last executing test programs:

17m52.184734081s ago: executing program 1 (id=438):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0)
r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0)
read$auto(r1, 0x0, 0xb4d4)
write$auto(r0, 0x0, 0x200)
write$auto(0x3, 0x0, 0xffd8)
open(0x0, 0x62240, 0x154)

17m51.443099845s ago: executing program 1 (id=443):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x2, 0x15)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd8\x00', 0x0, 0x0)
pipe$auto(0x0)
dup2$auto(0x5, 0x4)
write$auto(0x6, 0x0, 0x100000001)
splice$auto(0x4, 0x0, 0x2, 0x0, 0x1013, 0xf)

17m50.53796114s ago: executing program 1 (id=451):
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
r0 = socket(0x2, 0x5, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
socket(0x2, 0x80805, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311)
connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x0, @rand_addr=0x64010101}, 0x55)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)

17m49.979804641s ago: executing program 2 (id=454):
preadv2$auto(0x3, 0x0, 0x5, 0xffffffffffffffff, 0x7, 0x2e)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0xeb1, 0x401, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xc0000, 0x0)
writev$auto(0xffffffffffffffff, 0x0, 0x8)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
madvise$auto(0x0, 0x2003f0, 0x15)

17m49.971115326s ago: executing program 1 (id=462):
madvise$auto(0x0, 0x2000040080000004, 0xe)
r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/self/clear_refs\x00', 0x2, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r1 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000)
recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x1, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x200002, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0)
write$auto_proc_clear_refs_operations_internal(r0, 0x0, 0xffffff4b)
connect$auto(0xffffffffffffffff, &(0x7f00000018c0)=@generic={0xa}, 0x55)
mprotect$auto(0x200000000000, 0x806121, 0x6)

17m48.91446523s ago: executing program 1 (id=458):
mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x100000000)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x2, 0x3, 0x6)
lsm_list_modules$auto(0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e)
ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0)
rename$auto(&(0x7f0000000480)='./file0\x00', 0x0)

17m48.858569407s ago: executing program 2 (id=459):
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r1)
ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f00000000c0)={0x2, 0x0, [{0xc0010140, 0xfffffe01, 0x35}]})

17m48.580270652s ago: executing program 1 (id=460):
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0)
unshare$auto(0x40000080)
readv$auto(r0, &(0x7f0000000100)={0x0, 0x6}, 0x6)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
socket(0xa, 0x3, 0x3b)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendto$auto(0x3, 0x0, 0x2000f, 0x0, 0x0, 0x1c)
connect$auto(0x3, 0x0, 0x54)
msgctl$auto_MSG_INFO(0xb, 0xc, 0x0)

17m48.459611104s ago: executing program 2 (id=464):
mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000)
writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1)
pread64$auto(0xffffffffffffffff, 0x0, 0x7ff, 0x400)
socket(0x1e, 0x1, 0x0)
openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x121900, 0x0)
socket(0x21, 0x3, 0x9)
r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cec8\x00', 0x40101, 0x0)
write$auto_event_trigger_fops_trace(r0, &(0x7f0000000340)="087a5fc885515accc34eb3c38a3a401bd245bdd75afcd2d75b35e79aaa1b0ef394e5", 0x22)

17m47.295347017s ago: executing program 2 (id=467):
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_allowed_congestion_control\x00', 0x0, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
socket(0x2, 0x1, 0x0)
sysfs$auto(0x2, 0x0, 0x0)
epoll_create$auto(0x4)
epoll_ctl$auto(0x5, 0x1, 0x8000000000000000, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
epoll_ctl$auto(0x5, 0x1, r0, 0x0)
close_range$auto(0x2, 0x8, 0x0)

17m46.79712772s ago: executing program 2 (id=470):
mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x100000000)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x2, 0x3, 0x6)
lsm_list_modules$auto(0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e)
ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0)
rename$auto(&(0x7f0000000480)='./file0\x00', 0x0)

17m46.558805432s ago: executing program 2 (id=471):
mmap$auto(0x0, 0x3, 0x1000df, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/enable\x00', 0x300, 0x0)
pread64$auto(0xffffffffffffffff, 0x0, 0x200000000006, 0x8)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0)
r1 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000580), 0x400, 0x0)
ioctl$auto_BCH_IOCTL_FSCK_OFFLINE(r1, 0x4018bc13, &(0x7f00000005c0)={0x0, 0x9d, 0x720, [0x3f]})

17m33.507465101s ago: executing program 32 (id=460):
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0)
unshare$auto(0x40000080)
readv$auto(r0, &(0x7f0000000100)={0x0, 0x6}, 0x6)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
socket(0xa, 0x3, 0x3b)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendto$auto(0x3, 0x0, 0x2000f, 0x0, 0x0, 0x1c)
connect$auto(0x3, 0x0, 0x54)
msgctl$auto_MSG_INFO(0xb, 0xc, 0x0)

17m31.372662953s ago: executing program 33 (id=471):
mmap$auto(0x0, 0x3, 0x1000df, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/enable\x00', 0x300, 0x0)
pread64$auto(0xffffffffffffffff, 0x0, 0x200000000006, 0x8)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0)
r1 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000580), 0x400, 0x0)
ioctl$auto_BCH_IOCTL_FSCK_OFFLINE(r1, 0x4018bc13, &(0x7f00000005c0)={0x0, 0x9d, 0x720, [0x3f]})

5.821672131s ago: executing program 3 (id=5390):
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
r0 = socket(0xa, 0x3, 0xff)
connect$auto(r0, &(0x7f00000018c0)=@generic={0xa}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
mmap$auto(0x200, 0x400008, 0x200, 0x9b72, 0xffffffffffffffff, 0x6)
r1 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0)
write$auto_proc_mem_operations_base(r1, &(0x7f0000001680)="a7", 0x80000)
mmap$auto(0x0, 0x20009, 0x4001000000df, 0xeb1, 0x401, 0x8000)
syz_clone3(0x0, 0x0)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2)
shmget$auto(0x8, 0x10563, 0x568d1af2)

4.788136411s ago: executing program 4 (id=5394):
mmap$auto(0x0, 0x400008, 0x200, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0x2000040080000004, 0xe)
r0 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x28401, 0x0)
write$auto_proc_mem_operations_base(r0, &(0x7f0000001680)="a7", 0x80000)
mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
r1 = openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000003880), 0x20000, 0x0)
timerfd_create$auto(0x9, 0x0)
pselect6$auto(0x9, &(0x7f0000000000)={[0x8, 0x4, 0x0, 0x6, 0x8001, 0x4000000000002bc8, 0xfff, 0x9, 0x3, 0xffffffff, 0x8000000000000001, 0x0, 0x2f, 0x2, 0x8, 0xfffffffffffffffe]}, 0x0, 0x0, 0x0, 0x0)
semctl$auto(0x1ff, 0x2, 0x13, 0x4)
ioctl$auto(0x3, 0x40085400, 0x5)
ioctl$auto_BTRFS_IOC_FORGET_DEV(r1, 0x50009405, 0x0)
mmap$auto(0x0, 0x100000000030009, 0x9, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0x2003f0, 0x15)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/kernel/seccomp/actions_logged\x00', 0x8202, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = open(&(0x7f0000000800)='./file0\x00', 0xe4201, 0x17c)
r4 = fcntl$auto(r3, 0x400, 0x1)
sendmsg$auto_GTP_CMD_GETPDP(r2, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000001}, 0xc, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="080028bd7000fedbdf250200000008000700", @ANYRES32=r4, @ANYBLOB="1400faff1f010000000000000000e40000000008"], 0x30}}, 0x40000)
read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000280)=""/65, 0x41)
r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ttyS2\x00', 0x201, 0x0)
clock_nanosleep$auto(0x400000, 0x1, 0x0, &(0x7f0000000040)={0x7fff, 0x2})
ioctl$auto_TIOCSTI2(r5, 0x5412, &(0x7f0000000040))

4.733894569s ago: executing program 3 (id=5395):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
socket(0xa, 0x1, 0x100)
r0 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
pread64$auto(r0, 0x0, 0x7ff, 0x400)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/conf/ip6tnl0/bootp_relay\x00', 0x5014c0, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0xc, 0x2, 0x6]}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004)
ioctl$auto(0x3, 0x2287, 0xffffffffffffffff)
socket(0x23, 0x80805, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0)
write$auto_proc_mem_operations_base(r2, &(0x7f0000001680)="a7", 0x80000)
madvise$auto(0x0, 0x20200, 0x15)
prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0)
prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0)
r3 = openat$auto_minstrel_ht_stat_csv_fops_rc80211_minstrel_ht_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/ieee80211/phy3/netdev:wlan0/stations/08:02:11:00:00:01/rc_stats_csv\x00', 0x80, 0x0)
read$auto_minstrel_ht_stat_csv_fops_rc80211_minstrel_ht_debugfs(r3, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)

4.562228258s ago: executing program 0 (id=5396):
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
nanosleep$auto(&(0x7f0000000180)={0x0, 0x44d4}, 0x0)
getpid()
clock_nanosleep$auto(0x9, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x5, 0x2, 0x2]}, 0x0)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
socket(0xa, 0x2, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)

4.528276247s ago: executing program 4 (id=5397):
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
socket(0xa, 0x3, 0x3b)
connect$auto(0x3, 0x0, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
nanosleep$auto(&(0x7f0000000180)={0x0, 0x44d4}, 0x0)
getpid()
clock_nanosleep$auto(0x9, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x5, 0x2, 0x2]}, 0x0)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
socket(0xa, 0x2, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)

3.919245031s ago: executing program 3 (id=5398):
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
r0 = socket(0xa, 0x2, 0x0)
r1 = socket(0xa, 0x3, 0xff)
connect$auto(r1, &(0x7f00000018c0)=@generic={0xa}, 0x55)
mmap$auto(0x200, 0x400008, 0x200, 0x9b72, r0, 0x6)
r2 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0)
write$auto_proc_mem_operations_base(r2, &(0x7f0000001680)="a7", 0x80000)
mmap$auto(0x0, 0x20009, 0x4001000000df, 0xeb1, 0x401, 0x8000)
syz_clone3(0x0, 0x0)
madvise$auto(0x1ffff000, 0x7, 0x100000000)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2)
shmget$auto(0x8, 0x10563, 0x568d1af2)
ioperm$auto(0x7, 0x6, 0x2)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0)

3.473107646s ago: executing program 0 (id=5399):
r0 = open(0x0, 0x591083, 0x408)
ioctl$auto(0xffffffffffffffff, 0x64c5, 0xffffffffffffffff)
ioctl$auto_USBDEVFS_CLAIM_PORT(r0, 0x80045518, &(0x7f0000000140)=0x91d)
pipe$auto(&(0x7f0000000040))
socket(0x1d, 0x2, 0x2)
openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bluetooth/hci7/hci7:201\x00', 0x4000, 0x0)
ioprio_set$auto(0x3, 0x0, 0x4b34)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8081, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
open(0x0, 0xc0000, 0x1)
writev$auto(0x1, 0x0, 0x1)
socket(0x1d, 0x2, 0x2)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x16, 0x940, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0xfff, 0x7, 0xb0, 0x9, 0x5, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x200}, 0x1fe, 0x81)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x8000)
r1 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)

3.44633374s ago: executing program 4 (id=5400):
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
nanosleep$auto(&(0x7f0000000180)={0x0, 0x44d4}, 0x0)
getpid()
clock_nanosleep$auto(0x9, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x5, 0x2, 0x2]}, 0x0)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
socket(0xa, 0x2, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)

3.297447079s ago: executing program 0 (id=5401):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mq_open$auto(0x0, 0xdd1, 0x8, 0x0)
mq_notify$auto(0x4, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
adjtimex$auto(&(0x7f00000005c0)={0xf332b6e, 0x0, 0xcea4, 0xfffffffffffffffd, 0xd4, 0x1, 0x0, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1007bfe, 0x0, 0x9, 0x81, 0xdfffffffffff628c, 0x2, 0xdeb1, 0x808})
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3db)
r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0)
ioctl$auto(r2, 0x401870cb, r2)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x381800, 0x0)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000)
sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, 0x0, 0x800)
mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
symlink$auto(&(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
readlinkat$auto(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='\\\x00', 0x80)
ioctl$auto_MTDFILEMODE(0xffffffffffffffff, 0x4d13, 0x0)
r3 = eventfd$auto(0x80)
read$auto(r3, 0x0, 0xcc9c)
listmount$auto(&(0x7f0000000100)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x2}, 0x0, 0xf4240, 0x1)
write$auto(0xffffffffffffffff, 0x0, 0x2b6)
r4 = open(0x0, 0x62240, 0x154)
execveat$auto(r4, &(0x7f0000000200)='\x00', 0x0, 0x0, 0x11000)
dup2$auto(r0, r0)

2.253361337s ago: executing program 4 (id=5403):
openat$auto_rfkill_fops_core(0xffffffffffffff9c, 0x0, 0xa480, 0x0)
socket(0x2, 0x2, 0x0)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, 0x0, 0x20c01, 0x0)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
setsockopt$auto_SO_RCVTIMEO_OLD(0xffffffffffffffff, 0x7, 0x14, 0x0, 0xea)
ioctl$auto_posix_clock_file_operations_posix_clock(0xffffffffffffffff, 0x2, 0x0)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9)
ppoll$auto(0x0, 0x6, 0x0, 0x0, 0x8)
mmap$auto(0x0, 0x8, 0xdf, 0xeb1, 0x0, 0x8002)
unshare$auto(0x40000080)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
io_uring_setup$auto(0x1, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x100, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66)
mmap$auto(0x0, 0x40009, 0xa, 0x9b72, 0x2, 0x28000)
r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0)
ioctl$auto_PAGEMAP_SCAN(r0, 0xc0606610, 0x0)
close_range$auto(0x2, 0x8000, 0x0)

2.14481523s ago: executing program 5 (id=5404):
mmap$auto(0x0, 0x400008, 0x200, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0x2000040080000004, 0xe)
timerfd_create$auto(0x9, 0x0)
semctl$auto(0x1ff, 0x2, 0x13, 0x4)
mmap$auto(0x0, 0x100000000030009, 0x9, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ttyS2\x00', 0x201, 0x0)
clock_nanosleep$auto(0x400000, 0x1, 0x0, &(0x7f0000000040)={0x7fff, 0x2})
ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0)

2.104826433s ago: executing program 0 (id=5405):
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
socket(0xa, 0x2, 0x0)
r0 = socket(0xa, 0x3, 0xff)
connect$auto(r0, &(0x7f00000018c0)=@generic={0xa}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
r1 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0)
write$auto_proc_mem_operations_base(r1, &(0x7f0000001680)="a7", 0x80000)
mmap$auto(0x0, 0x20009, 0x4001000000df, 0xeb1, 0x401, 0x8000)
syz_clone3(0x0, 0x0)
madvise$auto(0x1ffff000, 0x7, 0x100000000)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2)
shmget$auto(0x8, 0x10563, 0x568d1af2)
ioperm$auto(0x7, 0x6, 0x2)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0)

2.093691219s ago: executing program 3 (id=5406):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
r2 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0)
ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0)
ppoll$auto(&(0x7f0000000000)={r1, 0x40}, 0x2, 0x0, 0x0, 0x8)
modify_ldt$auto(0x1, 0x0, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0)
r3 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x0, 0x0)
pread64$auto(r3, 0x0, 0x7ff, 0x400)
inotify_rm_watch$auto(r2, 0x8001)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
getpid()
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0)
mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000)
write$auto(0x3, 0x0, 0xffd8)
unshare$auto(0x40000080)
openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs1\x00', 0x48080, 0x0)
fcntl$auto(0x3, 0x4, 0xa553)
process_mrelease$auto(0xffffffffffffffff, 0x0)
r4 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$auto_MACSEC_CMD_UPD_RXSC(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x2c, r4, 0x201, 0x70bd2a, 0x25dfdbfe, {}, [@MACSEC_ATTR_RXSC_CONFIG={0x10, 0x2, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0xa}]}, @MACSEC_ATTR_IFINDEX={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20004054}, 0x480b0)

1.958321456s ago: executing program 5 (id=5407):
socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
nanosleep$auto(&(0x7f0000000180)={0x0, 0x44d4}, 0x0)
getpid()
clock_nanosleep$auto(0x9, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x5, 0x2, 0x2]}, 0x0)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
socket(0xa, 0x2, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)

1.465529007s ago: executing program 5 (id=5408):
socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
nanosleep$auto(&(0x7f0000000180)={0x0, 0x44d4}, 0x0)
getpid()
clock_nanosleep$auto(0x9, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x5, 0x2, 0x2]}, 0x0)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
socket(0xa, 0x2, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)

1.421694457s ago: executing program 3 (id=5409):
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
r0 = socket(0xa, 0x2, 0x0)
r1 = socket(0xa, 0x3, 0xff)
connect$auto(r1, &(0x7f00000018c0)=@generic={0xa}, 0x55)
mmap$auto(0x200, 0x400008, 0x200, 0x9b72, r0, 0x6)
r2 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0)
write$auto_proc_mem_operations_base(r2, &(0x7f0000001680)="a7", 0x80000)
mmap$auto(0x0, 0x20009, 0x4001000000df, 0xeb1, 0x401, 0x8000)
syz_clone3(0x0, 0x0)
madvise$auto(0x1ffff000, 0x7, 0x100000000)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2)
shmget$auto(0x8, 0x10563, 0x568d1af2)
ioperm$auto(0x7, 0x6, 0x2)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0)

1.223199361s ago: executing program 4 (id=5410):
r0 = open(0x0, 0x591083, 0x408)
ioctl$auto(0xffffffffffffffff, 0x64c5, 0xffffffffffffffff)
ioctl$auto_USBDEVFS_CLAIM_PORT(r0, 0x80045518, &(0x7f0000000140)=0x91d)
pipe$auto(&(0x7f0000000040))
socket(0x1d, 0x2, 0x2)
openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bluetooth/hci7/hci7:201\x00', 0x4000, 0x0)
ioprio_set$auto(0x3, 0x0, 0x4b34)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8081, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
open(0x0, 0xc0000, 0x1)
writev$auto(0x1, 0x0, 0x1)
socket(0x1d, 0x2, 0x2)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x16, 0x940, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0xfff, 0x7, 0xb0, 0x9, 0x5, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x200}, 0x1fe, 0x81)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r1 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)

956.890537ms ago: executing program 4 (id=5411):
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
socket(0xa, 0x2, 0x0)
r0 = socket(0xa, 0x3, 0xff)
connect$auto(r0, &(0x7f00000018c0)=@generic={0xa}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
r1 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0)
write$auto_proc_mem_operations_base(r1, &(0x7f0000001680)="a7", 0x80000)
mmap$auto(0x0, 0x20009, 0x4001000000df, 0xeb1, 0x401, 0x8000)
syz_clone3(0x0, 0x0)
madvise$auto(0x1ffff000, 0x7, 0x100000000)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2)
shmget$auto(0x8, 0x10563, 0x568d1af2)
ioperm$auto(0x7, 0x6, 0x2)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0)

949.565154ms ago: executing program 5 (id=5412):
socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
nanosleep$auto(&(0x7f0000000180)={0x0, 0x44d4}, 0x0)
getpid()
clock_nanosleep$auto(0x9, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x5, 0x2, 0x2]}, 0x0)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
socket(0xa, 0x2, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)

571.660018ms ago: executing program 0 (id=5413):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r0, 0x107, 0xc, 0x0, 0x4)
close_range$auto(0x2, 0xa, 0x0)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
getsockopt$auto_SO_BUSY_POLL(r1, 0x9, 0x2e, &(0x7f0000000280)='$^%*/%{:!/-:\x00', &(0x7f00000002c0)=0xffff8001)
r2 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0x10000000000402)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/boot_params/data\x00', 0x2c40, 0x0)
r3 = socketpair$auto(0x80, 0xf, 0x2, &(0x7f0000000100)=0x4)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
semctl$auto(0x201, 0xfffffffffffffffa, 0x3, 0x0)
ioctl$auto(r2, 0xc008ae67, r4)
mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x7)
r5 = pidfd_open$auto(0x1, 0x0)
read$auto_trace_time_stamp_mode_fops_trace(r3, &(0x7f0000000180)=""/216, 0xd8)
setns(r5, 0x60020000)
umount2$auto(&(0x7f0000000000)='.\x00', 0x8)
r6 = openat$auto_u32_array_fops_file(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim4/ports/2/udp_ports_table1\x00', 0x20000, 0x0)
read$auto_u32_array_fops_file(r6, &(0x7f0000000040)=""/154, 0x9a)
r7 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp1\x00', 0x288141, 0x0)
ioctl$auto_SNDCTL_DSP_GETOPTR(r7, 0x800c5012, &(0x7f0000000180))

429.154748ms ago: executing program 5 (id=5414):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mq_open$auto(0x0, 0xdd1, 0x8, 0x0)
mq_notify$auto(0x4, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
adjtimex$auto(&(0x7f00000005c0)={0xf332b6e, 0x0, 0xcea4, 0xfffffffffffffffd, 0xd4, 0x1, 0x0, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1007bfe, 0x0, 0x9, 0x81, 0xdfffffffffff628c, 0x2, 0xdeb1, 0x808})
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3db)
r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0)
ioctl$auto(r2, 0x401870cb, r2)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x381800, 0x0)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000)
sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, 0x0, 0x800)
mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
symlink$auto(&(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
readlinkat$auto(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='\\\x00', 0x80)
ioctl$auto_MTDFILEMODE(0xffffffffffffffff, 0x4d13, 0x0)
r3 = eventfd$auto(0x80)
read$auto(r3, 0x0, 0xcc9c)
listmount$auto(&(0x7f0000000100)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x2}, 0x0, 0xf4240, 0x1)
write$auto(0xffffffffffffffff, 0x0, 0x2b6)
r4 = open(0x0, 0x62240, 0x154)
execveat$auto(r4, &(0x7f0000000200)='\x00', 0x0, 0x0, 0x11000)
dup2$auto(r0, r0)

166.627258ms ago: executing program 0 (id=5415):
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
nanosleep$auto(&(0x7f0000000180)={0x0, 0x44d4}, 0x0)
getpid()
clock_nanosleep$auto(0x9, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x5, 0x2, 0x2]}, 0x0)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
socket(0xa, 0x2, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)

110.661142ms ago: executing program 3 (id=5416):
socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
nanosleep$auto(&(0x7f0000000180)={0x0, 0x44d4}, 0x0)
getpid()
clock_nanosleep$auto(0x9, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x5, 0x2, 0x2]}, 0x0)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
socket(0xa, 0x2, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)

0s ago: executing program 5 (id=5417):
r0 = timerfd_create$auto(0x9, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
ioctl$auto_VHOST_SET_LOG_BASE2(r1, 0x4008af04, &(0x7f0000000040)=0x5)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000)
move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2)
ioperm$auto(0x7, 0x6, 0x2)
r2 = pidfd_open$auto(0x1, 0x0)
mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000)
r3 = socket(0xa, 0x5, 0x0)
setsockopt$auto(r3, 0x10000000084, 0x3, 0x0, 0x1)
statmount$auto(0x0, 0x0, 0x1fe, 0xd)
unshare$auto(0x40000080)
r4 = setfsgid$auto(0xffffffffffffffff)
lstat$auto(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)={0xd, 0x100000001, 0x5, 0xffffffff, 0xee00, r4, 0x0, 0x7fffffffffffffff, 0x3, 0x5, 0x100000000, 0x6, 0x1, 0x0, 0x8, 0x7, 0x4})
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000)
listen$auto(0xffffffffffffffff, 0x3)
getsockopt$auto(0xffffffffffffffff, 0x84, 0x6d, 0x0, &(0x7f0000000280)=0x17d)
ioctl$auto_USB_RAW_IOCTL_CONFIGURE(0xffffffffffffffff, 0x5509, 0x0)
sendmsg$auto_MACSEC_CMD_UPD_RXSA(0xffffffffffffffff, 0x0, 0xcaa9d210872ac7f9)
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
setns(r2, 0x60020000)
timerfd_gettime$auto(r0, &(0x7f0000000080)={{0x1, 0xc8}, {0x7, 0x1}})

kernel console output (not intermixed with test programs):

		








	






	




		




		
		
		
		
		

		


		


















	










	






	





		








			
	
	
	
	
	
	


		


	


	

	
		
	

	
		
	

	
		
	

	
		
			
	

				
				


	

	

	
	
		
		


	

	

	
	
		
		


	

	
		
	
	
	
		
	
	

	
		
	

	
		
	

	
		

[  757.984594][T18980] netlink: set zone limit has 8 unknown bytes

syzkaller
syzkaller login: [  758.722854][T18998] input: jJǸ-���9�%v����l��Q�	J86�� as /devices/virtual/input/input18
[  758.834249][T18993] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3878'.
[  758.865680][ T5186] ERROR: Out of memory at tomoyo_memory_ok.
[  759.976106][   T51] Bluetooth: hci1: unexpected event for opcode 0x7c89
[  760.337926][T19024] bridge0: port 2(batadv0) entered blocking state
[  760.398067][T19024] bridge0: port 2(batadv0) entered disabled state
[  760.429375][T19024] batadv0: entered allmulticast mode
[  760.454115][T19032] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3888'.
[  760.485282][T19024] batadv0: entered promiscuous mode
[  760.516443][   T64] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  760.525843][   T64] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  760.607018][T19032] mac80211_hwsim hwsim18 wlan1: entered allmulticast mode
[  760.634563][T19035] netlink: 'syz.5.3887': attribute type 1 has an invalid length.
[  761.442421][T19048] gretap0: entered allmulticast mode
[  761.884613][T19058] netlink: 350 bytes leftover after parsing attributes in process `syz.5.3895'.
[  762.240581][T19067] kafs: addr_prefs: Invalid Command
[  763.536537][T19083] futex_wake_op: syz.0.3902 tries to shift op by -9; fix this program
[  763.936113][T19094] futex_wake_op: syz.4.3903 tries to shift op by -9; fix this program
[  765.836790][T19114] can0: slcan on pty71.
[  766.290154][T19113] can0 (unregistered): slcan off pty71.
[  770.462044][T19160] kexec: Could not allocate control_code_buffer
[  770.884273][T19182] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3920'.
[  771.005036][T19187] netlink: 354 bytes leftover after parsing attributes in process `syz.0.3920'.
[  771.279751][T19191] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3924'.
[  771.325064][T19191] bridge_slave_1: left allmulticast mode
[  771.362537][T19191] bridge_slave_1: left promiscuous mode
[  771.377948][T19191] bridge0: port 2(bridge_slave_1) entered disabled state
[  771.511329][T19191] bridge_slave_0: left allmulticast mode
[  771.521224][T19191] bridge_slave_0: left promiscuous mode
[  771.551629][T19191] bridge0: port 1(bridge_slave_0) entered disabled state
[  775.136838][   T30] audit: type=1804 audit(4294967344.680:35): pid=19244 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.3936" name="file0" dev="tmpfs" ino=4414 res=1 errno=0
[  775.295650][   T30] audit: type=1800 audit(4294967344.700:36): pid=19244 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.3936" name="file0" dev="tmpfs" ino=4414 res=0 errno=0
[  776.325317][T19256] netlink: set zone limit has 8 unknown bytes
[  776.973148][T19271] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3944'.
[  777.041841][T19271] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3944'.
[  777.405905][T19282] FAULT_INJECTION: forcing a failure.
[  777.405905][T19282] name failslab, interval 1, probability 0, space 0, times 0
[  777.451455][T19282] CPU: 0 UID: 0 PID: 19282 Comm: syz.4.3946 Tainted: G     U              6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[  777.451483][T19282] Tainted: [U]=USER
[  777.451489][T19282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  777.451499][T19282] Call Trace:
[  777.451505][T19282]  <TASK>
[  777.451512][T19282]  dump_stack_lvl+0x16c/0x1f0
[  777.451539][T19282]  should_fail_ex+0x512/0x640
[  777.451560][T19282]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  777.451581][T19282]  should_failslab+0xc2/0x120
[  777.451595][T19282]  __kmalloc_cache_noprof+0x6a/0x3e0
[  777.451613][T19282]  ? kvm_dev_ioctl+0xa45/0x1ad0
[  777.451638][T19282]  kvm_dev_ioctl+0xa45/0x1ad0
[  777.451661][T19282]  ? find_held_lock+0x2b/0x80
[  777.451675][T19282]  ? hook_file_ioctl_common+0x145/0x410
[  777.451691][T19282]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[  777.451714][T19282]  ? __fget_files+0x20e/0x3c0
[  777.451735][T19282]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[  777.451757][T19282]  __x64_sys_ioctl+0x18b/0x210
[  777.451775][T19282]  do_syscall_64+0xcd/0x490
[  777.451797][T19282]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  777.451812][T19282] RIP: 0033:0x7fc7b9b8e929
[  777.451825][T19282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  777.451839][T19282] RSP: 002b:00007fc7baa18038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  777.451853][T19282] RAX: ffffffffffffffda RBX: 00007fc7b9db5fa0 RCX: 00007fc7b9b8e929
[  777.451863][T19282] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000006
[  777.451872][T19282] RBP: 00007fc7b9c10b39 R08: 0000000000000000 R09: 0000000000000000
[  777.451880][T19282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  777.451889][T19282] R13: 0000000000000000 R14: 00007fc7b9db5fa0 R15: 00007fff2b17aee8
[  777.451908][T19282]  </TASK>
[  778.614645][T19296] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3949'.
[  778.648828][T19296] netlink: 'syz.5.3949': attribute type 1 has an invalid length.
[  778.686490][T19296] netlink: 'syz.5.3949': attribute type 6 has an invalid length.
[  780.096828][T19317] tc_dump_action: action bad kind
[  780.748031][T19335] FAULT_INJECTION: forcing a failure.
[  780.748031][T19335] name failslab, interval 1, probability 0, space 0, times 0
[  780.918890][T19335] CPU: 0 UID: 0 PID: 19335 Comm: syz.0.3956 Tainted: G     U              6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[  780.918918][T19335] Tainted: [U]=USER
[  780.918923][T19335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  780.918932][T19335] Call Trace:
[  780.918938][T19335]  <TASK>
[  780.918944][T19335]  dump_stack_lvl+0x16c/0x1f0
[  780.918970][T19335]  should_fail_ex+0x512/0x640
[  780.918991][T19335]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  780.919013][T19335]  should_failslab+0xc2/0x120
[  780.919027][T19335]  __kmalloc_cache_noprof+0x6a/0x3e0
[  780.919045][T19335]  ? kvm_dev_ioctl+0xa45/0x1ad0
[  780.919070][T19335]  kvm_dev_ioctl+0xa45/0x1ad0
[  780.919094][T19335]  ? find_held_lock+0x2b/0x80
[  780.919107][T19335]  ? hook_file_ioctl_common+0x145/0x410
[  780.919128][T19335]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[  780.919152][T19335]  ? __fget_files+0x20e/0x3c0
[  780.919173][T19335]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[  780.919195][T19335]  __x64_sys_ioctl+0x18b/0x210
[  780.919213][T19335]  do_syscall_64+0xcd/0x490
[  780.919236][T19335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  780.919251][T19335] RIP: 0033:0x7f655b78e929
[  780.919263][T19335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  780.919277][T19335] RSP: 002b:00007f655c52a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  780.919291][T19335] RAX: ffffffffffffffda RBX: 00007f655b9b5fa0 RCX: 00007f655b78e929
[  780.919301][T19335] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000006
[  780.919309][T19335] RBP: 00007f655b810b39 R08: 0000000000000000 R09: 0000000000000000
[  780.919317][T19335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  780.919326][T19335] R13: 0000000000000000 R14: 00007f655b9b5fa0 R15: 00007ffc025256a8
[  780.919343][T19335]  </TASK>
[  784.959172][T19397] sysfs_service_op_store: Client not running :-5:
[  785.667694][   T51] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  785.668060][   T51] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[  785.668079][   T51] CPU: 0 UID: 0 PID: 51 Comm: kworker/u9:0 Tainted: G     U              6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[  785.668101][   T51] Tainted: [U]=USER
[  785.668107][   T51] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  785.668117][   T51] Workqueue: hci0 hci_rx_work
[  785.668134][   T51] Call Trace:
[  785.668140][   T51]  <TASK>
[  785.668146][   T51]  dump_stack_lvl+0x16c/0x1f0
[  785.668169][   T51]  sysfs_warn_dup+0x7f/0xa0
[  785.668188][   T51]  sysfs_create_dir_ns+0x24b/0x2b0
[  785.668206][   T51]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  785.668224][   T51]  ? find_held_lock+0x2b/0x80
[  785.668241][   T51]  ? do_raw_spin_unlock+0x172/0x230
[  785.668265][   T51]  kobject_add_internal+0x2c4/0x9b0
[  785.668283][   T51]  kobject_add+0x16e/0x240
[  785.668297][   T51]  ? __pfx_kobject_add+0x10/0x10
[  785.668313][   T51]  ? do_raw_spin_unlock+0x172/0x230
[  785.668334][   T51]  ? kobject_put+0xab/0x5a0
[  785.668352][   T51]  device_add+0x288/0x1a70
[  785.668367][   T51]  ? __pfx_dev_set_name+0x10/0x10
[  785.668383][   T51]  ? __pfx_device_add+0x10/0x10
[  785.668398][   T51]  ? mgmt_send_event_skb+0x2fb/0x460
[  785.668424][   T51]  hci_conn_add_sysfs+0x17e/0x230
[  785.668439][   T51]  le_conn_complete_evt+0x1075/0x1d70
[  785.668466][   T51]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  785.668487][   T51]  ? bt_warn+0xe4/0x120
[  785.668504][   T51]  ? __pfx_bt_warn+0x10/0x10
[  785.668528][   T51]  hci_le_conn_complete_evt+0x23c/0x370
[  785.668554][   T51]  hci_le_meta_evt+0x357/0x5e0
[  785.668566][   T51]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  785.668590][   T51]  hci_event_packet+0x682/0x11c0
[  785.668611][   T51]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  785.668625][   T51]  ? __pfx_hci_event_packet+0x10/0x10
[  785.668648][   T51]  ? kcov_remote_start+0x3c9/0x6d0
[  785.668676][   T51]  ? lockdep_hardirqs_on+0x7c/0x110
[  785.668703][   T51]  hci_rx_work+0x2c5/0x16b0
[  785.668718][   T51]  ? rcu_is_watching+0x12/0xc0
[  785.668736][   T51]  process_one_work+0x9cf/0x1b70
[  785.668765][   T51]  ? __pfx_process_one_work+0x10/0x10
[  785.668791][   T51]  ? assign_work+0x1a0/0x250
[  785.668812][   T51]  worker_thread+0x6c8/0xf10
[  785.668841][   T51]  ? __pfx_worker_thread+0x10/0x10
[  785.668861][   T51]  kthread+0x3c5/0x780
[  785.668881][   T51]  ? __pfx_kthread+0x10/0x10
[  785.668901][   T51]  ? rcu_is_watching+0x12/0xc0
[  785.668914][   T51]  ? __pfx_kthread+0x10/0x10
[  785.668934][   T51]  ret_from_fork+0x5d4/0x6f0
[  785.668952][   T51]  ? __pfx_kthread+0x10/0x10
[  785.668971][   T51]  ret_from_fork_asm+0x1a/0x30
[  785.668995][   T51]  </TASK>
[  785.669015][   T51] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  785.669041][   T51] Bluetooth: hci0: failed to register connection device
[  786.978400][T19425] GUP no longer grows the stack in syz.3.3982 (19425): 14000-401000 (4000)
[  786.978495][T19425] CPU: 0 UID: 0 PID: 19425 Comm: syz.3.3982 Tainted: G     U              6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[  786.978526][T19425] Tainted: [U]=USER
[  786.978531][T19425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  786.978540][T19425] Call Trace:
[  786.978545][T19425]  <TASK>
[  786.978551][T19425]  dump_stack_lvl+0x16c/0x1f0
[  786.978578][T19425]  gup_vma_lookup+0x1d2/0x220
[  786.978595][T19425]  __get_user_pages+0x271/0x3b80
[  786.978616][T19425]  ? process_vm_rw_core.constprop.0+0x1d8/0x9a0
[  786.978638][T19425]  ? kasan_save_stack+0x42/0x60
[  786.978659][T19425]  ? __pfx___get_user_pages+0x10/0x10
[  786.978674][T19425]  ? register_lock_class+0x41/0x4c0
[  786.978692][T19425]  ? __x64_sys_process_vm_readv+0xe2/0x1c0
[  786.978713][T19425]  ? do_syscall_64+0xcd/0x490
[  786.978740][T19425]  __gup_longterm_locked+0x20d/0x1840
[  786.978757][T19425]  ? __lock_acquire+0xb8a/0x1c90
[  786.978778][T19425]  ? __pfx___gup_longterm_locked+0x10/0x10
[  786.978803][T19425]  pin_user_pages_remote+0xed/0x140
[  786.978821][T19425]  ? __pfx_pin_user_pages_remote+0x10/0x10
[  786.978836][T19425]  ? mm_access+0x22d/0x2e0
[  786.978859][T19425]  process_vm_rw_core.constprop.0+0x41b/0x9a0
[  786.978890][T19425]  ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10
[  786.978913][T19425]  ? iovec_from_user+0xbb/0x140
[  786.978944][T19425]  ? iovec_from_user+0xbb/0x140
[  786.978967][T19425]  process_vm_rw+0x216/0x2c0
[  786.978990][T19425]  ? __pfx_process_vm_rw+0x10/0x10
[  786.979017][T19425]  ? up_write+0x1b2/0x520
[  786.979054][T19425]  ? xfd_validate_state+0x61/0x180
[  786.979071][T19425]  ? __task_pid_nr_ns+0x17c/0x500
[  786.979092][T19425]  __x64_sys_process_vm_readv+0xe2/0x1c0
[  786.979114][T19425]  ? do_syscall_64+0x91/0x490
[  786.979135][T19425]  ? lockdep_hardirqs_on+0x7c/0x110
[  786.979154][T19425]  do_syscall_64+0xcd/0x490
[  786.979177][T19425]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  786.979192][T19425] RIP: 0033:0x7fa1d198e929
[  786.979205][T19425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  786.979218][T19425] RSP: 002b:00007fa1cf7f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136
[  786.979232][T19425] RAX: ffffffffffffffda RBX: 00007fa1d1bb5fa0 RCX: 00007fa1d198e929
[  786.979241][T19425] RDX: 0000000000000004 RSI: 0000200000000040 RDI: 0000000000000bde
[  786.979250][T19425] RBP: 00007fa1d1a10b39 R08: 0000000000000003 R09: 0000000000000000
[  786.979259][T19425] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000
[  786.979268][T19425] R13: 0000000000000000 R14: 00007fa1d1bb5fa0 R15: 00007ffc30c7b608
[  786.979287][T19425]  </TASK>
[  787.865392][T19440] futex_wake_op: syz.4.3984 tries to shift op by -9; fix this program
[  789.564107][T19461] tc_dump_action: action bad kind
[  793.550353][T19502] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3997'.
[  794.418005][T19514] netlink: zone id is out of range
[  794.494966][T19514] netlink: zone id is out of range
[  794.526456][T19514] netlink: zone id is out of range
[  794.590851][T19514] netlink: zone id is out of range
[  794.642342][T19514] netlink: zone id is out of range
[  794.710017][T19514] netlink: zone id is out of range
[  794.731247][T19520] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4002'.
[  794.826818][T19514] netlink: zone id is out of range
[  794.831958][T19514] netlink: zone id is out of range
[  794.928778][T19514] netlink: zone id is out of range
[  795.040001][T19514] netlink: zone id is out of range
[  795.698184][T19518] kexec: Could not allocate control_code_buffer
[  796.026476][T19525] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma?
[  796.138667][T19534] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  796.374256][T19538] Invalid ELF header magic: != ELF
[  796.610251][T19545] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  798.327019][T19565] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4012'.
[  798.355218][T19557] Invalid ELF header magic: != ELF
[  798.921723][T19574] netlink: 'syz.5.4015': attribute type 15 has an invalid length.
[  798.963530][T19573] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  798.977119][T19574] netlink: 252 bytes leftover after parsing attributes in process `syz.5.4015'.
[  799.028128][T19575] netlink: 'syz.5.4015': attribute type 15 has an invalid length.
[  799.076468][T19575] netlink: 252 bytes leftover after parsing attributes in process `syz.5.4015'.
[  799.149836][T19573] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  800.766655][  T978] Process accounting resumed
[  802.588666][T19626] FAULT_INJECTION: forcing a failure.
[  802.588666][T19626] name failslab, interval 1, probability 0, space 0, times 0
[  802.662327][T19626] CPU: 0 UID: 0 PID: 19626 Comm: syz.0.4026 Tainted: G     U              6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[  802.662356][T19626] Tainted: [U]=USER
[  802.662362][T19626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  802.662371][T19626] Call Trace:
[  802.662377][T19626]  <TASK>
[  802.662383][T19626]  dump_stack_lvl+0x16c/0x1f0
[  802.662410][T19626]  should_fail_ex+0x512/0x640
[  802.662431][T19626]  ? fs_reclaim_acquire+0xae/0x150
[  802.662450][T19626]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  802.662470][T19626]  should_failslab+0xc2/0x120
[  802.662484][T19626]  __kmalloc_noprof+0xd2/0x510
[  802.662504][T19626]  ? __lock_acquire+0x622/0x1c90
[  802.662526][T19626]  tomoyo_realpath_from_path+0xc2/0x6e0
[  802.662548][T19626]  ? tomoyo_profile+0x47/0x60
[  802.662571][T19626]  tomoyo_path_perm+0x274/0x460
[  802.662585][T19626]  ? tomoyo_path_perm+0x260/0x460
[  802.662603][T19626]  ? __pfx_tomoyo_path_perm+0x10/0x10
[  802.662627][T19626]  ? d_add+0x47a/0x780
[  802.662649][T19626]  ? __pfx_current_check_access_path+0x10/0x10
[  802.662668][T19626]  ? lookup_one_qstr_excl_raw.part.0+0xf9/0x160
[  802.662683][T19626]  ? lookup_dcache+0x66/0x170
[  802.662701][T19626]  tomoyo_path_symlink+0x97/0xe0
[  802.662722][T19626]  ? __pfx_tomoyo_path_symlink+0x10/0x10
[  802.662742][T19626]  ? find_held_lock+0x2b/0x80
[  802.662755][T19626]  ? __might_fault+0xe3/0x190
[  802.662778][T19626]  security_path_symlink+0x152/0x2e0
[  802.662795][T19626]  do_symlinkat+0x10d/0x310
[  802.662818][T19626]  ? __pfx_do_symlinkat+0x10/0x10
[  802.662840][T19626]  ? getname_flags.part.0+0x1c5/0x550
[  802.662859][T19626]  __x64_sys_symlink+0x75/0x90
[  802.662881][T19626]  do_syscall_64+0xcd/0x490
[  802.662904][T19626]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  802.662919][T19626] RIP: 0033:0x7f655b78e929
[  802.662932][T19626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  802.662946][T19626] RSP: 002b:00007f655c52a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[  802.662961][T19626] RAX: ffffffffffffffda RBX: 00007f655b9b5fa0 RCX: 00007f655b78e929
[  802.662970][T19626] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  802.662978][T19626] RBP: 00007f655b810b39 R08: 0000000000000000 R09: 0000000000000000
[  802.662988][T19626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  802.662996][T19626] R13: 0000000000000000 R14: 00007f655b9b5fa0 R15: 00007ffc025256a8
[  802.663016][T19626]  </TASK>
[  802.663023][T19626] ERROR: Out of memory at tomoyo_realpath_from_path.
[  803.230318][T19633] sysfs_service_op_show: Client not running :-5:
[  803.617979][T19646] futex_wake_op: syz.5.4030 tries to shift op by -9; fix this program
[  805.253684][ T5841] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  805.266542][T19666] FAULT_INJECTION: forcing a failure.
[  805.266542][T19666] name failslab, interval 1, probability 0, space 0, times 0
[  805.379764][T19666] CPU: 0 UID: 0 PID: 19666 Comm: syz.0.4037 Tainted: G     U              6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[  805.379792][T19666] Tainted: [U]=USER
[  805.379797][T19666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  805.379809][T19666] Call Trace:
[  805.379816][T19666]  <TASK>
[  805.379822][T19666]  dump_stack_lvl+0x16c/0x1f0
[  805.379849][T19666]  should_fail_ex+0x512/0x640
[  805.379871][T19666]  ? __kvmalloc_node_noprof+0x124/0x620
[  805.379894][T19666]  should_failslab+0xc2/0x120
[  805.379907][T19666]  __kvmalloc_node_noprof+0x137/0x620
[  805.379927][T19666]  ? lockdep_init_map_type+0x5c/0x280
[  805.379947][T19666]  ? alloc_netdev_mqs+0xb5b/0x1570
[  805.379973][T19666]  ? alloc_netdev_mqs+0xb5b/0x1570
[  805.379993][T19666]  alloc_netdev_mqs+0xb5b/0x1570
[  805.380018][T19666]  __tun_chr_ioctl+0x19d9/0x47a0
[  805.380044][T19666]  ? __pfx___tun_chr_ioctl+0x10/0x10
[  805.380068][T19666]  ? hook_file_ioctl_common+0x145/0x410
[  805.380088][T19666]  ? __fget_files+0x20e/0x3c0
[  805.380110][T19666]  ? __pfx_tun_chr_ioctl+0x10/0x10
[  805.380132][T19666]  __x64_sys_ioctl+0x18b/0x210
[  805.380150][T19666]  do_syscall_64+0xcd/0x490
[  805.380173][T19666]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  805.380188][T19666] RIP: 0033:0x7f655b78e929
[  805.380200][T19666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  805.380214][T19666] RSP: 002b:00007f655c52a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  805.380228][T19666] RAX: ffffffffffffffda RBX: 00007f655b9b5fa0 RCX: 00007f655b78e929
[  805.380238][T19666] RDX: 0000000000000038 RSI: 00000000400454ca RDI: 0000000000000003
[  805.380246][T19666] RBP: 00007f655b810b39 R08: 0000000000000000 R09: 0000000000000000
[  805.380255][T19666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  805.380263][T19666] R13: 0000000000000000 R14: 00007f655b9b5fa0 R15: 00007ffc025256a8
[  805.380282][T19666]  </TASK>
[  805.998203][T19681] random: crng reseeded on system resumption

				

	
	

	
	
	

	
		
	

	
		

	





		

		
	
	
	
	
	
	
		







		

		
	

	
		

				

	

	
		
	

	
		


		
	


				



	
	

	
		
	

	
		

	
				
	
	



	
		
	

	
		

	
		


	
		

	


	
	

		
	
		
	
	

	



			








	




	





	


	


	


	



	





	
	

		

		
	
	



	




	


	
	

	
		



		

		

	
	











	









	






	





		









	


	
	
	

				
		
	

	
		

	


	
	

		
	
		
	
	

	



			








	





	





	














	

		











	

	
	
















	





	




		







	
		

	


	
	

		
	
		
	
	

	



			








	

	
	

	


	



	
	

















	
	
	












	


	

	


	


	

	

	

	


	


	

	
	


	
	


	

	


	


	
		

	


	


	









	





	






		







	

	
		

	
		

	


	
	

		
	
		
	
	

	



			








	

	
	


	





	

	
	

	

	


	


	

	

	

	


	


	

	
	


	
	


	

	


	


	
		

	


	


	









	






	






		







		


		
	
		
	



				
		
	


			
		
	
	
		
	
	
		
		
	
		
	

	
	
		
	

	
	
			
	
	
		


	
	
	

			

			
			
		

	
	

	


	
		

	


		

		
	
		
	
	

	



			








	




	

		

	

	

	




	

	


	





	










	





	






		









	

	
		
	

	
		

				


	
		

	


	

	

		
	
		
	
	

	



			








	

	






	
	




	









		
	
	




























	






	

	

	
	
		
	
	
	
	






	





	





		









	
				
	
		
	
	
		

	
				
	
	



				
		
	

	
		



		

		
	

	
		


	

	




		

		
	
	
	
		
	



		

		

	
				
	
		
	
	
		

	
				
	
	



				
		
	

	
		






		

		

	



	
		

	


	
	

		
	
		
	
	

	



			








	



	




	







	


	

	




	





	





	



	















	
	

	

	
	


	













	






























	






	





	




		









		
	
	
	
	
	
	
	
	

	
		
	
		
	



		

		
	

	
		
	
	
	

	
		
	

	
		
	
	
			
	
		


			
	
		


			
	
		


	

	

	
	
	
	
	
	

	
	

	
	

	
	

	
	
	
	

	
	
	
	
	
	
		
	
	

	
	




	
				
	
	

	
	
	

	
		


	

	

	


	
	
	
		
	
	

	
		
	
	

	


	
		

	


		

		
	
		
	
	

	



			








	
	


















	

	

	




	

	


	
















	






	






		











	
	
	

	
		
	
	
					
	

	
		

	


	
	

		
	
		
	
	

	



			








	

	
	






	







		

		
	
	
		









	

	
	
















	






	





		












	

	
		
	
	

	
	
	
	

	
	


						
	
	

	
		
	
	

	
		
	

	
		
	

	

	

	
		
	

	
		

		

		
		
		

	



	

	
		
	

	
		

				

	

	
		
	

	
		
	

	
		
			
	

	
		
	

	
		
	

	
		

				


	
		

	


	

	

		
	
		
	
	

	



			








	

	






	
	




	





	

	
	

	


		
	
	








	


	



	



	



	
	

	






	




	











	
	











	


	


	



	
	

	
	

	

	

	


	

	


	






	






	





		







	

	
		
	

	
		
	
			
	

	
		


	
	

	
		

		


			
		
	

	
		
			


	

	
		
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	


	

	

	
		
	

	
		





































	
	
	
	
	
	
	

	
		
	

	
		
	
	

	

	

	
		

	
		

	


		

		
	
		
	
	

	



			








	


	

			

	

	

	

		

	




	

	
	


	


		
	


	

	








	






	






		













	
		

	


	
	

		
	
		
	
	

	



			








	



	





















	






	








	




	




		






	
		






	

	
		
	
	

	
		
	

	
		


	

	
		

		


	
	
	

	
		



		

		
	

	
		
	

	
		
	

	
		

				
	

	
		

	
		

	


	
	

		
	
		
	
	

	



			








	




	










	







	

		











	

	
	
















	





	





		








	
		

	


	
	

		
	
		
	
	

	



			








	


	


	



	

	

	

	

	



		
		
		

		


		


















	










	






	





		







	


	
	
		
		
		
	
	

	



			
		











	

	
	

	


	








	




	




	


	







	
	

	
	

	

	




	
	
	
	



	












	
	













	

							

	
	
	
				
	
	

	


[  962.317837][T22206] random: crng reseeded on system resumption

syzkaller
syzkaller login: [  963.475292][T22227] FAULT_INJECTION: forcing a failure.
[  963.475292][T22227] name failslab, interval 1, probability 0, space 0, times 0
[  963.529153][T22227] CPU: 0 UID: 0 PID: 22227 Comm: syz.0.4595 Tainted: G     U              6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[  963.529182][T22227] Tainted: [U]=USER
[  963.529188][T22227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  963.529199][T22227] Call Trace:
[  963.529206][T22227]  <TASK>
[  963.529214][T22227]  dump_stack_lvl+0x16c/0x1f0
[  963.529242][T22227]  should_fail_ex+0x512/0x640
[  963.529262][T22227]  ? __kmalloc_noprof+0xbf/0x510
[  963.529285][T22227]  ? __register_sysctl_table+0xb3/0x1900
[  963.529307][T22227]  should_failslab+0xc2/0x120
[  963.529322][T22227]  __kmalloc_noprof+0xd2/0x510
[  963.529347][T22227]  __register_sysctl_table+0xb3/0x1900
[  963.529369][T22227]  ? is_module_address+0x5f/0xf0
[  963.529391][T22227]  ? __pfx___register_sysctl_table+0x10/0x10
[  963.529412][T22227]  ? is_module_address+0x69/0xf0
[  963.529430][T22227]  ? register_net_sysctl_sz+0x228/0x3e0
[  963.529446][T22227]  ? __asan_memcpy+0x3c/0x60
[  963.529465][T22227]  sysctl_core_net_init+0xe3/0x280
[  963.529485][T22227]  ? __pfx_sysctl_core_net_init+0x10/0x10
[  963.529503][T22227]  ops_init+0x1df/0x5f0
[  963.529518][T22227]  setup_net+0x1ff/0x510
[  963.529530][T22227]  ? lockdep_init_map_type+0x5c/0x280
[  963.529550][T22227]  ? __pfx_setup_net+0x10/0x10
[  963.529564][T22227]  ? debug_mutex_init+0x37/0x70
[  963.529580][T22227]  copy_net_ns+0x2a6/0x5f0
[  963.529597][T22227]  create_new_namespaces+0x3ea/0xa90
[  963.529617][T22227]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  963.529634][T22227]  ksys_unshare+0x45b/0xa40
[  963.529653][T22227]  ? __pfx_ksys_unshare+0x10/0x10
[  963.529672][T22227]  ? xfd_validate_state+0x61/0x180
[  963.529695][T22227]  __x64_sys_unshare+0x31/0x40
[  963.529713][T22227]  do_syscall_64+0xcd/0x490
[  963.529736][T22227]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  963.529751][T22227] RIP: 0033:0x7f655b78e929
[  963.529764][T22227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  963.529778][T22227] RSP: 002b:00007f655c52a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  963.529792][T22227] RAX: ffffffffffffffda RBX: 00007f655b9b5fa0 RCX: 00007f655b78e929
[  963.529802][T22227] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  963.529811][T22227] RBP: 00007f655b810b39 R08: 0000000000000000 R09: 0000000000000000
[  963.529821][T22227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  963.529830][T22227] R13: 0000000000000000 R14: 00007f655b9b5fa0 R15: 00007ffc025256a8
[  963.529849][T22227]  </TASK>
[  964.373663][T22239] can: request_module (can-proto-3) failed.
[  965.920616][T22265] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4604'.
[  967.351395][T22292] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4611'.
[  967.438951][T22295] netlink: 354 bytes leftover after parsing attributes in process `syz.3.4611'.
[  968.790297][T22323] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4616'.
[  968.883345][T22299] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[  969.789502][T22336] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4620'.
[  969.837417][T22336] netlink: 354 bytes leftover after parsing attributes in process `syz.5.4620'.
[  970.318851][T22328] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  970.828983][T22362] netlink: zone id is out of range
[  970.925450][T22362] netlink: zone id is out of range
[  971.076506][T22362] netlink: zone id is out of range
[  971.192364][T22362] netlink: zone id is out of range
[  971.255832][   T51] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  971.311869][T22362] netlink: zone id is out of range
[  971.413430][T22362] netlink: zone id is out of range
[  971.465174][T22362] netlink: zone id is out of range
[  971.575596][T22362] netlink: zone id is out of range
[  971.632321][T22362] netlink: zone id is out of range
[  971.725844][T22362] netlink: zone id is out of range
[  974.218964][T22415] ERROR: Out of memory at tomoyo_memory_ok.
[  974.280454][T22415] FAULT_INJECTION: forcing a failure.
[  974.280454][T22415] name failslab, interval 1, probability 0, space 0, times 0
[  974.364782][T22415] CPU: 0 UID: 0 PID: 22415 Comm: syz.4.4634 Tainted: G     U              6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[  974.364812][T22415] Tainted: [U]=USER
[  974.364818][T22415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  974.364827][T22415] Call Trace:
[  974.364840][T22415]  <TASK>
[  974.364846][T22415]  dump_stack_lvl+0x16c/0x1f0
[  974.364873][T22415]  should_fail_ex+0x512/0x640
[  974.364893][T22415]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  974.364918][T22415]  should_failslab+0xc2/0x120
[  974.364932][T22415]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  974.364953][T22415]  ? __kernfs_new_node+0xd2/0x8e0
[  974.364976][T22415]  __kernfs_new_node+0xd2/0x8e0
[  974.364997][T22415]  ? __pfx___kernfs_new_node+0x10/0x10
[  974.365021][T22415]  ? find_held_lock+0x2b/0x80
[  974.365036][T22415]  ? kernfs_root+0xee/0x2a0
[  974.365059][T22415]  kernfs_new_node+0x13c/0x1e0
[  974.365083][T22415]  __kernfs_create_file+0x53/0x350
[  974.365101][T22415]  sysfs_add_file_mode_ns+0x207/0x3c0
[  974.365124][T22415]  internal_create_group+0x578/0xf30
[  974.365149][T22415]  ? __pfx_internal_create_group+0x10/0x10
[  974.365172][T22415]  ? kernfs_create_link+0x1bd/0x240
[  974.365190][T22415]  internal_create_groups+0x9d/0x150
[  974.365211][T22415]  device_add+0x6d1/0x1a70
[  974.365228][T22415]  ? __pfx_device_add+0x10/0x10
[  974.365243][T22415]  ? lockdep_init_map_type+0x5c/0x280
[  974.365262][T22415]  ? __init_waitqueue_head+0xca/0x150
[  974.365287][T22415]  netdev_register_kobject+0x182/0x3a0
[  974.365306][T22415]  register_netdevice+0x13dc/0x2270
[  974.365325][T22415]  ? __pfx_register_netdevice+0x10/0x10
[  974.365344][T22415]  internal_dev_create+0x2d3/0x520
[  974.365361][T22415]  ovs_vport_add+0x144/0x4d0
[  974.365376][T22415]  new_vport+0x16/0x1d0
[  974.365395][T22415]  ovs_dp_cmd_new+0x6ba/0xe60
[  974.365420][T22415]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[  974.365444][T22415]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  974.365463][T22415]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  974.365485][T22415]  genl_family_rcv_msg_doit+0x206/0x2f0
[  974.365504][T22415]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  974.365522][T22415]  ? trace_cap_capable+0x18d/0x200
[  974.365541][T22415]  ? bpf_lsm_capable+0x9/0x10
[  974.365557][T22415]  ? security_capable+0x7e/0x260
[  974.365580][T22415]  ? ns_capable+0xd7/0x110
[  974.365596][T22415]  genl_rcv_msg+0x55c/0x800
[  974.365616][T22415]  ? __pfx_genl_rcv_msg+0x10/0x10
[  974.365634][T22415]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[  974.365655][T22415]  ? __lock_acquire+0x622/0x1c90
[  974.365676][T22415]  netlink_rcv_skb+0x155/0x420
[  974.365691][T22415]  ? __pfx_genl_rcv_msg+0x10/0x10
[  974.365709][T22415]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  974.365733][T22415]  ? netlink_deliver_tap+0x1ae/0xd30
[  974.365746][T22415]  ? is_vmalloc_addr+0x86/0xa0
[  974.365768][T22415]  genl_rcv+0x28/0x40
[  974.365783][T22415]  netlink_unicast+0x53d/0x7f0
[  974.365805][T22415]  ? __pfx_netlink_unicast+0x10/0x10
[  974.365826][T22415]  netlink_sendmsg+0x8d1/0xdd0
[  974.365851][T22415]  ? __pfx_netlink_sendmsg+0x10/0x10
[  974.365875][T22415]  ____sys_sendmsg+0xa98/0xc70
[  974.365894][T22415]  ? copy_msghdr_from_user+0x10a/0x160
[  974.365915][T22415]  ? __pfx_____sys_sendmsg+0x10/0x10
[  974.365930][T22415]  ? preempt_schedule_thunk+0x16/0x30
[  974.365952][T22415]  ? try_to_wake_up+0xa2f/0x1680
[  974.365969][T22415]  ___sys_sendmsg+0x134/0x1d0
[  974.365991][T22415]  ? __pfx____sys_sendmsg+0x10/0x10
[  974.366010][T22415]  ? __lock_acquire+0x622/0x1c90
[  974.366052][T22415]  __sys_sendmsg+0x16d/0x220
[  974.366073][T22415]  ? __pfx___sys_sendmsg+0x10/0x10
[  974.366094][T22415]  ? __x64_sys_futex+0x1e0/0x4c0
[  974.366124][T22415]  do_syscall_64+0xcd/0x490
[  974.366147][T22415]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  974.366162][T22415] RIP: 0033:0x7fc7b9b8e929
[  974.366175][T22415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  974.366189][T22415] RSP: 002b:00007fc7baa18038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  974.366204][T22415] RAX: ffffffffffffffda RBX: 00007fc7b9db5fa0 RCX: 00007fc7b9b8e929
[  974.366213][T22415] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000008
[  974.366222][T22415] RBP: 00007fc7b9c10b39 R08: 0000000000000000 R09: 0000000000000000
[  974.366231][T22415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  974.366240][T22415] R13: 0000000000000000 R14: 00007fc7b9db5fa0 R15: 00007fff2b17aee8
[  974.366260][T22415]  </TASK>
[  975.541408][T22422] netlink: 'syz.4.4636': attribute type 5 has an invalid length.
[  976.858029][T22436] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4639'.
[  977.811677][T22454] RDS: rds_bind could not find a transport for ::ffff:10.1.1.2, load rds_tcp or rds_rdma?
[  977.940419][T22458] ERROR: Out of memory at tomoyo_memory_ok.
[  978.003576][T22458] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4644'.
[  978.271936][   T51] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  978.279800][   T51] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0'
[  978.289091][   T51] CPU: 0 UID: 0 PID: 51 Comm: kworker/u9:0 Tainted: G     U              6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[  978.289117][   T51] Tainted: [U]=USER
[  978.289122][   T51] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  978.289132][   T51] Workqueue: hci3 hci_rx_work
[  978.289151][   T51] Call Trace:
[  978.289157][   T51]  <TASK>
[  978.289163][   T51]  dump_stack_lvl+0x16c/0x1f0
[  978.289192][   T51]  sysfs_warn_dup+0x7f/0xa0
[  978.289213][   T51]  sysfs_create_dir_ns+0x24b/0x2b0
[  978.289232][   T51]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  978.289250][   T51]  ? find_held_lock+0x2b/0x80
[  978.289269][   T51]  ? do_raw_spin_unlock+0x172/0x230
[  978.289291][   T51]  kobject_add_internal+0x2c4/0x9b0
[  978.289309][   T51]  kobject_add+0x16e/0x240
[  978.289323][   T51]  ? __pfx_kobject_add+0x10/0x10
[  978.289338][   T51]  ? do_raw_spin_unlock+0x172/0x230
[  978.289359][   T51]  ? kobject_put+0xab/0x5a0
[  978.289377][   T51]  device_add+0x288/0x1a70
[  978.289392][   T51]  ? __pfx_dev_set_name+0x10/0x10
[  978.289408][   T51]  ? __pfx_device_add+0x10/0x10
[  978.289423][   T51]  ? mgmt_send_event_skb+0x2fb/0x460
[  978.289449][   T51]  hci_conn_add_sysfs+0x17e/0x230
[  978.289464][   T51]  le_conn_complete_evt+0x1075/0x1d70
[  978.289491][   T51]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  978.289510][   T51]  ? bt_warn+0xe4/0x120
[  978.289528][   T51]  ? __pfx_bt_warn+0x10/0x10
[  978.289552][   T51]  hci_le_conn_complete_evt+0x23c/0x370
[  978.289577][   T51]  hci_le_meta_evt+0x357/0x5e0
[  978.289590][   T51]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  978.289613][   T51]  hci_event_packet+0x682/0x11c0
[  978.289634][   T51]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  978.289649][   T51]  ? __pfx_hci_event_packet+0x10/0x10
[  978.289671][   T51]  ? kcov_remote_start+0x3c9/0x6d0
[  978.289703][   T51]  ? lockdep_hardirqs_on+0x7c/0x110
[  978.289731][   T51]  hci_rx_work+0x2c5/0x16b0
[  978.289746][   T51]  ? rcu_is_watching+0x12/0xc0
[  978.289764][   T51]  process_one_work+0x9cf/0x1b70
[  978.289792][   T51]  ? __pfx_process_one_work+0x10/0x10
[  978.289819][   T51]  ? assign_work+0x1a0/0x250
[  978.289840][   T51]  worker_thread+0x6c8/0xf10
[  978.289869][   T51]  ? __pfx_worker_thread+0x10/0x10
[  978.289890][   T51]  kthread+0x3c5/0x780
[  978.289909][   T51]  ? __pfx_kthread+0x10/0x10
[  978.289929][   T51]  ? rcu_is_watching+0x12/0xc0
[  978.289943][   T51]  ? __pfx_kthread+0x10/0x10
[  978.289962][   T51]  ret_from_fork+0x5d4/0x6f0
[  978.289981][   T51]  ? __pfx_kthread+0x10/0x10
[  978.290000][   T51]  ret_from_fork_asm+0x1a/0x30
[  978.290024][   T51]  </TASK>
[  978.537749][    C0] vkms_vblank_simulate: vblank timer overrun
[  978.815443][   T51] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  978.832658][   T51] Bluetooth: hci3: failed to register connection device
[  982.837538][T22535] Invalid ELF header magic: != ELF
[  988.231543][T22619] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4681'.
[  988.314905][T22614] netlink: 354 bytes leftover after parsing attributes in process `syz.3.4681'.
[  990.538264][T22657] Invalid ELF header magic: != ELF
[  992.430288][T22698] RDS: rds_bind could not find a transport for ::ffff:10.1.1.2, load rds_tcp or rds_rdma?
[  992.540238][T22700] ERROR: Out of memory at tomoyo_memory_ok.
[  992.610588][T22700] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4698'.
[  992.985432][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  992.991739][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  993.245094][T22710] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  993.442670][T22714] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4704'.
[  993.479392][T22712] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4703'.
[  993.521214][T22712] netlink: 354 bytes leftover after parsing attributes in process `syz.3.4703'.
[  994.971303][T22741] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4711'.
[  995.284790][T22748] FAULT_INJECTION: forcing a failure.
[  995.284790][T22748] name failslab, interval 1, probability 0, space 0, times 0
[  995.325765][T22750] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4715'.
[  995.341311][T22748] CPU: 0 UID: 0 PID: 22748 Comm: syz.4.4714 Tainted: G     U              6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[  995.341340][T22748] Tainted: [U]=USER
[  995.341345][T22748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  995.341354][T22748] Call Trace:
[  995.341360][T22748]  <TASK>
[  995.341367][T22748]  dump_stack_lvl+0x16c/0x1f0
[  995.341395][T22748]  should_fail_ex+0x512/0x640
[  995.341415][T22748]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  995.341440][T22748]  should_failslab+0xc2/0x120
[  995.341455][T22748]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  995.341476][T22748]  ? mark_held_locks+0x49/0x80
[  995.341494][T22748]  ? key_alloc+0x3e0/0x1330
[  995.341515][T22748]  key_alloc+0x3e0/0x1330
[  995.341539][T22748]  ? __pfx_key_alloc+0x10/0x10
[  995.341563][T22748]  ? __pfx_key_default_cmp+0x10/0x10
[  995.341584][T22748]  ? __pfx_keyring_search_iterator+0x10/0x10
[  995.341608][T22748]  keyring_alloc+0x44/0xc0
[  995.341629][T22748]  look_up_user_keyrings+0x510/0x760
[  995.341650][T22748]  ? __pfx_look_up_user_keyrings+0x10/0x10
[  995.341674][T22748]  lookup_user_key+0x1a3/0x1300
[  995.341693][T22748]  ? __pfx_lookup_user_key+0x10/0x10
[  995.341708][T22748]  ? do_futex+0x122/0x350
[  995.341730][T22748]  ? __pfx_lookup_user_key_possessed+0x10/0x10
[  995.341760][T22748]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  995.341782][T22748]  ? arch_syscall_is_vdso_sigreturn+0xb6/0x230
[  995.341805][T22748]  keyctl_keyring_clear+0x24/0x1a0
[  995.341821][T22748]  __do_sys_keyctl+0x355/0x590
[  995.341838][T22748]  do_syscall_64+0xcd/0x490
[  995.341861][T22748]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  995.341876][T22748] RIP: 0033:0x7fc7b9b8e929
[  995.341888][T22748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  995.341902][T22748] RSP: 002b:00007fc7baa18038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  995.341917][T22748] RAX: ffffffffffffffda RBX: 00007fc7b9db5fa0 RCX: 00007fc7b9b8e929
[  995.341926][T22748] RDX: 0000000000000002 RSI: 00000000fffffffb RDI: 0000000000000007
[  995.341935][T22748] RBP: 00007fc7b9c10b39 R08: 0000000000000008 R09: 0000000000000000
[  995.341944][T22748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  995.341952][T22748] R13: 0000000000000000 R14: 00007fc7b9db5fa0 R15: 00007fff2b17aee8
[  995.341971][T22748]  </TASK>
[  995.619847][T22755] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  996.410740][T22767] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4719'.
[  997.870479][T22794] Invalid ELF header magic: != ELF
[  997.943423][T22794] net_ratelimit: 77 callbacks suppressed
[  997.943438][T22794] netlink: zone id is out of range
[  998.093677][T22794] netlink: zone id is out of range
[  998.098820][T22794] netlink: zone id is out of range
[  998.219527][T22794] netlink: zone id is out of range
[  998.302666][T22794] netlink: zone id is out of range
[ 1002.084075][T22848] Invalid ELF header magic: != ELF
[ 1002.134266][T22848] netlink: zone id is out of range
[ 1002.158634][T22848] netlink: zone id is out of range
[ 1002.236450][T22848] netlink: zone id is out of range
[ 1002.293732][T22848] netlink: zone id is out of range
[ 1002.368162][T22848] netlink: zone id is out of range
[ 1004.582275][T22903] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4756'.
[ 1006.374440][T22909] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1006.699698][T22946] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4758'.
[ 1007.038055][T22946] bond0: (slave bond_slave_1): Releasing backup interface
[ 1008.441575][T22967] tipc: Started in network mode
[ 1008.483054][T22967] tipc: Node identity ee00, cluster identity 4711
[ 1008.530963][T22967] tipc: Node number set to 60928
[ 1010.058875][T22991] HfR: entered promiscuous mode
[ 1010.079228][T22991] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4768'.
[ 1010.205229][T22991] openvswitch: HfR: Dropping previously announced user features
[ 1010.783611][T23004] block nbd7: not configured, cannot reconfigure
[ 1010.994235][T23003] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4771'.
[ 1011.491999][T23012] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4772'.
[ 1012.371853][T23033] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4777'.
[ 1012.975774][T23037] Invalid ELF header magic: != ELF
[ 1017.998784][T23124] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4795'.
[ 1018.051955][T23124] team_slave_0: entered allmulticast mode
[ 1018.895172][T23131] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4797'.
[ 1019.013408][T23131] vcan0: entered promiscuous mode
[ 1021.593731][T23186] vivid-009: =================  START STATUS  =================
[ 1021.709144][T23186] vivid-009: Enable Output Cropping: true grabbed
[ 1021.902812][T23186] vivid-009: Enable Output Composing: true grabbed
[ 1021.956853][T23192] block nbd7: not configured, cannot reconfigure
[ 1022.060390][T23186] vivid-009: Enable Output Scaler: true grabbed
[ 1022.066691][T23186] vivid-009: Tx RGB Quantization Range: Automatic grabbed
[ 1022.280667][T23186] vivid-009: Transmit Mode: HDMI grabbed
[ 1022.399542][T23195] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4810'.
[ 1022.450597][T23186] vivid-009: Hotplug Present: 0x00000000
[ 1022.536424][T23186] vivid-009: RxSense Present: 0x00000000
[ 1022.631873][T23186] vivid-009: EDID Present: 0x00000000
[ 1022.711371][T23186] vivid-009: ==================  END STATUS  ==================
[ 1024.619999][T23222] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4816'.
[ 1025.496827][T23229] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4818'.
[ 1025.911367][T23229] bond0: (slave ): Releasing backup interface
[ 1026.373593][T23237] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4820'.
[ 1028.437917][T23231] ptrace attach of "./syz-executor exec"[7390] was attempted by "./syz-executor exec"[23231]
[ 1028.914324][T23287] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4829'.
[ 1029.209583][T23287] bond0: (slave bond_slave_1): Releasing backup interface
[ 1029.242356][T23287] bond_slave_1 (unregistering): left promiscuous mode
[ 1030.314629][T23312] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4834'.
[ 1031.590226][T23329] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4838'.
[ 1032.431257][T23347] Invalid ELF header magic: != ELF
[ 1032.528241][T23352] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4842'.
[ 1034.178077][T23386] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4850'.
[ 1034.383455][T23398] HfR: entered promiscuous mode
[ 1034.451052][T23398] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4852'.
[ 1034.733937][T23398] openvswitch: HfR: Dropping previously announced user features
[ 1034.862865][T23406] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1036.376287][T23437] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4861'.
[ 1036.543146][T23437] netlink: 354 bytes leftover after parsing attributes in process `syz.5.4861'.
[ 1037.785779][T23462] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1037.990205][T23458] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4864'.
[ 1038.771146][T23478] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4867'.
[ 1041.966668][T23518] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4876'.
[ 1042.697935][T23527] ERROR: Out of memory at tomoyo_memory_ok.
[ 1043.531268][T23534] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4880'.
[ 1043.905315][T23540] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4890'.
[ 1046.754405][T23572] FAULT_INJECTION: forcing a failure.
[ 1046.754405][T23572] name fail_futex, interval 1, probability 0, space 0, times 0
[ 1046.800308][T23569] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4887'.
[ 1046.826769][T23572] CPU: 0 UID: 0 PID: 23572 Comm: syz.4.4888 Tainted: G     U              6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[ 1046.826803][T23572] Tainted: [U]=USER
[ 1046.826809][T23572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1046.826819][T23572] Call Trace:
[ 1046.826824][T23572]  <TASK>
[ 1046.826832][T23572]  dump_stack_lvl+0x16c/0x1f0
[ 1046.826859][T23572]  should_fail_ex+0x512/0x640
[ 1046.826886][T23572]  get_futex_key+0x1d0/0x1540
[ 1046.826906][T23572]  ? __pfx_get_futex_key+0x10/0x10
[ 1046.826928][T23572]  futex_wake+0xea/0x530
[ 1046.826949][T23572]  ? rcu_is_watching+0x12/0xc0
[ 1046.826965][T23572]  ? __pfx_futex_wake+0x10/0x10
[ 1046.826987][T23572]  ? kmem_cache_free+0x2d1/0x4d0
[ 1046.827006][T23572]  ? fd_install+0x225/0x750
[ 1046.827023][T23572]  ? putname+0x154/0x1a0
[ 1046.827039][T23572]  do_futex+0x1e3/0x350
[ 1046.827057][T23572]  ? __pfx_do_futex+0x10/0x10
[ 1046.827078][T23572]  __x64_sys_futex+0x1e0/0x4c0
[ 1046.827096][T23572]  ? __x64_sys_openat+0x174/0x210
[ 1046.827112][T23572]  ? __pfx___x64_sys_futex+0x10/0x10
[ 1046.827136][T23572]  do_syscall_64+0xcd/0x490
[ 1046.827159][T23572]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1046.827174][T23572] RIP: 0033:0x7fc7b9b8e929
[ 1046.827187][T23572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1046.827201][T23572] RSP: 002b:00007fc7baa180e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1046.827215][T23572] RAX: ffffffffffffffda RBX: 00007fc7b9db5fa8 RCX: 00007fc7b9b8e929
[ 1046.827224][T23572] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc7b9db5fac
[ 1046.827233][T23572] RBP: 00007fc7b9db5fa0 R08: 00007fc7baa19000 R09: 0000000000000000
[ 1046.827241][T23572] R10: 0000000000000005 R11: 0000000000000246 R12: 00007fc7b9db5fac
[ 1046.827250][T23572] R13: 0000000000000000 R14: 00007fff2b17ae00 R15: 00007fff2b17aee8
[ 1046.827268][T23572]  </TASK>
[ 1047.024344][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1047.567877][T23574] could not allocate digest TFM handle binfmt_misc
[ 1047.673310][T23576] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4886'.
[ 1048.497591][T23588] openvswitch: HfR: Dropping previously announced user features
[ 1048.577644][T23593] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4892'.
[ 1048.700856][T23593] openvswitch: HfR: Dropping previously announced user features
[ 1050.085553][T23614] pci 0000:00:01.0: [8086:7110] type 00 class 0x060100 conventional PCI endpoint
[ 1053.006134][T23643] ERROR: Out of memory at tomoyo_memory_ok.
[ 1054.237506][T23664] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1054.397655][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.404135][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1055.616156][T23689] Invalid ELF header magic: != ELF
[ 1056.363425][T23658] ptrace attach of "./syz-executor exec"[7413] was attempted by "./syz-executor exec"[23658]
[ 1058.392512][T23725] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4923'.
[ 1060.606299][T23766] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1063.531867][T23817] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4942'.
[ 1063.898286][T23823] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1064.021322][T23828] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1065.862731][T23852] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4951'.
[ 1066.836580][T23869] ptrace attach of "./syz-executor exec"[5830] was attempted by "./syz-executor exec"[23869]
[ 1069.654685][T23900] program syz.4.4960 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1073.551437][T23944] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4969'.
[ 1075.452638][T23962] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4972'.
[ 1075.841976][T23974] ERROR: Out of memory at tomoyo_memory_ok.
[ 1077.529417][T23987] vhci_hcd: invalid port number 16
[ 1077.566877][T23987] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub
[ 1080.723897][T24034] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4989'.
[ 1083.150699][T24076] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4998'.
[ 1083.619470][T24067] ptrace attach of "./syz-executor exec"[5829] was attempted by "./syz-executor exec"[24067]
[ 1084.790412][T24106] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1086.114968][T24122] netlink: 'syz.3.5008': attribute type 1 has an invalid length.
[ 1086.136589][T24124] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1086.191043][T24122] netlink: 33 bytes leftover after parsing attributes in process `syz.3.5008'.
[ 1087.043919][T24134] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5009'.
[ 1087.926976][T24149] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1089.854972][T24145] ptrace attach of "./syz-executor exec"[7390] was attempted by "./syz-executor exec"[24145]
[ 1093.079045][T24208] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5027'.
[ 1095.484623][T24239] ERROR: Out of memory at tomoyo_memory_ok.
[ 1100.334803][T24295] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1100.667179][T24299] sd 0:0:1:0: PR command failed: 1026
[ 1100.911569][T24299] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[ 1101.117528][T24299] sd 0:0:1:0: Add. Sense: Invalid command operation code
[ 1101.737927][T24310] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1102.867642][T24324] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5049'.
[ 1104.095010][   T51] Bluetooth: hci1: SCO packet too small
[ 1105.505237][T24367] : renamed from gre0 (while UP)
[ 1107.309507][T24389] netlink: 504 bytes leftover after parsing attributes in process `syz.5.5063'.
[ 1107.385402][T24389] netlink: 350 bytes leftover after parsing attributes in process `syz.5.5063'.
[ 1110.483293][T24441] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5076'.
[ 1114.101623][T24475] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1115.234228][T24484] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5085'.
[ 1115.806893][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.815517][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1115.986572][T24491] kexec: Could not allocate control_code_buffer
[ 1121.736548][T24577] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5107'.
[ 1122.631943][T24591] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1123.280339][T24598] netlink: 354 bytes leftover after parsing attributes in process `syz.5.5119'.
[ 1127.236101][T24657] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1128.972277][T24687] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1130.346887][T24688] kexec: Could not allocate control_code_buffer
[ 1131.248508][T24717] netlink: 342 bytes leftover after parsing attributes in process `syz.3.5136'.
[ 1131.356390][T24717] netlink: 102 bytes leftover after parsing attributes in process `syz.3.5136'.
[ 1132.021193][T24722] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1132.552697][T24733] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1133.269603][T24743] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5141'.
[ 1133.327368][T24746] netlink: 354 bytes leftover after parsing attributes in process `syz.3.5141'.
[ 1133.918291][T24759] dyndbg: expected <4096 bytes into control
[ 1136.841695][T24800] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5152'.
[ 1136.893215][T24800] netlink: 354 bytes leftover after parsing attributes in process `syz.4.5152'.
[ 1139.994337][T24847] ERROR: Out of memory at tomoyo_memory_ok.
[ 1140.922377][T24862] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1142.524451][T24856] kexec: Could not allocate control_code_buffer
[ 1145.048580][T24907] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1145.884626][T24927] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5180'.
[ 1145.944143][T24925] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5180'.
[ 1146.826689][T24938] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5183'.
[ 1152.382451][T25034] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5203'.
[ 1152.738072][T25046] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1157.023359][T25122] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5220'.
[ 1157.786484][T25128] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5222'.
[ 1157.862590][T25130] netlink: 354 bytes leftover after parsing attributes in process `syz.0.5222'.
[ 1161.161579][T25186] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5233'.
[ 1161.234731][T25188] netlink: 354 bytes leftover after parsing attributes in process `syz.4.5233'.
[ 1162.959521][T25217] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5240'.
[ 1165.706877][T25263] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5249'.
[ 1165.767304][T25263] netlink: 354 bytes leftover after parsing attributes in process `syz.0.5249'.
[ 1165.826899][T25267] netlink: 'syz.5.5250': attribute type 2 has an invalid length.
[ 1166.327975][T25277] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1167.301214][T25293] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1173.674751][T25347] ERROR: Out of memory at tomoyo_memory_ok.
[ 1173.984625][T25360] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[ 1175.070319][T25377] netlink: 342 bytes leftover after parsing attributes in process `syz.5.5272'.
[ 1175.341576][T25368] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1176.371614][T25397] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5277'.
[ 1176.422553][T25397] netlink: 354 bytes leftover after parsing attributes in process `syz.5.5277'.
[ 1176.662827][T25403] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1177.185880][T25416] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1177.244760][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.251247][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1178.249315][T25432] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5284'.
[ 1179.575515][T25456] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5288'.
[ 1179.638015][T25456] netlink: 354 bytes leftover after parsing attributes in process `syz.3.5288'.
[ 1180.175301][T25469] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5290'.
[ 1180.242525][T25469] netlink: 354 bytes leftover after parsing attributes in process `syz.3.5290'.
[ 1181.453645][T25485] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input24
[ 1182.009444][ T5186] ERROR: Out of memory at tomoyo_memory_ok.
[ 1183.555776][T25517] can: request_module (can-proto-0) failed.
[ 1184.169705][   T30] audit: type=1326 audit(4294967533.933:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25529 comm="syz.5.5305" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f37a4f8e929 code=0x0
[ 1184.617715][T25540] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5307'.
[ 1184.698949][T25542] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5307'.
[ 1187.781153][T25592] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1188.421904][T25600] ERROR: Out of memory at tomoyo_memory_ok.
[ 1191.107468][T25611] kexec: Could not allocate control_code_buffer
[ 1191.529290][T25661] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1193.090473][T25686] ptrace attach of "./syz-executor exec"[25687] was attempted by "./syz-executor exec"[25686]
[ 1193.586060][T25692] ERROR: Out of memory at tomoyo_memory_ok.
[ 1193.651362][T25690] ERROR: Out of memory at tomoyo_memory_ok.
[ 1195.746616][T25733] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5347'.
[ 1195.823453][T25728] netlink: 354 bytes leftover after parsing attributes in process `syz.3.5347'.
[ 1196.123430][T25742] ERROR: Out of memory at tomoyo_memory_ok.
[ 1200.795138][T25802] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5362'.
[ 1200.811405][T25806] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5363'.
[ 1200.838546][T25802] netlink: 354 bytes leftover after parsing attributes in process `syz.3.5362'.
[ 1201.099558][T25809] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1201.331614][T25814] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[ 1203.226919][T25846] FAULT_INJECTION: forcing a failure.
[ 1203.226919][T25846] name failslab, interval 1, probability 0, space 0, times 0
[ 1203.401676][T25846] CPU: 0 UID: 0 PID: 25846 Comm: syz.4.5370 Tainted: G     U              6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[ 1203.401705][T25846] Tainted: [U]=USER
[ 1203.401711][T25846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1203.401724][T25846] Call Trace:
[ 1203.401730][T25846]  <TASK>
[ 1203.401736][T25846]  dump_stack_lvl+0x16c/0x1f0
[ 1203.401774][T25846]  should_fail_ex+0x512/0x640
[ 1203.401795][T25846]  ? kmem_cache_alloc_bulk_noprof+0x6d/0xbc0
[ 1203.401820][T25846]  should_failslab+0xc2/0x120
[ 1203.401834][T25846]  kmem_cache_alloc_bulk_noprof+0x85/0xbc0
[ 1203.401858][T25846]  ? trace_kmem_cache_alloc+0x28/0xc0
[ 1203.401872][T25846]  ? kmem_cache_alloc_noprof+0x21e/0x3b0
[ 1203.401892][T25846]  ? mas_alloc_nodes+0x18b/0x8b0
[ 1203.401913][T25846]  ? mas_alloc_nodes+0x2f1/0x8b0
[ 1203.401930][T25846]  mas_alloc_nodes+0x2f1/0x8b0
[ 1203.401953][T25846]  mas_node_count_gfp+0x105/0x130
[ 1203.401973][T25846]  mas_preallocate+0x7e0/0xde0
[ 1203.401991][T25846]  ? __pfx_mas_preallocate+0x10/0x10
[ 1203.402011][T25846]  ? rcu_read_unlock+0x17/0x60
[ 1203.402035][T25846]  vma_link+0x135/0x6a0
[ 1203.402059][T25846]  ? __pfx_vma_link+0x10/0x10
[ 1203.402079][T25846]  ? rcu_is_watching+0x12/0xc0
[ 1203.402097][T25846]  ? anon_vma_clone+0x405/0x5c0
[ 1203.402116][T25846]  ? anon_vma_name+0x75/0x100
[ 1203.402134][T25846]  copy_vma+0x6c2/0xaa0
[ 1203.402157][T25846]  ? __pfx_copy_vma+0x10/0x10
[ 1203.402176][T25846]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1203.402201][T25846]  ? register_lock_class+0x41/0x4c0
[ 1203.402219][T25846]  ? __schedule+0x1181/0x5de0
[ 1203.402244][T25846]  ? __lock_acquire+0x622/0x1c90
[ 1203.402266][T25846]  copy_vma_and_data+0x1cf/0x750
[ 1203.402289][T25846]  ? __pfx_copy_vma_and_data+0x10/0x10
[ 1203.402313][T25846]  ? __vma_enter_locked+0x163/0x3f0
[ 1203.402333][T25846]  ? find_held_lock+0x2b/0x80
[ 1203.402347][T25846]  ? move_vma+0x536/0x1740
[ 1203.402371][T25846]  move_vma+0x548/0x1740
[ 1203.402394][T25846]  ? __pfx_move_vma+0x10/0x10
[ 1203.402413][T25846]  ? mm_get_unmapped_area+0x95/0xe0
[ 1203.402430][T25846]  ? shmem_get_unmapped_area+0x170/0xa00
[ 1203.402448][T25846]  ? cap_mmap_addr+0x4b/0x120
[ 1203.402461][T25846]  ? bpf_lsm_mmap_addr+0x9/0x10
[ 1203.402475][T25846]  ? security_mmap_addr+0x6c/0x1e0
[ 1203.402492][T25846]  ? __get_unmapped_area+0x267/0x440
[ 1203.402510][T25846]  ? vrm_set_new_addr+0x208/0x290
[ 1203.402531][T25846]  __do_sys_mremap+0xe07/0x1590
[ 1203.402554][T25846]  ? __pfx___do_sys_mremap+0x10/0x10
[ 1203.402579][T25846]  ? __fget_files+0x204/0x3c0
[ 1203.402602][T25846]  ? __x64_sys_futex+0x1e0/0x4c0
[ 1203.402631][T25846]  do_syscall_64+0xcd/0x490
[ 1203.402653][T25846]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1203.402668][T25846] RIP: 0033:0x7fc7b9b8e929
[ 1203.402688][T25846] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1203.402710][T25846] RSP: 002b:00007fc7ba994038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[ 1203.402725][T25846] RAX: ffffffffffffffda RBX: 00007fc7b9db6320 RCX: 00007fc7b9b8e929
[ 1203.402735][T25846] RDX: 0000000000000008 RSI: 0000000000000002 RDI: 0000000000000000
[ 1203.402743][T25846] RBP: 00007fc7b9c10b39 R08: 00007effffffb000 R09: 0000000000000000
[ 1203.402753][T25846] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
[ 1203.402761][T25846] R13: 0000000000000000 R14: 00007fc7b9db6320 R15: 00007fff2b17aee8
[ 1203.402781][T25846]  </TASK>
[ 1204.117980][T25850] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5373'.
[ 1207.223644][T25889] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5374'.
[ 1207.357084][T25892] netlink: 354 bytes leftover after parsing attributes in process `syz.5.5374'.
[ 1207.723231][   T51] Bluetooth: hci0: unexpected event 0x02 length: 726 > 260
[ 1211.741308][T25981] sd 0:0:1:0: PR command failed: 1026
[ 1212.014928][T25981] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[ 1212.375229][T25981] sd 0:0:1:0: Add. Sense: Invalid command operation code
[ 1214.792747][ T5829] ------------[ cut here ]------------
[ 1214.798228][ T5829] ODEBUG: free active (active state 0) object: ffff888068621318 object type: timer_list hint: hci_devcd_timeout+0x0/0x2e0
[ 1214.884606][ T5829] WARNING: CPU: 0 PID: 5829 at lib/debugobjects.c:612 debug_print_object+0x1a2/0x2b0
[ 1214.894493][ T5829] Modules linked in:
[ 1214.898398][ T5829] CPU: 0 UID: 0 PID: 5829 Comm: syz-executor Tainted: G     U              6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[ 1214.912238][ T5829] Tainted: [U]=USER
[ 1214.916033][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1214.926127][ T5829] RIP: 0010:debug_print_object+0x1a2/0x2b0
[ 1214.931978][ T5829] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd 80 77 15 8c 4c 89 e6 48 c7 c7 00 6c 15 8c e8 8f 21 9c fc 90 <0f> 0b 90 90 58 83 05 56 db c9 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d
[ 1214.951820][ T5829] RSP: 0018:ffffc90003f4f988 EFLAGS: 00010286
[ 1214.957927][ T5829] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817aa1f8
[ 1214.966199][ T5829] RDX: ffff88802a81bc00 RSI: ffffffff817aa205 RDI: 0000000000000001
[ 1214.974348][ T5829] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[ 1214.982336][ T5829] R10: 0000000000000001 R11: 0000000000003150 R12: ffffffff8c1572a0
[ 1214.990298][ T5829] R13: ffffffff8bafe840 R14: ffffffff8a8865e0 R15: ffffc90003f4fa88
[ 1214.998500][ T5829] FS:  0000000000000000(0000) GS:ffff88812475f000(0000) knlGS:0000000000000000
[ 1215.007536][ T5829] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1215.014307][ T5829] CR2: 0000001b30404ff8 CR3: 0000000020f2e000 CR4: 00000000003526f0
[ 1215.022371][ T5829] Call Trace:
[ 1215.025641][ T5829]  <TASK>
[ 1215.028562][ T5829]  ? __pfx_hci_devcd_timeout+0x10/0x10
[ 1215.034070][ T5829]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 1215.039880][ T5829]  debug_check_no_obj_freed+0x4b7/0x600
[ 1215.045472][ T5829]  ? __pfx_debug_check_no_obj_freed+0x10/0x10
[ 1215.051568][ T5829]  ? rcu_is_watching+0x12/0xc0
[ 1215.056333][ T5829]  ? kmem_cache_free+0x2d1/0x4d0
[ 1215.061309][ T5829]  kfree+0x28f/0x4d0
[ 1215.065197][ T5829]  ? hci_release_dev+0x4d8/0x600
[ 1215.070136][ T5829]  hci_release_dev+0x4d8/0x600
[ 1215.074960][ T5829]  ? __pfx_hci_release_dev+0x10/0x10
[ 1215.080244][ T5829]  ? rcu_is_watching+0x12/0xc0
[ 1215.085033][ T5829]  ? kfree+0x24f/0x4d0
[ 1215.089102][ T5829]  bt_host_release+0x6a/0xb0
[ 1215.093725][ T5829]  ? __pfx_bt_host_release+0x10/0x10
[ 1215.099200][ T5829]  device_release+0xa4/0x240
[ 1215.103817][ T5829]  kobject_put+0x1e7/0x5a0
[ 1215.108227][ T5829]  ? __pfx_vhci_release+0x10/0x10
[ 1215.113308][ T5829]  put_device+0x1f/0x30
[ 1215.117458][ T5829]  vhci_release+0x81/0xf0
[ 1215.121823][ T5829]  __fput+0x402/0xb70
[ 1215.125802][ T5829]  task_work_run+0x14d/0x240
[ 1215.130390][ T5829]  ? __pfx_task_work_run+0x10/0x10
[ 1215.135539][ T5829]  ? switch_task_namespaces+0xeb/0x100
[ 1215.141039][ T5829]  do_exit+0x86c/0x2bd0
[ 1215.145196][ T5829]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1215.150218][ T5829]  ? __pfx_do_exit+0x10/0x10
[ 1215.154850][ T5829]  ? rcu_is_watching+0x12/0xc0
[ 1215.159614][ T5829]  do_group_exit+0xd3/0x2a0
[ 1215.164169][ T5829]  __x64_sys_exit_group+0x3e/0x50
[ 1215.169191][ T5829]  x64_sys_call+0x1530/0x1730
[ 1215.173900][ T5829]  do_syscall_64+0xcd/0x490
[ 1215.178405][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1215.184336][ T5829] RIP: 0033:0x7f655b78e929
[ 1215.188740][ T5829] Code: Unable to access opcode bytes at 0x7f655b78e8ff.
[ 1215.195793][ T5829] RSP: 002b:00007ffc02525908 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 1215.204427][ T5829] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f655b78e929
[ 1215.212473][ T5829] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
[ 1215.220438][ T5829] RBP: 00007f655b81230f R08: 00007ffc025236a6 R09: 00000000000927c0
[ 1215.228437][ T5829] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001e
[ 1215.236439][ T5829] R13: 00000000000927c0 R14: 0000000000128843 R15: 00007ffc02525ac0
[ 1215.244437][ T5829]  </TASK>
[ 1215.247449][ T5829] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1215.254720][ T5829] CPU: 0 UID: 0 PID: 5829 Comm: syz-executor Tainted: G     U              6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[ 1215.268428][ T5829] Tainted: [U]=USER
[ 1215.272219][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1215.282262][ T5829] Call Trace:
[ 1215.285529][ T5829]  <TASK>
[ 1215.288450][ T5829]  dump_stack_lvl+0x3d/0x1f0
[ 1215.293040][ T5829]  panic+0x71c/0x800
[ 1215.296935][ T5829]  ? __pfx_panic+0x10/0x10
[ 1215.301345][ T5829]  ? show_trace_log_lvl+0x29b/0x3e0
[ 1215.306541][ T5829]  ? check_panic_on_warn+0x1f/0xb0
[ 1215.311648][ T5829]  ? debug_print_object+0x1a2/0x2b0
[ 1215.316839][ T5829]  check_panic_on_warn+0xab/0xb0
[ 1215.321780][ T5829]  __warn+0xf6/0x3c0
[ 1215.325675][ T5829]  ? debug_print_object+0x1a2/0x2b0
[ 1215.330866][ T5829]  report_bug+0x3c3/0x580
[ 1215.335197][ T5829]  ? debug_print_object+0x1a2/0x2b0
[ 1215.340387][ T5829]  handle_bug+0x184/0x210
[ 1215.344707][ T5829]  exc_invalid_op+0x17/0x50
[ 1215.349200][ T5829]  asm_exc_invalid_op+0x1a/0x20
[ 1215.354041][ T5829] RIP: 0010:debug_print_object+0x1a2/0x2b0
[ 1215.359842][ T5829] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd 80 77 15 8c 4c 89 e6 48 c7 c7 00 6c 15 8c e8 8f 21 9c fc 90 <0f> 0b 90 90 58 83 05 56 db c9 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d
[ 1215.379449][ T5829] RSP: 0018:ffffc90003f4f988 EFLAGS: 00010286
[ 1215.385507][ T5829] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817aa1f8
[ 1215.393470][ T5829] RDX: ffff88802a81bc00 RSI: ffffffff817aa205 RDI: 0000000000000001
[ 1215.401452][ T5829] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[ 1215.409413][ T5829] R10: 0000000000000001 R11: 0000000000003150 R12: ffffffff8c1572a0
[ 1215.417377][ T5829] R13: ffffffff8bafe840 R14: ffffffff8a8865e0 R15: ffffc90003f4fa88
[ 1215.425343][ T5829]  ? __pfx_hci_devcd_timeout+0x10/0x10
[ 1215.430802][ T5829]  ? __warn_printk+0x198/0x350
[ 1215.435563][ T5829]  ? __warn_printk+0x1a5/0x350
[ 1215.440323][ T5829]  ? debug_print_object+0x1a1/0x2b0
[ 1215.445512][ T5829]  ? __pfx_hci_devcd_timeout+0x10/0x10
[ 1215.450965][ T5829]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 1215.456769][ T5829]  debug_check_no_obj_freed+0x4b7/0x600
[ 1215.462314][ T5829]  ? __pfx_debug_check_no_obj_freed+0x10/0x10
[ 1215.468372][ T5829]  ? rcu_is_watching+0x12/0xc0
[ 1215.473133][ T5829]  ? kmem_cache_free+0x2d1/0x4d0
[ 1215.478069][ T5829]  kfree+0x28f/0x4d0
[ 1215.481957][ T5829]  ? hci_release_dev+0x4d8/0x600
[ 1215.486894][ T5829]  hci_release_dev+0x4d8/0x600
[ 1215.491673][ T5829]  ? __pfx_hci_release_dev+0x10/0x10
[ 1215.496953][ T5829]  ? rcu_is_watching+0x12/0xc0
[ 1215.501706][ T5829]  ? kfree+0x24f/0x4d0
[ 1215.505771][ T5829]  bt_host_release+0x6a/0xb0
[ 1215.510350][ T5829]  ? __pfx_bt_host_release+0x10/0x10
[ 1215.515627][ T5829]  device_release+0xa4/0x240
[ 1215.520213][ T5829]  kobject_put+0x1e7/0x5a0
[ 1215.524620][ T5829]  ? __pfx_vhci_release+0x10/0x10
[ 1215.529639][ T5829]  put_device+0x1f/0x30
[ 1215.533788][ T5829]  vhci_release+0x81/0xf0
[ 1215.538114][ T5829]  __fput+0x402/0xb70
[ 1215.542113][ T5829]  task_work_run+0x14d/0x240
[ 1215.546701][ T5829]  ? __pfx_task_work_run+0x10/0x10
[ 1215.551809][ T5829]  ? switch_task_namespaces+0xeb/0x100
[ 1215.557272][ T5829]  do_exit+0x86c/0x2bd0
[ 1215.561428][ T5829]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1215.566451][ T5829]  ? __pfx_do_exit+0x10/0x10
[ 1215.571035][ T5829]  ? rcu_is_watching+0x12/0xc0
[ 1215.575791][ T5829]  do_group_exit+0xd3/0x2a0
[ 1215.580288][ T5829]  __x64_sys_exit_group+0x3e/0x50
[ 1215.585305][ T5829]  x64_sys_call+0x1530/0x1730
[ 1215.589974][ T5829]  do_syscall_64+0xcd/0x490
[ 1215.594476][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1215.600366][ T5829] RIP: 0033:0x7f655b78e929
[ 1215.604774][ T5829] Code: Unable to access opcode bytes at 0x7f655b78e8ff.
[ 1215.611783][ T5829] RSP: 002b:00007ffc02525908 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 1215.620188][ T5829] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f655b78e929
[ 1215.628159][ T5829] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
[ 1215.636119][ T5829] RBP: 00007f655b81230f R08: 00007ffc025236a6 R09: 00000000000927c0
[ 1215.644082][ T5829] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001e
[ 1215.652047][ T5829] R13: 00000000000927c0 R14: 0000000000128843 R15: 00007ffc02525ac0
[ 1215.660030][ T5829]  </TASK>
[ 1215.663110][ T5829] Kernel Offset: disabled
[ 1215.667431][ T5829] Rebooting in 86400 seconds..