fe0f63bd33d55a73958f9649790653c2c04474fba7aeb70f200acede506f358c05ea2bd8ef834305bbf7a8ad48df4b3c8017e4ad105e0057f18afc16104ce3ae2604e5bdfeaf30c041e2c66e614267432c7afcb24b46b97fb8ca8730f83afc53c35c068c3cfdec6258b68d4b27a9dbfa708adff5ced67299337170e698387e16fbb12f30ec0968f69ad2d77cefbd37065d8de3fdd397b0fa0f43c529be43ef492ddc85ce7569a609b76eb584b6cc20d00aaf63648976e2c7ec0dc8fb28689931f509364aa58c676630452868cfbdb1baa80a72283cf062b60f2c1758fd1bd471846d9d6b9eebddc083813d70719c2783aac17182b6b9dc6d8de6b1da68284f46bbbdd829740e2c770c69649644115751613d0d2fc921243f8002ea3d42ceb3f3a06e002b806d1b849cf31f0bf3c6d0ca289a945daf5e1bce2f5bf8aea7fa8ad3397d557ce82287d15d1dee621a78cd354b5fcdeef3c5e6330cc61df6062ece808e5d7fdea1fff342cc26730f7dd71b05129e18480a092aad8649d102ffbadabf6427d9dea55fdabbce0694a37840ba9489de76e0fa2639deff85045e3bf97f18c3efbfe4c22647592e4234505f777d030d30cc64da0fd2023b63a939dd2b954a2e0e8a17e75776b990512b76477bc48d825897cf93cdbf3a57b2f42c4d4c45eed47794682445170eb63e3842f2ee567f8b6b2886d75e2a38771f70d53ea3d7c09a7eda24953af1120130e7ce4f686d14dd441cbe75c637a2ff89805b242e63cedbcb13efaf1e7613a4c2c89fda79c5b3d8adb85f50d68cfddc07be32f58cb896aaae9ffbdd1005e8ebfc3578357ba9c297e6ce63671f93b834db64267534f9cb44bf1cf1c45e498bb2a31f870c69e18ed4f359277d68ff135d9af4d37ea36310ff3e6707db5d0ee6953ef729d23ae75ad748c4ea3cb5b7dc36ca1ca4f05bfed0996f8c65802af67bb1b5f375a0a34cab83b0a1fb2b7b95f023a5732c9b4bcb406f03bcf952b6723ac8c8bec0e3b91605d50df448fe59f0ba2b0147c3beb582c04ea19973d90cc45a0d2f2fe3e97442937cb86567ffd54f16428b57e696e227845c0139ade07d57d1972c9437a15f83e2600de353ab7802ed1fda3c1036e8aa622e038ec24aed2c67e827e25018e5e90bc95df340e011c4853fbc1bb5bbbefb5a216609474b3ea7108f09783fcf1d1063681c2156a5b97d83cf9dd6ada074b255707000427183969021a961a837cc865af851eed622f89dc98eacd05255c05d91ecd51ed99498ed9c067ca6e8aa5f6d8bbb839c1665e72b2e329ded9f145d1e20d83cc5bd1cc49704fa152c372dbd914a30575e803b765df341dfbbf9946f23caf9039f43fb2ece6226a6b4e103a650ddde875bb6f28d53f884a9cbbe7bbe787a3daeeca9a8c905ceb0bfa4b004695a1c9ec59283aa12dbc3ef118d6bdd588d16733cad379e473e6d5886dba75e13f524b5187603adc28f93453066715336a9b1e0ea25cabb1231934e4b50738c0b762cbab5d3228ffa27842adc443f9c5ed4bd836dc62795f7108ab3680f1e94122e76c549fce0a565671e2fffdea6e3a6ddbad23230c68196db7ec4b76c26061d999fa99d2e8608a9269629a1f495d6ab8b62260c419df4990c329c573cbacc2b74363fa5347fb01186c993c4af9c7552e6082a4b7f79267bd0072a6816130abe1fb617a6902cdca07cdbe05e3b916c1778d5f95d5912ee750210965166b85385fdf8ce523b1cbcfa322c0d1b7a239466c7401c458f2703f163f9377bc39df963194fc2f299195f50954c88dd64a51c0349e37c2b3b12be909e9d89d2873e0f19f410c72527d8b334475212dbb366f3195454287211d8ca1ffd585c04014a2a694c7ecfd5331424bbdc5c94860f0f391ecbc4de5439ac3f545424b35ac02da3eee24175e8c5c5fce50d63061b4e95f0cb968a87fee7dd5e0d470e4ac4277ff667894db8b595dc4e8483eb58f0c7a30ea07fb7a3385f797335110ebe1c020d8bcfb754b0195d21afb91e4bfeb80cf869c775a5ac48fc7fbe573205c30bf47ea995b65e245b92252293ffaf94f115b697cd13902617e911b063309e755206735df2727137e8337c1b7c4e80cd76b3cc78b117eadded2bcfa59a864898a4041472f1e272d3a86bf50e3f2f9687150ae7fb0793f17c88bfa5ede6658f61b5049262bd4d8a4adaab66991c83d07d35dc1bad32e4fd24667922f781a66df8c7ccb71d53e732db843914562e18720227b27d08a2e37a2dac8eebdd3a7a8d1c49460378832b5a8a60d7d3cf0b18334630b69d8630f560640d3b4265f9e1c2acb9e5e05ba2fe02859fed908c4eb1458ab690296a37ee8050fe7017c226a96443ae84dd2a7d766aef7beaf24b9e6c507d3ab27630e318b043d1a3fdc6a10a983e4aef992991e525756205a1b2d81587409890552223cbfe12b456f1272bc4215ccd2d54ade1cad6f96a4069e7ed2ee954987d7976281517bedad7fa218ff7fcf75780026cdbe13c642a1d48407977690a1cce53119260ee365a0e9d2815a61abdab981cb58c465ab245edad5670a9eb8346d793fd89eb9b3d2a31d3fe300000000003600fe009ada38972fb511dd4a3f3786aab4d15ba274fedc5b5abd011f2b67cc6c5de4c7277036a80fe6216b266a775b58386645da8900000500a20000000000"], 0x154c}, 0x1, 0x0, 0x0, 0xc001}, 0x24000020)
socketpair$auto(0xff000001, 0x9, 0xa, 0x0)
clone$auto(0x21, 0x1000, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid$auto(0x0, 0x5c5, 0x0, 0x4, 0x0)
openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
r4 = openat$auto_ftrace_avail_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/available_events\x00', 0x0, 0x0)
preadv$auto(r4, &(0x7f0000000100)={&(0x7f0000000040), 0x82}, 0x8, 0xe637, 0x6)
mmap$auto(0x4, 0x2020009, 0x3, 0x7f, 0xffffffffffffffff, 0x1ffffffffffffe)
openat$nci(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)

kernel console output (not intermixed with test programs):

 ? ksys_mmap_pgoff+0x7d/0x5c0
[  304.901358][ T9002]  ? __x64_sys_mmap+0x125/0x190
[  304.901383][ T9002]  ? do_syscall_64+0xcd/0xfa0
[  304.901401][ T9002]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  304.901432][ T9002]  ? policy_nodemask+0xea/0x4e0
[  304.901457][ T9002]  alloc_pages_mpol+0x1fb/0x550
[  304.901482][ T9002]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  304.901512][ T9002]  alloc_pages_noprof+0x131/0x390
[  304.901537][ T9002]  pte_alloc_one+0x1e/0x350
[  304.901558][ T9002]  __pte_alloc+0x6d/0x380
[  304.901579][ T9002]  ? __pfx___pte_alloc+0x10/0x10
[  304.901602][ T9002]  ? do_raw_spin_lock+0x12c/0x2b0
[  304.901633][ T9002]  do_pte_missing+0x282c/0x3ba0
[  304.901661][ T9002]  ? do_raw_spin_unlock+0x172/0x230
[  304.901690][ T9002]  ? _raw_spin_unlock+0x28/0x50
[  304.901715][ T9002]  ? __pmd_alloc+0x64f/0x8b0
[  304.901741][ T9002]  __handle_mm_fault+0x1556/0x2aa0
[  304.901775][ T9002]  ? __pfx___handle_mm_fault+0x10/0x10
[  304.901821][ T9002]  handle_mm_fault+0x589/0xd10
[  304.901854][ T9002]  __get_user_pages+0x54e/0x3530
[  304.901887][ T9002]  ? __pfx___get_user_pages+0x10/0x10
[  304.901918][ T9002]  populate_vma_page_range+0x267/0x3f0
[  304.901945][ T9002]  ? __pfx_populate_vma_page_range+0x10/0x10
[  304.901970][ T9002]  ? __pfx_find_vma_intersection+0x10/0x10
[  304.901994][ T9002]  ? do_mmap+0x69c/0x1210
[  304.902019][ T9002]  __mm_populate+0x1d8/0x380
[  304.902045][ T9002]  ? __pfx___mm_populate+0x10/0x10
[  304.902072][ T9002]  ? up_write+0x1b2/0x520
[  304.902101][ T9002]  vm_mmap_pgoff+0x37f/0x470
[  304.902127][ T9002]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  304.902155][ T9002]  ? __x64_sys_futex+0x1e0/0x4c0
[  304.902179][ T9002]  ? __x64_sys_futex+0x1e9/0x4c0
[  304.902206][ T9002]  ksys_mmap_pgoff+0x7d/0x5c0
[  304.902227][ T9002]  ? xfd_validate_state+0x61/0x180
[  304.902252][ T9002]  ? __pfx_ksys_write+0x10/0x10
[  304.902274][ T9002]  __x64_sys_mmap+0x125/0x190
[  304.902304][ T9002]  do_syscall_64+0xcd/0xfa0
[  304.902325][ T9002]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  304.902344][ T9002] RIP: 0033:0x7f707098eec9
[  304.902359][ T9002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  304.902377][ T9002] RSP: 002b:00007f70717d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  304.902395][ T9002] RAX: ffffffffffffffda RBX: 00007f7070be5fa0 RCX: 00007f707098eec9
[  304.902406][ T9002] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000
[  304.902417][ T9002] RBP: 00007f7070a11f91 R08: ffffffffffffffff R09: 0000000800008000
[  304.902428][ T9002] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000
[  304.902439][ T9002] R13: 00007f7070be6038 R14: 00007f7070be5fa0 R15: 00007ffe10fc9df8
[  304.902462][ T9002]  </TASK>
[  305.300827][    C0] vkms_vblank_simulate: vblank timer overrun
[  305.695697][ T5831] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[  305.708302][ T5831] CPU: 0 UID: 0 PID: 5831 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  305.708327][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  305.708338][ T5831] Call Trace:
[  305.708345][ T5831]  <TASK>
[  305.708351][ T5831]  dump_stack_lvl+0x16c/0x1f0
[  305.708377][ T5831]  dump_header+0x101/0x930
[  305.708410][ T5831]  oom_kill_process+0x272/0xa40
[  305.708443][ T5831]  out_of_memory+0x350/0x1700
[  305.708465][ T5831]  ? __pfx_out_of_memory+0x10/0x10
[  305.708489][ T5831]  mem_cgroup_out_of_memory+0x118/0x130
[  305.708520][ T5831]  ? __pfx_mem_cgroup_out_of_memory+0x10/0x10
[  305.708553][ T5831]  ? do_raw_spin_unlock+0x172/0x230
[  305.708586][ T5831]  try_charge_memcg+0x687/0xd40
[  305.708613][ T5831]  ? __pfx_try_charge_memcg+0x10/0x10
[  305.708640][ T5831]  ? find_held_lock+0x2b/0x80
[  305.708663][ T5831]  charge_memcg+0x8a/0x230
[  305.708685][ T5831]  mem_cgroup_swapin_charge_folio+0xbb/0x440
[  305.708713][ T5831]  __read_swap_cache_async+0x397/0x500
[  305.708735][ T5831]  ? __pfx___read_swap_cache_async+0x10/0x10
[  305.708755][ T5831]  ? __xa_erase+0xee/0x150
[  305.708784][ T5831]  ? __pfx___xa_erase+0x10/0x10
[  305.708810][ T5831]  swap_cluster_readahead+0x528/0x770
[  305.708834][ T5831]  ? __pfx_swap_cluster_readahead+0x10/0x10
[  305.708855][ T5831]  ? move_cluster+0x39d/0x560
[  305.708883][ T5831]  ? __lock_acquire+0x62e/0x1ce0
[  305.708907][ T5831]  ? get_vma_policy+0x242/0x3c0
[  305.708935][ T5831]  swapin_readahead+0x13a/0xd60
[  305.708960][ T5831]  ? __pfx_swapin_readahead+0x10/0x10
[  305.708976][ T5831]  ? swap_cache_get_folio+0x267/0x8e0
[  305.709004][ T5831]  ? swap_cache_get_folio+0x267/0x8e0
[  305.709032][ T5831]  ? swap_cache_get_folio+0x267/0x8e0
[  305.709065][ T5831]  ? swap_cache_get_folio+0x267/0x8e0
[  305.709093][ T5831]  ? swap_cache_get_folio+0x1f/0x8e0
[  305.709121][ T5831]  ? swap_cache_get_folio+0x293/0x8e0
[  305.709151][ T5831]  ? __pfx_swap_cache_get_folio+0x10/0x10
[  305.709179][ T5831]  ? __pfx_get_swap_device+0x10/0x10
[  305.709203][ T5831]  ? do_swap_page+0x125/0x6380
[  305.709230][ T5831]  do_swap_page+0x86c/0x6380
[  305.709264][ T5831]  ? __pfx_do_swap_page+0x10/0x10
[  305.709290][ T5831]  ? __pfx_default_wake_function+0x10/0x10
[  305.709310][ T5831]  ? __lock_acquire+0x62e/0x1ce0
[  305.709338][ T5831]  ? rcu_is_watching+0x12/0xc0
[  305.709357][ T5831]  ? ___pte_offset_map+0x2ad/0x4f0
[  305.709383][ T5831]  __handle_mm_fault+0x17d1/0x2aa0
[  305.709418][ T5831]  ? __pfx___handle_mm_fault+0x10/0x10
[  305.709449][ T5831]  ? lock_vma_under_rcu+0x176/0x530
[  305.709484][ T5831]  ? __pfx_lock_vma_under_rcu+0x10/0x10
[  305.709511][ T5831]  ? get_timespec64+0x136/0x1b0
[  305.709539][ T5831]  handle_mm_fault+0x589/0xd10
[  305.709568][ T5831]  ? trace_raw_output_exceptions+0x141/0x150
[  305.709600][ T5831]  do_user_addr_fault+0x60c/0x1370
[  305.709620][ T5831]  ? rcu_is_watching+0x12/0xc0
[  305.709641][ T5831]  exc_page_fault+0x64/0xc0
[  305.709666][ T5831]  asm_exc_page_fault+0x26/0x30
[  305.709683][ T5831] RIP: 0033:0x7f3de1bc1788
[  305.709699][ T5831] Code: 3c 24 48 89 4c 24 18 e8 f6 54 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 44 89 c7 <48> 89 04 24 e8 4f 55 ff ff 48 8b 04 24 48 83 c4 28 f7 d8 c3 0f 1f
[  305.709716][ T5831] RSP: 002b:00007fffcd1b7440 EFLAGS: 00010293
[  305.709731][ T5831] RAX: 0000000000000000 RBX: 0000000000000220 RCX: 00007f3de1bc1785
[  305.709743][ T5831] RDX: 00007fffcd1b7480 RSI: 0000000000000000 RDI: 0000000000000000
[  305.709754][ T5831] RBP: 00007fffcd1b74ec R08: 0000000000000000 R09: 0000000000000000
[  305.709770][ T5831] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000001388
[  305.709780][ T5831] R13: 00000000000927c0 R14: 000000000004a9a2 R15: 00007fffcd1b7540
[  305.709804][ T5831]  </TASK>
[  305.709811][ T5831] memory: usage 3072kB, limit 3072kB, failcnt 45311
[  306.816649][ T5831] memory+swap: usage 3264kB, limit 9007199254740988kB, failcnt 0
[  306.864844][ T5831] kmem: usage 3048kB, limit 9007199254740988kB, failcnt 0
[  306.903276][ T5831] Memory cgroup stats for /syz2:
[  306.903489][ T5831] cache 0
[  306.932336][ T5831] rss 0
[  306.950577][ T5831] rss_huge 0
[  306.967468][ T5831] shmem 0
[  306.985888][ T5831] mapped_file 0
[  307.011140][ T5831] dirty 0
[  307.026066][ T5831] writeback 0
[  307.047492][ T5831] workingset_refault_anon 5992
[  307.097224][ T5831] workingset_refault_file 9233
[  307.147732][ T5831] swap 196608
[  307.167503][ T5831] swapcached 24576
[  307.184486][ T5831] pgpgin 130393
[  307.206490][ T5831] pgpgout 130573
[  307.224464][ T5831] pgfault 178731
[  307.243172][ T5831] pgmajfault 2004
[  307.270419][ T5831] inactive_anon 8192
[  307.274348][ T5831] active_anon 16384
[  307.324912][ T5831] inactive_file 0
[  307.353954][ T5831] active_file 0
[  307.357454][ T5831] unevictable 0
[  307.379705][ T9022] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7
[  307.408459][ T5831] hierarchical_memory_limit 3145728
[  307.419630][ T5831] hierarchical_memsw_limit 9223372036854771712
[  307.464902][ T5831] total_cache 0
[  307.484213][ T5831] total_rss 0
[  307.487552][ T5831] total_rss_huge 0
[  307.502187][ T5831] total_shmem 0
[  307.537081][ T5831] total_mapped_file 0
[  307.544459][ T5831] total_dirty 0
[  307.586587][ T5831] total_writeback 0
[  307.610921][ T5831] total_workingset_refault_anon 5992
[  307.632756][ T5831] total_workingset_refault_file 9233
[  307.680119][ T5831] total_swap 196608
[  307.683959][ T5831] total_swapcached 24576
[  307.702940][ T5831] total_pgpgin 130393
[  307.713549][ T5831] total_pgpgout 130573
[  307.727477][ T5831] total_pgfault 178731
[  307.741452][ T5831] total_pgmajfault 2004
[  307.755850][ T5831] total_inactive_anon 8192
[  307.776045][ T5831] total_active_anon 16384
[  307.787856][ T5831] total_inactive_file 0
[  307.800747][ T5831] total_active_file 0
[  307.813625][ T5831] total_unevictable 0
[  307.827623][ T5831] anon_cost 0
[  307.837893][ T5831] file_cost 0
[  307.848166][ T5831] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.639,pid=8980,uid=0
[  307.902004][ T5831] Memory cgroup out of memory: Killed process 8980 (syz.2.639) total-vm:169928kB, anon-rss:1168kB, file-rss:22908kB, shmem-rss:0kB, UID:0 pgtables:140kB oom_score_adj:1000
[  310.331454][ T9079] nvme_fabrics: missing parameter 'transport=%s'
[  310.419880][ T9079] nvme_fabrics: missing parameter 'nqn=%s'
[  312.705047][ T9102] sg_write: data in/out 2359516/83 bytes for SCSI command 0x0-- guessing data in;
[  312.705047][ T9102]    program syz.0.660 not setting count and/or reply_len properly
[  315.109602][ T9120] FAULT_INJECTION: forcing a failure.
[  315.109602][ T9120] name failslab, interval 1, probability 0, space 0, times 0
[  315.109644][ T9120] CPU: 0 UID: 0 PID: 9120 Comm: syz.0.671 Not tainted syzkaller #0 PREEMPT(full) 
[  315.109669][ T9120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  315.109680][ T9120] Call Trace:
[  315.109686][ T9120]  <TASK>
[  315.109693][ T9120]  dump_stack_lvl+0x16c/0x1f0
[  315.109717][ T9120]  should_fail_ex+0x512/0x640
[  315.109739][ T9120]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  315.109765][ T9120]  should_failslab+0xc2/0x120
[  315.109790][ T9120]  kmem_cache_alloc_noprof+0x75/0x6e0
[  315.109808][ T9120]  ? skb_clone+0x190/0x3f0
[  315.109834][ T9120]  ? skb_clone+0x190/0x3f0
[  315.109853][ T9120]  skb_clone+0x190/0x3f0
[  315.109874][ T9120]  netlink_deliver_tap+0xabd/0xd30
[  315.109900][ T9120]  netlink_unicast+0x64c/0x870
[  315.109925][ T9120]  ? __pfx_netlink_unicast+0x10/0x10
[  315.109947][ T9120]  ? __pfx___might_resched+0x10/0x10
[  315.109966][ T9120]  ? __lock_acquire+0xb97/0x1ce0
[  315.109997][ T9120]  netlink_sendmsg+0x8c8/0xdd0
[  315.110029][ T9120]  ? __pfx_netlink_sendmsg+0x10/0x10
[  315.110054][ T9120]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  315.110083][ T9120]  ____sys_sendmsg+0xa98/0xc70
[  315.110110][ T9120]  ? copy_msghdr_from_user+0x10a/0x160
[  315.110131][ T9120]  ? __pfx_____sys_sendmsg+0x10/0x10
[  315.110167][ T9120]  ___sys_sendmsg+0x134/0x1d0
[  315.110189][ T9120]  ? __pfx____sys_sendmsg+0x10/0x10
[  315.110235][ T9120]  __sys_sendmsg+0x16d/0x220
[  315.110256][ T9120]  ? __pfx___sys_sendmsg+0x10/0x10
[  315.110291][ T9120]  do_syscall_64+0xcd/0xfa0
[  315.110313][ T9120]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.110331][ T9120] RIP: 0033:0x7fe0da58eec9
[  315.110346][ T9120] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  315.110364][ T9120] RSP: 002b:00007fe0db458038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  315.110382][ T9120] RAX: ffffffffffffffda RBX: 00007fe0da7e5fa0 RCX: 00007fe0da58eec9
[  315.110394][ T9120] RDX: 0000000020000000 RSI: 0000200000000e00 RDI: 0000000000000003
[  315.110404][ T9120] RBP: 00007fe0db458090 R08: 0000000000000000 R09: 0000000000000000
[  315.110415][ T9120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  315.110425][ T9120] R13: 00007fe0da7e6038 R14: 00007fe0da7e5fa0 R15: 00007ffea7798848
[  315.110448][ T9120]  </TASK>
[  316.408386][ T9136] tty tty12: ldisc open failed (-12), clearing slot 11
[  316.538308][ T9139] tty tty12: ldisc open failed (-12), clearing slot 11
[  317.131445][ T9166] netlink: 4 bytes leftover after parsing attributes in process `syz.1.679'.
[  317.194187][ T5832] Bluetooth: hci3: unexpected event 0x14 length: 16 > 6
[  317.234008][ T9168] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8
[  317.303332][ T9171] FAULT_INJECTION: forcing a failure.
[  317.303332][ T9171] name failslab, interval 1, probability 0, space 0, times 0
[  317.365955][ T9171] CPU: 0 UID: 0 PID: 9171 Comm: syz.2.681 Not tainted syzkaller #0 PREEMPT(full) 
[  317.365983][ T9171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  317.365993][ T9171] Call Trace:
[  317.366000][ T9171]  <TASK>
[  317.366007][ T9171]  dump_stack_lvl+0x16c/0x1f0
[  317.366033][ T9171]  should_fail_ex+0x512/0x640
[  317.366055][ T9171]  ? __kmalloc_noprof+0xca/0x880
[  317.366085][ T9171]  should_failslab+0xc2/0x120
[  317.366110][ T9171]  __kmalloc_noprof+0xdd/0x880
[  317.366136][ T9171]  ? __pfx___mutex_trylock_common+0x10/0x10
[  317.366163][ T9171]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  317.366196][ T9171]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  317.366223][ T9171]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  317.366252][ T9171]  ? __mutex_lock+0x1c5/0x1060
[  317.366275][ T9171]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  317.366303][ T9171]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  317.366327][ T9171]  ? rcu_is_watching+0x12/0xc0
[  317.366354][ T9171]  ? bpf_lsm_capable+0x9/0x10
[  317.366377][ T9171]  ? security_capable+0x7e/0x260
[  317.366405][ T9171]  genl_rcv_msg+0x55c/0x800
[  317.366433][ T9171]  ? __pfx_genl_rcv_msg+0x10/0x10
[  317.366458][ T9171]  ? __pfx_smc_pnet_del+0x10/0x10
[  317.366486][ T9171]  netlink_rcv_skb+0x155/0x420
[  317.366508][ T9171]  ? __pfx_genl_rcv_msg+0x10/0x10
[  317.366534][ T9171]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  317.366566][ T9171]  ? netlink_deliver_tap+0x1ae/0xd30
[  317.366590][ T9171]  genl_rcv+0x28/0x40
[  317.366612][ T9171]  netlink_unicast+0x5aa/0x870
[  317.366637][ T9171]  ? __pfx_netlink_unicast+0x10/0x10
[  317.366659][ T9171]  ? __pfx___might_resched+0x10/0x10
[  317.366677][ T9171]  ? __lock_acquire+0xb97/0x1ce0
[  317.366707][ T9171]  netlink_sendmsg+0x8c8/0xdd0
[  317.366733][ T9171]  ? __pfx_netlink_sendmsg+0x10/0x10
[  317.366758][ T9171]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  317.366787][ T9171]  ____sys_sendmsg+0xa98/0xc70
[  317.366814][ T9171]  ? copy_msghdr_from_user+0x10a/0x160
[  317.366835][ T9171]  ? __pfx_____sys_sendmsg+0x10/0x10
[  317.366872][ T9171]  ___sys_sendmsg+0x134/0x1d0
[  317.366900][ T9171]  ? __pfx____sys_sendmsg+0x10/0x10
[  317.366953][ T9171]  __sys_sendmsg+0x16d/0x220
[  317.366974][ T9171]  ? __pfx___sys_sendmsg+0x10/0x10
[  317.367010][ T9171]  do_syscall_64+0xcd/0xfa0
[  317.367032][ T9171]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  317.367050][ T9171] RIP: 0033:0x7f3de1b8eec9
[  317.367065][ T9171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  317.367083][ T9171] RSP: 002b:00007f3de2965038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  317.367101][ T9171] RAX: ffffffffffffffda RBX: 00007f3de1de5fa0 RCX: 00007f3de1b8eec9
[  317.367113][ T9171] RDX: 0000000020000000 RSI: 0000200000000e00 RDI: 0000000000000003
[  317.367123][ T9171] RBP: 00007f3de2965090 R08: 0000000000000000 R09: 0000000000000000
[  317.367134][ T9171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  317.367144][ T9171] R13: 00007f3de1de6038 R14: 00007f3de1de5fa0 R15: 00007fffcd1b7128
[  317.367168][ T9171]  </TASK>
[  319.408597][ T9190] vhci_hcd: invalid port number 16
[  319.845504][ T9197] Setting dangerous option i915.mitigations - tainting kernel
[  319.894373][ T9197] Bad "i915.mitigations=!h��@�S�", 'h��@�S�' is unknown
[  321.834017][ T9208] __vm_enough_memory: pid: 9208, comm: syz.0.689, bytes: 4398046511104 not enough memory for the allocation
[  322.413547][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  322.422679][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  324.348717][ T9257] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9
[  326.424410][ T9259] vivid-007: =================  START STATUS  =================
[  326.526905][ T9259] vivid-007: Generate PTS: true
[  326.567952][ T9259] vivid-007: Generate SCR: true
[  326.637084][ T9259] tpg source WxH: 320x240 (Y'CbCr)
[  326.723417][ T9259] tpg field: 1
[  326.779888][ T9259] tpg crop: (0,0)/320x240
[  326.841620][ T9259] tpg compose: (0,0)/320x240
[  326.928084][ T9259] tpg colorspace: 8
[  327.002482][ T9259] tpg transfer function: 0/0
[  327.100254][ T9259] tpg Y'CbCr encoding: 0/0
[  327.200402][ T9259] tpg quantization: 0/0
[  327.264732][ T9259] tpg RGB range: 0/2
[  327.360913][ T9259] vivid-007: ==================  END STATUS  ==================
[  329.985536][ T9316] netlink: 4 bytes leftover after parsing attributes in process `syz.3.706'.
[  330.241421][ T9324] netlink: 186 bytes leftover after parsing attributes in process `syz.1.704'.
[  333.361785][ T9377] netlink: 'syz.2.717': attribute type 10 has an invalid length.
[  333.465766][ T9380] netlink: 20 bytes leftover after parsing attributes in process `syz.2.717'.
[  334.111128][ T9392] FAULT_INJECTION: forcing a failure.
[  334.111128][ T9392] name failslab, interval 1, probability 0, space 0, times 0
[  334.188123][ T9392] CPU: 0 UID: 0 PID: 9392 Comm: syz.3.721 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  334.188155][ T9392] Tainted: [U]=USER
[  334.188161][ T9392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  334.188171][ T9392] Call Trace:
[  334.188178][ T9392]  <TASK>
[  334.188185][ T9392]  dump_stack_lvl+0x16c/0x1f0
[  334.188210][ T9392]  should_fail_ex+0x512/0x640
[  334.188232][ T9392]  ? __kvmalloc_node_noprof+0x12e/0x9c0
[  334.188256][ T9392]  should_failslab+0xc2/0x120
[  334.188281][ T9392]  __kvmalloc_node_noprof+0x141/0x9c0
[  334.188301][ T9392]  ? __pfx_aa_file_perm+0x10/0x10
[  334.188322][ T9392]  ? seq_read_iter+0x830/0x12d0
[  334.188347][ T9392]  ? __lock_acquire+0xb97/0x1ce0
[  334.188376][ T9392]  ? seq_read_iter+0x830/0x12d0
[  334.188402][ T9392]  seq_read_iter+0x830/0x12d0
[  334.188439][ T9392]  kernfs_fop_read_iter+0x46c/0x610
[  334.188458][ T9392]  ? rw_verify_area+0xcf/0x6c0
[  334.188493][ T9392]  vfs_read+0x8bf/0xcf0
[  334.188515][ T9392]  ? __pfx___mutex_lock+0x10/0x10
[  334.188537][ T9392]  ? __pfx_vfs_read+0x10/0x10
[  334.188570][ T9392]  ksys_read+0x12a/0x250
[  334.188596][ T9392]  ? __pfx_ksys_read+0x10/0x10
[  334.188622][ T9392]  do_syscall_64+0xcd/0xfa0
[  334.188643][ T9392]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.188661][ T9392] RIP: 0033:0x7ff732d8eec9
[  334.188677][ T9392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  334.188694][ T9392] RSP: 002b:00007ff733bed038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  334.188712][ T9392] RAX: ffffffffffffffda RBX: 00007ff732fe5fa0 RCX: 00007ff732d8eec9
[  334.188723][ T9392] RDX: 0000000000001005 RSI: 0000200000000300 RDI: 0000000000000003
[  334.188734][ T9392] RBP: 00007ff733bed090 R08: 0000000000000000 R09: 0000000000000000
[  334.188744][ T9392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  334.188755][ T9392] R13: 00007ff732fe6038 R14: 00007ff732fe5fa0 R15: 00007ffff3302df8
[  334.188782][ T9392]  </TASK>
[  335.304833][ T9406] FAULT_INJECTION: forcing a failure.
[  335.304833][ T9406] name failslab, interval 1, probability 0, space 0, times 0
[  335.423352][ T9406] CPU: 0 UID: 0 PID: 9406 Comm: syz.1.724 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  335.423385][ T9406] Tainted: [U]=USER
[  335.423391][ T9406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  335.423401][ T9406] Call Trace:
[  335.423408][ T9406]  <TASK>
[  335.423415][ T9406]  dump_stack_lvl+0x16c/0x1f0
[  335.423441][ T9406]  should_fail_ex+0x512/0x640
[  335.423463][ T9406]  ? __kmalloc_noprof+0xca/0x880
[  335.423493][ T9406]  should_failslab+0xc2/0x120
[  335.423517][ T9406]  __kmalloc_noprof+0xdd/0x880
[  335.423553][ T9406]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  335.423586][ T9406]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  335.423614][ T9406]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  335.423642][ T9406]  ? kfree_skbmem+0x1a4/0x1f0
[  335.423670][ T9406]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  335.423698][ T9406]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  335.423731][ T9406]  ? bpf_lsm_capable+0x9/0x10
[  335.423754][ T9406]  ? security_capable+0x7e/0x260
[  335.423778][ T9406]  ? ns_capable+0xd7/0x110
[  335.423800][ T9406]  genl_rcv_msg+0x55c/0x800
[  335.423827][ T9406]  ? __pfx_genl_rcv_msg+0x10/0x10
[  335.423854][ T9406]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[  335.423884][ T9406]  netlink_rcv_skb+0x155/0x420
[  335.423906][ T9406]  ? __pfx_genl_rcv_msg+0x10/0x10
[  335.423932][ T9406]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  335.423963][ T9406]  ? netlink_deliver_tap+0x1ae/0xd30
[  335.423987][ T9406]  genl_rcv+0x28/0x40
[  335.424009][ T9406]  netlink_unicast+0x5aa/0x870
[  335.424035][ T9406]  ? __pfx_netlink_unicast+0x10/0x10
[  335.424065][ T9406]  netlink_sendmsg+0x8c8/0xdd0
[  335.424091][ T9406]  ? __pfx_netlink_sendmsg+0x10/0x10
[  335.424116][ T9406]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  335.424145][ T9406]  ____sys_sendmsg+0xa98/0xc70
[  335.424172][ T9406]  ? copy_msghdr_from_user+0x10a/0x160
[  335.424193][ T9406]  ? __pfx_____sys_sendmsg+0x10/0x10
[  335.424229][ T9406]  ___sys_sendmsg+0x134/0x1d0
[  335.424251][ T9406]  ? __pfx____sys_sendmsg+0x10/0x10
[  335.424299][ T9406]  __sys_sendmsg+0x16d/0x220
[  335.424320][ T9406]  ? __pfx___sys_sendmsg+0x10/0x10
[  335.424355][ T9406]  do_syscall_64+0xcd/0xfa0
[  335.424381][ T9406]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.424400][ T9406] RIP: 0033:0x7f707098eec9
[  335.424415][ T9406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  335.424433][ T9406] RSP: 002b:00007f70717d4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  335.424451][ T9406] RAX: ffffffffffffffda RBX: 00007f7070be5fa0 RCX: 00007f707098eec9
[  335.424463][ T9406] RDX: 0000000004040000 RSI: 00002000000002c0 RDI: 0000000000000003
[  335.424474][ T9406] RBP: 00007f70717d4090 R08: 0000000000000000 R09: 0000000000000000
[  335.424484][ T9406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  335.424495][ T9406] R13: 00007f7070be6038 R14: 00007f7070be5fa0 R15: 00007ffe10fc9df8
[  335.424519][ T9406]  </TASK>
[  336.327386][ T9421] sg_write: data in/out 2359516/83 bytes for SCSI command 0x0-- guessing data in;
[  336.327386][ T9421]    program syz.3.726 not setting count and/or reply_len properly
[  336.903325][ T5832] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  336.911641][ T5832] Bluetooth: hci1: ACL packet for unknown connection handle 0
[  339.051248][ T9474] FAULT_INJECTION: forcing a failure.
[  339.051248][ T9474] name failslab, interval 1, probability 0, space 0, times 0
[  339.112494][ T9474] CPU: 0 UID: 0 PID: 9474 Comm: syz.1.738 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  339.112534][ T9474] Tainted: [U]=USER
[  339.112541][ T9474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  339.112552][ T9474] Call Trace:
[  339.112558][ T9474]  <TASK>
[  339.112565][ T9474]  dump_stack_lvl+0x16c/0x1f0
[  339.112589][ T9474]  should_fail_ex+0x512/0x640
[  339.112611][ T9474]  ? __kmalloc_noprof+0xca/0x880
[  339.112642][ T9474]  should_failslab+0xc2/0x120
[  339.112666][ T9474]  __kmalloc_noprof+0xdd/0x880
[  339.112695][ T9474]  ? ethnl_default_set_doit+0x170/0x9d0
[  339.112721][ T9474]  ? ethnl_default_set_doit+0x170/0x9d0
[  339.112740][ T9474]  ethnl_default_set_doit+0x170/0x9d0
[  339.112764][ T9474]  genl_family_rcv_msg_doit+0x206/0x2f0
[  339.112793][ T9474]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  339.112826][ T9474]  ? bpf_lsm_capable+0x9/0x10
[  339.112849][ T9474]  ? security_capable+0x7e/0x260
[  339.112874][ T9474]  ? ns_capable+0xd7/0x110
[  339.112895][ T9474]  genl_rcv_msg+0x55c/0x800
[  339.112923][ T9474]  ? __pfx_genl_rcv_msg+0x10/0x10
[  339.112949][ T9474]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[  339.112978][ T9474]  netlink_rcv_skb+0x155/0x420
[  339.113000][ T9474]  ? __pfx_genl_rcv_msg+0x10/0x10
[  339.113027][ T9474]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  339.113058][ T9474]  ? netlink_deliver_tap+0x1ae/0xd30
[  339.113082][ T9474]  genl_rcv+0x28/0x40
[  339.113104][ T9474]  netlink_unicast+0x5aa/0x870
[  339.113129][ T9474]  ? __pfx_netlink_unicast+0x10/0x10
[  339.113160][ T9474]  netlink_sendmsg+0x8c8/0xdd0
[  339.113185][ T9474]  ? __pfx_netlink_sendmsg+0x10/0x10
[  339.113210][ T9474]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  339.113239][ T9474]  ____sys_sendmsg+0xa98/0xc70
[  339.113266][ T9474]  ? copy_msghdr_from_user+0x10a/0x160
[  339.113287][ T9474]  ? __pfx_____sys_sendmsg+0x10/0x10
[  339.113324][ T9474]  ___sys_sendmsg+0x134/0x1d0
[  339.113346][ T9474]  ? __pfx____sys_sendmsg+0x10/0x10
[  339.113392][ T9474]  __sys_sendmsg+0x16d/0x220
[  339.113414][ T9474]  ? __pfx___sys_sendmsg+0x10/0x10
[  339.113448][ T9474]  do_syscall_64+0xcd/0xfa0
[  339.113470][ T9474]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.113488][ T9474] RIP: 0033:0x7f707098eec9
[  339.113508][ T9474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  339.113525][ T9474] RSP: 002b:00007f70717d4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  339.113549][ T9474] RAX: ffffffffffffffda RBX: 00007f7070be5fa0 RCX: 00007f707098eec9
[  339.113560][ T9474] RDX: 0000000004040000 RSI: 00002000000002c0 RDI: 0000000000000003
[  339.113571][ T9474] RBP: 00007f70717d4090 R08: 0000000000000000 R09: 0000000000000000
[  339.113582][ T9474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  339.113592][ T9474] R13: 00007f7070be6038 R14: 00007f7070be5fa0 R15: 00007ffe10fc9df8
[  339.113616][ T9474]  </TASK>
[  340.175851][ T9482] sg_write: data in/out 2359516/83 bytes for SCSI command 0x0-- guessing data in;
[  340.175851][ T9482]    program syz.3.739 not setting count and/or reply_len properly
[  341.943262][ T9523] delete_channel: no stack
[  342.027790][ T9523] delete_channel: no stack
[  343.788928][ T9564] sg_write: data in/out 2359516/83 bytes for SCSI command 0x0-- guessing data in;
[  343.788928][ T9564]    program syz.0.750 not setting count and/or reply_len properly
[  344.121941][ T9592] netlink: 8 bytes leftover after parsing attributes in process `syz.2.757'.
[  344.279629][ T9596] usb usb34: usbfs: process 9596 (syz.1.759) did not claim interface 0 before use
[  344.336132][   T30] audit: type=1800 audit(4294967376.930:7): pid=9596 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.759" name="lu_gp_id" dev="configfs" ino=25921 res=0 errno=0
[  344.385938][ T9601] sctp: Changing rto_alpha or rto_beta may lead to suboptimal rtt/srtt estimations!
[  346.725727][   T30] audit: type=1326 audit(4294967379.300:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9645 comm="syz.2.767" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3de1b8eec9 code=0x0
[  346.860726][ T9654] rtc_cmos 00:00: Alarms can be up to one day in the future
[  347.267425][ T1211] rtc_cmos 00:00: Alarms can be up to one day in the future
[  347.308788][ T1211] rtc_cmos 00:00: Alarms can be up to one day in the future
[  347.345932][ T1211] rtc_cmos 00:00: Alarms can be up to one day in the future
[  347.392675][ T1211] rtc_cmos 00:00: Alarms can be up to one day in the future
[  347.442481][ T1211] rtc rtc0: __rtc_set_alarm: err=-22
[  347.612232][ T9669] netlink: 8 bytes leftover after parsing attributes in process `syz.2.773'.
[  347.656854][ T9669] netlink: 8 bytes leftover after parsing attributes in process `syz.2.773'.
[  347.851021][   T30] audit: type=1804 audit(4294967380.450:9): pid=9673 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.774" name="/newroot/197/file0" dev="tmpfs" ino=1036 res=1 errno=0
[  347.932299][ T9673] netlink: 8 bytes leftover after parsing attributes in process `syz.3.774'.
[  348.089630][ T9676] : entered promiscuous mode
[  348.457984][ T9684] random: crng reseeded on system resumption
[  357.538385][ T9818] net_ratelimit: 59 callbacks suppressed
[  357.538403][ T9818] netlink: zone id is out of range
[  357.604587][ T9815] netlink: set zone limit has 8 unknown bytes
[  357.748952][ T9819] HfR: entered promiscuous mode
[  357.774909][ T9818] netlink: del zone limit has 4 unknown bytes
[  359.805252][ T9851] zswap: compressor  not available
[  360.101665][ T9857] FAULT_INJECTION: forcing a failure.
[  360.101665][ T9857] name failslab, interval 1, probability 0, space 0, times 0
[  360.280312][ T9857] CPU: 0 UID: 0 PID: 9857 Comm: syz.0.813 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  360.280346][ T9857] Tainted: [U]=USER
[  360.280352][ T9857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  360.280363][ T9857] Call Trace:
[  360.280370][ T9857]  <TASK>
[  360.280377][ T9857]  dump_stack_lvl+0x16c/0x1f0
[  360.280404][ T9857]  should_fail_ex+0x512/0x640
[  360.280426][ T9857]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  360.280454][ T9857]  should_failslab+0xc2/0x120
[  360.280478][ T9857]  kmem_cache_alloc_noprof+0x75/0x6e0
[  360.280497][ T9857]  ? prepare_creds+0x2c/0x7d0
[  360.280528][ T9857]  ? prepare_creds+0x2c/0x7d0
[  360.280554][ T9857]  prepare_creds+0x2c/0x7d0
[  360.280583][ T9857]  keyctl_set_reqkey_keyring+0x8e/0x1c0
[  360.280611][ T9857]  __do_sys_keyctl+0x6d/0x590
[  360.280637][ T9857]  do_syscall_64+0xcd/0xfa0
[  360.280659][ T9857]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.280678][ T9857] RIP: 0033:0x7fe0da58eec9
[  360.280694][ T9857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  360.280712][ T9857] RSP: 002b:00007fe0db3f5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  360.280730][ T9857] RAX: ffffffffffffffda RBX: 00007fe0da7e6270 RCX: 00007fe0da58eec9
[  360.280742][ T9857] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000000e
[  360.280752][ T9857] RBP: 00007fe0da611f91 R08: 0000000000000008 R09: 0000000000000000
[  360.280764][ T9857] R10: 0000000000005eaf R11: 0000000000000246 R12: 0000000000000000
[  360.280774][ T9857] R13: 00007fe0da7e6308 R14: 00007fe0da7e6270 R15: 00007ffea7798848
[  360.280797][ T9857]  </TASK>
[  366.857880][ T9938] netlink: 16 bytes leftover after parsing attributes in process `syz.3.830'.
[  366.987989][ T9932] input: jJǸ-���9�%v����l��Q�	J86�� as /devices/virtual/input/input10
[  367.006211][ T9940] netlink: 16 bytes leftover after parsing attributes in process `syz.3.830'.
[  367.076799][ T9947] netlink: 16 bytes leftover after parsing attributes in process `syz.3.830'.
[  367.147595][ T9953] Process accounting resumed
[  367.280656][ T9949] netlink: 16 bytes leftover after parsing attributes in process `syz.3.830'.
[  369.952837][ T9985] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE�r��҄y�*�"�l-���y–��
[  371.170874][T10005] FAULT_INJECTION: forcing a failure.
[  371.170874][T10005] name failslab, interval 1, probability 0, space 0, times 0
[  371.302697][T10016] FAULT_INJECTION: forcing a failure.
[  371.302697][T10016] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  371.357239][T10016] CPU: 0 UID: 0 PID: 10016 Comm: syz.1.846 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  371.357270][T10016] Tainted: [U]=USER
[  371.357275][T10016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  371.357287][T10016] Call Trace:
[  371.357293][T10016]  <TASK>
[  371.357300][T10016]  dump_stack_lvl+0x16c/0x1f0
[  371.357326][T10016]  should_fail_ex+0x512/0x640
[  371.357352][T10016]  should_fail_alloc_page+0xe7/0x130
[  371.357378][T10016]  prepare_alloc_pages+0x3c2/0x610
[  371.357402][T10016]  ? stack_depot_save_flags+0x29/0x9c0
[  371.357427][T10016]  __alloc_frozen_pages_noprof+0x18b/0x2470
[  371.357447][T10016]  ? kasan_save_stack+0x33/0x60
[  371.357467][T10016]  ? kasan_save_track+0x14/0x30
[  371.357486][T10016]  ? __kasan_slab_alloc+0x89/0x90
[  371.357506][T10016]  ? kmem_cache_alloc_noprof+0x250/0x6e0
[  371.357522][T10016]  ? ptlock_alloc+0x1f/0x70
[  371.357547][T10016]  ? pte_alloc_one+0x84/0x350
[  371.357566][T10016]  ? __pte_alloc+0x6d/0x380
[  371.357585][T10016]  ? walk_pgd_range+0xb84/0x1f50
[  371.357606][T10016]  ? __walk_page_range+0x163/0x820
[  371.357623][T10016]  ? walk_page_range_mm+0x461/0xb40
[  371.357647][T10016]  ? madvise_vma_behavior+0xa54/0x2d50
[  371.357671][T10016]  ? madvise_walk_vmas+0x31f/0x9c0
[  371.357694][T10016]  ? madvise_do_behavior+0x1e2/0x530
[  371.357718][T10016]  ? do_madvise+0x176/0x240
[  371.357740][T10016]  ? __x64_sys_madvise+0xa9/0x110
[  371.357764][T10016]  ? do_syscall_64+0xcd/0xfa0
[  371.357782][T10016]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  371.357802][T10016]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  371.357825][T10016]  ? look_up_lock_class+0x59/0x150
[  371.357853][T10016]  ? __lock_acquire+0xb97/0x1ce0
[  371.357877][T10016]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  371.357909][T10016]  ? policy_nodemask+0xea/0x4e0
[  371.357935][T10016]  alloc_pages_mpol+0x1fb/0x550
[  371.357959][T10016]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  371.357983][T10016]  ? do_raw_spin_lock+0x12c/0x2b0
[  371.358011][T10016]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  371.358043][T10016]  alloc_pages_noprof+0x131/0x390
[  371.358068][T10016]  pte_alloc_one+0x1e/0x350
[  371.358089][T10016]  __pte_alloc+0x6d/0x380
[  371.358109][T10016]  ? __pfx___pte_alloc+0x10/0x10
[  371.358131][T10016]  ? walk_pgd_range+0x13b4/0x1f50
[  371.358153][T10016]  walk_pgd_range+0xb84/0x1f50
[  371.358175][T10016]  ? __pfx_guard_install_set_pte+0x10/0x10
[  371.358198][T10016]  ? __pfx_guard_install_pte_entry+0x10/0x10
[  371.358224][T10016]  ? __pfx_guard_install_set_pte+0x10/0x10
[  371.358251][T10016]  ? __pfx_guard_install_set_pte+0x10/0x10
[  371.358274][T10016]  ? __pfx_guard_install_set_pte+0x10/0x10
[  371.358299][T10016]  ? __pfx_walk_pgd_range+0x10/0x10
[  371.358324][T10016]  __walk_page_range+0x163/0x820
[  371.358345][T10016]  ? find_vma+0xbf/0x140
[  371.358365][T10016]  ? __pfx_find_vma+0x10/0x10
[  371.358387][T10016]  ? walk_page_test+0x9b/0x180
[  371.358407][T10016]  walk_page_range_mm+0x461/0xb40
[  371.358430][T10016]  ? __pfx_walk_page_range_mm+0x10/0x10
[  371.358448][T10016]  ? finish_task_switch.isra.0+0x221/0xc10
[  371.358478][T10016]  madvise_vma_behavior+0xa54/0x2d50
[  371.358507][T10016]  ? mas_prev_setup.constprop.0+0xb6/0x9d0
[  371.358534][T10016]  ? __pfx_madvise_vma_behavior+0x10/0x10
[  371.358560][T10016]  ? mas_prev+0x9b/0xf0
[  371.358581][T10016]  ? __pfx_mas_prev+0x10/0x10
[  371.358607][T10016]  ? find_vma_prev+0xd3/0x150
[  371.358636][T10016]  ? find_held_lock+0x2b/0x80
[  371.358654][T10016]  ? __pfx_find_vma_prev+0x10/0x10
[  371.358684][T10016]  ? __futex_wait+0x24b/0x2f0
[  371.358717][T10016]  madvise_walk_vmas+0x31f/0x9c0
[  371.358746][T10016]  ? __pfx_madvise_walk_vmas+0x10/0x10
[  371.358778][T10016]  madvise_do_behavior+0x1e2/0x530
[  371.358803][T10016]  ? futex_private_hash_put+0x18a/0x300
[  371.358827][T10016]  ? __pfx_madvise_do_behavior+0x10/0x10
[  371.358854][T10016]  ? down_read+0x13d/0x480
[  371.358888][T10016]  do_madvise+0x176/0x240
[  371.358912][T10016]  ? __pfx_do_madvise+0x10/0x10
[  371.358937][T10016]  ? do_futex+0x122/0x350
[  371.358965][T10016]  ? handle_mm_fault+0x2ab/0xd10
[  371.359001][T10016]  ? xfd_validate_state+0x61/0x180
[  371.359032][T10016]  __x64_sys_madvise+0xa9/0x110
[  371.359057][T10016]  ? lockdep_hardirqs_on+0x7c/0x110
[  371.359076][T10016]  do_syscall_64+0xcd/0xfa0
[  371.359097][T10016]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  371.359115][T10016] RIP: 0033:0x7f707098eec9
[  371.359131][T10016] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  371.359148][T10016] RSP: 002b:00007f7071792038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[  371.359166][T10016] RAX: ffffffffffffffda RBX: 00007f7070be6180 RCX: 00007f707098eec9
[  371.359178][T10016] RDX: 0000000000000066 RSI: 0000000002021000 RDI: 0000000000000000
[  371.359189][T10016] RBP: 00007f7070a11f91 R08: 0000000000000000 R09: 0000000000000000
[  371.359199][T10016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  371.359210][T10016] R13: 00007f7070be6218 R14: 00007f7070be6180 R15: 00007ffe10fc9df8
[  371.359234][T10016]  </TASK>
[  371.850869][T10002] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  371.858380][T10002] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  371.864486][T10002] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  371.870578][T10002] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  371.962882][T10005] CPU: 0 UID: 0 PID: 10005 Comm: syz.0.843 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  371.962915][T10005] Tainted: [U]=USER
[  371.962921][T10005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  371.962932][T10005] Call Trace:
[  371.962938][T10005]  <TASK>
[  371.962946][T10005]  dump_stack_lvl+0x16c/0x1f0
[  371.962971][T10005]  should_fail_ex+0x512/0x640
[  371.962993][T10005]  ? __kmalloc_cache_noprof+0x5f/0x780
[  371.963027][T10005]  should_failslab+0xc2/0x120
[  371.963052][T10005]  __kmalloc_cache_noprof+0x72/0x780
[  371.963080][T10005]  ? net_alloc_generic+0x1e/0x70
[  371.963101][T10005]  ? copy_net_ns+0xe9/0x690
[  371.963123][T10005]  ? copy_net_ns+0x136/0x690
[  371.963149][T10005]  ? copy_net_ns+0x136/0x690
[  371.963172][T10005]  copy_net_ns+0x136/0x690
[  371.963195][T10005]  ? copy_cgroup_ns+0x71/0x6b0
[  371.963219][T10005]  create_new_namespaces+0x3ea/0xa90
[  371.963244][T10005]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  371.963267][T10005]  ksys_unshare+0x45b/0xa40
[  371.963293][T10005]  ? __pfx_ksys_unshare+0x10/0x10
[  371.963319][T10005]  ? syscall_user_dispatch+0x78/0x140
[  371.963353][T10005]  __x64_sys_unshare+0x31/0x40
[  371.963377][T10005]  do_syscall_64+0xcd/0xfa0
[  371.963399][T10005]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  371.963424][T10005] RIP: 0033:0x7fe0da58eec9
[  371.963440][T10005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  371.963458][T10005] RSP: 002b:00007fe0db416038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  371.963476][T10005] RAX: ffffffffffffffda RBX: 00007fe0da7e6180 RCX: 00007fe0da58eec9
[  371.963488][T10005] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  371.963499][T10005] RBP: 00007fe0da611f91 R08: 0000000000000000 R09: 0000000000000000
[  371.963510][T10005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  371.963520][T10005] R13: 00007fe0da7e6218 R14: 00007fe0da7e6180 R15: 00007ffea7798848
[  371.963543][T10005]  </TASK>
[  373.223298][ T5828] Bluetooth: hci1: command 0x0c1a tx timeout
[  374.894055][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout
[  374.900175][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout
[  374.906228][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout
[  378.747367][T10119] svc: failed to register nfsdv3 RPC service (errno 111).
[  378.838951][T10119] svc: failed to register nfsaclv3 RPC service (errno 111).
[  380.299942][T10140] netlink: 8 bytes leftover after parsing attributes in process `syz.3.870'.
[  381.365873][ T5837] Bluetooth: hci3: unexpected event 0x02 length: 726 > 260
[  382.810496][T10169] netlink: 4 bytes leftover after parsing attributes in process `syz.0.873'.
[  383.853076][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  383.859702][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  384.855011][T10203] syz.2.881 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  385.018246][T10203] CPU: 0 UID: 0 PID: 10203 Comm: syz.2.881 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  385.018276][T10203] Tainted: [U]=USER
[  385.018282][T10203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  385.018293][T10203] Call Trace:
[  385.018307][T10203]  <TASK>
[  385.018314][T10203]  dump_stack_lvl+0x16c/0x1f0
[  385.018340][T10203]  dump_header+0x101/0x930
[  385.018373][T10203]  oom_kill_process+0x272/0xa40
[  385.018406][T10203]  out_of_memory+0x350/0x1700
[  385.018429][T10203]  ? __pfx_out_of_memory+0x10/0x10
[  385.018453][T10203]  mem_cgroup_out_of_memory+0x118/0x130
[  385.018482][T10203]  ? __pfx_mem_cgroup_out_of_memory+0x10/0x10
[  385.018515][T10203]  ? do_raw_spin_unlock+0x172/0x230
[  385.018548][T10203]  try_charge_memcg+0x687/0xd40
[  385.018575][T10203]  ? __pfx_try_charge_memcg+0x10/0x10
[  385.018597][T10203]  ? find_held_lock+0x2b/0x80
[  385.018616][T10203]  ? rcu_read_unlock+0x17/0x60
[  385.018646][T10203]  obj_cgroup_charge_account+0x292/0x500
[  385.018673][T10203]  __memcg_slab_post_alloc_hook+0x2ea/0x940
[  385.018702][T10203]  ? kasan_save_track+0x14/0x30
[  385.018725][T10203]  kmem_cache_alloc_noprof+0x550/0x6e0
[  385.018744][T10203]  ? vm_area_dup+0x27/0x8d0
[  385.018776][T10203]  ? vm_area_dup+0x27/0x8d0
[  385.018801][T10203]  vm_area_dup+0x27/0x8d0
[  385.018831][T10203]  __split_vma+0x18e/0x1070
[  385.018863][T10203]  ? __pfx___split_vma+0x10/0x10
[  385.018890][T10203]  ? __lock_acquire+0xb97/0x1ce0
[  385.018919][T10203]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  385.018955][T10203]  vma_modify+0x16dc/0x2030
[  385.018990][T10203]  ? __pfx_vma_modify+0x10/0x10
[  385.019024][T10203]  vma_modify_flags+0x212/0x2d0
[  385.019054][T10203]  ? __pfx_vma_modify_flags+0x10/0x10
[  385.019099][T10203]  mprotect_fixup+0x1df/0xb40
[  385.019131][T10203]  ? __pfx_mprotect_fixup+0x10/0x10
[  385.019166][T10203]  do_mprotect_pkey+0x9bc/0xd40
[  385.019201][T10203]  ? __pfx_do_mprotect_pkey+0x10/0x10
[  385.019230][T10203]  ? vm_mmap_pgoff+0x103/0x470
[  385.019269][T10203]  ? xfd_validate_state+0x61/0x180
[  385.019307][T10203]  __x64_sys_mprotect+0x78/0xc0
[  385.019334][T10203]  ? lockdep_hardirqs_on+0x7c/0x110
[  385.019354][T10203]  do_syscall_64+0xcd/0xfa0
[  385.019376][T10203]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  385.019394][T10203] RIP: 0033:0x7f3de1b8ef87
[  385.019410][T10203] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0a 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  385.019427][T10203] RSP: 002b:00007fffcd1b70c8 EFLAGS: 00000206 ORIG_RAX: 000000000000000a
[  385.019446][T10203] RAX: ffffffffffffffda RBX: 00007f3de29446c0 RCX: 00007f3de1b8ef87
[  385.019458][T10203] RDX: 0000000000000003 RSI: 0000000000020000 RDI: 00007f3de2925000
[  385.019468][T10203] RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000
[  385.019479][T10203] R10: 0000000000021000 R11: 0000000000000206 R12: 00007fffcd1b7220
[  385.019489][T10203] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000
[  385.019513][T10203]  </TASK>
[  385.019520][T10203] memory: usage 3072kB, limit 3072kB, failcnt 68243
[  386.186678][T10203] memory+swap: usage 50132kB, limit 9007199254740988kB, failcnt 0
[  386.222113][T10203] kmem: usage 896kB, limit 9007199254740988kB, failcnt 0
[  386.253526][T10203] Memory cgroup stats for /syz2:
[  386.253733][T10203] cache 1585152
[  386.292093][T10203] rss 200704
[  386.315333][T10203] rss_huge 0
[  386.342066][T10203] shmem 1585152
[  386.359078][T10203] mapped_file 0
[  386.372203][T10203] dirty 0
[  386.380028][T10239] random: crng reseeded on system resumption
[  386.387112][T10203] writeback 0
[  386.399890][T10203] workingset_refault_anon 7302
[  386.429553][T10203] workingset_refault_file 13441
[  386.448858][T10203] swap 48189440
[  386.461370][T10203] swapcached 450560
[  386.475853][T10203] pgpgin 174843
[  386.489224][T10203] pgpgout 174485
[  386.504980][T10203] pgfault 240727
[  386.520038][T10203] pgmajfault 2887
[  386.535986][T10203] inactive_anon 1531904
[  386.551968][T10203] active_anon 696320
[  386.566169][T10203] inactive_file 0
[  386.580447][T10203] active_file 0
[  386.593648][T10203] unevictable 0
[  386.607598][T10203] hierarchical_memory_limit 3145728
[  386.648016][T10203] hierarchical_memsw_limit 9223372036854771712
[  386.665061][T10203] total_cache 1585152
[  386.681532][T10203] total_rss 200704
[  386.699911][T10203] total_rss_huge 0
[  386.703670][T10203] total_shmem 1585152
[  386.735913][T10203] total_mapped_file 0
[  386.757894][T10203] total_dirty 0
[  386.761394][T10203] total_writeback 0
[  386.765197][T10203] total_workingset_refault_anon 7302
[  386.818037][T10203] total_workingset_refault_file 13441
[  386.842161][T10203] total_swap 48189440
[  386.856211][T10203] total_swapcached 450560
[  386.873259][T10203] total_pgpgin 174843
[  386.896939][T10203] total_pgpgout 174485
[  386.915267][T10203] total_pgfault 240727
[  386.930787][T10203] total_pgmajfault 2887
[  386.935076][T10203] total_inactive_anon 1531904
[  386.998151][T10203] total_active_anon 696320
[  387.008394][T10203] total_inactive_file 0
[  387.037946][T10203] total_active_file 0
[  387.052218][T10203] total_unevictable 0
[  387.066704][T10203] anon_cost 0
[  387.079626][T10203] file_cost 0
[  387.095093][T10203] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.783,pid=9728,uid=0
[  387.171649][T10203] Memory cgroup out of memory: Killed process 9728 (syz.2.783) total-vm:114980kB, anon-rss:1208kB, file-rss:63616kB, shmem-rss:0kB, UID:0 pgtables:240kB oom_score_adj:1000
[  388.135401][T10261] sg_write: data in/out 2359516/83 bytes for SCSI command 0x0-- guessing data in;
[  388.135401][T10261]    program syz.0.891 not setting count and/or reply_len properly
[  389.939256][ T9728] syz.2.783 (9728) used greatest stack depth: 16648 bytes left
[  392.204838][T10322] sd 0:0:1:0: PR command failed: 1026
[  392.323532][T10322] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  392.398449][T10322] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  393.792108][T10345] netlink: 'syz.0.907': attribute type 1 has an invalid length.
[  393.897988][T10345] netlink: 306 bytes leftover after parsing attributes in process `syz.0.907'.
[  393.989090][T10341] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  395.000732][T10364] FAULT_INJECTION: forcing a failure.
[  395.000732][T10364] name failslab, interval 1, probability 0, space 0, times 0
[  395.069213][T10364] CPU: 0 UID: 0 PID: 10364 Comm: syz.3.911 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  395.069245][T10364] Tainted: [U]=USER
[  395.069251][T10364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  395.069262][T10364] Call Trace:
[  395.069268][T10364]  <TASK>
[  395.069282][T10364]  dump_stack_lvl+0x16c/0x1f0
[  395.069307][T10364]  should_fail_ex+0x512/0x640
[  395.069330][T10364]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  395.069351][T10364]  should_failslab+0xc2/0x120
[  395.069376][T10364]  kmem_cache_alloc_noprof+0x75/0x6e0
[  395.069399][T10364]  ? dup_fd+0x4e/0xb90
[  395.069420][T10364]  ? dup_fd+0x4e/0xb90
[  395.069436][T10364]  dup_fd+0x4e/0xb90
[  395.069461][T10364]  ksys_unshare+0x831/0xa40
[  395.069488][T10364]  ? __pfx_ksys_unshare+0x10/0x10
[  395.069513][T10364]  ? xfd_validate_state+0x61/0x180
[  395.069547][T10364]  __x64_sys_unshare+0x31/0x40
[  395.069571][T10364]  do_syscall_64+0xcd/0xfa0
[  395.069593][T10364]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.069611][T10364] RIP: 0033:0x7ff732d8eec9
[  395.069626][T10364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  395.069645][T10364] RSP: 002b:00007ff733bed038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  395.069664][T10364] RAX: ffffffffffffffda RBX: 00007ff732fe5fa0 RCX: 00007ff732d8eec9
[  395.069676][T10364] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000400
[  395.069691][T10364] RBP: 00007ff732e11f91 R08: 0000000000000000 R09: 0000000000000000
[  395.069702][T10364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  395.069713][T10364] R13: 00007ff732fe6038 R14: 00007ff732fe5fa0 R15: 00007ffff3302df8
[  395.069737][T10364]  </TASK>
[  395.735332][ T7238] tipc: Subscription rejected, illegal request
[  398.186719][ T5837] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  399.093977][T10442] netlink: 40 bytes leftover after parsing attributes in process `syz.0.925'.
[  400.120335][ T5828] Bluetooth: hci3: SCO packet too small
[  400.133736][T10461] ICMPv6: process `syz.0.928' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead
[  402.334354][   T30] audit: type=1400 audit(4294967434.930:10): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=10496 comm="syz.0.935"
[  402.979517][T10504] netlink: 4 bytes leftover after parsing attributes in process `syz.3.937'.
[  404.079467][T10519] netlink: 28 bytes leftover after parsing attributes in process `syz.2.941'.
[  406.232566][T10548] sg_write: data in/out 2359516/83 bytes for SCSI command 0x0-- guessing data in;
[  406.232566][T10548]    program syz.1.943 not setting count and/or reply_len properly
[  406.881614][T10563] sg_write: data in/out 2359516/83 bytes for SCSI command 0x0-- guessing data in;
[  406.881614][T10563]    program syz.2.942 not setting count and/or reply_len properly
[  407.057664][T10566] netlink: 4 bytes leftover after parsing attributes in process `syz.1.948'.
[  408.479826][   T30] audit: type=1804 audit(4294967441.070:11): pid=10606 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.956" name="/newroot/264/file0" dev="tmpfs" ino=1381 res=1 errno=0
[  408.501142][    C0] vkms_vblank_simulate: vblank timer overrun
[  408.602990][   T30] audit: type=1804 audit(4294967441.190:12): pid=10593 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.956" name="/newroot/264/file0" dev="tmpfs" ino=1381 res=1 errno=0
[  409.085794][T10630] random: crng reseeded on system resumption
[  412.879642][T10689] netlink: 268 bytes leftover after parsing attributes in process `syz.1.973'.
[  413.574731][T10700] netlink: 8 bytes leftover after parsing attributes in process `syz.1.976'.
[  414.537049][   T30] audit: type=1800 audit(4294967447.130:13): pid=10715 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.979" name="lu_gp_id" dev="configfs" ino=31123 res=0 errno=0
[  414.557634][    C0] vkms_vblank_simulate: vblank timer overrun
[  416.296937][T10766] netlink: 342 bytes leftover after parsing attributes in process `syz.1.990'.
[  417.374566][T10784] netlink: 4 bytes leftover after parsing attributes in process `syz.2.993'.
[  417.396271][T10793] device-mapper: ioctl: Invalid ioctl structure: name , dev 8000010007
[  417.435739][T10794] Unable to find swap-space signature
[  417.467889][T10784] openvswitch: netlink: Multiple metadata blocks provided
[  417.693645][T10803] netlink: zone id is out of range
[  417.761122][T10803] netlink: zone id is out of range
[  417.814742][T10803] netlink: zone id is out of range
[  417.858945][T10803] netlink: zone id is out of range
[  417.909348][T10803] netlink: zone id is out of range
[  417.960248][T10803] netlink: zone id is out of range
[  417.993101][T10803] netlink: zone id is out of range
[  418.028918][T10803] netlink: zone id is out of range
[  418.091198][T10803] netlink: zone id is out of range
[  418.480744][T10814] netlink: 334 bytes leftover after parsing attributes in process `syz.2.997'.
[  421.485104][T10847] vhci_hcd: default hub control req: 0000 v0000 i0000 l0
[  421.974981][T10868] FAULT_INJECTION: forcing a failure.
[  421.974981][T10868] name failslab, interval 1, probability 0, space 0, times 0
[  422.043169][T10868] CPU: 0 UID: 0 PID: 10868 Comm: syz.3.1010 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  422.043201][T10868] Tainted: [U]=USER
[  422.043207][T10868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  422.043217][T10868] Call Trace:
[  422.043223][T10868]  <TASK>
[  422.043230][T10868]  dump_stack_lvl+0x16c/0x1f0
[  422.043260][T10868]  should_fail_ex+0x512/0x640
[  422.043282][T10868]  ? fs_reclaim_acquire+0xae/0x150
[  422.043307][T10868]  should_failslab+0xc2/0x120
[  422.043332][T10868]  __kmalloc_noprof+0xdd/0x880
[  422.043359][T10868]  ? lockdep_init_map_type+0x5c/0x280
[  422.043385][T10868]  ? tomoyo_open_control+0x51f/0xa30
[  422.043411][T10868]  ? tomoyo_open_control+0x51f/0xa30
[  422.043433][T10868]  tomoyo_open_control+0x51f/0xa30
[  422.043459][T10868]  do_dentry_open+0x97f/0x1530
[  422.043480][T10868]  ? __pfx_tomoyo_open+0x10/0x10
[  422.043503][T10868]  vfs_open+0x82/0x3f0
[  422.043531][T10868]  path_openat+0x1de4/0x2cb0
[  422.043557][T10868]  ? __pfx_path_openat+0x10/0x10
[  422.043582][T10868]  do_filp_open+0x20b/0x470
[  422.043602][T10868]  ? __pfx_do_filp_open+0x10/0x10
[  422.043637][T10868]  ? alloc_fd+0x471/0x7d0
[  422.043661][T10868]  do_sys_openat2+0x11b/0x1d0
[  422.043686][T10868]  ? __pfx_do_sys_openat2+0x10/0x10
[  422.043721][T10868]  __x64_sys_openat+0x174/0x210
[  422.043748][T10868]  ? __pfx___x64_sys_openat+0x10/0x10
[  422.043784][T10868]  do_syscall_64+0xcd/0xfa0
[  422.043806][T10868]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  422.043825][T10868] RIP: 0033:0x7ff732d8eec9
[  422.043840][T10868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  422.043858][T10868] RSP: 002b:00007ff733bed038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  422.043876][T10868] RAX: ffffffffffffffda RBX: 00007ff732fe5fa0 RCX: 00007ff732d8eec9
[  422.043888][T10868] RDX: 00000000000c0802 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  422.043899][T10868] RBP: 00007ff732e11f91 R08: 0000000000000000 R09: 0000000000000000
[  422.043910][T10868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  422.043920][T10868] R13: 00007ff732fe6038 R14: 00007ff732fe5fa0 R15: 00007ffff3302df8
[  422.043944][T10868]  </TASK>
[  426.351671][T10952] FAULT_INJECTION: forcing a failure.
[  426.351671][T10952] name failslab, interval 1, probability 0, space 0, times 0
[  426.415805][T10952] CPU: 0 UID: 0 PID: 10952 Comm: syz.2.1026 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  426.415837][T10952] Tainted: [U]=USER
[  426.415843][T10952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  426.415853][T10952] Call Trace:
[  426.415860][T10952]  <TASK>
[  426.415866][T10952]  dump_stack_lvl+0x16c/0x1f0
[  426.415891][T10952]  should_fail_ex+0x512/0x640
[  426.415913][T10952]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  426.415934][T10952]  should_failslab+0xc2/0x120
[  426.415958][T10952]  kmem_cache_alloc_noprof+0x75/0x6e0
[  426.415976][T10952]  ? alloc_empty_file+0x55/0x1e0
[  426.416005][T10952]  ? alloc_empty_file+0x55/0x1e0
[  426.416028][T10952]  ? _raw_spin_unlock+0x28/0x50
[  426.416044][T10952]  alloc_empty_file+0x55/0x1e0
[  426.416069][T10952]  alloc_file_pseudo+0x13a/0x230
[  426.416096][T10952]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  426.416128][T10952]  __shmem_file_setup+0x1a3/0x330
[  426.416158][T10952]  shmem_zero_setup+0x93/0x1a0
[  426.416179][T10952]  __mmap_region+0x2076/0x27a0
[  426.416199][T10952]  ? __pfx___mmap_region+0x10/0x10
[  426.416215][T10952]  ? finish_task_switch.isra.0+0x21c/0xc10
[  426.416236][T10952]  ? rcu_is_watching+0x12/0xc0
[  426.416255][T10952]  ? finish_task_switch.isra.0+0x221/0xc10
[  426.416274][T10952]  ? lockdep_hardirqs_on+0x7c/0x110
[  426.416293][T10952]  ? finish_task_switch.isra.0+0x221/0xc10
[  426.416331][T10952]  ? __pfx___schedule+0x10/0x10
[  426.416382][T10952]  ? trace_cap_capable+0x18d/0x200
[  426.416415][T10952]  mmap_region+0x1ab/0x3f0
[  426.416433][T10952]  ? __get_unmapped_area+0x267/0x440
[  426.416459][T10952]  do_mmap+0xa3e/0x1210
[  426.416486][T10952]  ? __pfx_do_mmap+0x10/0x10
[  426.416509][T10952]  ? __pfx_down_write_killable+0x10/0x10
[  426.416538][T10952]  vm_mmap_pgoff+0x29e/0x470
[  426.416564][T10952]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  426.416592][T10952]  ? __x64_sys_futex+0x1e0/0x4c0
[  426.416615][T10952]  ? __x64_sys_futex+0x1e9/0x4c0
[  426.416643][T10952]  ksys_mmap_pgoff+0x7d/0x5c0
[  426.416664][T10952]  ? xfd_validate_state+0x61/0x180
[  426.416689][T10952]  ? __pfx_ksys_write+0x10/0x10
[  426.416711][T10952]  __x64_sys_mmap+0x125/0x190
[  426.416741][T10952]  do_syscall_64+0xcd/0xfa0
[  426.416762][T10952]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  426.416781][T10952] RIP: 0033:0x7f3de1b8eec9
[  426.416795][T10952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  426.416813][T10952] RSP: 002b:00007f3de2965038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  426.416831][T10952] RAX: ffffffffffffffda RBX: 00007f3de1de5fa0 RCX: 00007f3de1b8eec9
[  426.416843][T10952] RDX: 00004000000000df RSI: 0000000000020009 RDI: 0000000000000000
[  426.416854][T10952] RBP: 00007f3de1c11f91 R08: 0000000000000401 R09: 0000000000008000
[  426.416865][T10952] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000
[  426.416875][T10952] R13: 00007f3de1de6038 R14: 00007f3de1de5fa0 R15: 00007fffcd1b7128
[  426.416898][T10952]  </TASK>
[  427.851459][T10972] sg_write: data in/out 2359516/83 bytes for SCSI command 0x0-- guessing data in;
[  427.851459][T10972]    program syz.3.1029 not setting count and/or reply_len properly
[  432.087148][T11054] sg_write: data in/out 2359516/83 bytes for SCSI command 0x0-- guessing data in;
[  432.087148][T11054]    program syz.3.1043 not setting count and/or reply_len properly
[  432.658297][T11073] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1052'.
[  433.838587][T11087] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  433.896598][T11087] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  433.959345][T11087] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  433.965391][T11087] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  434.075447][T11087] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  434.570904][T11095] zswap: compressor � not available
[  434.581480][T11105] FAULT_INJECTION: forcing a failure.
[  434.581480][T11105] name failslab, interval 1, probability 0, space 0, times 0
[  434.717889][T11105] CPU: 0 UID: 0 PID: 11105 Comm: syz.2.1056 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  434.717923][T11105] Tainted: [U]=USER
[  434.717929][T11105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  434.717940][T11105] Call Trace:
[  434.717947][T11105]  <TASK>
[  434.717954][T11105]  dump_stack_lvl+0x16c/0x1f0
[  434.717980][T11105]  should_fail_ex+0x512/0x640
[  434.718002][T11105]  ? __kmalloc_noprof+0xca/0x880
[  434.718044][T11105]  should_failslab+0xc2/0x120
[  434.718069][T11105]  __kmalloc_noprof+0xdd/0x880
[  434.718098][T11105]  ? lsm_blob_alloc+0x68/0x90
[  434.718128][T11105]  ? lsm_blob_alloc+0x68/0x90
[  434.718147][T11105]  lsm_blob_alloc+0x68/0x90
[  434.718168][T11105]  security_sk_alloc+0x30/0x270
[  434.718195][T11105]  sk_prot_alloc+0x1c7/0x2a0
[  434.718224][T11105]  sk_alloc+0x36/0xc20
[  434.718243][T11105]  __netlink_create+0x5e/0x2c0
[  434.718260][T11105]  ? __wake_up+0x3f/0x60
[  434.718282][T11105]  netlink_create+0x39e/0x620
[  434.718301][T11105]  ? __pfx_genl_bind+0x10/0x10
[  434.718323][T11105]  ? __pfx_genl_unbind+0x10/0x10
[  434.718344][T11105]  ? __pfx_genl_release+0x10/0x10
[  434.718371][T11105]  __sock_create+0x335/0x8d0
[  434.718402][T11105]  __sys_socket+0x14d/0x260
[  434.718429][T11105]  ? __pfx___sys_socket+0x10/0x10
[  434.718458][T11105]  ? do_user_addr_fault+0x843/0x1370
[  434.718479][T11105]  __x64_sys_socket+0x72/0xb0
[  434.718505][T11105]  ? lockdep_hardirqs_on+0x7c/0x110
[  434.718525][T11105]  do_syscall_64+0xcd/0xfa0
[  434.718547][T11105]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.718565][T11105] RIP: 0033:0x7f3de1b90de7
[  434.718581][T11105] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  434.718600][T11105] RSP: 002b:00007f3de2942fa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029
[  434.718619][T11105] RAX: ffffffffffffffda RBX: 00007f3de1de6090 RCX: 00007f3de1b90de7
[  434.718631][T11105] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  434.718642][T11105] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000
[  434.718666][T11105] R10: 00002000000002c0 R11: 0000000000000286 R12: 0000000000000000
[  434.718677][T11105] R13: 00007f3de1de6128 R14: 00007f3de1de6090 R15: 00007fffcd1b7128
[  434.718701][T11105]  </TASK>
[  435.528263][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout
[  435.927874][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout
[  436.007981][ T5828] Bluetooth: hci2: command 0x0c1a tx timeout
[  436.014108][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout
[  436.133377][T11122] FAULT_INJECTION: forcing a failure.
[  436.133377][T11122] name failslab, interval 1, probability 0, space 0, times 0
[  436.160072][T11122] CPU: 0 UID: 0 PID: 11122 Comm: syz.0.1062 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  436.160110][T11122] Tainted: [U]=USER
[  436.160116][T11122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  436.160127][T11122] Call Trace:
[  436.160133][T11122]  <TASK>
[  436.160140][T11122]  dump_stack_lvl+0x16c/0x1f0
[  436.160165][T11122]  should_fail_ex+0x512/0x640
[  436.160187][T11122]  ? __kmalloc_node_track_caller_noprof+0xcb/0x8a0
[  436.160213][T11122]  should_failslab+0xc2/0x120
[  436.160237][T11122]  __kmalloc_node_track_caller_noprof+0xde/0x8a0
[  436.160260][T11122]  ? append_filter_err+0x3d6/0x610
[  436.160288][T11122]  ? kmemdup_nul+0x49/0xf0
[  436.160305][T11122]  kmemdup_nul+0x49/0xf0
[  436.160324][T11122]  append_filter_err+0x3d6/0x610
[  436.160352][T11122]  apply_subsystem_event_filter+0x75a/0x17e0
[  436.160385][T11122]  ? __pfx_apply_subsystem_event_filter+0x10/0x10
[  436.160417][T11122]  ? _copy_from_user+0x59/0xd0
[  436.160443][T11122]  subsystem_filter_write+0x95/0x120
[  436.160471][T11122]  ? __pfx_subsystem_filter_write+0x10/0x10
[  436.160496][T11122]  vfs_write+0x29d/0x11d0
[  436.160519][T11122]  ? __pfx___mutex_lock+0x10/0x10
[  436.160541][T11122]  ? __pfx_vfs_write+0x10/0x10
[  436.160566][T11122]  ? __fget_files+0x20e/0x3c0
[  436.160591][T11122]  ksys_write+0x12a/0x250
[  436.160609][T11122]  ? __pfx_ksys_write+0x10/0x10
[  436.160635][T11122]  do_syscall_64+0xcd/0xfa0
[  436.160657][T11122]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  436.160676][T11122] RIP: 0033:0x7fe0da58eec9
[  436.160691][T11122] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  436.160709][T11122] RSP: 002b:00007fe0db458038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  436.160727][T11122] RAX: ffffffffffffffda RBX: 00007fe0da7e5fa0 RCX: 00007fe0da58eec9
[  436.160739][T11122] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 000000000000000b
[  436.160749][T11122] RBP: 00007fe0da611f91 R08: 0000000000000000 R09: 0000000000000000
[  436.160759][T11122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  436.160770][T11122] R13: 00007fe0da7e6038 R14: 00007fe0da7e5fa0 R15: 00007ffea7798848
[  436.160794][T11122]  </TASK>
[  437.514148][T11131] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1064'.
[  437.980418][T11144] zram: Removed device: zram0
[  438.084708][T11145] sg_write: data in/out 2359516/83 bytes for SCSI command 0x0-- guessing data in;
[  438.084708][T11145]    program syz.2.1063 not setting count and/or reply_len properly
[  438.112156][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout
[  438.816083][ T5837] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  438.824917][ T5837] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff
[  439.157712][T11152] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  439.183808][T11152] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  439.201716][T11152] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  439.218360][T11152] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  439.503242][T11176] usb usb34: usbfs: process 11176 (syz.3.1073) did not claim interface 0 before use
[  439.630365][   T30] audit: type=1800 audit(4294967472.230:14): pid=11176 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1073" name="lu_gp_id" dev="configfs" ino=33335 res=0 errno=0
[  439.956614][T11182] usb usb2: usbfs: process 11182 (syz.3.1075) did not claim interface 0 before use
[  440.247703][T11182] zswap: compressor  not available
[  440.808494][ T5828] Bluetooth: hci1: command 0x0c1a tx timeout
[  441.208108][ T5828] Bluetooth: hci2: command 0x0c1a tx timeout
[  441.214432][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout
[  441.290911][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout
[  442.397867][T11224] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  442.411537][T11224] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  442.439477][T11224] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  442.445519][T11224] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  442.750816][T11236] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1084'.
[  444.008177][ T5828] Bluetooth: hci1: command 0x0c1a tx timeout
[  444.487992][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout
[  444.494263][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout
[  444.500958][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout
[  445.295086][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  445.304673][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  446.496176][T11290] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  446.526043][T11290] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  446.570418][T11290] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  446.576725][T11290] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  448.168922][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout
[  448.567822][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout
[  448.647852][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout
[  448.653986][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout
[  451.816432][T11364] FAULT_INJECTION: forcing a failure.
[  451.816432][T11364] name failslab, interval 1, probability 0, space 0, times 0
[  451.879252][T11364] CPU: 0 UID: 0 PID: 11364 Comm: syz.3.1107 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  451.879285][T11364] Tainted: [U]=USER
[  451.879293][T11364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  451.879304][T11364] Call Trace:
[  451.879310][T11364]  <TASK>
[  451.879317][T11364]  dump_stack_lvl+0x16c/0x1f0
[  451.879345][T11364]  should_fail_ex+0x512/0x640
[  451.879367][T11364]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  451.879390][T11364]  should_failslab+0xc2/0x120
[  451.879415][T11364]  kmem_cache_alloc_noprof+0x75/0x6e0
[  451.879432][T11364]  ? trace_sched_set_need_resched_tp+0xf3/0x150
[  451.879451][T11364]  ? alloc_empty_file+0x55/0x1e0
[  451.879480][T11364]  ? alloc_empty_file+0x55/0x1e0
[  451.879504][T11364]  alloc_empty_file+0x55/0x1e0
[  451.879531][T11364]  path_openat+0xda/0x2cb0
[  451.879557][T11364]  ? __pfx_path_openat+0x10/0x10
[  451.879581][T11364]  do_filp_open+0x20b/0x470
[  451.879601][T11364]  ? __pfx_do_filp_open+0x10/0x10
[  451.879635][T11364]  ? alloc_fd+0x471/0x7d0
[  451.879658][T11364]  do_sys_openat2+0x11b/0x1d0
[  451.879684][T11364]  ? __pfx_do_sys_openat2+0x10/0x10
[  451.879721][T11364]  ? find_held_lock+0x2b/0x80
[  451.879746][T11364]  __x64_sys_openat+0x174/0x210
[  451.879773][T11364]  ? __pfx___x64_sys_openat+0x10/0x10
[  451.879810][T11364]  do_syscall_64+0xcd/0xfa0
[  451.879832][T11364]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.879852][T11364] RIP: 0033:0x7ff732d8eec9
[  451.879867][T11364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  451.879886][T11364] RSP: 002b:00007ff733bed038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  451.879904][T11364] RAX: ffffffffffffffda RBX: 00007ff732fe5fa0 RCX: 00007ff732d8eec9
[  451.879917][T11364] RDX: 0000000000101e81 RSI: 0000200000000400 RDI: ffffffffffffff9c
[  451.879934][T11364] RBP: 00007ff732e11f91 R08: 0000000000000000 R09: 0000000000000000
[  451.879949][T11364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  451.879973][T11364] R13: 00007ff732fe6038 R14: 00007ff732fe5fa0 R15: 00007ffff3302df8
[  451.879999][T11364]  </TASK>
[  452.103541][T11364] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1107'.
[  453.412172][T11383] FAULT_INJECTION: forcing a failure.
[  453.412172][T11383] name failslab, interval 1, probability 0, space 0, times 0
[  453.486307][T11383] CPU: 0 UID: 0 PID: 11383 Comm: syz.3.1109 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  453.486340][T11383] Tainted: [U]=USER
[  453.486346][T11383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  453.486356][T11383] Call Trace:
[  453.486363][T11383]  <TASK>
[  453.486370][T11383]  dump_stack_lvl+0x16c/0x1f0
[  453.486395][T11383]  should_fail_ex+0x512/0x640
[  453.486417][T11383]  ? __kvmalloc_node_noprof+0x12e/0x9c0
[  453.486441][T11383]  should_failslab+0xc2/0x120
[  453.486465][T11383]  __kvmalloc_node_noprof+0x141/0x9c0
[  453.486488][T11383]  ? io_sqe_buffers_register+0x131/0x860
[  453.486519][T11383]  ? io_sqe_buffers_register+0x131/0x860
[  453.486543][T11383]  io_sqe_buffers_register+0x131/0x860
[  453.486569][T11383]  ? __lock_acquire+0xb97/0x1ce0
[  453.486598][T11383]  ? __pfx_io_sqe_buffers_register+0x10/0x10
[  453.486627][T11383]  ? __mutex_trylock_common+0xe9/0x250
[  453.486653][T11383]  ? __pfx___mutex_trylock_common+0x10/0x10
[  453.486683][T11383]  __io_uring_register+0x22c2/0x23e0
[  453.486706][T11383]  ? trace_contention_end+0xdd/0x130
[  453.486732][T11383]  ? __pfx___io_uring_register+0x10/0x10
[  453.486761][T11383]  ? __pfx___mutex_lock+0x10/0x10
[  453.486788][T11383]  ? __fget_files+0x20e/0x3c0
[  453.486812][T11383]  __x64_sys_io_uring_register+0x169/0x280
[  453.486838][T11383]  do_syscall_64+0xcd/0xfa0
[  453.486860][T11383]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  453.486878][T11383] RIP: 0033:0x7ff732d8eec9
[  453.486893][T11383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  453.486911][T11383] RSP: 002b:00007ff733bcc038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[  453.486929][T11383] RAX: ffffffffffffffda RBX: 00007ff732fe6090 RCX: 00007ff732d8eec9
[  453.486940][T11383] RDX: 0000200000000000 RSI: 0000000000000000 RDI: 0000000000000002
[  453.486951][T11383] RBP: 00007ff733bcc090 R08: 0000000000000000 R09: 0000000000000000
[  453.486961][T11383] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000001
[  453.486972][T11383] R13: 00007ff732fe6128 R14: 00007ff732fe6090 R15: 00007ffff3302df8
[  453.486995][T11383]  </TASK>
[  454.143645][T11386] KVM: debugfs: duplicate directory 11386-3
[  454.180444][T11386] KVM: debugfs: duplicate directory 11386-4
[  454.217083][T11386] KVM: debugfs: duplicate directory 11386-5
[  454.257066][T11386] KVM: debugfs: duplicate directory 11386-6
[  454.299697][T11386] KVM: debugfs: duplicate directory 11386-7
[  454.322253][T11386] KVM: debugfs: duplicate directory 11386-8
[  454.365247][T11386] KVM: debugfs: duplicate directory 11386-9
[  454.513630][T11391] futex_wake_op: syz.3.1113 tries to shift op by -2048; fix this program
[  454.567190][T11391] futex_wake_op: syz.3.1113 tries to shift op by -2048; fix this program
[  454.619937][T11393] ptp ptp0: new virtual clock ptp1
[  454.660005][T11393] ptp ptp0: new virtual clock ptp2
[  454.704644][T11393] ptp ptp0: new virtual clock ptp3
[  454.765314][T11393] ptp ptp0: guarantee physical clock free running
[  457.132752][T11411] input: jJǸ-���9�%v����l��Q�	J86�� as /devices/virtual/input/input11
[  457.268927][T11419] Process accounting resumed
[  459.080445][T11432] FAULT_INJECTION: forcing a failure.
[  459.080445][T11432] name failslab, interval 1, probability 0, space 0, times 0
[  459.138413][T11432] CPU: 0 UID: 0 PID: 11432 Comm: syz.3.1120 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  459.138445][T11432] Tainted: [U]=USER
[  459.138451][T11432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  459.138462][T11432] Call Trace:
[  459.138469][T11432]  <TASK>
[  459.138477][T11432]  dump_stack_lvl+0x16c/0x1f0
[  459.138503][T11432]  should_fail_ex+0x512/0x640
[  459.138525][T11432]  ? __kmalloc_noprof+0xca/0x880
[  459.138555][T11432]  ? __pfx_sc_fop_open+0x10/0x10
[  459.138577][T11432]  should_failslab+0xc2/0x120
[  459.138602][T11432]  __kmalloc_noprof+0xdd/0x880
[  459.138631][T11432]  ? __seq_open_private+0x22/0xd0
[  459.138661][T11432]  ? __pfx_sc_fop_open+0x10/0x10
[  459.138682][T11432]  ? __seq_open_private+0x22/0xd0
[  459.138707][T11432]  ? __kasan_kmalloc+0xaa/0xb0
[  459.138725][T11432]  __seq_open_private+0x22/0xd0
[  459.138752][T11432]  sc_common_open+0x6b/0x200
[  459.138774][T11432]  full_proxy_open_regular+0x1b6/0x360
[  459.138801][T11432]  do_dentry_open+0x97f/0x1530
[  459.138823][T11432]  ? __pfx_full_proxy_open_regular+0x10/0x10
[  459.138853][T11432]  vfs_open+0x82/0x3f0
[  459.138880][T11432]  path_openat+0x1de4/0x2cb0
[  459.138915][T11432]  ? __pfx_path_openat+0x10/0x10
[  459.138940][T11432]  do_filp_open+0x20b/0x470
[  459.138959][T11432]  ? __pfx_do_filp_open+0x10/0x10
[  459.138994][T11432]  ? alloc_fd+0x471/0x7d0
[  459.139017][T11432]  do_sys_openat2+0x11b/0x1d0
[  459.139043][T11432]  ? __pfx_do_sys_openat2+0x10/0x10
[  459.139078][T11432]  __x64_sys_openat+0x174/0x210
[  459.139105][T11432]  ? __pfx___x64_sys_openat+0x10/0x10
[  459.139141][T11432]  do_syscall_64+0xcd/0xfa0
[  459.139163][T11432]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  459.139182][T11432] RIP: 0033:0x7ff732d8eec9
[  459.139196][T11432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  459.139215][T11432] RSP: 002b:00007ff733bed038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  459.139233][T11432] RAX: ffffffffffffffda RBX: 00007ff732fe5fa0 RCX: 00007ff732d8eec9
[  459.139245][T11432] RDX: 0000000000088080 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  459.139256][T11432] RBP: 00007ff732e11f91 R08: 0000000000000000 R09: 0000000000000000
[  459.139267][T11432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  459.139277][T11432] R13: 00007ff732fe6038 R14: 00007ff732fe5fa0 R15: 00007ffff3302df8
[  459.139300][T11432]  </TASK>
[  460.328921][T11438] usb usb36: usbfs: process 11438 (syz.2.1121) did not claim interface 0 before use
[  461.820646][T11459] sg_write: data in/out 2359516/83 bytes for SCSI command 0x0-- guessing data in;
[  461.820646][T11459]    program syz.1.1125 not setting count and/or reply_len properly
[  462.946860][T11486] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1133'.
[  464.159746][T11511] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1140'.
[  464.338859][T11515] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1139'.
[  464.919229][T11529] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1144'.
[  465.068972][T11529] nbd: must specify a size in bytes for the device
[  465.607302][T11551] program syz.3.1149 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  465.797287][T11546] kAFS: Invalid Command on /proc/fs/afs/cells file
[  466.182869][T11562] FAULT_INJECTION: forcing a failure.
[  466.182869][T11562] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  466.233943][T11562] CPU: 0 UID: 0 PID: 11562 Comm: syz.1.1151 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  466.233975][T11562] Tainted: [U]=USER
[  466.233981][T11562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  466.233993][T11562] Call Trace:
[  466.234000][T11562]  <TASK>
[  466.234007][T11562]  dump_stack_lvl+0x16c/0x1f0
[  466.234041][T11562]  should_fail_ex+0x512/0x640
[  466.234067][T11562]  _copy_to_user+0x32/0xd0
[  466.234092][T11562]  simple_read_from_buffer+0xcb/0x170
[  466.234122][T11562]  proc_fail_nth_read+0x197/0x240
[  466.234142][T11562]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  466.234162][T11562]  ? rw_verify_area+0xcf/0x6c0
[  466.234191][T11562]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  466.234209][T11562]  vfs_read+0x1e1/0xcf0
[  466.234232][T11562]  ? __pfx___mutex_lock+0x10/0x10
[  466.234253][T11562]  ? __pfx_vfs_read+0x10/0x10
[  466.234278][T11562]  ? __fget_files+0x20e/0x3c0
[  466.234301][T11562]  ksys_read+0x12a/0x250
[  466.234320][T11562]  ? __pfx_ksys_read+0x10/0x10
[  466.234345][T11562]  do_syscall_64+0xcd/0xfa0
[  466.234366][T11562]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.234385][T11562] RIP: 0033:0x7f707098d8dc
[  466.234400][T11562] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  466.234417][T11562] RSP: 002b:00007f70717d4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  466.234435][T11562] RAX: ffffffffffffffda RBX: 00007f7070be5fa0 RCX: 00007f707098d8dc
[  466.234447][T11562] RDX: 000000000000000f RSI: 00007f70717d40a0 RDI: 0000000000000003
[  466.234458][T11562] RBP: 00007f70717d4090 R08: 0000000000000000 R09: 0000000000000000
[  466.234469][T11562] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000001
[  466.234479][T11562] R13: 00007f7070be6038 R14: 00007f7070be5fa0 R15: 00007ffe10fc9df8
[  466.234502][T11562]  </TASK>
[  466.633451][T11567] usb usb36: usbfs: process 11567 (syz.0.1153) did not claim interface 0 before use
[  467.548391][T11579] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1156'.
[  467.712073][T11579] gretap0: refused to change device tx_queue_len
[  467.875519][T11582] bond0: option peer_notif_delay: invalid value ()
[  467.925236][T11582] bond0: option peer_notif_delay: allowed values 0 - 300000
[  471.129719][T11613] sg_write: data in/out 2359516/83 bytes for SCSI command 0x0-- guessing data in;
[  471.129719][T11613]    program syz.2.1159 not setting count and/or reply_len properly
[  473.336075][T11687] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1184'.
[  474.519999][T11702] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet.
[  476.191564][T11720] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  476.245593][T11720] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  476.305757][T11720] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  476.360842][T11720] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  476.608551][T11734] vhci_hcd: invalid port number 16
[  476.648024][T11734] vhci_hcd: invalid port number 16
[  476.760421][T11737] random: crng reseeded on system resumption
[  477.927877][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout
[  478.253748][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout
[  478.327863][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout
[  478.407863][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout
[  478.979347][ T5832] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  479.154189][T11762] sg_write: data in/out 2359516/83 bytes for SCSI command 0x0-- guessing data in;
[  479.154189][T11762]    program syz.3.1200 not setting count and/or reply_len properly
[  480.450250][T11803] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1213'.
[  480.490021][T11803] netlink: 13 bytes leftover after parsing attributes in process `syz.1.1213'.
[  482.075999][T11841] FAULT_INJECTION: forcing a failure.
[  482.075999][T11841] name fail_futex, interval 1, probability 0, space 0, times 1
[  482.165021][T11841] CPU: 0 UID: 0 PID: 11841 Comm: syz.0.1222 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  482.165053][T11841] Tainted: [U]=USER
[  482.165059][T11841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  482.165069][T11841] Call Trace:
[  482.165075][T11841]  <TASK>
[  482.165082][T11841]  dump_stack_lvl+0x16c/0x1f0
[  482.165107][T11841]  should_fail_ex+0x512/0x640
[  482.165134][T11841]  get_futex_key+0x1d0/0x1560
[  482.165160][T11841]  ? __pfx_get_futex_key+0x10/0x10
[  482.165185][T11841]  ? __lock_acquire+0xb97/0x1ce0
[  482.165214][T11841]  futex_wake+0xea/0x530
[  482.165241][T11841]  ? aa_get_newest_label+0xd2/0x250
[  482.165268][T11841]  ? __pfx_futex_wake+0x10/0x10
[  482.165296][T11841]  ? bpf_lsm_capable+0x9/0x10
[  482.165324][T11841]  ? do_msgsnd+0xfec/0x17b0
[  482.165348][T11841]  do_futex+0x1e3/0x350
[  482.165373][T11841]  ? __pfx_do_futex+0x10/0x10
[  482.165403][T11841]  __x64_sys_futex+0x1e0/0x4c0
[  482.165429][T11841]  ? __might_fault+0xe3/0x190
[  482.165446][T11841]  ? __pfx___x64_sys_futex+0x10/0x10
[  482.165480][T11841]  do_syscall_64+0xcd/0xfa0
[  482.165501][T11841]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  482.165520][T11841] RIP: 0033:0x7fe0da58eec9
[  482.165534][T11841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  482.165557][T11841] RSP: 002b:00007fe0db4580e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  482.165574][T11841] RAX: ffffffffffffffda RBX: 00007fe0da7e5fa8 RCX: 00007fe0da58eec9
[  482.165586][T11841] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe0da7e5fac
[  482.165597][T11841] RBP: 00007fe0da7e5fa0 R08: 00007fe0db459000 R09: 0000000000000000
[  482.165608][T11841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  482.165618][T11841] R13: 00007fe0da7e6038 R14: 00007ffea7798760 R15: 00007ffea7798848
[  482.165642][T11841]  </TASK>
[  482.356489][    C0] vkms_vblank_simulate: vblank timer overrun
[  482.689351][T11836] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  482.716944][T11836] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  482.733865][T11836] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  482.763033][T11836] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  483.773299][T11864] FAULT_INJECTION: forcing a failure.
[  483.773299][T11864] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  483.890972][T11864] CPU: 0 UID: 0 PID: 11864 Comm: syz.3.1226 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  483.891006][T11864] Tainted: [U]=USER
[  483.891012][T11864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  483.891023][T11864] Call Trace:
[  483.891030][T11864]  <TASK>
[  483.891037][T11864]  dump_stack_lvl+0x16c/0x1f0
[  483.891064][T11864]  should_fail_ex+0x512/0x640
[  483.891090][T11864]  _copy_from_user+0x2e/0xd0
[  483.891114][T11864]  snd_rawmidi_kernel_write1+0x50a/0x8a0
[  483.891160][T11864]  snd_rawmidi_write+0x26e/0xc10
[  483.891183][T11864]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  483.891202][T11864]  ? __pfx_default_wake_function+0x10/0x10
[  483.891223][T11864]  ? bpf_lsm_file_permission+0x9/0x10
[  483.891245][T11864]  ? security_file_permission+0x71/0x210
[  483.891264][T11864]  ? rw_verify_area+0xcf/0x6c0
[  483.891294][T11864]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  483.891310][T11864]  vfs_write+0x29d/0x11d0
[  483.891334][T11864]  ? __pfx_vfs_write+0x10/0x10
[  483.891351][T11864]  ? find_held_lock+0x2b/0x80
[  483.891371][T11864]  ? __fget_files+0x204/0x3c0
[  483.891392][T11864]  ? __fget_files+0x20e/0x3c0
[  483.891414][T11864]  ksys_write+0x1f8/0x250
[  483.891433][T11864]  ? __pfx_ksys_write+0x10/0x10
[  483.891458][T11864]  do_syscall_64+0xcd/0xfa0
[  483.891480][T11864]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  483.891499][T11864] RIP: 0033:0x7ff732d8eec9
[  483.891515][T11864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  483.891538][T11864] RSP: 002b:00007ff733bab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  483.891556][T11864] RAX: ffffffffffffffda RBX: 00007ff732fe6180 RCX: 00007ff732d8eec9
[  483.891568][T11864] RDX: 000000100000a3d9 RSI: 00002000000000c0 RDI: 0000000000000008
[  483.891579][T11864] RBP: 00007ff732e11f91 R08: 0000000000000000 R09: 0000000000000000
[  483.891590][T11864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  483.891601][T11864] R13: 00007ff732fe6218 R14: 00007ff732fe6180 R15: 00007ffff3302df8
[  483.891623][T11864]  </TASK>
[  484.104833][    C0] vkms_vblank_simulate: vblank timer overrun
[  484.476959][T11261] Bluetooth: hci1: command 0x0c1a tx timeout
[  484.837877][T11261] Bluetooth: hci2: command 0x0c1a tx timeout
[  484.844049][T11261] Bluetooth: hci0: command 0x0c1a tx timeout
[  484.891838][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout
[  485.494466][T11873] Line length is too long: Should be less than 4094
[  485.943667][T11885] nfs: Unknown parameter 'w��`_�����I+;��	��HY� ������Lu�>>��uh�*��C<+����'
[  487.957615][T11897] FAULT_INJECTION: forcing a failure.
[  487.957615][T11897] name failslab, interval 1, probability 0, space 0, times 0
[  488.282313][T11897] CPU: 0 UID: 0 PID: 11897 Comm: syz.2.1235 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  488.282346][T11897] Tainted: [U]=USER
[  488.282351][T11897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  488.282362][T11897] Call Trace:
[  488.282368][T11897]  <TASK>
[  488.282375][T11897]  dump_stack_lvl+0x16c/0x1f0
[  488.282400][T11897]  should_fail_ex+0x512/0x640
[  488.282422][T11897]  ? fs_reclaim_acquire+0xae/0x150
[  488.282448][T11897]  should_failslab+0xc2/0x120
[  488.282472][T11897]  kmem_cache_alloc_noprof+0x75/0x6e0
[  488.282490][T11897]  ? __pfx_map_id_range_down+0x10/0x10
[  488.282518][T11897]  ? security_inode_alloc+0x3b/0x2b0
[  488.282548][T11897]  ? security_inode_alloc+0x3b/0x2b0
[  488.282573][T11897]  security_inode_alloc+0x3b/0x2b0
[  488.282599][T11897]  inode_init_always_gfp+0xce4/0x1030
[  488.282621][T11897]  alloc_inode+0x86/0x240
[  488.282646][T11897]  sock_alloc+0x40/0x280
[  488.282669][T11897]  __sock_create+0xc1/0x8d0
[  488.282696][T11897]  ? fd_install+0x244/0x750
[  488.282715][T11897]  __sys_socket+0x14d/0x260
[  488.282751][T11897]  ? __pfx___sys_socket+0x10/0x10
[  488.282780][T11897]  ? do_user_addr_fault+0x843/0x1370
[  488.282800][T11897]  __x64_sys_socket+0x72/0xb0
[  488.282827][T11897]  ? lockdep_hardirqs_on+0x7c/0x110
[  488.282846][T11897]  do_syscall_64+0xcd/0xfa0
[  488.282868][T11897]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.282886][T11897] RIP: 0033:0x7f3de1b8eec9
[  488.282902][T11897] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  488.282919][T11897] RSP: 002b:00007f3de2944038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  488.282937][T11897] RAX: ffffffffffffffda RBX: 00007f3de1de6090 RCX: 00007f3de1b8eec9
[  488.282949][T11897] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  488.282959][T11897] RBP: 00007f3de1c11f91 R08: 0000000000000000 R09: 0000000000000000
[  488.282970][T11897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  488.282981][T11897] R13: 00007f3de1de6128 R14: 00007f3de1de6090 R15: 00007fffcd1b7128
[  488.283004][T11897]  </TASK>
[  488.283025][T11897] net_ratelimit: 163 callbacks suppressed
[  488.283035][T11897] socket: no more sockets
[  488.736176][T11901] sg_write: data in/out 2359516/83 bytes for SCSI command 0x0-- guessing data in;
[  488.736176][T11901]    program syz.0.1234 not setting count and/or reply_len properly
[  489.435114][T11919] sg_write: data in/out 2359516/83 bytes for SCSI command 0x0-- guessing data in;
[  489.435114][T11919]    program syz.1.1237 not setting count and/or reply_len properly
[  491.073267][T11951] random: crng reseeded on system resumption
[  491.134551][T11936] svc: failed to register nfsdv3 RPC service (errno 101).
[  491.174935][T11936] svc: failed to register nfsaclv3 RPC service (errno 101).
[  491.368169][T11955] input: f�
 as /devices/virtual/input/input12
[  491.435224][T11953] mkiss: ax0: crc mode is auto.
[  491.535632][T11935] svc: failed to register nfsdv3 RPC service (errno 101).
[  491.560253][T11935] svc: failed to register nfsaclv3 RPC service (errno 101).
[  493.868378][T11993] tipc: Started in network mode
[  493.897910][T11993] tipc: Node identity ee00, cluster identity 4711
[  493.930062][T11993] tipc: Node number set to 60928
[  494.533970][T12002] Invalid ELF header magic: != ELF
[  496.287342][T12034] usb usb36: usbfs: process 12034 (syz.3.1264) did not claim interface 0 before use
[  497.253142][T12044] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  499.939971][T12053] FAULT_INJECTION: forcing a failure.
[  499.939971][T12053] name failslab, interval 1, probability 0, space 0, times 0
[  499.952967][T12053] CPU: 0 UID: 0 PID: 12053 Comm: syz.2.1270 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  499.952999][T12053] Tainted: [U]=USER
[  499.953005][T12053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  499.953015][T12053] Call Trace:
[  499.953022][T12053]  <TASK>
[  499.953029][T12053]  dump_stack_lvl+0x16c/0x1f0
[  499.953055][T12053]  should_fail_ex+0x512/0x640
[  499.953081][T12053]  should_failslab+0xc2/0x120
[  499.953106][T12053]  __kmalloc_cache_noprof+0x72/0x780
[  499.953136][T12053]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  499.953166][T12053]  ? tipc_nametbl_insert_publ+0x700/0x1720
[  499.953194][T12053]  ? tipc_nametbl_insert_publ+0x700/0x1720
[  499.953217][T12053]  tipc_nametbl_insert_publ+0x700/0x1720
[  499.953243][T12053]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  499.953271][T12053]  ? net_generic+0xea/0x2a0
[  499.953296][T12053]  tipc_nametbl_publish+0x137/0x280
[  499.953322][T12053]  tipc_sk_publish+0x1d8/0x430
[  499.953347][T12053]  ? __pfx_tipc_sk_publish+0x10/0x10
[  499.953372][T12053]  ? __local_bh_enable_ip+0xa4/0x120
[  499.953397][T12053]  tipc_sk_bind+0x16f/0x380
[  499.953422][T12053]  tipc_bind+0x190/0x2a0
[  499.953447][T12053]  __sys_bind+0x1a7/0x260
[  499.953477][T12053]  ? __pfx___sys_bind+0x10/0x10
[  499.953512][T12053]  ? xfd_validate_state+0x61/0x180
[  499.953538][T12053]  ? __pfx_do_writev+0x10/0x10
[  499.953559][T12053]  __x64_sys_bind+0x72/0xb0
[  499.953586][T12053]  ? lockdep_hardirqs_on+0x7c/0x110
[  499.953605][T12053]  do_syscall_64+0xcd/0xfa0
[  499.953627][T12053]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  499.953646][T12053] RIP: 0033:0x7f3de1b8eec9
[  499.953676][T12053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  499.953695][T12053] RSP: 002b:00007f3de2965038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  499.953714][T12053] RAX: ffffffffffffffda RBX: 00007f3de1de5fa0 RCX: 00007f3de1b8eec9
[  499.953726][T12053] RDX: 0000000000000066 RSI: 0000200000000040 RDI: 0000000000000009
[  499.953736][T12053] RBP: 00007f3de1c11f91 R08: 0000000000000000 R09: 0000000000000000
[  499.953747][T12053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  499.953758][T12053] R13: 00007f3de1de6038 R14: 00007f3de1de5fa0 R15: 00007fffcd1b7128
[  499.953781][T12053]  </TASK>
[  499.953788][T12053] tipc: Failed to bind to 65,0,0
[  500.972547][T12055] nvme_fabrics: missing parameter 'transport=%s'
[  501.015454][T12055] nvme_fabrics: missing parameter 'nqn=%s'
[  501.962391][T12106] netlink: 'syz.1.1278': attribute type 1 has an invalid length.
[  502.834906][T12116] FAULT_INJECTION: forcing a failure.
[  502.834906][T12116] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  502.890969][T12116] CPU: 0 UID: 0 PID: 12116 Comm: syz.1.1283 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  502.890999][T12116] Tainted: [U]=USER
[  502.891005][T12116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  502.891016][T12116] Call Trace:
[  502.891021][T12116]  <TASK>
[  502.891028][T12116]  dump_stack_lvl+0x16c/0x1f0
[  502.891054][T12116]  should_fail_ex+0x512/0x640
[  502.891080][T12116]  _copy_to_iter+0x29f/0x1710
[  502.891109][T12116]  ? __pfx__copy_to_iter+0x10/0x10
[  502.891136][T12116]  ? __up_read+0x1f8/0x750
[  502.891163][T12116]  ? __pfx_pin_user_pages_remote+0x10/0x10
[  502.891189][T12116]  ? mm_access+0x22d/0x2e0
[  502.891214][T12116]  copy_page_to_iter+0x12a/0x1e0
[  502.891240][T12116]  process_vm_rw_core.constprop.0+0x5ad/0x970
[  502.891271][T12116]  ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10
[  502.891304][T12116]  ? iovec_from_user+0xbb/0x140
[  502.891330][T12116]  process_vm_rw+0x216/0x2c0
[  502.891350][T12116]  ? __pfx_process_vm_rw+0x10/0x10
[  502.891395][T12116]  ? xfd_validate_state+0x61/0x180
[  502.891421][T12116]  ? __task_pid_nr_ns+0x1f5/0x500
[  502.891449][T12116]  __x64_sys_process_vm_readv+0xe2/0x1c0
[  502.891469][T12116]  ? do_syscall_64+0x91/0xfa0
[  502.891488][T12116]  ? lockdep_hardirqs_on+0x7c/0x110
[  502.891508][T12116]  do_syscall_64+0xcd/0xfa0
[  502.891529][T12116]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  502.891547][T12116] RIP: 0033:0x7f707098eec9
[  502.891561][T12116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  502.891579][T12116] RSP: 002b:00007f70717d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136
[  502.891597][T12116] RAX: ffffffffffffffda RBX: 00007f7070be5fa0 RCX: 00007f707098eec9
[  502.891609][T12116] RDX: 0000040000000001 RSI: 0000200000000080 RDI: 0000000000000587
[  502.891619][T12116] RBP: 00007f7070a11f91 R08: 000000000000000a R09: 0000000000000000
[  502.891630][T12116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  502.891640][T12116] R13: 00007f7070be6038 R14: 00007f7070be5fa0 R15: 00007ffe10fc9df8
[  502.891663][T12116]  </TASK>
[  505.243732][T12157] sg_write: data in/out 2359516/83 bytes for SCSI command 0x0-- guessing data in;
[  505.243732][T12157]    program syz.3.1288 not setting count and/or reply_len properly

syzkaller
syzkaller login: [  506.450573][T12195] FAULT_INJECTION: forcing a failure.
[  506.450573][T12195] name failslab, interval 1, probability 0, space 0, times 0
[  506.565749][T12195] CPU: 0 UID: 0 PID: 12195 Comm: syz.1.1295 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  506.565787][T12195] Tainted: [U]=USER
[  506.565793][T12195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  506.565804][T12195] Call Trace:
[  506.565810][T12195]  <TASK>
[  506.565817][T12195]  dump_stack_lvl+0x16c/0x1f0
[  506.565844][T12195]  should_fail_ex+0x512/0x640
[  506.565866][T12195]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  506.565888][T12195]  should_failslab+0xc2/0x120
[  506.565914][T12195]  kmem_cache_alloc_noprof+0x75/0x6e0
[  506.565932][T12195]  ? dup_fd+0x4e/0xb90
[  506.565953][T12195]  ? dup_fd+0x4e/0xb90
[  506.565968][T12195]  dup_fd+0x4e/0xb90
[  506.565989][T12195]  ? apparmor_task_alloc+0x2c2/0x3b0
[  506.566018][T12195]  copy_process+0x2312/0x76a0
[  506.566041][T12195]  ? __pfx___futex_wait+0x10/0x10
[  506.566070][T12195]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  506.566097][T12195]  ? __pfx_copy_process+0x10/0x10
[  506.566119][T12195]  ? futex_private_hash_put+0x176/0x300
[  506.566146][T12195]  ? futex_private_hash_put+0x18a/0x300
[  506.566173][T12195]  kernel_clone+0xfc/0x930
[  506.566197][T12195]  ? __pfx_kernel_clone+0x10/0x10
[  506.566234][T12195]  __do_sys_clone+0xce/0x120
[  506.566256][T12195]  ? __pfx___do_sys_clone+0x10/0x10
[  506.566289][T12195]  ? xfd_validate_state+0x61/0x180
[  506.566323][T12195]  do_syscall_64+0xcd/0xfa0
[  506.566346][T12195]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  506.566365][T12195] RIP: 0033:0x7f707098eec9
[  506.566380][T12195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  506.566398][T12195] RSP: 002b:00007f70717b2fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  506.566417][T12195] RAX: ffffffffffffffda RBX: 00007f7070be6090 RCX: 00007f707098eec9
[  506.566429][T12195] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011
[  506.566439][T12195] RBP: 00007f7070a11f91 R08: 0000000000000000 R09: 0000000000000000
[  506.566449][T12195] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  506.566460][T12195] R13: 00007f7070be6128 R14: 00007f7070be6090 R15: 00007ffe10fc9df8
[  506.566484][T12195]  </TASK>
[  507.068829][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  507.076925][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  508.758827][T12223] sg_write: data in/out 2359516/83 bytes for SCSI command 0x0-- guessing data in;
[  508.758827][T12223]    program syz.1.1301 not setting count and/or reply_len properly
[  509.715519][T12248] random: crng reseeded on system resumption
[  512.117548][T12269] sg_write: data in/out 2359516/83 bytes for SCSI command 0x0-- guessing data in;
[  512.117548][T12269]    program syz.3.1313 not setting count and/or reply_len properly
[  513.687912][T12300] random: crng reseeded on system resumption
[  516.380349][T12355] FAULT_INJECTION: forcing a failure.
[  516.380349][T12355] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  516.521591][T12355] CPU: 0 UID: 0 PID: 12355 Comm: syz.2.1330 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  516.521639][T12355] Tainted: [U]=USER
[  516.521646][T12355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  516.521657][T12355] Call Trace:
[  516.521664][T12355]  <TASK>
[  516.521671][T12355]  dump_stack_lvl+0x16c/0x1f0
[  516.521698][T12355]  should_fail_ex+0x512/0x640
[  516.521724][T12355]  should_fail_alloc_page+0xe7/0x130
[  516.521751][T12355]  prepare_alloc_pages+0x3c2/0x610
[  516.521775][T12355]  ? rcu_is_watching+0x12/0xc0
[  516.521798][T12355]  __alloc_frozen_pages_noprof+0x18b/0x2470
[  516.521821][T12355]  ? rcu_is_watching+0x12/0xc0
[  516.521840][T12355]  ? trace_mm_page_alloc+0x11f/0x1a0
[  516.521864][T12355]  ? __alloc_frozen_pages_noprof+0x292/0x2470
[  516.521886][T12355]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  516.521908][T12355]  ? is_bpf_text_address+0x8a/0x1a0
[  516.521934][T12355]  ? bpf_ksym_find+0x124/0x1c0
[  516.521956][T12355]  ? is_bpf_text_address+0x94/0x1a0
[  516.521981][T12355]  ? kernel_text_address+0x8d/0x100
[  516.522010][T12355]  ? __lock_acquire+0x62e/0x1ce0
[  516.522034][T12355]  ? __kernel_text_address+0xd/0x40
[  516.522050][T12355]  ? unwind_get_return_address+0x59/0xa0
[  516.522077][T12355]  alloc_pages_bulk_noprof+0x71c/0x1410
[  516.522095][T12355]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  516.522127][T12355]  ? policy_nodemask+0xea/0x4e0
[  516.522153][T12355]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[  516.522173][T12355]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  516.522206][T12355]  kasan_populate_vmalloc+0x112/0x2d0
[  516.522225][T12355]  ? alloc_vmap_area+0x8b5/0x29e0
[  516.522252][T12355]  alloc_vmap_area+0x960/0x29e0
[  516.522283][T12355]  ? __pfx_alloc_vmap_area+0x10/0x10
[  516.522311][T12355]  __get_vm_area_node+0x1ca/0x330
[  516.522339][T12355]  __vmalloc_node_range_noprof+0x271/0x1480
[  516.522366][T12355]  ? kernel_clone+0xfc/0x930
[  516.522400][T12355]  ? kernel_clone+0xfc/0x930
[  516.522428][T12355]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  516.522459][T12355]  ? rcu_is_watching+0x12/0xc0
[  516.522480][T12355]  ? kernel_clone+0xfc/0x930
[  516.522501][T12355]  __vmalloc_node_noprof+0xad/0xf0
[  516.522527][T12355]  ? kernel_clone+0xfc/0x930
[  516.522551][T12355]  copy_process+0x2c77/0x76a0
[  516.522574][T12355]  ? __pfx___futex_wait+0x10/0x10
[  516.522601][T12355]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  516.522626][T12355]  ? lockdep_hardirqs_on+0x7c/0x110
[  516.522653][T12355]  ? __pfx_copy_process+0x10/0x10
[  516.522675][T12355]  ? futex_private_hash_put+0x176/0x300
[  516.522702][T12355]  ? futex_private_hash_put+0x18a/0x300
[  516.522729][T12355]  kernel_clone+0xfc/0x930
[  516.522754][T12355]  ? __pfx_kernel_clone+0x10/0x10
[  516.522791][T12355]  __do_sys_clone+0xce/0x120
[  516.522814][T12355]  ? __pfx___do_sys_clone+0x10/0x10
[  516.522848][T12355]  ? xfd_validate_state+0x61/0x180
[  516.522883][T12355]  do_syscall_64+0xcd/0xfa0
[  516.522904][T12355]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  516.522923][T12355] RIP: 0033:0x7f3de1b8eec9
[  516.522939][T12355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  516.522957][T12355] RSP: 002b:00007f3de2943fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  516.522975][T12355] RAX: ffffffffffffffda RBX: 00007f3de1de6090 RCX: 00007f3de1b8eec9
[  516.522987][T12355] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011
[  516.522998][T12355] RBP: 00007f3de1c11f91 R08: 0000000000000000 R09: 0000000000000000
[  516.523009][T12355] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  516.523019][T12355] R13: 00007f3de1de6128 R14: 00007f3de1de6090 R15: 00007fffcd1b7128
[  516.523043][T12355]  </TASK>
[  516.889832][    C0] vkms_vblank_simulate: vblank timer overrun
[  517.324298][T12355] syz.2.1330: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  517.385463][T12355] CPU: 0 UID: 0 PID: 12355 Comm: syz.2.1330 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  517.385496][T12355] Tainted: [U]=USER
[  517.385502][T12355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  517.385513][T12355] Call Trace:
[  517.385521][T12355]  <TASK>
[  517.385527][T12355]  dump_stack_lvl+0x16c/0x1f0
[  517.385554][T12355]  warn_alloc+0x248/0x3a0
[  517.385573][T12355]  ? __pfx_warn_alloc+0x10/0x10
[  517.385599][T12355]  ? kfree+0x2b8/0x6d0
[  517.385625][T12355]  ? __get_vm_area_node+0x2cd/0x330
[  517.385654][T12355]  ? __get_vm_area_node+0x2cd/0x330
[  517.385677][T12355]  ? __get_vm_area_node+0x208/0x330
[  517.385705][T12355]  __vmalloc_node_range_noprof+0xaf5/0x1480
[  517.385739][T12355]  ? kernel_clone+0xfc/0x930
[  517.385767][T12355]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  517.385799][T12355]  ? rcu_is_watching+0x12/0xc0
[  517.385821][T12355]  ? kernel_clone+0xfc/0x930
[  517.385842][T12355]  __vmalloc_node_noprof+0xad/0xf0
[  517.385868][T12355]  ? kernel_clone+0xfc/0x930
[  517.385892][T12355]  copy_process+0x2c77/0x76a0
[  517.385915][T12355]  ? __pfx___futex_wait+0x10/0x10
[  517.385942][T12355]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  517.385960][T12355]  ? lockdep_hardirqs_on+0x7c/0x110
[  517.385987][T12355]  ? __pfx_copy_process+0x10/0x10
[  517.386009][T12355]  ? futex_private_hash_put+0x176/0x300
[  517.386035][T12355]  ? futex_private_hash_put+0x18a/0x300
[  517.386061][T12355]  kernel_clone+0xfc/0x930
[  517.386085][T12355]  ? __pfx_kernel_clone+0x10/0x10
[  517.386119][T12355]  __do_sys_clone+0xce/0x120
[  517.386142][T12355]  ? __pfx___do_sys_clone+0x10/0x10
[  517.386175][T12355]  ? xfd_validate_state+0x61/0x180
[  517.386208][T12355]  do_syscall_64+0xcd/0xfa0
[  517.386229][T12355]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  517.386248][T12355] RIP: 0033:0x7f3de1b8eec9
[  517.386264][T12355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  517.386282][T12355] RSP: 002b:00007f3de2943fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  517.386300][T12355] RAX: ffffffffffffffda RBX: 00007f3de1de6090 RCX: 00007f3de1b8eec9
[  517.386311][T12355] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011
[  517.386322][T12355] RBP: 00007f3de1c11f91 R08: 0000000000000000 R09: 0000000000000000
[  517.386333][T12355] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  517.386343][T12355] R13: 00007f3de1de6128 R14: 00007f3de1de6090 R15: 00007fffcd1b7128
[  517.386366][T12355]  </TASK>
[  517.386372][T12355] Mem-Info:
[  518.504563][T12355] active_anon:28736 inactive_anon:15051 isolated_anon:0
[  518.504563][T12355]  active_file:19995 inactive_file:41693 isolated_file:0
[  518.504563][T12355]  unevictable:768 dirty:4795 writeback:0
[  518.504563][T12355]  slab_reclaimable:11542 slab_unreclaimable:93351
[  518.504563][T12355]  mapped:36090 shmem:30146 pagetables:1299
[  518.504563][T12355]  sec_pagetables:0 bounce:0
[  518.504563][T12355]  kernel_misc_reclaimable:0
[  518.504563][T12355]  free:1287328 free_pcp:7575 free_cma:0
[  518.550760][    C0] vkms_vblank_simulate: vblank timer overrun
[  518.762797][T12355] Node 0 active_anon:115672kB inactive_anon:61400kB active_file:78520kB inactive_file:166640kB unevictable:4292kB isolated(anon):0kB isolated(file):0kB mapped:144932kB dirty:19176kB writeback:0kB shmem:122740kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12208kB pagetables:4952kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  518.842240][T12393] FAULT_INJECTION: forcing a failure.
[  518.842240][T12393] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  518.892523][T12393] CPU: 0 UID: 0 PID: 12393 Comm: syz.3.1338 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  518.892560][T12393] Tainted: [U]=USER
[  518.892566][T12393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  518.892577][T12393] Call Trace:
[  518.892584][T12393]  <TASK>
[  518.892598][T12393]  dump_stack_lvl+0x16c/0x1f0
[  518.892623][T12393]  should_fail_ex+0x512/0x640
[  518.892650][T12393]  should_fail_alloc_page+0xe7/0x130
[  518.892677][T12393]  prepare_alloc_pages+0x3c2/0x610
[  518.892705][T12393]  __alloc_frozen_pages_noprof+0x18b/0x2470
[  518.892725][T12393]  ? __lock_acquire+0x62e/0x1ce0
[  518.892756][T12393]  ? __lock_acquire+0x62e/0x1ce0
[  518.892784][T12393]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  518.892813][T12393]  ? is_bpf_text_address+0x8a/0x1a0
[  518.892838][T12393]  ? bpf_ksym_find+0x124/0x1c0
[  518.892859][T12393]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  518.892882][T12393]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  518.892914][T12393]  ? policy_nodemask+0xea/0x4e0
[  518.892939][T12393]  alloc_pages_mpol+0x1fb/0x550
[  518.892964][T12393]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  518.892995][T12393]  folio_alloc_mpol_noprof+0x36/0x2f0
[  518.893024][T12393]  shmem_alloc_folio+0x135/0x160
[  518.893052][T12393]  shmem_alloc_and_add_folio+0x499/0xc20
[  518.893088][T12393]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  518.893120][T12393]  ? shmem_allowable_huge_orders+0xd4/0x3f0
[  518.893144][T12393]  shmem_get_folio_gfp+0x67f/0x1610
[  518.893167][T12393]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  518.893192][T12393]  shmem_fault+0x1fe/0xa30
[  518.893211][T12393]  ? __pfx_shmem_fault+0x10/0x10
[  518.893252][T12393]  ? rcu_is_watching+0x12/0xc0
[  518.893274][T12393]  ? kmem_cache_alloc_noprof+0x2a1/0x6e0
[  518.893292][T12393]  ? ptlock_alloc+0x1f/0x70
[  518.893320][T12393]  ? lockdep_init_map_type+0x5c/0x280
[  518.893347][T12393]  ? __raw_spin_lock_init+0x3a/0x110
[  518.893380][T12393]  ? __pfx_filemap_map_pages+0x10/0x10
[  518.893409][T12393]  __do_fault+0x10d/0x490
[  518.893430][T12393]  ? __pfx_filemap_map_pages+0x10/0x10
[  518.893458][T12393]  do_pte_missing+0x1a6/0x3ba0
[  518.893486][T12393]  ? __thp_vma_allowable_orders+0x1c8/0xcd0
[  518.893514][T12393]  ? __lock_acquire+0x62e/0x1ce0
[  518.893541][T12393]  __handle_mm_fault+0x1556/0x2aa0
[  518.893590][T12393]  ? __pfx___handle_mm_fault+0x10/0x10
[  518.893623][T12393]  ? find_held_lock+0x2b/0x80
[  518.893644][T12393]  ? mtree_load+0x2f9/0xa30
[  518.893681][T12393]  handle_mm_fault+0x589/0xd10
[  518.893714][T12393]  __get_user_pages+0x54e/0x3530
[  518.893749][T12393]  ? __pfx___get_user_pages+0x10/0x10
[  518.893781][T12393]  faultin_page_range+0x338/0x940
[  518.893813][T12393]  madvise_do_behavior+0x34c/0x530
[  518.893842][T12393]  ? __pfx_madvise_do_behavior+0x10/0x10
[  518.893869][T12393]  ? down_read+0x13d/0x480
[  518.893903][T12393]  do_madvise+0x176/0x240
[  518.893928][T12393]  ? __pfx_do_madvise+0x10/0x10
[  518.893952][T12393]  ? do_futex+0x122/0x350
[  518.893982][T12393]  ? find_held_lock+0x2b/0x80
[  518.894009][T12393]  ? xfd_validate_state+0x61/0x180
[  518.894041][T12393]  __x64_sys_madvise+0xa9/0x110
[  518.894066][T12393]  ? lockdep_hardirqs_on+0x7c/0x110
[  518.894086][T12393]  do_syscall_64+0xcd/0xfa0
[  518.894108][T12393]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  518.894127][T12393] RIP: 0033:0x7ff732d8eec9
[  518.894142][T12393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  518.894160][T12393] RSP: 002b:00007ff733bed038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[  518.894178][T12393] RAX: ffffffffffffffda RBX: 00007ff732fe5fa0 RCX: 00007ff732d8eec9
[  518.894190][T12393] RDX: 0000000000000017 RSI: ffffffffffff0005 RDI: 0000000000000000
[  518.894201][T12393] RBP: 00007ff732e11f91 R08: 0000000000000000 R09: 0000000000000000
[  518.894212][T12393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  518.894222][T12393] R13: 00007ff732fe6038 R14: 00007ff732fe5fa0 R15: 00007ffff3302df8
[  518.894247][T12393]  </TASK>
[  519.707957][T12355] Node 1 active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  519.768568][T12355] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  519.827850][T12355] lowmem_reserve[]: 0 2484 2485 2485 2485
[  519.837809][T12355] Node 0 DMA32 free:1206892kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB free_highatomic:0KB active_anon:114944kB inactive_anon:29836kB active_file:78416kB inactive_file:166640kB unevictable:4500kB writepending:19280kB zspages:0kB present:3129332kB managed:2543672kB mlocked:2964kB bounce:0kB free_pcp:74548kB local_pcp:74548kB free_cma:0kB
[  519.942008][T12355] lowmem_reserve[]: 0 0 1 1 1
[  519.956996][T12355] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB
[  520.024835][T12355] lowmem_reserve[]: 0 0 0 0 0
[  520.034856][T12355] Node 1 Normal free:3909952kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:132kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:2552kB local_pcp:2552kB free_cma:0kB
[  520.101434][T12355] lowmem_reserve[]: 0 0 0 0 0
[  520.116803][T12355] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  520.147855][T12355] Node 0 DMA32: 519*4kB (UME) 767*8kB (UME) 567*16kB (UM) 626*32kB (UM) 543*64kB (UME) 279*128kB (UME) 119*256kB (UME) 38*512kB (UME) 8*1024kB (UME) 2*2048kB (UM) 258*4096kB (M) = 1226756kB
[  520.197908][T12355] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  520.230997][T12355] Node 1 Normal: 218*4kB (UM) 33*8kB (UME) 21*16kB (UM) 200*32kB (UME) 98*64kB (UME) 44*128kB (UME) 14*256kB (UME) 11*512kB (UME) 2*1024kB (ME) 2*2048kB (UM) 946*4096kB (M) = 3909952kB
[  520.271804][T12355] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  520.299541][T12355] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  520.324222][T12355] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  520.344298][T12355] Node 1 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  520.363979][T12355] 80445 total pagecache pages
[  520.380409][T12355] 1 pages in swap cache
[  520.389042][T12355] Free swap  = 124992kB
[  520.408253][T12355] Total swap = 124996kB
[  520.412906][T12355] 2097051 pages RAM
[  520.419040][T12355] 0 pages HighMem/MovableOnly
[  520.427136][T12355] 429043 pages reserved
[  520.437960][T12355] 0 pages cma reserved
[  522.748703][T12451] FAULT_INJECTION: forcing a failure.
[  522.748703][T12451] name failslab, interval 1, probability 0, space 0, times 0
[  522.851058][T12451] CPU: 0 UID: 0 PID: 12451 Comm: syz.1.1351 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  522.851091][T12451] Tainted: [U]=USER
[  522.851097][T12451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  522.851107][T12451] Call Trace:
[  522.851115][T12451]  <TASK>
[  522.851122][T12451]  dump_stack_lvl+0x16c/0x1f0
[  522.851148][T12451]  should_fail_ex+0x512/0x640
[  522.851171][T12451]  ? __kmalloc_cache_noprof+0x5f/0x780
[  522.851204][T12451]  should_failslab+0xc2/0x120
[  522.851229][T12451]  __kmalloc_cache_noprof+0x72/0x780
[  522.851258][T12451]  ? ovs_flow_tbl_init+0x1cc/0x600
[  522.851291][T12451]  ? ovs_flow_tbl_init+0x1cc/0x600
[  522.851319][T12451]  ovs_flow_tbl_init+0x1cc/0x600
[  522.851350][T12451]  ovs_dp_cmd_new+0x251/0xe60
[  522.851385][T12451]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[  522.851419][T12451]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  522.851447][T12451]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  522.851479][T12451]  genl_family_rcv_msg_doit+0x206/0x2f0
[  522.851507][T12451]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  522.851541][T12451]  ? bpf_lsm_capable+0x9/0x10
[  522.851573][T12451]  ? security_capable+0x7e/0x260
[  522.851597][T12451]  ? ns_capable+0xd7/0x110
[  522.851620][T12451]  genl_rcv_msg+0x55c/0x800
[  522.851649][T12451]  ? __pfx_genl_rcv_msg+0x10/0x10
[  522.851675][T12451]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[  522.851713][T12451]  netlink_rcv_skb+0x155/0x420
[  522.851736][T12451]  ? __pfx_genl_rcv_msg+0x10/0x10
[  522.851763][T12451]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  522.851794][T12451]  ? netlink_deliver_tap+0x1ae/0xd30
[  522.851818][T12451]  genl_rcv+0x28/0x40
[  522.851841][T12451]  netlink_unicast+0x5aa/0x870
[  522.851871][T12451]  ? __pfx_netlink_unicast+0x10/0x10
[  522.851902][T12451]  netlink_sendmsg+0x8c8/0xdd0
[  522.851928][T12451]  ? __pfx_netlink_sendmsg+0x10/0x10
[  522.851953][T12451]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  522.851982][T12451]  ____sys_sendmsg+0xa98/0xc70
[  522.852010][T12451]  ? copy_msghdr_from_user+0x10a/0x160
[  522.852031][T12451]  ? __pfx_____sys_sendmsg+0x10/0x10
[  522.852062][T12451]  ? __pfx_futex_wake_mark+0x10/0x10
[  522.852094][T12451]  ___sys_sendmsg+0x134/0x1d0
[  522.852116][T12451]  ? __pfx____sys_sendmsg+0x10/0x10
[  522.852164][T12451]  __sys_sendmsg+0x16d/0x220
[  522.852186][T12451]  ? __pfx___sys_sendmsg+0x10/0x10
[  522.852206][T12451]  ? __x64_sys_futex+0x1e0/0x4c0
[  522.852244][T12451]  do_syscall_64+0xcd/0xfa0
[  522.852266][T12451]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  522.852285][T12451] RIP: 0033:0x7f707098eec9
[  522.852300][T12451] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  522.852318][T12451] RSP: 002b:00007f70717b3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  522.852336][T12451] RAX: ffffffffffffffda RBX: 00007f7070be6090 RCX: 00007f707098eec9
[  522.852348][T12451] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000007
[  522.852359][T12451] RBP: 00007f7070a11f91 R08: 0000000000000000 R09: 0000000000000000
[  522.852370][T12451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  522.852380][T12451] R13: 00007f7070be6128 R14: 00007f7070be6090 R15: 00007ffe10fc9df8
[  522.852403][T12451]  </TASK>
[  523.869525][T12469] FAULT_INJECTION: forcing a failure.
[  523.869525][T12469] name failslab, interval 1, probability 0, space 0, times 0
[  523.982087][T12469] CPU: 0 UID: 0 PID: 12469 Comm: syz.2.1354 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  523.982116][T12469] Tainted: [U]=USER
[  523.982122][T12469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  523.982133][T12469] Call Trace:
[  523.982139][T12469]  <TASK>
[  523.982146][T12469]  dump_stack_lvl+0x16c/0x1f0
[  523.982172][T12469]  should_fail_ex+0x512/0x640
[  523.982194][T12469]  ? fs_reclaim_acquire+0xae/0x150
[  523.982220][T12469]  should_failslab+0xc2/0x120
[  523.982244][T12469]  __kmalloc_noprof+0xdd/0x880
[  523.982272][T12469]  ? tomoyo_encode2+0x100/0x3e0
[  523.982295][T12469]  ? tomoyo_encode2+0x100/0x3e0
[  523.982311][T12469]  tomoyo_encode2+0x100/0x3e0
[  523.982331][T12469]  tomoyo_encode+0x29/0x50
[  523.982348][T12469]  tomoyo_realpath_from_path+0x18f/0x6e0
[  523.982373][T12469]  tomoyo_check_open_permission+0x2ab/0x3c0
[  523.982400][T12469]  ? path_openat+0xda/0x2cb0
[  523.982419][T12469]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  523.982446][T12469]  ? do_syscall_64+0xcd/0xfa0
[  523.982484][T12469]  ? lock_acquire+0x179/0x350
[  523.982509][T12469]  ? find_held_lock+0x2b/0x80
[  523.982528][T12469]  ? mnt_get_write_access+0x52/0x2f0
[  523.982554][T12469]  tomoyo_file_open+0x6b/0x90
[  523.982585][T12469]  security_file_open+0x84/0x1e0
[  523.982604][T12469]  do_dentry_open+0x596/0x1530
[  523.982631][T12469]  vfs_open+0x82/0x3f0
[  523.982658][T12469]  path_openat+0x1de4/0x2cb0
[  523.982684][T12469]  ? __pfx_path_openat+0x10/0x10
[  523.982709][T12469]  do_filp_open+0x20b/0x470
[  523.982729][T12469]  ? __pfx_do_filp_open+0x10/0x10
[  523.982764][T12469]  ? alloc_fd+0x471/0x7d0
[  523.982787][T12469]  do_sys_openat2+0x11b/0x1d0
[  523.982812][T12469]  ? __pfx_do_sys_openat2+0x10/0x10
[  523.982837][T12469]  ? find_held_lock+0x2b/0x80
[  523.982855][T12469]  ? handle_mm_fault+0x2ab/0xd10
[  523.982888][T12469]  __x64_sys_openat+0x174/0x210
[  523.982914][T12469]  ? __pfx___x64_sys_openat+0x10/0x10
[  523.982950][T12469]  do_syscall_64+0xcd/0xfa0
[  523.982971][T12469]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  523.982989][T12469] RIP: 0033:0x7f3de1b8eec9
[  523.983004][T12469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  523.983022][T12469] RSP: 002b:00007f3ddfdf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  523.983039][T12469] RAX: ffffffffffffffda RBX: 00007f3de1de6180 RCX: 00007f3de1b8eec9
[  523.983051][T12469] RDX: 0000000000109041 RSI: 0000000000000000 RDI: ffffffffffffff9c
[  523.983062][T12469] RBP: 00007f3de1c11f91 R08: 0000000000000000 R09: 0000000000000000
[  523.983072][T12469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  523.983083][T12469] R13: 00007f3de1de6218 R14: 00007f3de1de6180 R15: 00007fffcd1b7128
[  523.983106][T12469]  </TASK>
[  523.983125][T12469] ERROR: Out of memory at tomoyo_realpath_from_path.
[  524.776948][T12492] FAULT_INJECTION: forcing a failure.
[  524.776948][T12492] name failslab, interval 1, probability 0, space 0, times 0
[  524.894874][T12492] CPU: 0 UID: 0 PID: 12492 Comm: syz.0.1360 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  524.894908][T12492] Tainted: [U]=USER
[  524.894914][T12492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  524.894925][T12492] Call Trace:
[  524.894931][T12492]  <TASK>
[  524.894939][T12492]  dump_stack_lvl+0x16c/0x1f0
[  524.894966][T12492]  should_fail_ex+0x512/0x640
[  524.894989][T12492]  ? __kmalloc_node_track_caller_noprof+0xcb/0x8a0
[  524.895015][T12492]  should_failslab+0xc2/0x120
[  524.895041][T12492]  __kmalloc_node_track_caller_noprof+0xde/0x8a0
[  524.895064][T12492]  ? register_ip_vs_app+0x17a/0x370
[  524.895089][T12492]  ? kmemdup_noprof+0x29/0x60
[  524.895107][T12492]  kmemdup_noprof+0x29/0x60
[  524.895126][T12492]  register_ip_vs_app+0x17a/0x370
[  524.895149][T12492]  __ip_vs_ftp_init+0x60/0x220
[  524.895171][T12492]  ? __ip_vs_lblcr_init+0x189/0x330
[  524.895190][T12492]  ? __pfx___ip_vs_ftp_init+0x10/0x10
[  524.895212][T12492]  ops_init+0x1df/0x5f0
[  524.895237][T12492]  setup_net+0x100/0x390
[  524.895259][T12492]  ? __pfx_setup_net+0x10/0x10
[  524.895288][T12492]  ? debug_mutex_init+0x37/0x70
[  524.895311][T12492]  copy_net_ns+0x2f8/0x690
[  524.895337][T12492]  create_new_namespaces+0x3ea/0xa90
[  524.895364][T12492]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  524.895388][T12492]  ksys_unshare+0x45b/0xa40
[  524.895413][T12492]  ? __pfx_ksys_unshare+0x10/0x10
[  524.895439][T12492]  ? xfd_validate_state+0x61/0x180
[  524.895472][T12492]  __x64_sys_unshare+0x31/0x40
[  524.895496][T12492]  do_syscall_64+0xcd/0xfa0
[  524.895518][T12492]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  524.895544][T12492] RIP: 0033:0x7fe0da58eec9
[  524.895560][T12492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  524.895578][T12492] RSP: 002b:00007fe0db437038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  524.895596][T12492] RAX: ffffffffffffffda RBX: 00007fe0da7e6090 RCX: 00007fe0da58eec9
[  524.895608][T12492] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  524.895620][T12492] RBP: 00007fe0da611f91 R08: 0000000000000000 R09: 0000000000000000
[  524.895631][T12492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  524.895641][T12492] R13: 00007fe0da7e6128 R14: 00007fe0da7e6090 R15: 00007ffea7798848
[  524.895666][T12492]  </TASK>
[  525.402186][T12494] sg_write: data in/out 2359516/83 bytes for SCSI command 0x0-- guessing data in;
[  525.402186][T12494]    program syz.1.1358 not setting count and/or reply_len properly
[  527.971787][T12533] FAULT_INJECTION: forcing a failure.
[  527.971787][T12533] name failslab, interval 1, probability 0, space 0, times 0
[  528.123287][T12533] CPU: 0 UID: 0 PID: 12533 Comm: syz.2.1367 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  528.123321][T12533] Tainted: [U]=USER
[  528.123327][T12533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  528.123338][T12533] Call Trace:
[  528.123344][T12533]  <TASK>
[  528.123352][T12533]  dump_stack_lvl+0x16c/0x1f0
[  528.123378][T12533]  should_fail_ex+0x512/0x640
[  528.123400][T12533]  ? __kmalloc_cache_noprof+0x5f/0x780
[  528.123433][T12533]  should_failslab+0xc2/0x120
[  528.123458][T12533]  __kmalloc_cache_noprof+0x72/0x780
[  528.123488][T12533]  ? kernfs_fop_open+0xa3a/0xda0
[  528.123521][T12533]  ? kernfs_fop_open+0xa3a/0xda0
[  528.123556][T12533]  kernfs_fop_open+0xa3a/0xda0
[  528.123591][T12533]  do_dentry_open+0x97f/0x1530
[  528.123612][T12533]  ? __pfx_kernfs_fop_open+0x10/0x10
[  528.123646][T12533]  vfs_open+0x82/0x3f0
[  528.123674][T12533]  path_openat+0x1de4/0x2cb0
[  528.123702][T12533]  ? __pfx_path_openat+0x10/0x10
[  528.123728][T12533]  do_filp_open+0x20b/0x470
[  528.123748][T12533]  ? __pfx_do_filp_open+0x10/0x10
[  528.123784][T12533]  ? alloc_fd+0x471/0x7d0
[  528.123807][T12533]  do_sys_openat2+0x11b/0x1d0
[  528.123833][T12533]  ? __pfx_do_sys_openat2+0x10/0x10
[  528.123860][T12533]  ? find_held_lock+0x2b/0x80
[  528.123885][T12533]  __x64_sys_openat+0x174/0x210
[  528.123912][T12533]  ? __pfx___x64_sys_openat+0x10/0x10
[  528.123948][T12533]  do_syscall_64+0xcd/0xfa0
[  528.123970][T12533]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  528.123989][T12533] RIP: 0033:0x7f3de1b8eec9
[  528.124004][T12533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  528.124022][T12533] RSP: 002b:00007f3de2944038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  528.124039][T12533] RAX: ffffffffffffffda RBX: 00007f3de1de6090 RCX: 00007f3de1b8eec9
[  528.124051][T12533] RDX: 000000000000a800 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  528.124062][T12533] RBP: 00007f3de1c11f91 R08: 0000000000000000 R09: 0000000000000000
[  528.124073][T12533] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  528.124083][T12533] R13: 00007f3de1de6128 R14: 00007f3de1de6090 R15: 00007fffcd1b7128
[  528.124107][T12533]  </TASK>

syzkaller
syzkaller login: [  529.569930][T12558] sg_write: data in/out 2359516/83 bytes for SCSI command 0x0-- guessing data in;
[  529.569930][T12558]    program syz.0.1371 not setting count and/or reply_len properly
[  530.336017][T12574] random: crng reseeded on system resumption
[  531.217064][T12594] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1379'.
[  534.638078][T12668] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1391'.
[  535.053245][T12675] futex_wake_op: syz.3.1392 tries to shift op by -9; fix this program
[  536.516361][T12708] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1399'.
[  536.869289][T12704] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1399'.
[  542.339085][T12794] mkiss: ax0: crc mode is auto.
[  544.768907][T12853] netlink: 146 bytes leftover after parsing attributes in process `syz.1.1435'.
[  545.289182][T11261] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  545.299004][T11261] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  545.307296][T11261] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  545.316804][T11261] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  545.326412][T11261] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  545.928504][T12867] ptrace attach of "./syz-executor exec"[12873] was attempted by "./syz-executor exec"[12867]
[  546.155855][T12871] ==================================================================
[  546.155870][T12871] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x1a6f/0x1e60
[  546.155905][T12871] Write of size 8 at addr ffffc900038698c0 by task syz.1.1437/12871
[  546.155921][T12871] 
[  546.155932][T12871] CPU: 0 UID: 0 PID: 12871 Comm: syz.1.1437 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  546.155959][T12871] Tainted: [U]=USER
[  546.155965][T12871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  546.155977][T12871] Call Trace:
[  546.155984][T12871]  <TASK>
[  546.155991][T12871]  dump_stack_lvl+0x116/0x1f0
[  546.156013][T12871]  print_report+0xcd/0x630
[  546.156036][T12871]  ? __virt_addr_valid+0x81/0x610
[  546.156062][T12871]  ? sys_imageblit+0x1a6f/0x1e60
[  546.156089][T12871]  kasan_report+0xe0/0x110
[  546.156112][T12871]  ? sys_imageblit+0x1a6f/0x1e60
[  546.156140][T12871]  sys_imageblit+0x1a6f/0x1e60
[  546.156169][T12871]  ? __pfx_sys_imageblit+0x10/0x10
[  546.156197][T12871]  ? do_raw_spin_lock+0x12c/0x2b0
[  546.156229][T12871]  ? queue_work_on+0x12a/0x1f0
[  546.156245][T12871]  ? lockdep_hardirqs_on+0x7c/0x110
[  546.156264][T12871]  ? queue_work_on+0x8b/0x1f0
[  546.156280][T12871]  drm_fbdev_shmem_defio_imageblit+0x20/0x130
[  546.156308][T12871]  bit_putcs+0x912/0xde0
[  546.156334][T12871]  ? __pfx_bit_putcs+0x10/0x10
[  546.156355][T12871]  ? find_held_lock+0x2b/0x80
[  546.156375][T12871]  ? fb_get_color_depth+0x120/0x250
[  546.156394][T12871]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  546.156425][T12871]  ? __pfx_bit_putcs+0x10/0x10
[  546.156446][T12871]  fbcon_putcs+0x387/0x450
[  546.156464][T12871]  ? __pfx_fbcon_putcs+0x10/0x10
[  546.156483][T12871]  do_con_write+0xff0/0x8290
[  546.156511][T12871]  ? exit_tasks_rcu_start+0x130/0x2f0
[  546.156539][T12871]  ? __pfx___mutex_lock+0x10/0x10
[  546.156561][T12871]  ? __pfx_do_con_write+0x10/0x10
[  546.156588][T12871]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  546.156611][T12871]  ? con_write+0x93/0xb0
[  546.156638][T12871]  con_write+0x23/0xb0
[  546.156664][T12871]  n_tty_write+0x41b/0x11e0
[  546.156687][T12871]  ? __pfx_n_tty_write+0x10/0x10
[  546.156711][T12871]  ? trace_kmalloc+0x2b/0xd0
[  546.156732][T12871]  ? __pfx_woken_wake_function+0x10/0x10
[  546.156762][T12871]  ? kfree+0x252/0x6d0
[  546.156789][T12871]  ? __pfx_n_tty_write+0x10/0x10
[  546.156808][T12871]  file_tty_write.constprop.0+0x500/0x9b0
[  546.156838][T12871]  redirected_tty_write+0xd4/0x150
[  546.156865][T12871]  vfs_write+0x7d3/0x11d0
[  546.156886][T12871]  ? __pfx_redirected_tty_write+0x10/0x10
[  546.156914][T12871]  ? __pfx_vfs_write+0x10/0x10
[  546.156931][T12871]  ? find_held_lock+0x2b/0x80
[  546.156954][T12871]  ksys_write+0x12a/0x250
[  546.156972][T12871]  ? __pfx_ksys_write+0x10/0x10
[  546.156993][T12871]  do_syscall_64+0xcd/0xfa0
[  546.157013][T12871]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  546.157031][T12871] RIP: 0033:0x7f707098eec9
[  546.157046][T12871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  546.157065][T12871] RSP: 002b:00007f70717b3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  546.157083][T12871] RAX: ffffffffffffffda RBX: 00007f7070be6090 RCX: 00007f707098eec9
[  546.157095][T12871] RDX: 0000000000000cb6 RSI: 0000200000000e00 RDI: 0000000000000008
[  546.157107][T12871] RBP: 00007f7070a11f91 R08: 0000000000000000 R09: 0000000000000000
[  546.157118][T12871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  546.157128][T12871] R13: 00007f7070be6128 R14: 00007f7070be6090 R15: 00007ffe10fc9df8
[  546.157146][T12871]  </TASK>
[  546.157152][T12871] 
[  546.157157][T12871] The buggy address belongs to a vmalloc virtual mapping
[  546.157172][T12871] Memory state around the buggy address:
[  546.157182][T12871]  ffffc90003869780: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  546.157195][T12871]  ffffc90003869800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  546.157207][T12871] >ffffc90003869880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  546.157217][T12871]                                            ^
[  546.157227][T12871]  ffffc90003869900: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  546.157240][T12871]  ffffc90003869980: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  546.157250][T12871] ==================================================================
[  546.157261][T12871] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  546.157275][T12871] CPU: 0 UID: 0 PID: 12871 Comm: syz.1.1437 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  546.157301][T12871] Tainted: [U]=USER
[  546.157308][T12871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  546.157318][T12871] Call Trace:
[  546.157324][T12871]  <TASK>
[  546.157331][T12871]  dump_stack_lvl+0x3d/0x1f0
[  546.157351][T12871]  vpanic+0x640/0x6f0
[  546.157377][T12871]  panic+0xca/0xd0
[  546.157403][T12871]  ? __pfx_panic+0x10/0x10
[  546.157432][T12871]  check_panic_on_warn+0xab/0xb0
[  546.157460][T12871]  end_report+0x107/0x170
[  546.157482][T12871]  kasan_report+0xee/0x110
[  546.157505][T12871]  ? sys_imageblit+0x1a6f/0x1e60
[  546.157535][T12871]  sys_imageblit+0x1a6f/0x1e60
[  546.157564][T12871]  ? __pfx_sys_imageblit+0x10/0x10
[  546.157592][T12871]  ? do_raw_spin_lock+0x12c/0x2b0
[  546.157625][T12871]  ? queue_work_on+0x12a/0x1f0
[  546.157640][T12871]  ? lockdep_hardirqs_on+0x7c/0x110
[  546.157660][T12871]  ? queue_work_on+0x8b/0x1f0
[  546.157676][T12871]  drm_fbdev_shmem_defio_imageblit+0x20/0x130
[  546.157714][T12871]  bit_putcs+0x912/0xde0
[  546.157742][T12871]  ? __pfx_bit_putcs+0x10/0x10
[  546.157763][T12871]  ? find_held_lock+0x2b/0x80
[  546.157784][T12871]  ? fb_get_color_depth+0x120/0x250
[  546.157804][T12871]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  546.157837][T12871]  ? __pfx_bit_putcs+0x10/0x10
[  546.157858][T12871]  fbcon_putcs+0x387/0x450
[  546.157877][T12871]  ? __pfx_fbcon_putcs+0x10/0x10
[  546.157896][T12871]  do_con_write+0xff0/0x8290
[  546.157924][T12871]  ? exit_tasks_rcu_start+0x130/0x2f0
[  546.157953][T12871]  ? __pfx___mutex_lock+0x10/0x10
[  546.157974][T12871]  ? __pfx_do_con_write+0x10/0x10
[  546.158001][T12871]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  546.158025][T12871]  ? con_write+0x93/0xb0
[  546.158052][T12871]  con_write+0x23/0xb0
[  546.158079][T12871]  n_tty_write+0x41b/0x11e0
[  546.158101][T12871]  ? __pfx_n_tty_write+0x10/0x10
[  546.158119][T12871]  ? trace_kmalloc+0x2b/0xd0
[  546.158141][T12871]  ? __pfx_woken_wake_function+0x10/0x10
[  546.158171][T12871]  ? kfree+0x252/0x6d0
[  546.158198][T12871]  ? __pfx_n_tty_write+0x10/0x10
[  546.158218][T12871]  file_tty_write.constprop.0+0x500/0x9b0
[  546.158248][T12871]  redirected_tty_write+0xd4/0x150
[  546.158275][T12871]  vfs_write+0x7d3/0x11d0
[  546.158294][T12871]  ? __pfx_redirected_tty_write+0x10/0x10
[  546.158322][T12871]  ? __pfx_vfs_write+0x10/0x10
[  546.158340][T12871]  ? find_held_lock+0x2b/0x80
[  546.158364][T12871]  ksys_write+0x12a/0x250
[  546.158382][T12871]  ? __pfx_ksys_write+0x10/0x10
[  546.158404][T12871]  do_syscall_64+0xcd/0xfa0
[  546.158424][T12871]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  546.158442][T12871] RIP: 0033:0x7f707098eec9
[  546.158455][T12871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  546.158473][T12871] RSP: 002b:00007f70717b3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  546.158490][T12871] RAX: ffffffffffffffda RBX: 00007f7070be6090 RCX: 00007f707098eec9
[  546.158503][T12871] RDX: 0000000000000cb6 RSI: 0000200000000e00 RDI: 0000000000000008
[  546.158514][T12871] RBP: 00007f7070a11f91 R08: 0000000000000000 R09: 0000000000000000
[  546.158526][T12871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  546.158537][T12871] R13: 00007f7070be6128 R14: 00007f7070be6090 R15: 00007ffe10fc9df8
[  546.158554][T12871]  </TASK>
[  546.158617][T12871] Kernel Offset: disabled