last executing test programs:

2m2.199474998s ago: executing program 2 (id=2230):
r0 = socket(0xa, 0x5, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
io_uring_setup$auto(0x6, 0x0)
clone$auto(0x0, 0x0, 0x0, 0x0, 0xb)
getsockopt$auto(r0, 0x84, 0x7, 0x0, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x1f, 0x2, 0x8000)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
r2 = socketpair$auto(0x1e, 0x1000005, 0x8000000000000000, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
sendmsg$auto_NL80211_CMD_NEW_MPATH(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4040004)
clone$auto(0x20003b46, 0x5d, 0x0, 0x0, 0x200000000002)
syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff)
openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f00000001c0), 0x48601, 0x0)
r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0xa0a40, 0x0)
io_uring_setup$auto(0xc, 0x0)
ioctl$auto_SNDRV_CTL_IOCTL_TLV_WRITE(r3, 0xc008551b, 0x0)
ioctl$auto(r1, 0x560f, r2)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
socket(0x2b, 0x1, 0x1)
close_range$auto(0x2, 0x8, 0x0)
r4 = socket(0xf, 0x5, 0x10000)
sendmmsg$auto(r4, &(0x7f0000000080)={{0x0, 0xc, 0x0, 0x59f, 0x0, 0x20}, 0x5b3}, 0x40, 0x100)
socket(0xa, 0x5, 0x84)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_GTP_CMD_NEWPDP(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010025bd7000fedbdf250000090008686201bcd40f3ba377d8ec2349d4a2"], 0x24}, 0x1, 0x0, 0x0, 0x20040850}, 0x4048040)
sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40)
r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r7, 0x0, 0x20)
openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/x86/tlb_single_page_flush_ceiling\x00', 0x81242, 0x0)

2m1.818086331s ago: executing program 2 (id=2232):
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
r0 = fanotify_init$auto(0x1f53, 0x2000000000002) (async)
r1 = open(&(0x7f0000000000)='./file0\x00', 0x4bb43, 0x100)
fanotify_mark$auto(r1, 0x10000201, 0x4, r0, 0x0)
socket(0xa, 0x801, 0x84) (async)
mmap$auto(0x0, 0xfff, 0xdf, 0xeb1, 0x401, 0x8000) (async)
setsockopt$auto(0x3, 0x800, 0x3e, 0x0, 0xb) (async)
mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000)
capget$auto(0x0, 0xfffffffffffffffe) (async)
capset$auto(0x0, &(0x7f0000000000)={0x3, 0x7, 0x2}) (async)
mknod$auto(0x0, 0x20e9, 0x103)
openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x440100, 0x0) (async)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r2, 0x0, 0x20) (async)
r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) (async)
openat$auto_proc_pid_set_comm_operations_base(0xffffffffffffff9c, 0x0, 0x10500, 0x0)
iopl$auto(0x3) (async)
clone$auto(0x4, 0x3, 0xfffffffffffffffe, 0xfffffffffffffffd, 0xb) (async)
openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv0\x00'}) (async)
r4 = openat$auto_udmabuf_fops_udmabuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x400001, 0x0)
r5 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D1p\x00', 0x40, 0x0)
ioctl$auto___SNDRV_PCM_IOCTL_SYNC_PTR64(r5, 0xc0884123, &(0x7f0000000280)={0x5, 0x0, @reserved="e5d3ae87fbcd20f354bc462d9518a90adaffe1ee53ac907ef49a78f7f58694e39f46c35bd0c8ad2a47a2aff7fda026a07e8dd68f0a57203bb6c2cf1b764eaba7", @control={{}, 0x4, {}, {}, 0x6}}) (async)
sendto$auto(r4, 0x0, 0x2000f, 0x4, &(0x7f0000000000)=@rc={0x1f, @any, 0x80}, 0x74)
setsockopt$auto(0x3, 0x1, 0xd, 0x0, 0x8)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x5, 0x8) (async)
keyctl$auto(0x11, 0xdfffffffffffffff, 0x69c9, 0x0, 0xbcd)

2m1.159942485s ago: executing program 2 (id=2238):
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0)
r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
socket(0xa, 0x80000, 0x4000088)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
recvmmsg$auto(0x3, 0x0, 0x1fffe, 0x0, 0x0)
r1 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/input/event0\x00', 0x40000, 0x0)
ioctl$auto_EVIOCSREP(r1, 0x40084503, 0x0)
sendmsg$auto_NL80211_CMD_SET_INTERFACE(r0, 0x0, 0x4000)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
socket(0x1d, 0x3, 0x1)
sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)={0x18, 0x0, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@ETHTOOL_A_LINKMODES_OURS={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x2000004}, 0x2404c810)
recvfrom$auto(0x3, 0x0, 0x800000000e, 0xfffff4a4, 0x0, 0xfffffffffffffffd)
sendmmsg$auto(0x3, &(0x7f00000000c0)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x34000}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002abd7000fcdbdf250400ff0f00000000000034e6de69a1509e3e2906366733"], 0x2c}, 0x1, 0x0, 0x0, 0x44048058}, 0x4000800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
socket(0x10, 0x3, 0x6)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)

2m0.061573115s ago: executing program 2 (id=2242):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket(0x10, 0x2, 0x0)
sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="10002cbd7000fddbdf251c"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000)
r0 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f000001f300), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYRES32=r0], 0x1ac}}, 0x40000)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/conf/bridge0/ra_honor_pio_pflag\x00', 0x42a81, 0x0)
pwrite64$auto(r1, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x1, 0x2)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYRESDEC=r1], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)

1m58.544044683s ago: executing program 2 (id=2245):
r0 = socket(0x2, 0x2, 0x1)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/net/bond0/bonding/mode\x00', 0x181002, 0x0)
sendfile$auto(0x3, 0x3, 0x0, 0x400000000006)
mmap$auto(0x0, 0x2020009, 0x100000001, 0x1e, r0, 0x8000)
r1 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000)
socket(0x1d, 0x2, 0x7)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'vcan0\x00', <r2=>0x0})
connect$auto(0x3, &(0x7f00000000c0)=@can={0x1d, r2}, 0x18)
close_range$auto(0x2, 0x8, 0x0)
r3 = socket(0x10, 0x2, 0x4)
r4 = socket(0x1d, 0x2, 0x7)
r5 = socket(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r6=>0x0})
bind$auto(r4, &(0x7f0000000000)=@can={0x1d, r6}, 0x6a)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'vcan0\x00', <r7=>0x0})
connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r7}, 0x18)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffcc}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0xe, 0x10000, 0x1ffde, 0x83, 0x2000000000000006, 0x3, 0x8, 0x5, 0x2, 0x7, 0x1, 0x9, 0x2, 0x3, 0x5, 0x7, 0x0, 0x4, 0x0, 0x0, 0x3bc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7fffffffffffffff]}, 0x1fe, 0x5)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x3, 0x100)
socket(0x8, 0x2, 0xe)
readlink$auto(&(0x7f0000000c80)='\x00', 0x0, 0x7)
r8 = socket(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'vcan0\x00'})
epoll_ctl$auto(r3, 0x0, r5, &(0x7f00000003c0)={0xffb, 0x100000001})
mmap$auto(0x0, 0x8, 0x1000e2, 0xeb1, 0x405, 0x100008000)
utime$auto(0x0, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e20, @broadcast}, 0x6a)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)

1m57.638107637s ago: executing program 2 (id=2247):
unshare$auto(0x40000080)
mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
socket(0xa, 0x1, 0x100)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/net/bond0/bonding/primary_reselect\x00', 0xe3142, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0)
select$auto(0x800, 0x0, 0x0, &(0x7f0000000580)={[0xe83, 0x8, 0xfffffffffffffc01, 0x0, 0xfff9, 0x9, 0x14, 0x7fffffff, 0x8, 0x3fe, 0x2000000000000004, 0x3, 0x5, 0x2, 0xfffffffffffff801]}, 0x0)
socket(0x15, 0x3, 0x2)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptyz5\x00', 0x182, 0x0)
write$auto(0x3, 0x0, 0xfffffdef)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x80080, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff)
socket(0x2, 0x800, 0x206)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
clock_nanosleep$auto(0xfffffff2, 0x5, &(0x7f0000000000)={0x4, 0x4203195}, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002cbd7000fddbdf2502000000080001000a000000450004002f7379732f646576696365732f706c6174666f726d2f64756d6d795f6863642e362f757362372f706f7765722f77616b6575705f802be41a5e97a5216f756e"], 0x64}, 0x1, 0x0, 0x0, 0x4004891}, 0x4000)
ioctl$auto_PPPIOCSPASS(r0, 0x40107447, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0x6, 0x3, 0xd)
syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)

1m42.245839138s ago: executing program 32 (id=2247):
unshare$auto(0x40000080)
mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
socket(0xa, 0x1, 0x100)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/net/bond0/bonding/primary_reselect\x00', 0xe3142, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0)
select$auto(0x800, 0x0, 0x0, &(0x7f0000000580)={[0xe83, 0x8, 0xfffffffffffffc01, 0x0, 0xfff9, 0x9, 0x14, 0x7fffffff, 0x8, 0x3fe, 0x2000000000000004, 0x3, 0x5, 0x2, 0xfffffffffffff801]}, 0x0)
socket(0x15, 0x3, 0x2)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptyz5\x00', 0x182, 0x0)
write$auto(0x3, 0x0, 0xfffffdef)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x80080, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff)
socket(0x2, 0x800, 0x206)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
clock_nanosleep$auto(0xfffffff2, 0x5, &(0x7f0000000000)={0x4, 0x4203195}, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002cbd7000fddbdf2502000000080001000a000000450004002f7379732f646576696365732f706c6174666f726d2f64756d6d795f6863642e362f757362372f706f7765722f77616b6575705f802be41a5e97a5216f756e"], 0x64}, 0x1, 0x0, 0x0, 0x4004891}, 0x4000)
ioctl$auto_PPPIOCSPASS(r0, 0x40107447, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0x6, 0x3, 0xd)
syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)

1m19.174409098s ago: executing program 1 (id=2332):
syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x11, 0x3, 0x10)
mmap$auto(0x0, 0x9, 0xc00000072, 0x8b72, 0x1000000002, 0x8000)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/net/ip_vs_conn\x00', 0xf00, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dri/card1\x00', 0x6082, 0x0)
r2 = socket(0xa, 0x2, 0x0)
r3 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000180), 0x80080, 0x0)
ioctl$auto_LOOP_CTL_ADD(r3, 0x4c80, 0x0)
setsockopt$auto(r2, 0x29, 0xb, 0x0, 0xca6)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r4, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r6 = socket(0x2, 0x1, 0x0)
getresgid$auto(&(0x7f0000000000)=0x7f, &(0x7f00000000c0)=0xe7, &(0x7f0000000240)=0x6)
setsockopt$auto(r6, 0x6, 0x1f, 0x0, 0x3d)
r7 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="01002bbd7000fcdbdf2504"], 0x1c}}, 0x4044820)
readv$auto(0x3, 0x0, 0x23a8c70effffffe)
mmap$auto(0x0, 0x400008, 0x7, 0x9b72, r2, 0x7ffc)
openat$auto_fault_around_bytes_fops_(0xffffffffffffff9c, &(0x7f0000000100), 0x2282, 0x0)
close_range$auto(0x2, 0x8, 0x0)
getresgid$auto(&(0x7f0000000380)=0xb, &(0x7f00000003c0)=0x5, &(0x7f0000000400)=0x5)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
r8 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, 0x0, 0xc0040, 0x0)
ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r8, 0x40305839, 0x0)
bpf$auto(0x0, &(0x7f0000000140)=@raw_tracepoint={0x807, r0, 0x0, 0x2}, 0x81)
madvise$auto(0x0, 0x20000a, 0x4)
pread64$auto(r1, 0x0, 0x594c, 0x7)

1m18.554704693s ago: executing program 1 (id=2333):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/extra\x00', 0xa142, 0x0) (async)
r0 = open(&(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0x101840, 0x33903f3ada88772b)
read$auto(r0, 0x0, 0x1) (async)
write$auto(0xffffffffffffffff, 0x0, 0xffd8)
syz_clone(0x25342080, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000) (async)
mlockall$auto(0x7) (async)
mmap$auto(0x100001, 0x400008, 0xdf, 0x209b72, 0xffffffffffffffff, 0x8000) (async)
memfd_create$auto(0x0, 0x9) (async)
write$auto(0x3, 0x0, 0xfffffdef) (async)
r1 = openat$auto_nsim_dev_max_vfs_fops_dev(0xffffffffffffff9c, 0x0, 0x48002, 0x0) (async)
write$auto(0x3, 0x0, 0x1) (async)
r2 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/stat\x00', 0x40440, 0x0)
read$auto_proc_single_file_operations_base(r2, &(0x7f0000000040)=""/9, 0x9)
mmap$auto(0x81, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) (async)
r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r3, 0x80045432, 0x7) (async)
finit_module$auto(0x3, 0xfffffffffffffffe, 0x2) (async)
r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/kexec_load_limit_panic\x00', 0x101202, 0x0)
sendfile$auto(r4, r4, 0x0, 0x4) (async)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/loop8/queue/zoned\x00', 0x100002, 0x0) (async)
r5 = io_uring_setup$auto(0x4, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000040)=""/81, 0x51) (async)
setresuid$auto(0x0, 0x1000, 0x0)
write$auto(0xffffffffffffffff, &(0x7f0000000140)='7\x00\xb1\x9a\xc0\xf9\xc0e\xd2T\xbe\xb6I\x9d\xd9\x18\xf5\x91\xbfq\xfe\xf2\x9a\x02\x9fC0xb\xccW(\xc1n+\n|5\xa5\x9c=^\xf1\x11H\x1c\xf73\x16\xd2\a\xfaw\xcc\xf1\xff7\xab\xa1\xeaF\x04\x17\x99\xd3\xd1\x83\xccG^\xbbdC\x8a\n\x88\xbcW@+\xafD\xd1\x8a\xc13W\xf66\x86\xe5\xee\xa7\x1d\x0f\x90\x00\xcf\xdb\xf5\xbf\xd4\xc8\x84\xb3\xeeb\xb0\xc7kN\x80\x93\xfd\x89\xe1\xc9tp\xd4jm\x7f\xf0a\xc3\x02\x14\xcf\xcf\\e!\a\x82\t,\xa7\x00\xbd&\xcax\xf8P\xc1\x8f\x87\x83\x0f\x93z', 0x81) (async)
close_range$auto(r5, r1, 0x7fffffff) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)

1m16.656167751s ago: executing program 1 (id=2341):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0)
ioctl$auto_IOCTL_VMCI_CTX_ADD_NOTIFICATION(0xffffffffffffffff, 0x7af, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
sysfs$auto(0x2, 0x10000000000045, 0x0)
fsopen$auto(0x0, 0x1)
close_range$auto(0x2, 0x8, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/etherd/err\x00', 0x402, 0x0)
pread64$auto(r0, 0x0, 0x8, 0x2aa00b6e)

1m15.530681396s ago: executing program 1 (id=2347):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000000), 0xffffffffffffffff) (async)
r0 = openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000040), 0x121000, 0x0)
poll$auto(&(0x7f0000000000)={r0, 0x2, 0x4}, 0x2, 0x5) (async)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x84)
r1 = socket(0x2, 0x5, 0x0)
setsockopt$auto_SO_TIMESTAMP_NEW(r1, 0x1, 0x3f, &(0x7f0000000080)='\x00', 0x2)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) (async)
listen$auto(0x3, 0x81) (async)
sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) (async)
accept$auto(0x3, 0x0, 0x0)

1m14.199996383s ago: executing program 1 (id=2356):
r0 = openat$auto_percpu_stats_fops_(0xffffffffffffff9c, 0x0, 0x200, 0x0)
mmap$auto(0xfffffffffffffffc, 0x7, 0x4, 0xeb1, r0, 0x8000)
capset$auto(0x0, &(0x7f0000000080)={0x8, 0x4002, 0x3}) (async)
capset$auto(0x0, &(0x7f0000000080)={0x8, 0x4002, 0x3})
r1 = clone$auto(0x2b2, 0x4, &(0x7f0000000280)=0x3, &(0x7f00000002c0)=0x3, 0x3ff)
prctl$auto(0x3e, 0x40001, r1, 0x0, 0x2)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
r2 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x280303, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
sendmsg$auto_ETHTOOL_MSG_RSS_GET(r2, 0x0, 0x8010)
writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x1}, 0x8) (async)
writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x1}, 0x8)
connect$auto(0x4, 0x0, 0x10) (async)
connect$auto(0x4, 0x0, 0x10)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x0, 0x0)
mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001)
mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0)
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
mount$auto(&(0x7f0000000000), 0x0, 0x0, 0x339, 0x0)
socket(0x2, 0x1, 0x106)
pipe$auto(&(0x7f0000000500))
flock$auto(0xffffffffffffffff, 0x9)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/locks\x00', 0x0, 0x0) (async)
r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/locks\x00', 0x0, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r3, &(0x7f0000000180)=""/250, 0xfa) (async)
read$auto_proc_iter_file_ops_compat_inode(r3, &(0x7f0000000180)=""/250, 0xfa)
read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000000c0)=""/228, 0xe4) (async)
read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000000c0)=""/228, 0xe4)
close_range$auto(0x2, 0x8, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0)
write$auto(0x3, 0x0, 0xfdef) (async)
write$auto(0x3, 0x0, 0xfdef)

1m12.913477034s ago: executing program 1 (id=2361):
mmap$auto(0x0, 0x9, 0xdf, 0x9b72, 0x2, 0x8000) (async)
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) (async)
sysfs$auto(0x2, 0x2, 0x0) (async)
r0 = fsopen$auto(0x0, 0x1) (async)
capget$auto(0x0, 0xfffffffffffffffe) (async)
capset$auto(0x0, &(0x7f0000000000)={0x3, 0x7, 0x8})
fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0) (async)
prctl$auto(0x41555856, 0x4, 0x2008, 0x0, 0x0) (async)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket(0xa, 0x801, 0x106) (async)
socket(0x2, 0x1, 0x0) (async)
socket(0xa, 0x2, 0x0) (async)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) (async)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0)
r1 = socket(0x15, 0x5, 0x0) (async)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/freezer.state\x00', 0x10b342, 0x0)
pwrite64$auto(r2, &(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x06\x00\x06\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0x2, 0x3)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
bind$auto(0x3, 0x0, 0x6a) (async)
mmap$auto(0x0, 0x4020009, 0x7, 0xeb1, 0x401, 0x48000)
connect$auto(r2, 0x0, 0x9000053) (async)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) (async)
ioctl$auto_BLKTRACESETUP2(r1, 0xc0481273, &(0x7f0000000180)={"ea2fcaf6767b5fcc78f1a0949385188f1f36feb1158fdc2b723e59a62c9b4a61", 0xfff8, 0x8, 0x5f8a, 0x9e1b, 0x9, <r3=>0x0})
prctl$auto(0x8038, 0xfffffffffffffffd, r3, 0x1, 0xffffffffffffffff) (async)
copy_file_range$auto(0x6, 0x0, 0x9, 0x0, 0x7fffffff, 0x2) (async)
add_key$auto(0x0, 0x0, 0x0, 0xf9f9, 0x8001) (async)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer\x00', 0x80091, 0x0)

56.940144134s ago: executing program 33 (id=2361):
mmap$auto(0x0, 0x9, 0xdf, 0x9b72, 0x2, 0x8000) (async)
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) (async)
sysfs$auto(0x2, 0x2, 0x0) (async)
r0 = fsopen$auto(0x0, 0x1) (async)
capget$auto(0x0, 0xfffffffffffffffe) (async)
capset$auto(0x0, &(0x7f0000000000)={0x3, 0x7, 0x8})
fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0) (async)
prctl$auto(0x41555856, 0x4, 0x2008, 0x0, 0x0) (async)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket(0xa, 0x801, 0x106) (async)
socket(0x2, 0x1, 0x0) (async)
socket(0xa, 0x2, 0x0) (async)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) (async)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0)
r1 = socket(0x15, 0x5, 0x0) (async)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/freezer.state\x00', 0x10b342, 0x0)
pwrite64$auto(r2, &(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x06\x00\x06\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0x2, 0x3)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
bind$auto(0x3, 0x0, 0x6a) (async)
mmap$auto(0x0, 0x4020009, 0x7, 0xeb1, 0x401, 0x48000)
connect$auto(r2, 0x0, 0x9000053) (async)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) (async)
ioctl$auto_BLKTRACESETUP2(r1, 0xc0481273, &(0x7f0000000180)={"ea2fcaf6767b5fcc78f1a0949385188f1f36feb1158fdc2b723e59a62c9b4a61", 0xfff8, 0x8, 0x5f8a, 0x9e1b, 0x9, <r3=>0x0})
prctl$auto(0x8038, 0xfffffffffffffffd, r3, 0x1, 0xffffffffffffffff) (async)
copy_file_range$auto(0x6, 0x0, 0x9, 0x0, 0x7fffffff, 0x2) (async)
add_key$auto(0x0, 0x0, 0x0, 0xf9f9, 0x8001) (async)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer\x00', 0x80091, 0x0)

18.587996621s ago: executing program 4 (id=2511):
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/bus/input/devices\x00', 0x1c9180, 0x0)
read$auto_tracing_stats_fops_trace(r0, &(0x7f0000000000)=""/43, 0xfedf) (async)
r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x60800, 0x0)
write$auto(0xc8, 0x0, 0x4040f6) (async, rerun: 32)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x1c, r3, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@HWSIM_ATTR_USE_CHANCTX={0x4}, @HWSIM_ATTR_SUPPORT_P2P_DEVICE={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000000080), r4) (async)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'wg0\x00'}) (async)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async)
rseq$auto(&(0x7f0000000000)={0xe, 0x400, 0x0, 0x20006, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) (async)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async, rerun: 64)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) (async, rerun: 64)
r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0) (async, rerun: 32)
r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) (rerun: 32)
ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) (async)
ioctl$auto(0x3, 0xae41, r6) (async)
ioctl$auto_KVM_GET_MSRS(r5, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0x40000108, 0x400, 0x9}]})
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
brk$auto(0xffffffffffffff66)
fanotify_init$auto(0x65, 0x2) (async, rerun: 32)
sendmmsg$auto(r1, &(0x7f00000002c0)={{&(0x7f00000001c0)="6049094730cbe58062c6946535b42942e4a1d796b0da0694b09e380fcb90952b0d252b9ff567512c407884ee6e89c5333bd88eea0dcf4adf365b7ecb3bb2c1aba721292ce8b93b2c78786282be9829be2a76c8f1be72db6353b9c4c5", 0x94, &(0x7f0000000280)={&(0x7f0000000240)="d20d2f8d3f2e6455d9ee8a79915258273f8c73"}, 0x3ff, &(0x7f0000001440)="ee9f1d06f46e78c38ac5a631421a2838a251f40b72ac1bcd9d7ee449b7a858d39e16241724e8d2eeb6c65afee8adad0a19ffca60626c7731464368c52004cc87ae9946c29b4bcb24c90d28f6b3153e2371c3e2880cc27997f5d52aa26edc0f50f08f159a963eb70f4d7db01800ea2dd13e32e23c583508434bb51fbc70fc9ada1871fdcb70553d4d0c5bd7d51c1142e707232383f7a8b384a002c115bf3a11ee2a8e621d1e4225de67564968477bda8a9f43224d4c3fb12e38e092f2772add9fcbde2876da1b65ad7d927e862ad69953513f122bea45b1c0627b268fbd198190a343a93232cafb5934f3eb6710c5e5145e5906a1ba8a3b3288bd0e71e0ebb8bd2a106180c3a9e78ce212e2d16f123cd4674c666587489b06a0fe21919739a9f359c4bc1690f613c4ada5dbc8e6b63c63f686dc73445496a8cbbacbce336922529108af9b45699247c6bf2cce20ebd951e9d4b5881ce5bfb1d6913b1832330e3726d466fe20a3378e3b41c5017fc4363397c60667c0a79cd1aee4138cc6de8d94de7408f91ad71f599f844077b2cb14d2b1b2a0a29dcafb7de55701da4cdfe12bffa65f0f0c7a6c2c41d16f6117e223688f7f891e343af16ec2f4c2d61e48e2910ba5c5d5b66f8adcf14d10d03a8bd08c1c8b7f59666ea8c10ec79cc6b6f6bb1ab617d378619f6ff4a40453bc40971f1541417bb9fdc36027665a1f8a5d78171254d6ddf41044506e6e604bf87fb03698f4868f2cbb766b9234033b0eba294e694cdfaee9231f72593116c613500a150d46138982cf178b3f1a1d13929a67c90e7026131ca1a9aa709756345c218c9162df05f491a8406915624a5af37beaf3c8f106dba9f695a949777dc37e325a6bb0891ae0d9aa3b70d40c1f8a7da9d898d44abcdd2b4f9296539708e3fc3973e9a794a8d46b659209659d0749607c7f52c36cf7743bee69eec48a0e4eb4ef8b0253efe12f6cd1851162026c73de3d273313f8a5191f5dec4a3eeb730dc3c14c1a20c4eee11e0bbfb2d691100981cdd466e8fd1957f0afa3bcb41de59db8d7f9dec23ed99bca2014230ff6661912f751854aa4a35f9afb23a1c87db0c267063702b65677232a34c172884f0053c3235c4f01771cfc6a472023e825b38a66e5547da0a95f0b992fd4dfd4d558a6842cd29bb850f045bb4dcb70bf3305852458807c276777c7cea7dcdc332ea5c71448da4abb734085b83b90cc4c28441bc906b8be5a14586b62f2919c4947990f5bb8dc4ec575453070cfbd001e7ae7e87133e53b8f5b262f2280e63a610d62d717655bc67aaf434419d4f7d9cf25cad6694b55d13b98227f9121ad1ac556c62680e7fdc2282755e04f1008134da3c86df3a3745acadafe0dd9c6fabdf823ffffd3a14ee0f895cce7fcf62a19515ad188bc4ce1a7189a9ebcf4baaa20a10c1ec0ea98b925dd699de9a7458d4165e066c831f51aba15c92dc293d4ed9264bd3f87e0b0e9c90d5b1c4cda99bf9e63d560d18e4ff3e96c8df77562d9f0e232b0c179405ca06e33b77cd76c399ec984d82814e61b4ce8dcf9cca9437eadf2d7195290e39c6f93d0fe456cd812f84b4a94799e47c57e733e41026c402ea622014f6453d6f354220b3ac3418f8164ebcd600eac6065cde995d8fec800885afc1a3b8d7a83d8fdf4acb56e43d1cb2a56d1b842bff9a3f7bea580a4d5ed593e0d3c197fbd51543f1ec24273cc7627caf69242194459db53ae4b43082e8a8b80dd1f6c2d4517cc3b49a486b8295d6b5d4e550107fb38478af674a169374c8eff90b759a432053c9fa5140f0fdaaa5da96eabaf5bd3b0759a0c14bf9809bb2d56ef43d254440658282eb2bbe34d1f7f1f2c7dd7ca03492dca098dfb3d3a589a4c952f74dfe19e62b5dbe786e4e7240595a5ff184d7a51393a63ac0d5347f8815dadbfebf23a0c38a1978c7f5966a5671f766f88dcba971b9f25e948226fa09985819b4be73dc1a41580ea5a3d6cb461528e48b4d9ca392b70f5cb6b455c70646139c0250792d83200863a851eb915cbf91a2f1fc1b1d20355255c247c3debaea75e8477805707d3edb231e5055c107d268a35813449c40a129a321baed6be07c3143d2b5174fc35291823917378fd488b9f5707559e78fc08caa4cbb6daaa43a6be5cb8d81e61940d05a5b8e5830c4468ceb5812f0d7d5b0ddb3d368fa1fc58786fc471d6dcbbae38c3346a9fe819c440a3920b3f48e87ab3f308b1c9bc141a3d17507cd69da4980dc29e5ae23a3182b39ef001fd9c2e7f0acd768642d9a2ce2636b21ed837120a5f18cd4af6fa8c85c2c28e26b3232f27f3b761ba41ed3b92f98333af10bd6a80e5ac810595fc095f37e856fb1d758cb58d810de1cfa046a543843e092e1a27da99a4ad4743b2960e2de512e93aedad251adc7f072f6238c3bed13382b0a44e42962524a1905450e3faf2f2fe15c71c86462cf33352468ab6a028da9ad40b3d182c1ed4f55c3d5722f291754cd7b1d9ca1fbef1215973015845a6dbe481d87776f1b47f130f88a5d59a78769e77d1c25852b385498dd3dd4a51a4e7353f8161bd79d01db10305c8c74f0bb1deb52fb70e5c83073c992a739aa16010c051561423c45779c0db26277168921857780fe52e8e826308912fc830126af7943302d8cd241fdd8560ed374b3dd1e60df188acad1773d76554b128e3740694e36bba7b5855a5734407616c5abf765bfdb25aea348a72a8bf40ed9655f5675d36ddbbd842907508f2c8f4a6db4a429c8c848054623d46b1008e3b33f3bcedd1042447264fbca75cd96ed4c958392d5a103d47bfed68806e461131eed564953ed93cd76b3107308631a007a8dc45e8dcb4650d36ad0df7891952cca1b95cb3b67cdeb0e4d950594410db6f3ffa7275c59c9654dbcc9b4dd9fc51fb374d331feff6f57fa5af0a83998ba59e5004d587251c7e038b7457abebcb87c10d8bdc8d360352b265e02780157ab59772ff39f867655fca531cee6923309a856ace30c44af175d9a3f334333a498c9d7330fec8ec27a2b05de6a962566d265c46b0ba0242bce9ac37e5714bde774e6e7568860712d42b53352e4b5d573c001b7caa720ff3329b57f2f7f629cc8bf9726f4af4e5685ad30b3be31007fb4bcb6bc2cc11fc6074c3968bb37a0a91a7fb1bc0f6b64a138527546e19061d619ec6a967c2dc6cdd6acda8c7a49ae98603431a9126bdbb915b4ec88cf9b3141256d1e6aceb6084f20ace8de8d052ba3fcdcbe9dbcf9f6e9cf16a8bd5feb6d06173721332fdcba6f87641e49672f2bfee6a51a1de323f251e05be1106ebdcfeb7ebd22f54f12caf21fa27bc1cb7932ba14709dfe4ff1c51d90eb52c7d849f19a26feeb6f0b8a515dde93ed64044d16e7d33b9405a0446a662c2c33731f6a6ba7dc81c69e8c5d4e5fe2ca8046dd7b6c6135973ee2395bb6ce0f8eba1ba9369788777a2c10816c997c7632a4077f986c51e3262288de43c8b666b418186807a5a315ebbc2a282b4eb7a9b5cacd96002ee8c5c3803b6009ef70a52fd7044a2275270e55823fe35fd4a2d7e3fa3acc3bf796169ff33032639376a90c4b7dc521742a9c7f0d970878d1af26e16270b1d6fbb07da4b77c2f62efd10768a23ef251703bbce08ffdc97bc7072c13891da92a612a9cf483c6c6b2b25b735bd01d1fef36106ff9b407643c77dff5adc2a430d1b632f58f27a0c9ada086487075e692aaf1d45f414ab9840b3d3ceb7be9905cddee3297ede2db0622d6ab1743d19a3dc91aa6bce2ef08d8d24369d584169e73b79404522666d6ebd4cfa027c303479c583a2929a1b807aff23f27033ab5082e2147ef23c0f15c0420f30fd272d7d5d6563aaf5b8b7ccf7bda8877cdc44e574bab4b5a3befb2ef3a04ba1131c4cba9282c2585bb3b87fb37102e1b3f4fe3455b5ed05c9be53ce8c853d0f1f59d274d2f72116b662857cdd76362d6905e7b7afd37be4cea3396024646df675c57a510a1b246b06d2450e44d3f28f72d40d15d66930a8abb6e9c9f592e2d0f59a15a7aae1b007b06f78b0ff48d8099084dd85a66be87964491a2d6734fe59d84e236824f6222eba013f9e666c1ecd133314f02ebce5eeea10ddf07a37ae50c539439498bc9d3f579c91102b7c0926e1f359d48c969c8015bd700d22ccb3423b5c6a4754c439312b1852bb5e9a6d6ef429394dec0cf024ea9b7aff809751fc00255f28d421fbb6ede1f3ffcd6557ed1a3bfd6ec22fd4e0deaff912d13d640b49401475db1b74317dbf28e3f4c88649cebb21ba914949d6b2cfa2dc156edee3d99f95b9c8be2d757d6c805ce4551c05734999496e59bd3f48188b126019019d99ab876d37292ead428965dbe3d94fe791d17153b10c09b1c73fd5fc0ee2cbfde16f4551b8febba18e04dae7fef3dd104f353ec26b695b1271b0a27cd6387f4399553bbad8bdae924155238ab5f54ff0c8ef752e8593b229080578019595692f439e56031546bfa1bcf210ba8737a72111feca1d273ece470e9fd8fd7c56a2c05b9ff42ad27ff7a280b0fde750ea4ab29c1786ad55702769891e935e5539a3d1f5fc88a2779c2a3519fe461240336b1fb3bfbf65f6b3052434cb0fa362fbd009625755a14a54da3faf0c9f86a0f57302638aaafcb1555bba54e42d96a040c288c6fef09a7f14ebdb70cd4f1ddc38604e1685ef179bdd3d20b28c81409ef4861a2ca1c7f7afd104b2f800e582cf09a17e79de90fb28ebdfd16b3eb8587c2e7a6204dd8c03d67465656480be896e11c37ff1e0a49a06a503855fe1d2666c3c03fc6a22a910b98d7f1174f62c7ff20d66e949810ceb8e53a27d357ab647ee22ebc4b642407f49aaffb8fc4e13bcd48724db0451b42d6d46ee6b57a6bc064c6a089dbc26a574ffd7457fb6864fd746545f324539249a96bbf95ceb9ade641b4f442200c080aba4779ee16ac8bcf9cb7406b7050aecb65f5d8a1446f7eec14aef843159f653572194f25cc0c6dc3a206c21b1fcbb2be238e6d4effc1f1ac2535337ae5ecdd2fec0eb8687d3a6a08b300eaeb6b2ff4bdda76f39d576eaccd0b42e34617476aec43997942a01a58c4ea6f6e2a0552a0f8a2683b1e261f113b6c03415eabe8e546c179d1c5c919321ac200378491e25981e4d1f4a1834075cd4f84df59d1e86996d59341b81f1e03db7bb89417646046b186a76ccc82a00098d99f3aaff94d0ef4315bc00e5079a5699203e0a7d962795f28c535bc6f8d14b229fa085064b49a36c2b28e77c6f318dbaf92a7a57d2fae911de5be9b72f59032610c598f98781f4fc58454d3ab10e2494596b400c1175ee063f56a0a7e6e3c9518f35a44a555b0d01fd1efe470756b176f8f211952f23147b95efdb00fb99c45890c22d7d50f1e5fe612f8954a0fa066bad9d06d4c6e57b286fe7550fa56605f6c4d4dfa4b23aa2c379d1a553d4bdfd0d04204ee82033dba4783ebbc9f61049ee4976ff44f8abcb5ade00c361ef0177b3ac33367975698b05c272587141be29c2ede38c3e470fbf173238fbbbe58324390c599c0c220e9e354b9754cd0e7220dcac41a36d180efb1be96e29c5c90f82d9963a7123dd25cb182ff48d6b23c0f3d2c89ba10e5b222a6c67f2b8c046b75bba33621f76e6f0e4a9122fae475e4298faf6fc27e4797c0ba29e5e6c5dad5cd9f53376aee17a946c8250fac383b4685613b6452ff74e52f537b03e0e9cf6faa09ed9b311a89b0a897b48eb8a56edc35cfee0008fcdbcd5981452db6e92874b700aadf0f472b6758b7cba5b8b74ef", 0x3ff, 0x9a9}, 0x6}, 0x4, 0x6) (async, rerun: 32)
fsopen$auto(0x0, 0x1) (async)
kcmp$auto(0x1, 0x1, 0x0, 0x100000004, 0x100000001) (async)
openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, 0x0, 0x100000, 0x0) (async)
close_range$auto(0x0, 0xfffffffffffff000, 0x0) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0)

18.204197543s ago: executing program 4 (id=2512):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
getrandom$auto(0x0, 0x6000000, 0x3)
mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0)
open_by_handle_at$auto(0xffffffffffffffff, 0x0, 0xffffffff)
mmap$auto(0x0, 0x2020009, 0x3, 0x10011, 0xfffffffffffffffa, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x775602, 0x0)
mmap$auto(0x0, 0x810004, 0x2, 0x8000000008011, 0x3, 0x0)
write$auto(0x3, 0x0, 0xfffffdef)
ioperm$auto(0x9, 0xff00000000, 0x5)
write$auto(0x3, 0x0, 0xfffffdef)
connect$auto(0xffffffffffffffff, 0x0, 0x55)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/module/block/parameters/events_dfl_poll_msecs\x00', 0x0, 0x0)
setsockopt$auto(0xffffffffffffffff, 0x107, 0x1, 0x0, 0x8004)
socket(0x10, 0x2, 0x4)
io_uring_setup$auto(0x4bf15e08, 0x0)

15.604988545s ago: executing program 4 (id=2520):
r0 = socket(0x10, 0x3, 0x6)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)={0xfc, r1, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@ETHTOOL_A_LINKMODES_OURS={0xe8, 0x3, 0x0, 0x1, [@typed={0x8, 0xc2, 0x0, 0x0, @ipv4=@multicast2}, @typed={0x4, 0x2a}, @typed={0x4, 0x11}, @typed={0x8, 0x2e, 0x0, 0x0, @fd=r0}, @generic="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac4138553ecfbb1b32dd7c33b14cc842bc1e2a5da4203e64ceaa9db5223aa655b6313c011b3e73a75f1aa1f7b2ea43344b15bd494886e355cf6d92c8fe670a42bc677830013e9c4aa4fa30c3e6630bf0ed13206d5a18f6813c6fb03466112aedf5d67bb5b99fe96a6dcd279916b0bce029925b63c48d41ca8a76e46c", @nested={0x2c, 0x5, 0x0, 0x1, [@nested={0x28, 0x63, 0x0, 0x1, [@nested={0x24, 0x9e, 0x0, 0x1, [@typed={0x8, 0x5a, 0x0, 0x0, @str='/}!\x00'}, @nested={0x11, 0x86, 0x0, 0x1, [@typed={0xc, 0xd, 0x0, 0x0, @u64=0x6}, @generic='N']}, @nested={0x4, 0xc9}]}]}]}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x2000004}, 0x2404c810)

15.208584343s ago: executing program 4 (id=2521):
sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x80)
r0 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000001440)={0x0, 0xff9e, &(0x7f0000001400)={&(0x7f0000000240)={0x34, r0, 0x6c5679fc7dece1a9, 0x70bd27, 0x25dfdbff, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x7}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x10001}, @SEG6_ATTR_SECRET={0x7, 0x4, "eb96e1"}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008000)

14.798313748s ago: executing program 4 (id=2522):
openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f0000000180), 0xe2bf528124bb75dd, 0x0) (async)
unshare$auto(0x40000080) (async)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async)
mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) (async, rerun: 32)
mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x8, 0x0) (rerun: 32)
chdir$auto(&(0x7f0000000000)='}[,&*}\x00')
r0 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a4, 0xffff) (async)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r0) (async, rerun: 32)
sendmsg$auto_NL80211_CMD_STOP_NAN(0xffffffffffffffff, 0x0, 0x815) (rerun: 32)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, 0x0, 0x20100, 0x0) (async)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async)
r2 = io_uring_setup$auto(0x6, 0x0)
write$auto(r1, &(0x7f0000000340)='\xa3o\a`\f\f4\xc6\xe7\x8a\x16h\x80\xb5\xed\xe4\xec\xfe\xe50\xb9\xbb1/#\xdc\xdd\xed\xa2\x85\xa1\xd5\xf5\xfeG\xdcI\xe3c\xb8BS\x04Y\xc9N\x98\xc6I_E \xc8^T\x84Mh\xf4Y\xcc\xe4\x9al\x88\x8fX\xcb\xad\x1d*\xec\x1dG@H/N\xaa\x1b\xce\x8b\xff\xcfe\xac\xda\xb0\xbe;-y\x12\x13\x93\x1d\xb5>\x1c\x02Tv\x92\xc0\x1c\xaa\x8a8\x0e_Fv\x00\xdc\nfd\x16\xa6d\xa3z\xdf\xc7o+1\xf4Q\xf7i\xd6.\t\x10\x99\xc4\x06\xa3\xbf*\xbb\xe0H\xc9u+\x17\x93!\x1c\xc3\xcd\xc1y\xaf\xf1\xd1B\xaa[\x9d\xb6\xad\xe2\xff\x9b[{\xd1z\x18\xba\x7f\xb5\x10\xdd1\xf2\x9c\xb0=\xf09\r\xc3\x1b9\xbe\xa8\xe76[/<,\xe1\x90\xb3G}\x85E\xc6\x8ak4\xc3+\xf0\x9f\xe0F\x1b\xdb\x84\x17\xc0\x99\xf1\xb5,\x1f\x8a\xe7\x0f\xd7\xc2{>\xb9q\xc3\xa7\xaaF|\\4\x03Z\xecH\x99\xber\xab\xe6+>\x95\x86\x83\xfb\x16o\x98\xe0\xe9d\xa1z^}\xc7\x12\xe6b\xa2\xb1X\x062\x12\xec\x12.\xbb\x10\x11\xdb_Xo\xfc\xcd\x8av\x80\xf0!n\x8d\xee)\rm\xc5\xee\xd6\xde\xc7\xf8\xdf\xc1?\x82\xca\xb6X\xe3\xfc\xf8\x1a\xe7U\xd6\f\x8e\x98+\x99\x1dqtV\xb4\x05\xa4ge', 0x110000a3d9)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async)
socket$nl_generic(0x10, 0x3, 0x10)
madvise$auto(0x0, 0x20499d, 0x9)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) (async)
write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async)
r3 = openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x902, 0x0)
ioctl$auto(r3, 0x80004d00, 0xffffffffffffffff) (async, rerun: 32)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x0, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) (async, rerun: 32)
r4 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
poll$auto(&(0x7f0000000040)={<r5=>r4, 0xfff7, 0x9816}, 0x7f, 0x0)
ioctl$auto_VHOST_SET_OWNER(r5, 0xaf01, 0x0) (async, rerun: 64)
open(&(0x7f0000000080)='.\x00', 0x100, 0x0) (async, rerun: 64)
getdents64$auto(r2, 0x0, 0x43f)

12.559797013s ago: executing program 4 (id=2525):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/dummy_hcd.4/usb5/bDeviceSubClass\x00', 0x181400, 0x0) (rerun: 64)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000180)=""/250, 0xfa) (async)
r2 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000100), r0) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
socket(0xa, 0x3, 0x100) (async, rerun: 64)
socket(0xa, 0x801, 0x84) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x2, 0x0) (async, rerun: 64)
mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffff6, 0x8000) (rerun: 64)
socket(0x10, 0x2, 0x0) (async, rerun: 32)
socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
socket(0xa, 0x801, 0x84) (async, rerun: 32)
socket(0x2, 0x801, 0x106) (async, rerun: 32)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async, rerun: 32)
r5 = socket(0xa, 0x2, 0x0) (async, rerun: 32)
r6 = socket(0xa, 0x801, 0x84) (async)
socket(0xa, 0x2, 0x3a) (async)
socket$nl_generic(0x10, 0x3, 0x10)
io_uring_setup$auto(0x6, 0x0)
r7 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r6)
sendmsg$auto_NL80211_CMD_TDLS_OPER(r4, &(0x7f0000000480)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="0001f9bd7000fddbf525d1e91e00"], 0x5d}}, 0x20000000) (async)
r8 = socket(0xa, 0x2, 0x88)
close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async)
bpf$auto(0x0, &(0x7f0000000000)=@link_update={r8, @new_prog_fd=r5, 0x4, @old_prog_fd=r8}, 0xa3) (async)
bpf$auto(0x3, &(0x7f0000000040)=@query={@target_ifindex, 0x10004, 0x7, 0x9, 0x7f, @prog_cnt=0x42c, 0x0, 0x80000001, 0xc, 0xb, 0x5}, 0x7) (async, rerun: 32)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000f40)={'batadv0\x00'}) (async, rerun: 32)
sendmsg$auto_BATADV_CMD_SET_MESH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x24, r2, 0x1, 0x4070bd27, 0x25dfdbf9, {}, [@BATADV_ATTR_BLA_VID={0x6, 0x20, 0x8000}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x20044000) (async, rerun: 32)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async, rerun: 32)
socket(0x15, 0x5, 0x0)

12.343886817s ago: executing program 0 (id=2527):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000840), r0)
mmap$auto(0x400000000000, 0x2020009, 0xff, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
setgroups$auto(0xe32, 0x0)
madvise$auto(0xfffffffffffffffe, 0x2, 0x7)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop6\x00', 0x8081, 0x0)
ioctl$auto_SG_GET_RESERVED_SIZE(r1, 0x4c04, 0x0)
mmap$auto(0x0, 0xa, 0xdf, 0x452, r1, 0x8800)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
io_uring_setup$auto(0x1, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0)
sendmsg$auto_NLBL_MGMT_C_PROTOCOLS(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="0800dcd6fce40700086a2d6d0062ef0013fc5c4a6a116476c06798dfbc30b6ece29bf1c8cb95d8e4b51bc7688b1e9243ccfddc3397a5e54c4371ebba7c9ce156efe875e7c367014aa5768b8442f436791bfb27dd3eea7171cab074c4a68699083bfca500b2c6c55deedc636537fdd0712e31dc8bbb20e30ecde4f78c4d99a0521ba80a4f95171576e515663e182560e7c8cc721c9b64cde4c8e4cebe8ac8cc47096f", @ANYRES16=0x0, @ANYBLOB="000827bd7000fbdbdf25070000000800030080000000080004008c000000080002000000008008000c000000008008000c000100000008000c0001000000080002004c09000008000c000459ffff06000b0009000000"], 0x5c}, 0x1, 0x0, 0x0, 0x844}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0)
r5 = ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$auto(0x3, 0x4048aec9, r3)
io_uring_setup$auto(0x406, 0x0)
mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000)
capget$auto(0x0, 0xfffffffffffffffe)
openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0)
remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a)
mmap$auto(0x0, 0x1000000000007, 0x4000000000e0, 0xeb1, 0x400, 0x7ffc)
close_range$auto(0x2, 0x8, 0x0)
r6 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0)
ioctl$auto_RTC_RD_TIME(r6, 0x80247009, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fb0\x00', 0x20401, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x4601, 0x0)
ioctl$auto(0x3, 0x8904, 0x400000000000004)

11.647705613s ago: executing program 0 (id=2530):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/tty15\x00', 0x20540, 0x0) (async)
poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) (async)
ioctl$auto(0x3, 0x5404, 0x38)
openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)

11.086343208s ago: executing program 0 (id=2531):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_SEG6_CMD_SETHMAC(r0, &(0x7f0000001440)={0x0, 0xff9e, &(0x7f0000001400)={&(0x7f0000000240)={0x34, 0x0, 0x6c5679fc7dece1a9, 0x70bd27, 0x25dfdbff, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x7}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x10001}, @SEG6_ATTR_SECRET={0x7, 0x4, "eb96e1"}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008000)

10.975929514s ago: executing program 0 (id=2532):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_SEG6_CMD_SETHMAC(r0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x20008000)

10.532251662s ago: executing program 0 (id=2535):
r0 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/trace_options\x00', 0x40000, 0x0)
listen$auto(r0, 0x611e)
poll$auto(0x0, 0x6, 0x8)
r1 = socketpair$auto(0x20, 0x5, 0x4000, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r2 = open(0x0, 0x7ffd, 0x12)
pwrite64$auto(0xffffffffffffffff, 0x0, 0x6, 0x8)
mmap$auto(0x0, 0x1ff, 0xe5, 0x200000810, r2, 0x8000)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x48041, 0x0)
bpf$auto(0x12, &(0x7f0000000040)=@link_detach, 0x26)
madvise$auto(0x0, 0x200007, 0x19)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x9, 0x3)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
read$auto(0x3, 0x0, 0x80)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r3 = io_uring_setup$auto(0x406, 0x0)
mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0)
read$auto_nsim_dev_trap_fa_cookie_fops_dev(r1, &(0x7f0000000000)=""/111, 0x6f)
getrandom$auto(0x0, 0x6000000, 0x3)
syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff)
r4 = socket(0x11, 0x80003, 0x300)
io_uring_enter$auto(0x3, 0xa84, 0x80000001, 0xa, 0x0, 0x46)
sendmsg$auto_NL80211_CMD_SET_REKEY_OFFLOAD(r4, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004091}, 0x40850)
io_uring_enter$auto(r3, 0x7, 0x7ffffffb, 0x3, 0x0, 0x3)
move_pages$auto(0x0, 0xa, 0x0, 0x0, 0x0, 0x2)
mq_notify$auto(0x4, &(0x7f0000000040)={@sival_ptr=0x0, @inferred, 0x1, @_tid})
sendmsg$auto_NL802154_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0}, 0x80)
socket(0x11, 0x3, 0x9)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48})

7.961094914s ago: executing program 0 (id=2547):
mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, 0x0, 0x40400, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x1004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
syz_clone3(&(0x7f0000000100)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58)
socket(0x1, 0x803, 0x0)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
inotify_add_watch$auto(0x5, 0xfffffffffffffffc, 0xfffffffffffffffe)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x141241, 0x0)
writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000380)="d0c7b195833faee72dc5291be21225d8c83201ac850dfa8e862126684a9cb822f42be45f1b96f35269fe4647932760c225dd83dfc9e56ae5398a9d3319a8d950f12cb50dfe1003383a7d7c1650caf627037fae97af7b3d35942b50004a5eadc5a58c63c7600c09ae4b451df40ca0c82e5258ddfbe18e1c69820a34fcb4fb48d5233ee33e2079f016357595c9182055fa1467d36ad6cb75bfcbea658bf7c857206256f3b4a7fbd8ea699df63075e3796081765e51e6043d9b4adfe4e50035ffa69a006b0c56b975ea50b9ab7b6cfde70077411b22cc3c9c9fc79d1eab73b030b12d1d4ec5780c83528487328ced16d63279bc6bf14c4a9c5df9f615cd5cdbda4dfcda81a9325f829ef4b5445382c89cce86a81f24440cc726bd9aa4ed65f08153bbd25061c688ab9f4957fdfe219b87a082a0d23eaa27230d45556369be59811ad0aac67940c33de5fc4a86d1efa0892a7532305e221f1ef98c89f3c6", 0x7111}, 0x8)
socket(0xa, 0x2, 0x73)
acct$auto(&(0x7f0000000000)='/dev/snd/seq\x00')
r0 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
socket(0x1, 0x1, 0x0)
bind$auto(0x3, 0x0, 0x6b)
connect$auto(0x3, 0x0, 0x6b)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptys3\x00', 0x101880, 0x0)
ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0)
openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, &(0x7f0000000080)='/dev/media19\x00', 0x2000, 0x0)
close_range$auto(r0, r1, 0x0)
r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, 0x0, 0x48402, 0x0)
read$auto(r2, 0x0, 0x1f40)
r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/compaction_proactiveness\x00', 0x40001, 0x0)
write$auto_proc_sys_file_operations_proc_sysctl(r3, 0x0, 0x0)
r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/rpc/nfsd.fh/flush\x00', 0xc8201, 0x0)
write$auto(r4, 0x0, 0x6)
write$auto_aoe_fops_aoechr(r0, &(0x7f00000001c0)="d506a2dfd30deb9943dcd05d00f885b57d2719b3ee6d9d80e9119c6b683456493d0c37d1c33fbb35b6b276493f1355789398b5cee0dbc07728f046b99eccf8eaed967b702501092c40490955e59b38575172e22f212495f660ea21b6a7c50c205737aa7f5b8b38946484eeeac0827d97f33a54d9ff0576b21fea1221db5f06b97a280818c525e4126aba4944d6c133487a287bc8e10fe01cb77e8d6c9d8873a87e1fdda419c41c3fd02571aabb9de7ab7bd73961fdab3d3da896a253393a807ea12c4666a049fa2d33319b0f94be15964afbffed156656b2ea687117043b1b630b2b82e6818046c054ea77adb30dd1c1", 0xf0)

5.395512039s ago: executing program 5 (id=2557):
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/sg/def_reserved_size\x00', 0x402, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram10/queue/max_sectors_kb\x00', 0xe3102, 0x0)
sendfile$auto(r1, r0, 0x0, 0x22a475fa)
setreuid$auto(0x8, 0x9d7)
write$auto_proc_reg_file_ops_compat_inode(r0, 0x0, 0x0)

5.252173806s ago: executing program 5 (id=2558):
r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/security/tomoyo/query\x00', 0x75f140, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x5)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0xa2741, 0x0)
mq_timedreceive$auto(r0, &(0x7f0000000100)='nl802154\x00', 0x4e, &(0x7f0000000140)=0x8, &(0x7f0000000180)={0x5, 0x9})
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/snd/pcmC0D0p\x00', 0xa00, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x4, 0x0)
r2 = socket(0x1e, 0x4, 0x0)
r3 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
sendmsg$auto_BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYRES8=r1, @ANYRES16=r3, @ANYBLOB="010028bd7000f9dbdf250f00000008000300", @ANYRES32, @ANYBLOB="05202f0000000000"], 0x24}, 0x1, 0x0, 0x0, 0x44010}, 0x0)
get_robust_list$auto(0x0, 0x0, 0x0)
setsockopt$auto(r2, 0x10f, 0x87, 0x0, 0x8000)
setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0)
socket(0x10, 0x2, 0x14)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dri/card1\x00', 0xf1d41, 0x0)
openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x18481, 0x0)
openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/fail_io_timeout/probability\x00', 0x20000, 0x0)
read$auto(0x3, 0x0, 0x80)

3.993147262s ago: executing program 5 (id=2562):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sysfs$auto(0x2, 0x3d, 0x0)
fsopen$auto(0x0, 0x1)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
clone$auto(0x3fff, 0xad3, 0x0, 0x0, 0x8000002)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f00000000c0), r0)
sendmsg$auto_KSMBD_EVENT_SPNEGO_AUTHEN_REQUEST(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, r1, 0x1, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r2 = socket(0x11, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX(r2, 0x8953, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r3 = socket(0x10, 0x2, 0x0)
mmap$auto(0x0, 0x3, 0xdf, 0xeb1, 0x401, 0x8000)
madvise$auto(0x2, 0x2000040080000004, 0xe)
epoll_ctl$auto(0x5, 0x1, 0xffffffffffffffff, 0x0)
set_mempolicy$auto(0xfffffffd, &(0x7f0000000000)=0xff, 0xe06)
sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='&\x00', @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
read$auto(r3, &(0x7f0000002300)='MAC802154_HWSIM\x00', 0xfdef)

3.034767946s ago: executing program 5 (id=2572):
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000)
socket(0xa, 0x80803, 0x6)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/mtd/mtd0/subpagesize\x00', 0x80000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/kvm/parameters/nx_huge_pages\x00', 0x42080, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x10, 0x2, 0x14)
r0 = socket(0x11, 0x3, 0x9)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x5, 0x0)
memfd_create$auto(0x0, 0x2)
socket(0xa, 0x2, 0x0)
openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000000), 0x48001, 0x0)
r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x202002, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket(0x10, 0x2, 0x4)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0xc)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r0, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x8800)
write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef)
process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\x00\x80\x00\x00\x00\x00\x00\x00j<\v\xf47\n\xa7\xd2\x8b\x11e</\xfd\x9b\xe4\x99G\xeaS\x9a\xadu(:\x94:\xaf\x06c=3>1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5)
keyctl$auto_KEYCTL_ASSUME_AUTHORITY(0x10, 0x8a, 0x1, 0xf9, 0x5)
r3 = set_tid_address$auto(0x0)
syz_open_procfs$namespace(r3, &(0x7f0000000080))
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)

2.208815254s ago: executing program 5 (id=2565):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x2020009, 0x3, 0x18, 0xfffffffffffffff7, 0x8000)
getsockopt$auto(0xffffffffffffffff, 0x24, 0xfffffffd, 0x0, 0x0)
syz_genetlink_get_family_id$auto_macsec(&(0x7f00000003c0), 0xffffffffffffffff)
syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000040), r0)
semctl$auto_SEM_STAT_ANY(0xe, 0xfffffffb, 0x14, 0x7)
sendmsg$auto_OVS_VPORT_CMD_GET(r0, 0x0, 0x20000004)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket(0x2, 0x1, 0x106)
sendmsg$auto_OVS_VPORT_CMD_SET(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4100}, 0x20000000)
socket(0xa, 0x2, 0x0)
sendto$auto(r0, 0x0, 0x11, 0xffff, &(0x7f0000000040)=@hci={0x1f, 0x4}, 0x16)
getpgid(0x0)
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
flock$auto(0xffffffffffffffff, 0x4)
socket(0x22, 0x3, 0x6)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x4000000)
unshare$auto(0x40000080)
socket(0x21, 0x2, 0x1)
socket(0x18, 0xa, 0x1)
socket(0xa, 0x2, 0x0)
connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0)
unshare$auto(0x40000080)
r2 = openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000001580)='/sys/kernel/debug/tracing/events/vmalloc/enable\x00', 0x204, 0x0)
read$auto(r2, 0x0, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x44243, 0xe1d2b27bdc14aabc)

773.869893ms ago: executing program 3 (id=2567):
mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000100), r1)
sendmsg$auto_IEEE802154_DISASSOCIATE_REQ(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x50, r2, 0x8, 0x70bd2d, 0x25dfdbfe, {}, [@IEEE802154_ATTR_SRC_PAN_ID={0x6, 0xd, 0x5}, @IEEE802154_ATTR_BAT_EXT={0x5, 0x1a, 0x9}, @IEEE802154_ATTR_DEST_SHORT_ADDR={0x6, 0xe, 0x7}, @IEEE802154_ATTR_CSMA_MIN_BE={0x5, 0x26, 0x9}, @IEEE802154_ATTR_BCN_ORD={0x5, 0x17, 0x5}, @IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x5}, @IEEE802154_ATTR_PHY_NAME={0x4}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0xff}]}, 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x200080c0)
sendmsg$auto_IEEE802154_LLSEC_ADD_KEY(0xffffffffffffffff, 0x0, 0x40000)
mknod$auto(&(0x7f0000000200)='./file0\x00', 0x9, 0x9)
mmap$auto(0x0, 0x2020009, 0x2000000000000003, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x10000000000048, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/asound/card0/pcm0p/sub3/hw_params\x00', 0x0, 0x0)
r3 = fsopen$auto(0x0, 0x1)
r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x840, 0x0)
ioctl$auto(r4, 0x4b65, 0x7)
getgroups$auto(0xb2, &(0x7f0000000240)=0x1)
mmap$auto(0x8, 0x8002, 0xf, 0x17, r4, 0x3447)
mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
bpf$auto_BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)=@info={r0, 0x33, 0x9}, 0xc69d)
r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0)
ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0)
bpf$auto(0x18, &(0x7f0000000040)=@bpf_attr_5={@target_fd, 0xffffffffffffffff, 0x5, 0x8, 0xffffffffffffffff, @relative_fd, 0x41b5c1ff}, 0x92)
openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000280), 0x30800, 0x0)
r6 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='d\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x44814}, 0x2004c0c4)
sendmmsg$auto(r6, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8)
ioctl$auto(0x3, 0x4188aec6, r3)
socket(0x10, 0x2, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x100000000, 0x8, 0x4, 0x940, 0x1ffde, 0x3, 0x2000000000000006, 0x2, 0x5, 0x5, 0x6, 0x8, 0xae, 0xa, 0x2, 0x7, 0x5, 0x7}, 0x1fe, 0x80)

439.748794ms ago: executing program 3 (id=2568):
connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55)

305.340291ms ago: executing program 5 (id=2569):
r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x40040, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0xa2741, 0x0)
mq_timedreceive$auto(r0, &(0x7f0000000100)='nl802154\x00', 0x4e, &(0x7f0000000140)=0x8, &(0x7f0000000180)={0x5, 0x9})
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/snd/pcmC0D0p\x00', 0xa00, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x4, 0x0)
r3 = socket(0x1e, 0x4, 0x0)
r4 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0)
sendmsg$auto_BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYRES8=r1, @ANYRES16=r4, @ANYBLOB="010028bd7000f9dbdf250f00000008000300", @ANYRES32, @ANYBLOB="05202f0000000000"], 0x24}, 0x1, 0x0, 0x0, 0x44010}, 0x0)
get_robust_list$auto(0x0, 0x0, 0x0)
setsockopt$auto(r3, 0x10f, 0x87, 0x0, 0x14)
setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0)
socket(0x10, 0x2, 0x14)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dri/card0\x00', 0x501, 0x0)
openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x18481, 0x0)
openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/fail_io_timeout/probability\x00', 0x20000, 0x0)
read$auto(r2, 0x0, 0x3)

304.485272ms ago: executing program 3 (id=2570):
get_mempolicy$auto(&(0x7f0000000040)=0x1000, &(0x7f0000000080)=0xc00000000, 0x400000, 0xada, 0x8)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/conf/default/drop_gratuitous_arp\x00', 0x141241, 0x0)
select$auto(0x4, 0x0, &(0x7f0000000080)={[0x209c, 0xe9e, 0x4, 0x5, 0x1000, 0x100000001, 0xc, 0xf, 0x0, 0x40, 0xe, 0xd59, 0x101, 0xff, 0x2, 0x80080001]}, 0x0, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x80001, 0x0)
r0 = socket(0x29, 0x6, 0x60a8)
ioctl$sock_SIOCGIFINDEX(r0, 0x3b72, 0x0)
r1 = getpgid$auto(0x0)
prctl$auto(0x400, 0x1, r1, 0xb, 0x94)
acct$auto(&(0x7f0000000000)='/dev/iommu\x00')

196.833201ms ago: executing program 3 (id=2571):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_SEG6_CMD_SETHMAC(r0, &(0x7f0000001440)={0x0, 0x0, &(0x7f0000001400)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008000)

125.669841ms ago: executing program 3 (id=2573):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sysfs$auto(0x2, 0x3d, 0x0)
fsopen$auto(0x0, 0x1)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
clone$auto(0x3fff, 0xad3, 0x0, 0x0, 0x8000002)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f00000000c0), r0)
sendmsg$auto_KSMBD_EVENT_SPNEGO_AUTHEN_REQUEST(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, r1, 0x1, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r2 = socket(0x11, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX(r2, 0x8953, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r3 = socket(0x10, 0x2, 0x0)
mmap$auto(0x0, 0x3, 0xdf, 0xeb1, 0x401, 0x8000)
madvise$auto(0x2, 0x2000040080000004, 0xe)
epoll_ctl$auto(0x5, 0x1, 0xffffffffffffffff, 0x0)
set_mempolicy$auto(0xfffffffd, &(0x7f0000000000)=0xff, 0xe06)
sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='&\x00', @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
read$auto(r3, &(0x7f0000002300)='MAC802154_HWSIM\x00', 0xfdef)

0s ago: executing program 3 (id=2574):
unshare$auto(0x40000080)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
sendmsg$auto_NL802154_CMD_GET_SEC_DEV(0xffffffffffffffff, 0x0, 0x0)
read$auto(0xffffffffffffffff, 0x0, 0x1f40)
stat$auto(0x0, &(0x7f0000000380)={0x3, 0x3, 0x6, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0xa, 0xff, 0x100, 0x401, 0x5f57, 0x80000000, 0xaa})
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, <r2=>0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, <r3=>0x5f, 0x0, 0x3}, 0x6f3)
getsockopt$auto_SO_PASSCRED(r3, 0x1, 0x10, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_SET_PMKSA(r3, &(0x7f00000004c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x20, 0x0, 0x2, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_TDLS_DIALOG_TOKEN={0x5, 0x89, 0x1}, @NL80211_ATTR_SUPPORT_MESH_AUTH={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/tty/ptypb/power/control\x00', 0x124001, 0x0)
mmap$auto(0x0, 0x400005, 0x800000000000df, 0x9b72, 0x2, 0x8000)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r2, 0x0, 0x20048801)
ioperm$auto(0xffff, 0xe, 0x1)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
fcntl$auto_F_SETLK(0xffffffffffffffff, 0x6, 0x0)
r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/can/rcvlist_inv\x00', 0x0, 0x0)
pread64$auto(r4, 0x0, 0xe, 0x100000000007)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bond0\x00'})
statmount$auto(0x0, &(0x7f0000000180)={0x8000008, 0x1, 0x9, 0x3, 0x400026, 0x940, 0x1ffde, 0x3, 0x6, 0x7ff, 0xfffffffa, 0x400005, 0xfff, 0x0, 0xb0, 0x8, 0x9, 0x3, 0x5, 0x6, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x2}, 0xfffff7fffffffffa, 0x81)
r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r5, 0x0, 0x20)
r6 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r6, &(0x7f0000000200)={0x0, 0x7}, 0x3)
io_setup$auto(0xffff, &(0x7f0000000580))
write$auto(0x3, 0x0, 0xfffffdef)

kernel console output (not intermixed with test programs):

3b/0x2b0
[  481.376433][T13284]  inode_init_always_gfp+0xce4/0x1030
[  481.376494][T13284]  alloc_inode+0x86/0x240
[  481.376535][T13284]  new_inode+0x22/0x1c0
[  481.376579][T13284]  bdev_alloc+0x2b/0x420
[  481.376624][T13284]  __alloc_disk_node+0x116/0x610
[  481.376674][T13284]  __blk_mq_alloc_disk+0x89/0x120
[  481.376724][T13284]  loop_add+0x496/0xb70
[  481.376766][T13284]  ? do_vfs_ioctl+0x512/0x1990
[  481.376809][T13284]  ? __pfx_loop_add+0x10/0x10
[  481.376850][T13284]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  481.376922][T13284]  ? find_held_lock+0x2b/0x80
[  481.376961][T13284]  loop_control_ioctl+0x13c/0x630
[  481.377008][T13284]  ? __pfx_loop_control_ioctl+0x10/0x10
[  481.377076][T13284]  ? __pfx_loop_control_ioctl+0x10/0x10
[  481.377125][T13284]  __x64_sys_ioctl+0x190/0x200
[  481.377173][T13284]  do_syscall_64+0xcd/0x230
[  481.377222][T13284]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  481.377256][T13284] RIP: 0033:0x7fe34eb8e969
[  481.377281][T13284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  481.377314][T13284] RSP: 002b:00007fe34f94d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  481.377344][T13284] RAX: ffffffffffffffda RBX: 00007fe34edb5fa0 RCX: 00007fe34eb8e969
[  481.377366][T13284] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000006
[  481.377386][T13284] RBP: 00007fe34ec10ab1 R08: 0000000000000000 R09: 0000000000000000
[  481.377406][T13284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  481.377425][T13284] R13: 0000000000000000 R14: 00007fe34edb5fa0 R15: 00007ffff37c9ee8
[  481.377467][T13284]  </TASK>
[  481.854805][T13285] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22
[  482.141286][ T5829] Bluetooth: hci2: command 0x0c1a tx timeout
[  482.222895][ T5829] Bluetooth: hci1: command 0x0c1a tx timeout
[  482.301642][ T5829] Bluetooth: hci0: command 0x0c1a tx timeout
[  482.307754][   T55] Bluetooth: hci3: command 0x0c1a tx timeout
[  484.927869][T13339] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1647'.
[  486.227856][T13347] FAULT_INJECTION: forcing a failure.
[  486.227856][T13347] name failslab, interval 1, probability 0, space 0, times 0
[  486.311319][T13347] CPU: 1 UID: 0 PID: 13347 Comm: syz.3.1649 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[  486.311369][T13347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  486.311389][T13347] Call Trace:
[  486.311401][T13347]  <TASK>
[  486.311413][T13347]  dump_stack_lvl+0x16c/0x1f0
[  486.311465][T13347]  should_fail_ex+0x512/0x640
[  486.311510][T13347]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  486.311555][T13347]  should_failslab+0xc2/0x120
[  486.311596][T13347]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  486.311631][T13347]  ? __proc_create+0xc3/0x8c0
[  486.311665][T13347]  ? __proc_create+0x2ce/0x8c0
[  486.311718][T13347]  __proc_create+0x2ce/0x8c0
[  486.311755][T13347]  ? __pfx___proc_create+0x10/0x10
[  486.311792][T13347]  ? find_held_lock+0x2b/0x80
[  486.311828][T13347]  ? mark_held_locks+0x49/0x80
[  486.311875][T13347]  proc_create_reg+0x7d/0x180
[  486.311918][T13347]  proc_create_net_data+0x8e/0x1b0
[  486.311958][T13347]  ? __pfx_proc_create_net_data+0x10/0x10
[  486.311997][T13347]  ? __pfx___netlink_kernel_create+0x10/0x10
[  486.312048][T13347]  fib_proc_init+0x58/0x1b0
[  486.312083][T13347]  fib_net_init+0x2af/0x3f0
[  486.312117][T13347]  ? __pfx___register_sysctl_table+0x10/0x10
[  486.312155][T13347]  ? __pfx_fib_net_init+0x10/0x10
[  486.312190][T13347]  ? lockdep_init_map_type+0x5c/0x280
[  486.312234][T13347]  ? __pfx_nl_fib_input+0x10/0x10
[  486.312278][T13347]  ? devinet_init_net+0x5c2/0x910
[  486.312323][T13347]  ? __pfx_fib_net_init+0x10/0x10
[  486.312357][T13347]  ops_init+0x1df/0x5f0
[  486.312401][T13347]  setup_net+0x21e/0x850
[  486.312445][T13347]  ? __pfx_setup_net+0x10/0x10
[  486.312480][T13347]  ? lockdep_init_map_type+0x5c/0x280
[  486.312524][T13347]  ? __pfx_down_read_killable+0x10/0x10
[  486.312581][T13347]  ? debug_mutex_init+0x37/0x70
[  486.312639][T13347]  copy_net_ns+0x2a6/0x5f0
[  486.312687][T13347]  create_new_namespaces+0x3ea/0xad0
[  486.312743][T13347]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  486.312785][T13347]  ksys_unshare+0x45b/0xa40
[  486.312831][T13347]  ? __pfx_ksys_unshare+0x10/0x10
[  486.312873][T13347]  ? xfd_validate_state+0x5d/0x180
[  486.312929][T13347]  ? rcu_is_watching+0x12/0xc0
[  486.312970][T13347]  __x64_sys_unshare+0x31/0x40
[  486.313015][T13347]  do_syscall_64+0xcd/0x230
[  486.313064][T13347]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.313097][T13347] RIP: 0033:0x7f4ecf58e969
[  486.313123][T13347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  486.313157][T13347] RSP: 002b:00007f4ed03de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  486.313189][T13347] RAX: ffffffffffffffda RBX: 00007f4ecf7b5fa0 RCX: 00007f4ecf58e969
[  486.313211][T13347] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  486.313230][T13347] RBP: 00007f4ecf610ab1 R08: 0000000000000000 R09: 0000000000000000
[  486.313249][T13347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  486.313269][T13347] R13: 0000000000000000 R14: 00007f4ecf7b5fa0 R15: 00007ffc12922e28
[  486.313310][T13347]  </TASK>
[  489.719538][T13413] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1662'.
[  489.753243][T13413] netlink: 294 bytes leftover after parsing attributes in process `syz.0.1662'.
[  489.794681][T13414] netlink: 294 bytes leftover after parsing attributes in process `syz.0.1662'.
[  490.285606][T13413] can: request_module (can-proto-3) failed.
[  490.438081][T13415] can: request_module (can-proto-3) failed.
[  493.947763][T13468] netlink: 'syz.2.1676': attribute type 1 has an invalid length.
[  495.806949][T13510] misc userio: The device must be registered before sending interrupts
[  496.748115][T13523] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1687'.
[  497.970155][T13542] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1692'.
[  498.278783][T13552] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1697'.
[  501.485795][T13599] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  501.531282][T13599] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  502.386712][T13611] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes.
[  502.395690][T13611] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes.
[  502.879749][T13623] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1717'.
[  506.627703][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  506.634908][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  512.233838][T13739] netlink: 146 bytes leftover after parsing attributes in process `syz.2.1737'.
[  512.383151][T13745] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1738'.
[  512.439913][T13742] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1740'.
[  512.599317][T13748] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1739'.
[  512.666342][T13751] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1740'.
[  512.806553][T13748] veth0_macvtap: left promiscuous mode
[  513.810327][T13779] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1746'.
[  513.953957][T13780] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1746'.
[  514.983807][T13802] input: jJǸ-���9�%v����l��Q�	J86�� as /devices/virtual/input/input11
[  516.497023][T13847] HfR: entered promiscuous mode
[  517.117749][ T5829] Bluetooth: hci3: unexpected event 0x3e length: 723 > 260
[  517.117802][ T5829] Bluetooth: hci3: unexpected subevent 0x0d length: 722 > 260
[  517.132938][ T5829] Bluetooth: hci3: Unknown advertising packet type: 0x7f
[  517.133006][ T5829] Bluetooth: hci3: Malformed LE Event: 0x0d
[  517.860884][T13878] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1765'.
[  517.903783][T13879] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1765'.
[  518.337764][T13894] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1770'.
[  518.679521][   T30] audit: type=1800 audit(4294968682.445:21): pid=13899 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1771" name="dbroot" dev="configfs" ino=42795 res=0 errno=0
[  518.714430][T13899] FAULT_INJECTION: forcing a failure.
[  518.714430][T13899] name failslab, interval 1, probability 0, space 0, times 0
[  518.741239][T13899] CPU: 0 UID: 0 PID: 13899 Comm: syz.2.1771 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[  518.741284][T13899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  518.741303][T13899] Call Trace:
[  518.741314][T13899]  <TASK>
[  518.741326][T13899]  dump_stack_lvl+0x16c/0x1f0
[  518.741377][T13899]  should_fail_ex+0x512/0x640
[  518.741421][T13899]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  518.741463][T13899]  should_failslab+0xc2/0x120
[  518.741502][T13899]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  518.741542][T13899]  ? __d_alloc+0x31/0xaa0
[  518.741574][T13899]  ? __pfx_dquot_alloc_inode+0x10/0x10
[  518.741610][T13899]  __d_alloc+0x31/0xaa0
[  518.741648][T13899]  d_alloc_pseudo+0x1c/0xc0
[  518.741698][T13899]  alloc_file_pseudo+0xcf/0x230
[  518.741743][T13899]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  518.741797][T13899]  __shmem_file_setup+0x210/0x300
[  518.741836][T13899]  shmem_zero_setup+0x93/0x1a0
[  518.741890][T13899]  __mmap_region+0x2036/0x27c0
[  518.741934][T13899]  ? __pfx___mmap_region+0x10/0x10
[  518.741969][T13899]  ? trace_sched_exit_tp+0xde/0x130
[  518.742046][T13899]  ? __pfx___schedule+0x10/0x10
[  518.742130][T13899]  ? trace_cap_capable+0x18d/0x200
[  518.742172][T13899]  ? cap_capable+0xb3/0x250
[  518.742210][T13899]  mmap_region+0x1ab/0x3f0
[  518.742255][T13899]  do_mmap+0xd8e/0x11b0
[  518.742308][T13899]  ? __pfx_do_mmap+0x10/0x10
[  518.742354][T13899]  ? __pfx_down_write_killable+0x10/0x10
[  518.742411][T13899]  vm_mmap_pgoff+0x281/0x450
[  518.742462][T13899]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  518.742517][T13899]  ? __x64_sys_futex+0x1e0/0x4c0
[  518.742559][T13899]  ? __x64_sys_futex+0x1e9/0x4c0
[  518.742600][T13899]  ksys_mmap_pgoff+0x7d/0x5c0
[  518.742647][T13899]  ? rcu_is_watching+0x12/0xc0
[  518.742685][T13899]  __x64_sys_mmap+0x125/0x190
[  518.742720][T13899]  do_syscall_64+0xcd/0x230
[  518.742770][T13899]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  518.742801][T13899] RIP: 0033:0x7fead6b8e969
[  518.742827][T13899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  518.742857][T13899] RSP: 002b:00007fead7ac5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  518.742886][T13899] RAX: ffffffffffffffda RBX: 00007fead6db5fa0 RCX: 00007fead6b8e969
[  518.742906][T13899] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000
[  518.742926][T13899] RBP: 00007fead6c10ab1 R08: fffffffffffffffa R09: 0000000000008000
[  518.742946][T13899] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000
[  518.742965][T13899] R13: 0000000000000000 R14: 00007fead6db5fa0 R15: 00007fff908faab8
[  518.743007][T13899]  </TASK>
[  520.562250][T13919] netlink: 5252 bytes leftover after parsing attributes in process `syz.3.1775'.
[  521.633870][   T30] audit: type=1326 audit(4294968685.405:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13943 comm="syz.3.1781" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4ecf58e969 code=0x0
[  523.198300][T13956] FAULT_INJECTION: forcing a failure.
[  523.198300][T13956] name failslab, interval 1, probability 0, space 0, times 0
[  523.285100][T13956] CPU: 0 UID: 0 PID: 13956 Comm: syz.3.1785 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[  523.285148][T13956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  523.285168][T13956] Call Trace:
[  523.285178][T13956]  <TASK>
[  523.285191][T13956]  dump_stack_lvl+0x16c/0x1f0
[  523.285243][T13956]  should_fail_ex+0x512/0x640
[  523.285298][T13956]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  523.285341][T13956]  should_failslab+0xc2/0x120
[  523.285381][T13956]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  523.285417][T13956]  ? alloc_file_pseudo+0x1b3/0x230
[  523.285457][T13956]  ? alloc_empty_file+0x55/0x1e0
[  523.285503][T13956]  alloc_empty_file+0x55/0x1e0
[  523.285545][T13956]  alloc_file_clone+0x5f/0x110
[  523.285591][T13956]  create_pipe_files+0x412/0x930
[  523.285631][T13956]  do_pipe2+0xaf/0x1c0
[  523.285663][T13956]  ? __pfx_do_pipe2+0x10/0x10
[  523.285711][T13956]  __x64_sys_pipe+0x33/0x50
[  523.285746][T13956]  do_syscall_64+0xcd/0x230
[  523.285794][T13956]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  523.285828][T13956] RIP: 0033:0x7f4ecf58e969
[  523.285855][T13956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  523.285887][T13956] RSP: 002b:00007f4ed03de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000016
[  523.285918][T13956] RAX: ffffffffffffffda RBX: 00007f4ecf7b5fa0 RCX: 00007f4ecf58e969
[  523.285940][T13956] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  523.285960][T13956] RBP: 00007f4ecf610ab1 R08: 0000000000000000 R09: 0000000000000000
[  523.285980][T13956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  523.285999][T13956] R13: 0000000000000000 R14: 00007f4ecf7b5fa0 R15: 00007ffc12922e28
[  523.286040][T13956]  </TASK>
[  524.126281][T13976] netlink: 'syz.2.1792': attribute type 4 has an invalid length.
[  524.134432][T13976] netlink: 314 bytes leftover after parsing attributes in process `syz.2.1792'.
[  524.161814][T13976] netlink: 'syz.2.1792': attribute type 4 has an invalid length.
[  524.177567][T13976] netlink: 314 bytes leftover after parsing attributes in process `syz.2.1792'.
[  524.598479][T13983] HfR: entered promiscuous mode
[  525.338237][T13964] kexec: Could not allocate control_code_buffer
[  528.079389][T14032] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(2078587185.3947135889.2475065309), cmd(8)
[  531.056787][T14081] can: request_module (can-proto-3) failed.
[  531.332747][T14091] random: crng reseeded on system resumption
[  532.890519][   T30] audit: type=1800 audit(4294968696.655:23): pid=14129 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1824" name="SYSV0000000a" dev="hugetlbfs" ino=0 res=0 errno=0
[  535.639669][T14199] Invalid ELF header magic: != ELF
[  538.960346][T14241] FAULT_INJECTION: forcing a failure.
[  538.960346][T14241] name failslab, interval 1, probability 0, space 0, times 0
[  539.033118][T14241] CPU: 0 UID: 0 PID: 14241 Comm: syz.0.1849 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[  539.033163][T14241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  539.033183][T14241] Call Trace:
[  539.033193][T14241]  <TASK>
[  539.033213][T14241]  dump_stack_lvl+0x16c/0x1f0
[  539.033265][T14241]  should_fail_ex+0x512/0x640
[  539.033311][T14241]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  539.033353][T14241]  should_failslab+0xc2/0x120
[  539.033395][T14241]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  539.033432][T14241]  ? __kernfs_new_node+0xd2/0x8a0
[  539.033493][T14241]  __kernfs_new_node+0xd2/0x8a0
[  539.033548][T14241]  ? kernfs_add_one+0x37d/0x840
[  539.033584][T14241]  ? __pfx___kernfs_new_node+0x10/0x10
[  539.033649][T14241]  ? find_held_lock+0x2b/0x80
[  539.033683][T14241]  ? kernfs_root+0xee/0x2a0
[  539.033744][T14241]  kernfs_new_node+0x13c/0x1e0
[  539.033789][T14241]  kernfs_create_dir_ns+0x4c/0x1a0
[  539.033832][T14241]  internal_create_group+0x34d/0xf30
[  539.033874][T14241]  ? __pfx_internal_create_group+0x10/0x10
[  539.033929][T14241]  ? __pfx_internal_create_group+0x10/0x10
[  539.033990][T14241]  ? __pfx_dev_add_physical_location+0x10/0x10
[  539.034029][T14241]  ? bus_to_subsys+0x131/0x160
[  539.034083][T14241]  dpm_sysfs_add+0x80/0x280
[  539.034124][T14241]  device_add+0x9a6/0x1a70
[  539.034177][T14241]  ? __pfx_device_add+0x10/0x10
[  539.034234][T14241]  ? do_raw_spin_lock+0x12c/0x2b0
[  539.034292][T14241]  add_disk_fwnode+0x468/0x13a0
[  539.034350][T14241]  zram_add+0x494/0x6c0
[  539.034393][T14241]  ? __pfx_zram_add+0x10/0x10
[  539.034467][T14241]  ? find_held_lock+0x2b/0x80
[  539.034506][T14241]  ? __pfx_hot_add_show+0x10/0x10
[  539.034548][T14241]  ? __pfx_class_attr_show+0x10/0x10
[  539.034589][T14241]  hot_add_show+0x21/0x80
[  539.034632][T14241]  class_attr_show+0x6f/0xa0
[  539.034675][T14241]  sysfs_kf_seq_show+0x213/0x3e0
[  539.034733][T14241]  seq_read_iter+0x506/0x12c0
[  539.034800][T14241]  kernfs_fop_read_iter+0x40f/0x5a0
[  539.034841][T14241]  ? rw_verify_area+0xcf/0x680
[  539.034896][T14241]  vfs_read+0x8c8/0xc70
[  539.034932][T14241]  ? __pfx___mutex_lock+0x10/0x10
[  539.034980][T14241]  ? __pfx_vfs_read+0x10/0x10
[  539.035041][T14241]  ksys_read+0x12a/0x240
[  539.035071][T14241]  ? __pfx_ksys_read+0x10/0x10
[  539.035098][T14241]  ? rcu_is_watching+0x12/0xc0
[  539.035143][T14241]  do_syscall_64+0xcd/0x230
[  539.035192][T14241]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  539.035233][T14241] RIP: 0033:0x7fe34eb8e969
[  539.035259][T14241] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  539.035291][T14241] RSP: 002b:00007fe34f92c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  539.035322][T14241] RAX: ffffffffffffffda RBX: 00007fe34edb6080 RCX: 00007fe34eb8e969
[  539.035343][T14241] RDX: 0000000000001000 RSI: 0000200000000ec0 RDI: 0000000000000005
[  539.035364][T14241] RBP: 00007fe34ec10ab1 R08: 0000000000000000 R09: 0000000000000000
[  539.035383][T14241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  539.035403][T14241] R13: 0000000000000000 R14: 00007fe34edb6080 R15: 00007ffff37c9ee8
[  539.035448][T14241]  </TASK>
[  541.109999][T14261] FAULT_INJECTION: forcing a failure.
[  541.109999][T14261] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  541.155297][T14261] CPU: 0 UID: 0 PID: 14261 Comm: syz.2.1854 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[  541.155344][T14261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  541.155364][T14261] Call Trace:
[  541.155374][T14261]  <TASK>
[  541.155387][T14261]  dump_stack_lvl+0x16c/0x1f0
[  541.155436][T14261]  should_fail_ex+0x512/0x640
[  541.155491][T14261]  should_fail_alloc_page+0xe7/0x130
[  541.155536][T14261]  prepare_alloc_pages+0x3c2/0x610
[  541.155585][T14261]  ? rcu_is_watching+0x12/0xc0
[  541.155620][T14261]  __alloc_frozen_pages_noprof+0x18f/0x23a0
[  541.155681][T14261]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  541.155719][T14261]  ? do_raw_spin_lock+0x12c/0x2b0
[  541.155770][T14261]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  541.155820][T14261]  ? find_held_lock+0x2b/0x80
[  541.155860][T14261]  ? __lock_acquire+0xaa4/0x1ba0
[  541.155901][T14261]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  541.155948][T14261]  ? policy_nodemask+0xea/0x4e0
[  541.155999][T14261]  alloc_pages_mpol+0x1fb/0x550
[  541.156042][T14261]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  541.156094][T14261]  folio_alloc_mpol_noprof+0x36/0x2f0
[  541.156144][T14261]  shmem_alloc_folio+0x135/0x160
[  541.156201][T14261]  shmem_alloc_and_add_folio+0x499/0xc20
[  541.156250][T14261]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  541.156292][T14261]  ? shmem_allowable_huge_orders+0xcb/0x2f0
[  541.156340][T14261]  shmem_get_folio_gfp+0x687/0x1530
[  541.156390][T14261]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  541.156429][T14261]  ? __pfx_timestamp_truncate+0x10/0x10
[  541.156470][T14261]  shmem_fault+0x1fe/0xa30
[  541.156512][T14261]  ? __pfx_shmem_fault+0x10/0x10
[  541.156559][T14261]  ? __pfx___up_read+0x10/0x10
[  541.156616][T14261]  ? __pfx_filemap_map_pages+0x10/0x10
[  541.156655][T14261]  __do_fault+0x10a/0x490
[  541.156696][T14261]  ? __pfx_filemap_map_pages+0x10/0x10
[  541.156737][T14261]  do_pte_missing+0x1a6/0x3fb0
[  541.156773][T14261]  ? __handle_mm_fault+0x1010/0x2a40
[  541.156812][T14261]  __handle_mm_fault+0x103d/0x2a40
[  541.156857][T14261]  ? __pfx___handle_mm_fault+0x10/0x10
[  541.156889][T14261]  ? __pte_offset_map_lock+0x155/0x2f0
[  541.156936][T14261]  ? find_held_lock+0x2b/0x80
[  541.156964][T14261]  ? find_held_lock+0x2b/0x80
[  541.157030][T14261]  handle_mm_fault+0x3fe/0xad0
[  541.157072][T14261]  __get_user_pages+0x771/0x36f0
[  541.157139][T14261]  ? __pfx___get_user_pages+0x10/0x10
[  541.157189][T14261]  ? __pfx_down_read_killable+0x10/0x10
[  541.157237][T14261]  ? __lock_acquire+0xaa4/0x1ba0
[  541.157288][T14261]  faultin_page_range+0x249/0x980
[  541.157330][T14261]  madvise_do_behavior+0x233/0x3b0
[  541.157379][T14261]  ? __pfx_madvise_do_behavior+0x10/0x10
[  541.157448][T14261]  do_madvise+0x10b/0x170
[  541.157495][T14261]  __x64_sys_madvise+0xa9/0x110
[  541.157541][T14261]  ? lockdep_hardirqs_on+0x7c/0x110
[  541.157587][T14261]  do_syscall_64+0xcd/0x230
[  541.157638][T14261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  541.157672][T14261] RIP: 0033:0x7fead6b8e969
[  541.157698][T14261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  541.157730][T14261] RSP: 002b:00007fead7ac5038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[  541.157760][T14261] RAX: ffffffffffffffda RBX: 00007fead6db5fa0 RCX: 00007fead6b8e969
[  541.157781][T14261] RDX: 0000000000000017 RSI: ffffffffffff0005 RDI: 0000000000000000
[  541.157801][T14261] RBP: 00007fead6c10ab1 R08: 0000000000000000 R09: 0000000000000000
[  541.157820][T14261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  541.157839][T14261] R13: 0000000000000000 R14: 00007fead6db5fa0 R15: 00007fff908faab8
[  541.157879][T14261]  </TASK>
[  541.979116][   T30] audit: type=1326 audit(4294968705.745:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14275 comm="syz.0.1857" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe34eb8e969 code=0x0
[  542.096551][T14278] FAULT_INJECTION: forcing a failure.
[  542.096551][T14278] name fail_futex, interval 1, probability 0, space 0, times 0
[  542.151249][T14278] CPU: 1 UID: 0 PID: 14278 Comm: syz.0.1857 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[  542.151295][T14278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  542.151315][T14278] Call Trace:
[  542.151326][T14278]  <TASK>
[  542.151340][T14278]  dump_stack_lvl+0x16c/0x1f0
[  542.151390][T14278]  should_fail_ex+0x512/0x640
[  542.151441][T14278]  get_futex_key+0x49e/0x1000
[  542.151480][T14278]  ? __pfx_get_futex_key+0x10/0x10
[  542.151516][T14278]  ? rcu_is_watching+0x12/0xc0
[  542.151551][T14278]  ? __resched_curr+0x2a0/0x3a0
[  542.151610][T14278]  futex_wait_setup+0x78/0x290
[  542.151685][T14278]  __futex_wait+0x266/0x3c0
[  542.151731][T14278]  ? __pfx___futex_wait+0x10/0x10
[  542.151772][T14278]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  542.151822][T14278]  ? __pfx_futex_wake_mark+0x10/0x10
[  542.151882][T14278]  futex_wait+0xe8/0x380
[  542.151924][T14278]  ? __pfx_futex_wait+0x10/0x10
[  542.151985][T14278]  ? lock_acquire+0x179/0x350
[  542.152028][T14278]  ? find_held_lock+0x2b/0x80
[  542.152063][T14278]  do_futex+0x229/0x350
[  542.152099][T14278]  ? __pfx_do_futex+0x10/0x10
[  542.152134][T14278]  ? ktime_get+0x1a7/0x310
[  542.152177][T14278]  __x64_sys_futex+0x1e0/0x4c0
[  542.152220][T14278]  ? __pfx___x64_sys_futex+0x10/0x10
[  542.152273][T14278]  do_syscall_64+0xcd/0x230
[  542.152322][T14278]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  542.152356][T14278] RIP: 0033:0x7fe34eb8e969
[  542.152382][T14278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  542.152413][T14278] RSP: 002b:00007fe34f92c0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  542.152444][T14278] RAX: ffffffffffffffda RBX: 00007fe34edb6088 RCX: 00007fe34eb8e969
[  542.152465][T14278] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe34edb6088
[  542.152486][T14278] RBP: 00007fe34edb6080 R08: 0000000000000000 R09: 0000000000000000
[  542.152506][T14278] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe34edb608c
[  542.152526][T14278] R13: 0000000000000000 R14: 00007ffff37c9e00 R15: 00007ffff37c9ee8
[  542.152568][T14278]  </TASK>
[  542.371702][    C1] vkms_vblank_simulate: vblank timer overrun
[  546.025932][T14334] random: crng reseeded on system resumption
[  547.279323][T14342] FAULT_INJECTION: forcing a failure.
[  547.279323][T14342] name failslab, interval 1, probability 0, space 0, times 0
[  547.315815][T14342] CPU: 1 UID: 0 PID: 14342 Comm: syz.3.1873 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[  547.315867][T14342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  547.315888][T14342] Call Trace:
[  547.315898][T14342]  <TASK>
[  547.315911][T14342]  dump_stack_lvl+0x16c/0x1f0
[  547.315964][T14342]  should_fail_ex+0x512/0x640
[  547.316009][T14342]  ? fs_reclaim_acquire+0xae/0x150
[  547.316063][T14342]  ? ima_alloc_init_template+0x19d/0x720
[  547.316093][T14342]  should_failslab+0xc2/0x120
[  547.316133][T14342]  __kmalloc_noprof+0xd2/0x510
[  547.316170][T14342]  ? __print_lock_name+0xc1/0xe0
[  547.316207][T14342]  ima_alloc_init_template+0x19d/0x720
[  547.316242][T14342]  ? take_dentry_name_snapshot+0x319/0x7d0
[  547.316296][T14342]  ima_store_measurement+0x1eb/0x5c0
[  547.316334][T14342]  ? __pfx_ima_store_measurement+0x10/0x10
[  547.316371][T14342]  ? vfs_getxattr_alloc+0xec/0x340
[  547.316436][T14342]  ? __pfx_ima_get_hash_algo+0x10/0x10
[  547.316497][T14342]  process_measurement+0x1ddb/0x23e0
[  547.316564][T14342]  ? __pfx_process_measurement+0x10/0x10
[  547.316610][T14342]  ? __lock_acquire+0x5ca/0x1ba0
[  547.316655][T14342]  ? init_file+0x93/0x4c0
[  547.316691][T14342]  ? alloc_empty_file+0x73/0x1e0
[  547.316731][T14342]  ? hugetlb_file_setup+0x4cd/0x620
[  547.316771][T14342]  ? ksys_mmap_pgoff+0x189/0x5c0
[  547.316815][T14342]  ? __x64_sys_mmap+0x125/0x190
[  547.316906][T14342]  ima_file_mmap+0x1b1/0x1d0
[  547.316953][T14342]  ? __pfx_ima_file_mmap+0x10/0x10
[  547.317015][T14342]  security_mmap_file+0x88c/0x990
[  547.317060][T14342]  vm_mmap_pgoff+0xec/0x450
[  547.317112][T14342]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  547.317156][T14342]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  547.317202][T14342]  ? hugetlbfs_get_inode+0x31f/0x730
[  547.317255][T14342]  ksys_mmap_pgoff+0x1c8/0x5c0
[  547.317309][T14342]  ? rcu_is_watching+0x12/0xc0
[  547.317343][T14342]  __x64_sys_mmap+0x125/0x190
[  547.317377][T14342]  do_syscall_64+0xcd/0x230
[  547.317427][T14342]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  547.317460][T14342] RIP: 0033:0x7f4ecf58e969
[  547.317486][T14342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  547.317518][T14342] RSP: 002b:00007f4ed03de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  547.317549][T14342] RAX: ffffffffffffffda RBX: 00007f4ecf7b5fa0 RCX: 00007f4ecf58e969
[  547.317571][T14342] RDX: 0000000000000005 RSI: 0000000000200004 RDI: 0000000000000000
[  547.317591][T14342] RBP: 00007f4ecf610ab1 R08: 000000000000000d R09: 0000300200000000
[  547.317611][T14342] R10: 0000000000040eb2 R11: 0000000000000246 R12: 0000000000000000
[  547.317631][T14342] R13: 0000000000000000 R14: 00007f4ecf7b5fa0 R15: 00007ffc12922e28
[  547.317673][T14342]  </TASK>
[  547.851142][   T30] audit: type=1804 audit(4294968711.615:25): pid=14342 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.3.1873" name="anon_hugepage" dev="hugetlbfs" ino=45175 res=0 errno=0
[  551.081890][T14364] FAULT_INJECTION: forcing a failure.
[  551.081890][T14364] name failslab, interval 1, probability 0, space 0, times 0
[  551.172471][T14379] block2mtd: error: cannot open device /sys/module/block2mtd/parameters/block2mtd
[  551.211154][T14364] CPU: 1 UID: 0 PID: 14364 Comm: syz.3.1877 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[  551.211200][T14364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  551.211218][T14364] Call Trace:
[  551.211228][T14364]  <TASK>
[  551.211240][T14364]  dump_stack_lvl+0x16c/0x1f0
[  551.211300][T14364]  should_fail_ex+0x512/0x640
[  551.211347][T14364]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  551.211389][T14364]  should_failslab+0xc2/0x120
[  551.211429][T14364]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  551.211470][T14364]  ? lockdep_init_map_type+0x5c/0x280
[  551.211513][T14364]  ? seq_open+0x55/0x170
[  551.211558][T14364]  seq_open+0x55/0x170
[  551.211598][T14364]  kernfs_fop_open+0x59f/0xda0
[  551.211643][T14364]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  551.211700][T14364]  do_dentry_open+0x741/0x1c10
[  551.211735][T14364]  ? __pfx_kernfs_fop_open+0x10/0x10
[  551.211785][T14364]  vfs_open+0x82/0x3f0
[  551.211832][T14364]  path_openat+0x1e5e/0x2d40
[  551.211880][T14364]  ? __pfx_path_openat+0x10/0x10
[  551.211915][T14364]  ? __lock_acquire+0xaa4/0x1ba0
[  551.211960][T14364]  do_filp_open+0x20b/0x470
[  551.211992][T14364]  ? __pfx_do_filp_open+0x10/0x10
[  551.212055][T14364]  ? _raw_spin_unlock+0x28/0x50
[  551.212093][T14364]  ? alloc_fd+0x471/0x7d0
[  551.212155][T14364]  do_sys_openat2+0x11b/0x1d0
[  551.212197][T14364]  ? __pfx_do_sys_openat2+0x10/0x10
[  551.212264][T14364]  __x64_sys_open+0x153/0x1e0
[  551.212309][T14364]  ? __pfx___x64_sys_open+0x10/0x10
[  551.212363][T14364]  ? rcu_is_watching+0x12/0xc0
[  551.212397][T14364]  do_syscall_64+0xcd/0x230
[  551.212446][T14364]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  551.212479][T14364] RIP: 0033:0x7f4ecf58e969
[  551.212506][T14364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  551.212538][T14364] RSP: 002b:00007f4ed03de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  551.212569][T14364] RAX: ffffffffffffffda RBX: 00007f4ecf7b5fa0 RCX: 00007f4ecf58e969
[  551.212591][T14364] RDX: 0000000000000007 RSI: 0000000000101800 RDI: 0000200000000000
[  551.212612][T14364] RBP: 00007f4ecf610ab1 R08: 0000000000000000 R09: 0000000000000000
[  551.212631][T14364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  551.212650][T14364] R13: 0000000000000000 R14: 00007f4ecf7b5fa0 R15: 00007ffc12922e28
[  551.212699][T14364]  </TASK>
[  552.276117][T14435] .SR: entered promiscuous mode
[  555.461874][T14501] netlink: 504 bytes leftover after parsing attributes in process `syz.0.1905'.
[  555.496697][T14502] netlink: 350 bytes leftover after parsing attributes in process `syz.0.1905'.
[  556.013254][T14520] tty tty53: ldisc open failed (-12), clearing slot 52
[  558.675153][T14571] WARNING! power/level is deprecated; use power/control instead
[  559.229533][T14581] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1923'.
[  559.761584][T14590] random: crng reseeded on system resumption
[  562.169009][T14624] vcan0: tx drop: invalid sa for name 0x00000000000000fd
[  563.588265][T14633] FAULT_INJECTION: forcing a failure.
[  563.588265][T14633] name failslab, interval 1, probability 0, space 0, times 0
[  563.833230][T14633] CPU: 0 UID: 0 PID: 14633 Comm: syz.3.1930 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[  563.833277][T14633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  563.833297][T14633] Call Trace:
[  563.833308][T14633]  <TASK>
[  563.833320][T14633]  dump_stack_lvl+0x16c/0x1f0
[  563.833378][T14633]  should_fail_ex+0x512/0x640
[  563.833425][T14633]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  563.833484][T14633]  ? __pfx_cec_config_thread_func+0x10/0x10
[  563.833523][T14633]  should_failslab+0xc2/0x120
[  563.833564][T14633]  __kmalloc_cache_noprof+0x6a/0x3e0
[  563.833618][T14633]  ? lockdep_init_map_type+0x5c/0x280
[  563.833659][T14633]  ? __kthread_create_on_node+0xce/0x3f0
[  563.833700][T14633]  ? __init_swait_queue_head+0xca/0x150
[  563.833751][T14633]  ? __pfx_cec_config_thread_func+0x10/0x10
[  563.833789][T14633]  __kthread_create_on_node+0xce/0x3f0
[  563.833835][T14633]  ? __pfx___kthread_create_on_node+0x10/0x10
[  563.833890][T14633]  ? cec_adap_enable+0x77c/0xc30
[  563.833934][T14633]  ? __pfx_cec_config_thread_func+0x10/0x10
[  563.833974][T14633]  kthread_create_on_node+0xc7/0x100
[  563.834017][T14633]  ? __pfx_kthread_create_on_node+0x10/0x10
[  563.834058][T14633]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  563.834106][T14633]  ? preempt_schedule_thunk+0x16/0x30
[  563.834164][T14633]  ? lockdep_init_map_type+0x5c/0x280
[  563.834216][T14633]  ? lockdep_init_map_type+0x5c/0x280
[  563.834269][T14633]  cec_claim_log_addrs+0x13e/0x2e0
[  563.834309][T14633]  __cec_s_log_addrs+0xdc9/0x1670
[  563.834370][T14633]  cec_ioctl+0x4b8/0x2970
[  563.834417][T14633]  ? __pfx_cec_ioctl+0x10/0x10
[  563.834461][T14633]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  563.834500][T14633]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  563.834547][T14633]  ? do_vfs_ioctl+0x512/0x1990
[  563.834593][T14633]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  563.834667][T14633]  ? find_held_lock+0x2b/0x80
[  563.834698][T14633]  ? hook_file_ioctl_common+0x145/0x410
[  563.834753][T14633]  ? __pfx_cec_ioctl+0x10/0x10
[  563.834797][T14633]  __x64_sys_ioctl+0x190/0x200
[  563.834846][T14633]  do_syscall_64+0xcd/0x230
[  563.834896][T14633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.834930][T14633] RIP: 0033:0x7f4ecf58e969
[  563.834956][T14633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  563.834987][T14633] RSP: 002b:00007f4ed03bd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  563.835018][T14633] RAX: ffffffffffffffda RBX: 00007f4ecf7b6080 RCX: 00007f4ecf58e969
[  563.835039][T14633] RDX: 0000200000000280 RSI: 00000000c05c6104 RDI: 0000000000000005
[  563.835059][T14633] RBP: 00007f4ecf610ab1 R08: 0000000000000000 R09: 0000000000000000
[  563.835079][T14633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  563.835099][T14633] R13: 0000000000000000 R14: 00007f4ecf7b6080 R15: 00007ffc12922e28
[  563.835141][T14633]  </TASK>
[  566.313376][T14677] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  566.341742][T14677] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  568.091129][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  568.097560][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  569.603295][T14739] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1950'.
[  572.933384][T14784] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1961'.
[  575.535692][   T30] audit: type=1807 audit(4294967331.842:26): UNKNOWN=0"�]$|�1j�0B|d���ӉO��+��/��x����WӦ��^��gq%Ḧr�O� res=0
[  575.549643][T14815] ima: policy update failed
[  575.586837][   T30] audit: type=1802 audit(4294967331.852:27): pid=14814 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.3.1966" res=0 errno=0
[  575.661236][   T30] audit: type=1807 audit(4294967331.852:28): UNKNOWN=0"�]$|�1j�0B|d���ӉO��+��/��x����WӦ��^��gq%Ḧr�O� res=0
[  575.691189][   T30] audit: type=1802 audit(4294967331.852:29): pid=14815 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.3.1966" res=0 errno=0
[  575.744699][   T30] audit: type=1802 audit(4294967331.922:30): pid=14815 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.1966" res=0 errno=0
[  575.892643][T14819] FAULT_INJECTION: forcing a failure.
[  575.892643][T14819] name failslab, interval 1, probability 0, space 0, times 0
[  575.911639][T14819] CPU: 0 UID: 0 PID: 14819 Comm: syz.0.1967 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[  575.911686][T14819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  575.911704][T14819] Call Trace:
[  575.911715][T14819]  <TASK>
[  575.911727][T14819]  dump_stack_lvl+0x16c/0x1f0
[  575.911778][T14819]  should_fail_ex+0x512/0x640
[  575.911821][T14819]  ? fs_reclaim_acquire+0xae/0x150
[  575.911873][T14819]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  575.911919][T14819]  should_failslab+0xc2/0x120
[  575.911958][T14819]  __kmalloc_noprof+0xd2/0x510
[  575.912003][T14819]  tomoyo_realpath_from_path+0xc2/0x6e0
[  575.912054][T14819]  ? tomoyo_profile+0x47/0x60
[  575.912110][T14819]  tomoyo_path_number_perm+0x245/0x580
[  575.912149][T14819]  ? tomoyo_path_number_perm+0x237/0x580
[  575.912186][T14819]  ? do_raw_spin_unlock+0x144/0x230
[  575.912239][T14819]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  575.912323][T14819]  ? find_held_lock+0x2b/0x80
[  575.912352][T14819]  ? hook_file_ioctl_common+0x145/0x410
[  575.912397][T14819]  ? __fget_files+0x20e/0x3c0
[  575.912456][T14819]  security_file_ioctl+0x9b/0x240
[  575.912506][T14819]  __x64_sys_ioctl+0xb7/0x200
[  575.912555][T14819]  do_syscall_64+0xcd/0x230
[  575.912605][T14819]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  575.912638][T14819] RIP: 0033:0x7fe34eb8e969
[  575.912664][T14819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  575.912696][T14819] RSP: 002b:00007fe34f92c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  575.912726][T14819] RAX: ffffffffffffffda RBX: 00007fe34edb6080 RCX: 00007fe34eb8e969
[  575.912748][T14819] RDX: 0000200000000080 RSI: 00000000c0205826 RDI: 0000000000000009
[  575.912768][T14819] RBP: 00007fe34ec10ab1 R08: 0000000000000000 R09: 0000000000000000
[  575.912789][T14819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  575.912808][T14819] R13: 0000000000000000 R14: 00007fe34edb6080 R15: 00007ffff37c9ee8
[  575.912847][T14819]  </TASK>
[  575.912859][T14819] ERROR: Out of memory at tomoyo_realpath_from_path.
[  578.501613][T14823] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1969'.
[  585.752008][T14880] kexec: Could not allocate control_code_buffer
[  586.278084][T14916] FAULT_INJECTION: forcing a failure.
[  586.278084][T14916] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  586.453651][T14916] CPU: 1 UID: 0 PID: 14916 Comm: syz.2.1990 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[  586.453698][T14916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  586.453717][T14916] Call Trace:
[  586.453727][T14916]  <TASK>
[  586.453738][T14916]  dump_stack_lvl+0x16c/0x1f0
[  586.453786][T14916]  should_fail_ex+0x512/0x640
[  586.453835][T14916]  _copy_from_user+0x2e/0xd0
[  586.453884][T14916]  copy_msghdr_from_user+0x98/0x160
[  586.453920][T14916]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  586.453965][T14916]  ? try_to_wake_up+0xa2f/0x1680
[  586.454001][T14916]  ___sys_sendmsg+0xfe/0x1d0
[  586.454039][T14916]  ? __pfx____sys_sendmsg+0x10/0x10
[  586.454125][T14916]  __sys_sendmsg+0x16d/0x220
[  586.454161][T14916]  ? __pfx___sys_sendmsg+0x10/0x10
[  586.454194][T14916]  ? __x64_sys_futex+0x1e0/0x4c0
[  586.454240][T14916]  ? rcu_is_watching+0x12/0xc0
[  586.454281][T14916]  do_syscall_64+0xcd/0x230
[  586.454329][T14916]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  586.454360][T14916] RIP: 0033:0x7fead6b8e969
[  586.454385][T14916] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  586.454416][T14916] RSP: 002b:00007fead7ac5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  586.454445][T14916] RAX: ffffffffffffffda RBX: 00007fead6db5fa0 RCX: 00007fead6b8e969
[  586.454465][T14916] RDX: 00000000200040d4 RSI: 00002000000000c0 RDI: 0000000000000008
[  586.454489][T14916] RBP: 00007fead6c10ab1 R08: 0000000000000000 R09: 0000000000000000
[  586.454508][T14916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  586.454528][T14916] R13: 0000000000000000 R14: 00007fead6db5fa0 R15: 00007fff908faab8
[  586.454575][T14916]  </TASK>
[  588.607444][T14990] FAULT_INJECTION: forcing a failure.
[  588.607444][T14990] name failslab, interval 1, probability 0, space 0, times 0
[  588.671555][T14990] CPU: 1 UID: 0 PID: 14990 Comm: syz.3.2001 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[  588.671604][T14990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  588.671625][T14990] Call Trace:
[  588.671636][T14990]  <TASK>
[  588.671649][T14990]  dump_stack_lvl+0x16c/0x1f0
[  588.671700][T14990]  should_fail_ex+0x512/0x640
[  588.671746][T14990]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  588.671805][T14990]  should_failslab+0xc2/0x120
[  588.671845][T14990]  __kmalloc_cache_noprof+0x6a/0x3e0
[  588.671901][T14990]  ? pty_common_install+0x10e/0xb30
[  588.671939][T14990]  pty_common_install+0x10e/0xb30
[  588.671977][T14990]  ? __pfx_pty_install+0x10/0x10
[  588.672009][T14990]  tty_init_dev.part.0+0x99/0x500
[  588.672054][T14990]  tty_open+0xa50/0xf90
[  588.672103][T14990]  ? __pfx_tty_open+0x10/0x10
[  588.672143][T14990]  ? chrdev_open+0x58c/0x6a0
[  588.672184][T14990]  ? __pfx_tty_open+0x10/0x10
[  588.672220][T14990]  chrdev_open+0x231/0x6a0
[  588.672256][T14990]  ? __pfx_chrdev_open+0x10/0x10
[  588.672295][T14990]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  588.672361][T14990]  do_dentry_open+0x741/0x1c10
[  588.672396][T14990]  ? __pfx_chrdev_open+0x10/0x10
[  588.672439][T14990]  vfs_open+0x82/0x3f0
[  588.672492][T14990]  path_openat+0x1e5e/0x2d40
[  588.672540][T14990]  ? __pfx_path_openat+0x10/0x10
[  588.672581][T14990]  do_filp_open+0x20b/0x470
[  588.672616][T14990]  ? __pfx_do_filp_open+0x10/0x10
[  588.672681][T14990]  ? alloc_fd+0x471/0x7d0
[  588.672744][T14990]  do_sys_openat2+0x11b/0x1d0
[  588.672787][T14990]  ? __pfx_do_sys_openat2+0x10/0x10
[  588.672846][T14990]  __x64_sys_openat+0x174/0x210
[  588.672891][T14990]  ? __pfx___x64_sys_openat+0x10/0x10
[  588.672939][T14990]  ? rcu_is_watching+0x12/0xc0
[  588.672982][T14990]  do_syscall_64+0xcd/0x230
[  588.673032][T14990]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  588.673065][T14990] RIP: 0033:0x7f4ecf58e969
[  588.673091][T14990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  588.673124][T14990] RSP: 002b:00007f4ed03de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  588.673153][T14990] RAX: ffffffffffffffda RBX: 00007f4ecf7b5fa0 RCX: 00007f4ecf58e969
[  588.673174][T14990] RDX: 0000000000040002 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  588.673195][T14990] RBP: 00007f4ecf610ab1 R08: 0000000000000000 R09: 0000000000000000
[  588.673215][T14990] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000
[  588.673234][T14990] R13: 0000000000000000 R14: 00007f4ecf7b5fa0 R15: 00007ffc12922e28
[  588.673278][T14990]  </TASK>
[  592.511011][T15052] FAULT_INJECTION: forcing a failure.
[  592.511011][T15052] name failslab, interval 1, probability 0, space 0, times 0
[  592.560302][T15052] CPU: 1 UID: 0 PID: 15052 Comm: syz.3.2015 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[  592.560360][T15052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  592.560381][T15052] Call Trace:
[  592.560392][T15052]  <TASK>
[  592.560405][T15052]  dump_stack_lvl+0x16c/0x1f0
[  592.560459][T15052]  should_fail_ex+0x512/0x640
[  592.560508][T15052]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  592.560554][T15052]  should_failslab+0xc2/0x120
[  592.560594][T15052]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  592.560636][T15052]  ? __split_page_owner+0x222/0x380
[  592.560670][T15052]  ? snd_pcm_hw_rule_add+0x414/0x5a0
[  592.560717][T15052]  krealloc_noprof+0x1fb/0x380
[  592.560759][T15052]  snd_pcm_hw_rule_add+0x414/0x5a0
[  592.560801][T15052]  ? __pfx_snd_pcm_hw_rule_format+0x10/0x10
[  592.560853][T15052]  ? __pfx_snd_pcm_hw_rule_add+0x10/0x10
[  592.560896][T15052]  ? lockdep_init_map_type+0x5c/0x280
[  592.560942][T15052]  ? debug_mutex_init+0x37/0x70
[  592.560996][T15052]  ? snd_pcm_attach_substream+0x89d/0xd60
[  592.561038][T15052]  snd_pcm_open_substream+0x534/0x17f0
[  592.561095][T15052]  ? __pfx_snd_pcm_open_substream+0x10/0x10
[  592.561151][T15052]  ? rcu_is_watching+0x12/0xc0
[  592.561187][T15052]  snd_pcm_open+0x29e/0x730
[  592.561245][T15052]  ? __pfx_snd_pcm_open+0x10/0x10
[  592.561304][T15052]  ? __pfx_default_wake_function+0x10/0x10
[  592.561358][T15052]  ? __pfx_snd_pcm_playback_open+0x10/0x10
[  592.561413][T15052]  snd_pcm_playback_open+0x86/0xe0
[  592.561468][T15052]  snd_open+0x1fe/0x450
[  592.561511][T15052]  ? __pfx_snd_open+0x10/0x10
[  592.561550][T15052]  chrdev_open+0x231/0x6a0
[  592.561584][T15052]  ? __pfx_apparmor_file_open+0x10/0x10
[  592.561626][T15052]  ? __pfx_chrdev_open+0x10/0x10
[  592.561662][T15052]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  592.561721][T15052]  do_dentry_open+0x741/0x1c10
[  592.561756][T15052]  ? __pfx_chrdev_open+0x10/0x10
[  592.561798][T15052]  vfs_open+0x82/0x3f0
[  592.561846][T15052]  path_openat+0x1e5e/0x2d40
[  592.561893][T15052]  ? __pfx_path_openat+0x10/0x10
[  592.561936][T15052]  do_filp_open+0x20b/0x470
[  592.561967][T15052]  ? __pfx_do_filp_open+0x10/0x10
[  592.562032][T15052]  ? alloc_fd+0x471/0x7d0
[  592.562096][T15052]  do_sys_openat2+0x11b/0x1d0
[  592.562139][T15052]  ? __pfx_do_sys_openat2+0x10/0x10
[  592.562198][T15052]  __x64_sys_openat+0x174/0x210
[  592.562243][T15052]  ? __pfx___x64_sys_openat+0x10/0x10
[  592.562288][T15052]  ? rcu_is_watching+0x12/0xc0
[  592.562336][T15052]  do_syscall_64+0xcd/0x230
[  592.562385][T15052]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  592.562419][T15052] RIP: 0033:0x7f4ecf58e969
[  592.562446][T15052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  592.562478][T15052] RSP: 002b:00007f4ed03bd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  592.562521][T15052] RAX: ffffffffffffffda RBX: 00007f4ecf7b6080 RCX: 00007f4ecf58e969
[  592.562542][T15052] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  592.562562][T15052] RBP: 00007f4ecf610ab1 R08: 0000000000000000 R09: 0000000000000000
[  592.562581][T15052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  592.562598][T15052] R13: 0000000000000000 R14: 00007f4ecf7b6080 R15: 00007ffc12922e28
[  592.562638][T15052]  </TASK>
[  597.313715][T15113] netlink: 93 bytes leftover after parsing attributes in process `syz.3.2027'.
[  599.437840][ T5829] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  599.449772][ T5829] Bluetooth: hci0: Invalid handle: 0xe200 > 0x0eff
[  599.735412][T15195] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2043'.
[  601.018928][T15216] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2050'.
[  603.188512][T15260] can: request_module (can-proto-3) failed.
[  605.425039][T15299] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2066'.
[  605.425296][T15300] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2066'.
[  609.464150][T15394] blk_print_req_error: 123 callbacks suppressed
[  609.464176][T15394] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  609.532586][T15394] buffer_io_error: 122 callbacks suppressed
[  609.532611][T15394] Buffer I/O error on dev nbd0, logical block 0, async page read
[  609.602504][T15394] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  609.611972][T15394] Buffer I/O error on dev nbd0, logical block 1, async page read
[  609.620044][T15394] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  609.629836][T15394] Buffer I/O error on dev nbd0, logical block 2, async page read
[  609.637946][T15394] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  609.648204][T15394] Buffer I/O error on dev nbd0, logical block 3, async page read
[  609.656669][T15394] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  609.666315][T15394] Buffer I/O error on dev nbd0, logical block 0, async page read
[  609.678986][T15394] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  609.689619][T15394] Buffer I/O error on dev nbd0, logical block 1, async page read
[  609.704442][T15394] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  609.713676][T15394] Buffer I/O error on dev nbd0, logical block 2, async page read
[  609.721744][T15394] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  609.730835][T15394] Buffer I/O error on dev nbd0, logical block 3, async page read
[  609.738900][T15394] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  609.748947][T15394] Buffer I/O error on dev nbd0, logical block 0, async page read
[  609.756974][T15394] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  609.766151][T15394] Buffer I/O error on dev nbd0, logical block 1, async page read
[  609.939448][T15394] ldm_validate_partition_table(): Disk read failed.
[  609.949817][T15394] Dev nbd0: unable to read RDB block 0
[  609.958866][T15394]  nbd0: unable to read partition table
[  610.963615][T15413] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2092'.
[  611.229577][T15413] bond0: (slave bond_slave_0): Releasing backup interface
[  613.647923][T15426] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[  613.863511][T15444] FAULT_INJECTION: forcing a failure.
[  613.863511][T15444] name failslab, interval 1, probability 0, space 0, times 0
[  613.876769][T15444] CPU: 0 UID: 0 PID: 15444 Comm: syz.0.2098 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[  613.876814][T15444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  613.876834][T15444] Call Trace:
[  613.876844][T15444]  <TASK>
[  613.876856][T15444]  dump_stack_lvl+0x16c/0x1f0
[  613.876906][T15444]  should_fail_ex+0x512/0x640
[  613.876953][T15444]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  613.876995][T15444]  should_failslab+0xc2/0x120
[  613.877036][T15444]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  613.877073][T15444]  ? ktime_get_coarse_real_ts64_mg+0x26c/0x320
[  613.877117][T15444]  ? __d_alloc+0x31/0xaa0
[  613.877156][T15444]  __d_alloc+0x31/0xaa0
[  613.877186][T15444]  ? look_up_lock_class+0x59/0x150
[  613.877234][T15444]  d_alloc_pseudo+0x1c/0xc0
[  613.877276][T15444]  alloc_file_pseudo+0xcf/0x230
[  613.877321][T15444]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  613.877361][T15444]  ? __pfx_pipe_lock_cmp_fn+0x10/0x10
[  613.877439][T15444]  create_pipe_files+0x364/0x930
[  613.877479][T15444]  do_pipe2+0xaf/0x1c0
[  613.877511][T15444]  ? __pfx_do_pipe2+0x10/0x10
[  613.877559][T15444]  __x64_sys_pipe+0x33/0x50
[  613.877592][T15444]  do_syscall_64+0xcd/0x230
[  613.877640][T15444]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  613.877673][T15444] RIP: 0033:0x7fe34eb8e969
[  613.877698][T15444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  613.877737][T15444] RSP: 002b:00007fe34f92c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000016
[  613.877767][T15444] RAX: ffffffffffffffda RBX: 00007fe34edb6080 RCX: 00007fe34eb8e969
[  613.877787][T15444] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000200
[  613.877807][T15444] RBP: 00007fe34ec10ab1 R08: 0000000000000000 R09: 0000000000000000
[  613.877826][T15444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  613.877844][T15444] R13: 0000000000000000 R14: 00007fe34edb6080 R15: 00007ffff37c9ee8
[  613.877884][T15444]  </TASK>
[  614.112769][T15449] input: jJǸ-���9�%v����l��Q�	J86�� as /devices/virtual/input/input12
[  614.641907][T15458] netlink: 326 bytes leftover after parsing attributes in process `syz.3.2101'.
[  614.766293][   T55] Bluetooth: hci0: unexpected event 0x1d length: 6 > 5
[  614.816950][   T55] Bluetooth: hci0: unexpected event 0x1d length: 6 > 5
[  618.455341][T15540] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2117'.
[  619.156197][T15556] ima: policy update failed
[  619.167962][   T30] audit: type=1802 audit(4294967375.472:31): pid=15556 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.2122" res=0 errno=0
[  619.519296][T15570] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2125'.
[  619.522049][T15578] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2126'.
[  621.189444][T15621] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[  621.232844][T15621] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[  621.708729][T15626] block nbd1: Unsupported socket: shutdown callout must be supported.
[  625.260514][T15702] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2152'.
[  626.853665][T15721] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2156'.
[  626.943612][T15724] sctp: Changing rto_alpha or rto_beta may lead to suboptimal rtt/srtt estimations!
[  629.506865][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  629.513779][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  631.771877][T15774] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2166'.
[  632.200759][T15752] kexec: Could not allocate control_code_buffer
[  633.991535][T15797] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137
[  634.061144][T15797] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138
[  634.132384][T15797] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum
[  634.914088][   T55] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  635.315778][ T5829] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  635.330056][ T5829] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  635.367448][T15830] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  635.386563][T15830] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  635.405700][T15830] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  636.272692][T15840] binder: 15831:15840 ioctl c018620c 0 returned -1
[  636.803909][T10380] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  636.854284][T15827] chnl_net:caif_netlink_parms(): no params data found
[  637.019366][T10380] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  637.089938][T15854] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2181'.
[  637.108561][T15849] netlink: 13 bytes leftover after parsing attributes in process `syz.0.2181'.
[  637.238226][T15863] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13
[  637.252699][T10380] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  637.415097][T10380] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  637.501385][   T55] Bluetooth: hci1: command tx timeout
[  637.571576][T15827] bridge0: port 1(bridge_slave_0) entered blocking state
[  637.578961][T15827] bridge0: port 1(bridge_slave_0) entered disabled state
[  637.587066][T15827] bridge_slave_0: entered allmulticast mode
[  637.614481][T15827] bridge_slave_0: entered promiscuous mode
[  637.633224][T15827] bridge0: port 2(bridge_slave_1) entered blocking state
[  637.640713][T15827] bridge0: port 2(bridge_slave_1) entered disabled state
[  637.658566][T15827] bridge_slave_1: entered allmulticast mode
[  637.670515][T15827] bridge_slave_1: entered promiscuous mode
[  637.848177][T15827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  637.910634][T15827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  637.961479][T15861] netlink: zone id is out of range
[  637.966734][T15861] netlink: zone id is out of range
[  637.991153][T15861] netlink: zone id is out of range
[  638.001786][T15861] netlink: zone id is out of range
[  638.014162][T15861] netlink: zone id is out of range
[  638.039771][T15861] netlink: zone id is out of range
[  638.059252][T15861] netlink: zone id is out of range
[  638.066224][T15861] netlink: zone id is out of range
[  638.083687][T15878] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2187'.
[  638.096533][T15861] netlink: zone id is out of range
[  638.103958][T15861] netlink: zone id is out of range
[  638.201336][T15827] team0: Port device team_slave_0 added
[  638.211873][T15827] team0: Port device team_slave_1 added
[  638.379368][T15827] batman_adv: batadv0: Adding interface: batadv_slave_0
[  638.389719][T15827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  638.415797][    C1] vkms_vblank_simulate: vblank timer overrun
[  638.425312][T15827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  638.439843][T15827] batman_adv: batadv0: Adding interface: batadv_slave_1
[  638.450957][T15827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  638.487508][T15827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  638.625709][T10380] bridge_slave_0: left allmulticast mode
[  638.634583][T10380] bridge_slave_0: left promiscuous mode
[  638.642396][T10380] bridge0: port 1(bridge_slave_0) entered disabled state
[  639.585431][   T55] Bluetooth: hci1: command tx timeout
[  639.622262][T10380] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  639.638313][T10380] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  639.654438][T10380] bond0 (unregistering): Released all slaves
[  639.793184][T10380] HfR: left promiscuous mode
[  639.847025][T15827] hsr_slave_0: entered promiscuous mode
[  639.865852][T15827] hsr_slave_1: entered promiscuous mode
[  639.882471][T15827] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  639.890191][T15827] Cannot create hsr debugfs directory
[  639.959338][T10380] .SR: left promiscuous mode
[  641.525111][T15827] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  641.570284][T15827] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  641.633127][T15827] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  641.661338][   T55] Bluetooth: hci1: command tx timeout
[  641.710360][T15827] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  642.242992][T10380] hsr_slave_0: left promiscuous mode
[  642.263854][T10380] hsr_slave_1: left promiscuous mode
[  642.270220][T10380] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  642.288362][T10380] batman_adv: batadv0: Removing interface: batadv_slave_0
[  642.315504][T10380] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  642.330964][T10380] batman_adv: batadv0: Removing interface: batadv_slave_1
[  642.400654][T10380] veth1_vlan: left promiscuous mode
[  642.419719][T10380] veth0_vlan: left promiscuous mode
[  643.536807][T10380] team0 (unregistering): Port device team_slave_1 removed
[  643.746990][   T55] Bluetooth: hci1: command tx timeout
[  644.751808][T15827] 8021q: adding VLAN 0 to HW filter on device bond0
[  644.819143][T15827] 8021q: adding VLAN 0 to HW filter on device team0
[  644.839166][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[  644.846388][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[  644.880472][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[  644.887752][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[  645.216633][T15979] net_ratelimit: 72 callbacks suppressed
[  645.216661][T15979] openvswitch: netlink: Duplicate or invalid key (type 0).
[  645.769194][T15992] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2200'.
[  645.911204][T15996] Invalid ELF header magic: != ELF
[  646.054241][T15827] 8021q: adding VLAN 0 to HW filter on device batadv0
[  646.399489][T15827] veth0_vlan: entered promiscuous mode
[  646.444262][T16005] binder: 16001:16005 ioctl 41045508 1 returned -22
[  646.448965][T15827] veth1_vlan: entered promiscuous mode
[  646.540141][T16005] binder: 16001:16005 ioctl 40081271 38 returned -22
[  646.635932][T15827] veth0_macvtap: entered promiscuous mode
[  646.676909][T15827] veth1_macvtap: entered promiscuous mode
[  646.738971][T15827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  646.757921][T15827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  646.769401][T15827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  646.780382][T15827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  646.800333][T15827] batman_adv: batadv0: Interface activated: batadv_slave_0
[  646.816559][T15827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  646.839259][T15827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  646.860006][T15827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  646.874640][T15827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  646.892419][T15827] batman_adv: batadv0: Interface activated: batadv_slave_1
[  646.965351][T16014] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(4.134217728.4294967289), cmd(3)
[  647.036764][T15827] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  647.047115][T15827] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  647.060510][T15827] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  647.080800][T15827] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  647.432442][T10370] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  647.450672][T10370] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  647.526258][T10370] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  647.536147][T10370] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  648.500248][T16044] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2212'.
[  648.510338][T16046] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2212'.
[  648.520349][T16044] netlink: 354 bytes leftover after parsing attributes in process `syz.3.2212'.
[  651.973834][T16111] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2227'.
[  652.495242][T16121] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2230'.
[  653.543931][   T55] Bluetooth: hci2: SCO packet for unknown connection handle 0
[  654.468994][T16169] cgroup: fork rejected by pids controller in /syz1
[  657.169493][T16238] netlink: 504 bytes leftover after parsing attributes in process `syz.3.2248'.
[  657.255585][T16239] netlink: 504 bytes leftover after parsing attributes in process `syz.3.2248'.
[  661.745352][T16256] Invalid ELF header magic: != ELF
[  663.450530][T16271] can: request_module (can-proto-3) failed.
[  667.227787][T16302] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2259'.
[  667.537293][T16311] netlink: 188 bytes leftover after parsing attributes in process `syz.0.2261'.
[  668.659075][T16324] can: request_module (can-proto-3) failed.
[  670.918426][T16347] nvme_fabrics: missing parameter 'transport=%s'
[  670.931368][T16347] nvme_fabrics: missing parameter 'nqn=%s'
[  672.579235][T16378] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  673.183134][T15830] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  673.221443][T15830] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  673.252427][T15830] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  673.290690][T15830] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  673.317546][T15830] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  673.854048][T15827] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[  673.955747][T15827] CPU: 0 UID: 0 PID: 15827 Comm: syz-executor Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[  673.955791][T15827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  673.955809][T15827] Call Trace:
[  673.955820][T15827]  <TASK>
[  673.955831][T15827]  dump_stack_lvl+0x16c/0x1f0
[  673.955881][T15827]  dump_header+0x101/0x930
[  673.955927][T15827]  oom_kill_process+0x270/0xa60
[  673.955975][T15827]  out_of_memory+0x350/0x1700
[  673.956026][T15827]  ? __pfx_out_of_memory+0x10/0x10
[  673.956079][T15827]  mem_cgroup_out_of_memory+0x205/0x270
[  673.956128][T15827]  ? __pfx_mem_cgroup_out_of_memory+0x10/0x10
[  673.956187][T15827]  ? do_raw_spin_unlock+0x172/0x230
[  673.956243][T15827]  try_charge_memcg+0xa07/0x10c0
[  673.956290][T15827]  ? __pfx_try_charge_memcg+0x10/0x10
[  673.956329][T15827]  ? __print_lock_name+0xc1/0xe0
[  673.956368][T15827]  ? rcu_read_unlock+0x17/0x60
[  673.956420][T15827]  charge_memcg+0x8a/0x230
[  673.956459][T15827]  __mem_cgroup_charge+0x2b/0x1e0
[  673.956504][T15827]  filemap_add_folio+0x88/0x220
[  673.956550][T15827]  ? __pfx_filemap_add_folio+0x10/0x10
[  673.956607][T15827]  __filemap_get_folio+0x518/0xc10
[  673.956663][T15827]  filemap_fault+0x669/0x2740
[  673.956717][T15827]  ? __pfx_filemap_fault+0x10/0x10
[  673.956784][T15827]  ? __pfx_filemap_map_pages+0x10/0x10
[  673.956822][T15827]  __do_fault+0x10a/0x490
[  673.956864][T15827]  ? __pfx_filemap_map_pages+0x10/0x10
[  673.956903][T15827]  do_pte_missing+0x1031/0x3fb0
[  673.956940][T15827]  ? __handle_mm_fault+0x1010/0x2a40
[  673.956978][T15827]  __handle_mm_fault+0x103d/0x2a40
[  673.957022][T15827]  ? __pfx___handle_mm_fault+0x10/0x10
[  673.957054][T15827]  ? lock_vma_under_rcu+0x47d/0x970
[  673.957101][T15827]  ? lock_vma_under_rcu+0x47d/0x970
[  673.957182][T15827]  handle_mm_fault+0x3fe/0xad0
[  673.957224][T15827]  do_user_addr_fault+0x60c/0x1370
[  673.957269][T15827]  exc_page_fault+0x5c/0xc0
[  673.957311][T15827]  asm_exc_page_fault+0x26/0x30
[  673.957350][T15827] RIP: 0033:0x7f09caa65994
[  673.957376][T15827] Code: 85 ed 09 00 00 48 b8 db 34 b6 d7 82 de 1b 43 48 f7 a4 24 98 00 00 00 48 8b 05 08 fe e7 00 48 69 8c 24 90 00 00 00 e8 03 00 00 <8b> 78 08 48 8b 44 24 18 48 c1 ea 12 4c 8b 0d 19 fd e7 00 48 01 d1
[  673.957408][T15827] RSP: 002b:00007ffc230cb750 EFLAGS: 00010206
[  673.957433][T15827] RAX: 0000001b2fe20000 RBX: 0000000000000054 RCX: 00000000000a44e8
[  673.957453][T15827] RDX: 000000000bc375de RSI: 00007ffc230cb7e0 RDI: 00007f09cb9bc010
[  673.957474][T15827] RBP: 00007ffc230cb78c R08: 0000000000020336 R09: 00007f09cb9bc000
[  673.957494][T15827] R10: 0000000000000001 R11: 002c61f875abb2f0 R12: 0000000000001388
[  673.957513][T15827] R13: 00000000000927c0 R14: 00000000000a4420 R15: 00007ffc230cb7e0
[  673.957556][T15827]  </TASK>
[  673.957567][T15827] memory: usage 307200kB, limit 307200kB, failcnt 24872
[  674.335901][T16382] chnl_net:caif_netlink_parms(): no params data found
[  674.847691][T15827] memory+swap: usage 432052kB, limit 9007199254740988kB, failcnt 0
[  674.911453][T15827] kmem: usage 3216kB, limit 9007199254740988kB, failcnt 0
[  674.918722][T15827] Memory cgroup stats for /syz1:
[  674.919057][T15827] cache 310693888
[  674.928367][T15827] rss 458752
[  674.931989][T15827] rss_huge 0
[  674.935231][T15827] shmem 310689792
[  674.938890][T15827] mapped_file 12247040
[  674.943887][T15827] dirty 0
[  674.947751][T15827] writeback 0
[  674.951549][T15827] workingset_refault_anon 6058
[  674.956597][T15827] workingset_refault_file 53
[  674.961717][T15827] swap 127848448
[  674.965314][T15827] swapcached 126976
[  674.969257][T15827] pgpgin 884898
[  674.973428][T15827] pgpgout 810946
[  674.977192][T15827] pgfault 586534
[  674.983009][T15827] pgmajfault 1061
[  674.986696][T15827] inactive_anon 195612672
[  675.040197][T15827] active_anon 115662848
[  675.062403][T15827] inactive_file 4096
[  675.086168][T15827] active_file 0
[  675.120946][T16382] bridge0: port 1(bridge_slave_0) entered blocking state
[  675.129221][T16382] bridge0: port 1(bridge_slave_0) entered disabled state
[  675.140272][T15827] unevictable 0
[  675.144325][T16382] bridge_slave_0: entered allmulticast mode
[  675.157255][T15827] hierarchical_memory_limit 314572800
[  675.165463][T16382] bridge_slave_0: entered promiscuous mode
[  675.176408][T16382] bridge0: port 2(bridge_slave_1) entered blocking state
[  675.187077][T15827] hierarchical_memsw_limit 9223372036854771712
[  675.193556][T16382] bridge0: port 2(bridge_slave_1) entered disabled state
[  675.201333][T15827] total_cache 310693888
[  675.205527][T15827] total_rss 458752
[  675.210071][T16382] bridge_slave_1: entered allmulticast mode
[  675.218820][T16382] bridge_slave_1: entered promiscuous mode
[  675.221438][T15827] total_rss_huge 0
[  675.245316][T15827] total_shmem 310689792
[  675.250641][T15827] total_mapped_file 12247040
[  675.267200][T15827] total_dirty 0
[  675.270716][T15827] total_writeback 0
[  675.289162][T15827] total_workingset_refault_anon 6058
[  675.305480][T15827] total_workingset_refault_file 53
[  675.310650][T15827] total_swap 127848448
[  675.318556][T16382] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  675.337640][T15827] total_swapcached 126976
[  675.345539][T16382] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  675.349536][T15827] total_pgpgin 884898
[  675.370219][T15827] total_pgpgout 810946
[  675.381721][T15827] total_pgfault 586534
[  675.398773][T15827] total_pgmajfault 1061
[  675.408106][T15827] total_inactive_anon 195612672
[  675.422168][T15830] Bluetooth: hci4: command tx timeout
[  675.424898][T15827] total_active_anon 115662848
[  675.448154][T15827] total_inactive_file 4096
[  675.462902][T15827] total_active_file 0
[  675.464974][T16382] team0: Port device team_slave_0 added
[  675.467999][T15827] total_unevictable 0
[  675.486696][T16382] team0: Port device team_slave_1 added
[  675.510386][T15827] anon_cost 0
[  675.547893][T15827] file_cost 0
[  675.553914][T15827] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.2240,pid=16199,uid=0
[  675.576330][T15827] Memory cgroup out of memory: Killed process 16199 (syz.1.2240) total-vm:131328kB, anon-rss:1044kB, file-rss:20736kB, shmem-rss:12008kB, UID:0 pgtables:168kB oom_score_adj:1000
[  675.861171][T16382] batman_adv: batadv0: Adding interface: batadv_slave_0
[  675.868186][T16382] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  675.915027][T16382] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  675.928223][T16382] batman_adv: batadv0: Adding interface: batadv_slave_1
[  675.938430][T16382] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  676.021176][T16382] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  676.953721][T16186] syz.1.2240 (16186) used greatest stack depth: 19640 bytes left
[  677.348591][T16382] hsr_slave_0: entered promiscuous mode
[  677.374891][T16382] hsr_slave_1: entered promiscuous mode
[  677.402249][T16382] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  677.421506][T16382] Cannot create hsr debugfs directory
[  677.434908][T16412] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2288'.
[  677.506437][T15830] Bluetooth: hci4: command tx timeout
[  677.674166][T16412] team_slave_0: entered allmulticast mode
[  677.910053][   T32] oom_reaper: reaped process 16199 (syz.1.2240), now anon-rss:112kB, file-rss:20516kB, shmem-rss:11368kB
[  678.476840][T16181] syz.1.2240 (16181) used greatest stack depth: 19464 bytes left
[  678.640483][T16174] syz.1.2240 (16174) used greatest stack depth: 19000 bytes left
[  678.722595][T16382] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  678.742161][T16382] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  678.788261][T16382] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  678.800286][T16382] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  679.020912][T16382] 8021q: adding VLAN 0 to HW filter on device bond0
[  679.067838][T16382] 8021q: adding VLAN 0 to HW filter on device team0
[  679.437012][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  679.444279][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  679.516625][T10370] bridge0: port 2(bridge_slave_1) entered blocking state
[  679.523979][T10370] bridge0: port 2(bridge_slave_1) entered forwarding state
[  679.581526][T15830] Bluetooth: hci4: command tx timeout
[  680.416504][T16382] 8021q: adding VLAN 0 to HW filter on device batadv0
[  681.441336][T16382] veth0_vlan: entered promiscuous mode
[  681.513524][T16382] veth1_vlan: entered promiscuous mode
[  681.629460][T16382] veth0_macvtap: entered promiscuous mode
[  681.661702][T15830] Bluetooth: hci4: command tx timeout
[  681.663425][T16382] veth1_macvtap: entered promiscuous mode
[  681.753660][T16382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  681.770252][T16382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  681.781013][T16382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  681.796849][T16382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  681.811093][T16382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  681.822534][T16382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  681.834867][T16382] batman_adv: batadv0: Interface activated: batadv_slave_0
[  681.876817][T16382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  681.890817][T16382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  681.919539][T16382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  681.942367][T16382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  681.992262][T16382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  682.031483][T16382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  682.063054][T16382] batman_adv: batadv0: Interface activated: batadv_slave_1
[  682.079842][T16382] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  682.098928][T16382] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  682.122920][T16382] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  682.155652][T16382] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  682.370116][T10372] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  682.398521][T10372] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  682.456575][T10372] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  682.465817][T10372] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  683.951475][T16491] can: request_module (can-proto-3) failed.
[  685.541510][T16517] FAULT_INJECTION: forcing a failure.
[  685.541510][T16517] name failslab, interval 1, probability 0, space 0, times 0
[  685.614390][T16517] CPU: 1 UID: 0 PID: 16517 Comm: syz.3.2301 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[  685.614440][T16517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  685.614460][T16517] Call Trace:
[  685.614471][T16517]  <TASK>
[  685.614484][T16517]  dump_stack_lvl+0x16c/0x1f0
[  685.614537][T16517]  should_fail_ex+0x512/0x640
[  685.614591][T16517]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  685.614635][T16517]  should_failslab+0xc2/0x120
[  685.614677][T16517]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  685.614716][T16517]  ? getname_flags.part.0+0x4c/0x550
[  685.614766][T16517]  getname_flags.part.0+0x4c/0x550
[  685.614814][T16517]  getname_flags+0x93/0xf0
[  685.614865][T16517]  do_sys_openat2+0xb8/0x1d0
[  685.614910][T16517]  ? __pfx_do_sys_openat2+0x10/0x10
[  685.614957][T16517]  ? __pfx___might_resched+0x10/0x10
[  685.615005][T16517]  __x64_sys_openat+0x174/0x210
[  685.615051][T16517]  ? __pfx___x64_sys_openat+0x10/0x10
[  685.615099][T16517]  ? rcu_is_watching+0x12/0xc0
[  685.615142][T16517]  do_syscall_64+0xcd/0x230
[  685.615192][T16517]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  685.615225][T16517] RIP: 0033:0x7f4ecf58e969
[  685.615251][T16517] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  685.615284][T16517] RSP: 002b:00007f4ed03bd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  685.615315][T16517] RAX: ffffffffffffffda RBX: 00007f4ecf7b6080 RCX: 00007f4ecf58e969
[  685.615338][T16517] RDX: 00000000000a0202 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  685.615359][T16517] RBP: 00007f4ecf610ab1 R08: 0000000000000000 R09: 0000000000000000
[  685.615379][T16517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  685.615399][T16517] R13: 0000000000000000 R14: 00007f4ecf7b6080 R15: 00007ffc12922e28
[  685.615440][T16517]  </TASK>
[  686.015381][T15830] Bluetooth: hci2: Unable to find connection for big 0xd2
[  688.103230][T16548] can: request_module (can-proto-3) failed.
[  688.770852][T16551] random: crng reseeded on system resumption
[  689.272038][T16564] nfs4: Unknown parameter ''
[  690.612943][T16573] ip_vti0: entered allmulticast mode
[  690.946264][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  690.961177][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  691.759135][T16598] FAULT_INJECTION: forcing a failure.
[  691.759135][T16598] name failslab, interval 1, probability 0, space 0, times 0
[  691.772220][T16598] CPU: 1 UID: 0 PID: 16598 Comm: syz.3.2318 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[  691.772258][T16598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  691.772277][T16598] Call Trace:
[  691.772287][T16598]  <TASK>
[  691.772298][T16598]  dump_stack_lvl+0x16c/0x1f0
[  691.772346][T16598]  should_fail_ex+0x512/0x640
[  691.772389][T16598]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  691.772430][T16598]  should_failslab+0xc2/0x120
[  691.772469][T16598]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  691.772507][T16598]  ? getname_flags.part.0+0x4c/0x550
[  691.772553][T16598]  getname_flags.part.0+0x4c/0x550
[  691.772599][T16598]  getname_flags+0x93/0xf0
[  691.772645][T16598]  do_sys_openat2+0xb8/0x1d0
[  691.772687][T16598]  ? __pfx_do_sys_openat2+0x10/0x10
[  691.772733][T16598]  ? __sys_sendmsg+0x199/0x220
[  691.772778][T16598]  __x64_sys_openat+0x174/0x210
[  691.772821][T16598]  ? __pfx___x64_sys_openat+0x10/0x10
[  691.772868][T16598]  ? rcu_is_watching+0x12/0xc0
[  691.772909][T16598]  do_syscall_64+0xcd/0x230
[  691.772978][T16598]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  691.773011][T16598] RIP: 0033:0x7f4ecf58e969
[  691.773038][T16598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  691.773080][T16598] RSP: 002b:00007f4ed03de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  691.773117][T16598] RAX: ffffffffffffffda RBX: 00007f4ecf7b5fa0 RCX: 00007f4ecf58e969
[  691.773139][T16598] RDX: bd90d8e79b7ae8bd RSI: 0000200000000140 RDI: ffffffffffffff9c
[  691.773160][T16598] RBP: 00007f4ecf610ab1 R08: 0000000000000000 R09: 0000000000000000
[  691.773180][T16598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  691.773199][T16598] R13: 0000000000000000 R14: 00007f4ecf7b5fa0 R15: 00007ffc12922e28
[  691.773240][T16598]  </TASK>
[  692.271271][T16601] can: request_module (can-proto-0) failed.
[  692.351355][T16612] input: jJǸ-���9�%v����l��Q�	J86�� as /devices/virtual/input/input16
[  693.202556][T16628] block2mtd: parameter too long
[  693.225345][T16627] futex_wake_op: syz.1.2322 tries to shift op by 64; fix this program
[  693.885376][T16622] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  693.901604][T16622] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  693.919182][T16622] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  693.942455][T16622] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  693.972886][T16622] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  693.979009][T16622] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  694.026877][T16622] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  694.054305][T16622] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  694.082222][T16622] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  694.109891][T16622] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  694.456950][T16644] HfR: entered promiscuous mode
[  694.868516][T16662] netlink: 306 bytes leftover after parsing attributes in process `syz.1.2330'.
[  694.949592][T16662] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2330'.
[  695.004996][T16662] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2330'.
[  695.273281][T15830] Bluetooth: hci2: command 0x0c1a tx timeout
[  695.399843][T16672] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2332'.
[  695.981339][T15830] Bluetooth: hci1: command 0x0c1a tx timeout
[  695.981357][   T55] Bluetooth: hci0: command 0x0c1a tx timeout
[  695.981405][   T55] Bluetooth: hci3: command 0x0c1a tx timeout
[  696.062711][   T55] Bluetooth: hci4: command 0x0c1a tx timeout
[  696.683651][T16700] FAULT_INJECTION: forcing a failure.
[  696.683651][T16700] name failslab, interval 1, probability 0, space 0, times 0
[  696.708023][T16700] CPU: 0 UID: 0 PID: 16700 Comm: syz.3.2336 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[  696.708071][T16700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  696.708089][T16700] Call Trace:
[  696.708100][T16700]  <TASK>
[  696.708111][T16700]  dump_stack_lvl+0x16c/0x1f0
[  696.708160][T16700]  should_fail_ex+0x512/0x640
[  696.708201][T16700]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  696.708241][T16700]  should_failslab+0xc2/0x120
[  696.708280][T16700]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  696.708313][T16700]  ? lockdep_init_map_type+0x5c/0x280
[  696.708353][T16700]  ? seq_open+0x55/0x170
[  696.708395][T16700]  seq_open+0x55/0x170
[  696.708433][T16700]  kernfs_fop_open+0x59f/0xda0
[  696.708475][T16700]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  696.708544][T16700]  do_dentry_open+0x741/0x1c10
[  696.708579][T16700]  ? __pfx_kernfs_fop_open+0x10/0x10
[  696.708626][T16700]  vfs_open+0x82/0x3f0
[  696.708673][T16700]  path_openat+0x1e5e/0x2d40
[  696.708719][T16700]  ? __pfx_path_openat+0x10/0x10
[  696.708760][T16700]  do_filp_open+0x20b/0x470
[  696.708810][T16700]  ? __pfx_do_filp_open+0x10/0x10
[  696.708872][T16700]  ? alloc_fd+0x471/0x7d0
[  696.708933][T16700]  do_sys_openat2+0x11b/0x1d0
[  696.708973][T16700]  ? __pfx_do_sys_openat2+0x10/0x10
[  696.709038][T16700]  __x64_sys_openat+0x174/0x210
[  696.709083][T16700]  ? __pfx___x64_sys_openat+0x10/0x10
[  696.709131][T16700]  ? rcu_is_watching+0x12/0xc0
[  696.709174][T16700]  do_syscall_64+0xcd/0x230
[  696.709224][T16700]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  696.709257][T16700] RIP: 0033:0x7f4ecf58e969
[  696.709283][T16700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  696.709315][T16700] RSP: 002b:00007f4ed03de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  696.709345][T16700] RAX: ffffffffffffffda RBX: 00007f4ecf7b5fa0 RCX: 00007f4ecf58e969
[  696.709365][T16700] RDX: 000000000000a140 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  696.709385][T16700] RBP: 00007f4ecf610ab1 R08: 0000000000000000 R09: 0000000000000000
[  696.709404][T16700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  696.709423][T16700] R13: 0000000000000000 R14: 00007f4ecf7b5fa0 R15: 00007ffc12922e28
[  696.709463][T16700]  </TASK>
[  696.991707][T16700] ACPI: EC: Assuming SCI_EVT clearing on QR_EC writes
[  698.069840][   T55] Bluetooth: hci1: command 0x0c1a tx timeout
[  698.069860][ T5835] Bluetooth: hci3: command 0x0c1a tx timeout
[  698.141128][   T55] Bluetooth: hci4: command 0x0c1a tx timeout
[  699.393226][T16753] dyndbg: expected <4096 bytes into control
[  699.777547][T16762] vivid-007: =================  START STATUS  =================
[  699.803974][T16762] vivid-007: Interlaced VBI Format: false
[  699.810372][T16762] vivid-007: ==================  END STATUS  ==================
[  700.157768][   T55] Bluetooth: hci1: command 0x0c1a tx timeout
[  700.221545][   T55] Bluetooth: hci4: command 0x0c1a tx timeout
[  701.033595][T16779] [U] 
[  701.037010][T16779] [U] 
[  701.039771][T16779] [U] 
[  701.042523][T16779] [U] 
[  701.110319][T16779] [U] 
[  701.113109][T16779] [U] 
[  701.115856][T16779] [U] 
[  701.118601][T16779] [U] 
[  701.138447][T16779] [U] 
[  701.141227][T16779] [U] 
[  701.143974][T16779] [U] 
[  701.146716][T16779] [U] 
[  701.231585][T16779] [U] 
[  701.462035][T16774] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2355'.
[  702.708300][T16801] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2362'.
[  702.907097][   T30] audit: type=1800 audit(4294967459.222:32): pid=16807 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2363" name="version" dev="configfs" ino=56021 res=0 errno=0
[  705.059553][T16840] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2370'.
[  705.228461][T16840] veth0_macvtap: left promiscuous mode
[  706.831407][T16842] nbd: must specify at least one socket
[  710.511761][   T30] audit: type=1326 audit(4294967466.832:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16916 comm="syz.4.2395" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f22e058e969 code=0x0
[  710.533441][    C0] vkms_vblank_simulate: vblank timer overrun
[  713.224766][T16935] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2397'.
[  716.189274][ T5835] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  716.200167][ T5835] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  716.214830][ T5835] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  716.233574][ T5835] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  716.241642][ T5835] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  716.718595][T16963] chnl_net:caif_netlink_parms(): no params data found
[  717.279035][T10372] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  717.314089][T16963] bridge0: port 1(bridge_slave_0) entered blocking state
[  717.322245][T16963] bridge0: port 1(bridge_slave_0) entered disabled state
[  717.329515][T16963] bridge_slave_0: entered allmulticast mode
[  717.359250][T16963] bridge_slave_0: entered promiscuous mode
[  717.392139][T10372] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  717.452358][T16963] bridge0: port 2(bridge_slave_1) entered blocking state
[  717.471396][T16963] bridge0: port 2(bridge_slave_1) entered disabled state
[  717.478847][T16963] bridge_slave_1: entered allmulticast mode
[  717.505775][T16963] bridge_slave_1: entered promiscuous mode
[  717.573497][T10372] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  717.844339][T10372] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  717.875048][T16963] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  717.913295][T16963] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  718.030030][T16963] team0: Port device team_slave_0 added
[  718.063621][T16963] team0: Port device team_slave_1 added
[  718.152953][ T5835] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  718.164675][ T5835] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  718.175638][ T5835] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  718.201218][ T5835] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  718.211348][ T5835] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  718.251279][T16963] batman_adv: batadv0: Adding interface: batadv_slave_0
[  718.258351][T16963] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  718.284326][    C0] vkms_vblank_simulate: vblank timer overrun
[  718.302954][   T55] Bluetooth: hci5: command tx timeout
[  718.318004][T16963] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  718.354987][T16963] batman_adv: batadv0: Adding interface: batadv_slave_1
[  718.364385][T16963] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  718.391402][T16963] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  718.599716][T16963] hsr_slave_0: entered promiscuous mode
[  718.611979][T16963] hsr_slave_1: entered promiscuous mode
[  718.618361][T16963] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  718.636687][T16963] Cannot create hsr debugfs directory
[  718.670302][T10372] bridge_slave_1: left allmulticast mode
[  718.686509][T10372] bridge_slave_1: left promiscuous mode
[  718.704310][T10372] bridge0: port 2(bridge_slave_1) entered disabled state
[  718.747287][T10372] bridge_slave_0: left allmulticast mode
[  718.761217][T10372] bridge_slave_0: left promiscuous mode
[  718.768339][T10372] bridge0: port 1(bridge_slave_0) entered disabled state
[  719.700064][T10372] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  719.721995][T10372] bond0 (unregistering): Released all slaves
[  719.926290][T16994] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2410'.
[  720.303772][   T55] Bluetooth: hci0: command tx timeout
[  720.381159][   T55] Bluetooth: hci5: command tx timeout
[  721.240413][T16984] chnl_net:caif_netlink_parms(): no params data found
[  721.490794][T17015] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied.
[  721.935862][T16984] bridge0: port 1(bridge_slave_0) entered blocking state
[  721.961412][T16984] bridge0: port 1(bridge_slave_0) entered disabled state
[  721.990048][T16984] bridge_slave_0: entered allmulticast mode
[  722.018365][T16984] bridge_slave_0: entered promiscuous mode
[  722.119554][T16984] bridge0: port 2(bridge_slave_1) entered blocking state
[  722.139349][T16984] bridge0: port 2(bridge_slave_1) entered disabled state
[  722.165142][T16984] bridge_slave_1: entered allmulticast mode
[  722.190293][T16984] bridge_slave_1: entered promiscuous mode
[  722.355435][T17026] FAULT_INJECTION: forcing a failure.
[  722.355435][T17026] name fail_futex, interval 1, probability 0, space 0, times 0
[  722.383272][   T55] Bluetooth: hci0: command tx timeout
[  722.422132][T17026] CPU: 1 UID: 0 PID: 17026 Comm: syz.4.2415 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[  722.422183][T17026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  722.422203][T17026] Call Trace:
[  722.422213][T17026]  <TASK>
[  722.422226][T17026]  dump_stack_lvl+0x16c/0x1f0
[  722.422281][T17026]  should_fail_ex+0x512/0x640
[  722.422334][T17026]  get_futex_key+0x49e/0x1000
[  722.422373][T17026]  ? __pfx_get_futex_key+0x10/0x10
[  722.422407][T17026]  ? pick_eevdf+0x3be/0x5b0
[  722.422443][T17026]  ? update_curr_se+0x8b/0x270
[  722.422485][T17026]  ? update_curr+0x74/0x800
[  722.422542][T17026]  futex_wait_setup+0x78/0x290
[  722.422595][T17026]  __futex_wait+0x266/0x3c0
[  722.422642][T17026]  ? __pfx___futex_wait+0x10/0x10
[  722.422693][T17026]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  722.422742][T17026]  ? __pfx_futex_wake_mark+0x10/0x10
[  722.422805][T17026]  futex_wait+0xe8/0x380
[  722.422848][T17026]  ? __pfx_futex_wait+0x10/0x10
[  722.422899][T17026]  ? iput+0x519/0x880
[  722.422948][T17026]  do_futex+0x229/0x350
[  722.422984][T17026]  ? __pfx_do_futex+0x10/0x10
[  722.423030][T17026]  __x64_sys_futex+0x1e0/0x4c0
[  722.423069][T17026]  ? fdget_pos+0x2b8/0x370
[  722.423099][T17026]  ? __pfx___x64_sys_futex+0x10/0x10
[  722.423134][T17026]  ? ksys_write+0x1b9/0x240
[  722.423164][T17026]  ? __pfx_ksys_write+0x10/0x10
[  722.423194][T17026]  ? rcu_is_watching+0x12/0xc0
[  722.423236][T17026]  do_syscall_64+0xcd/0x230
[  722.423285][T17026]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  722.423319][T17026] RIP: 0033:0x7f22e058e969
[  722.423345][T17026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  722.423377][T17026] RSP: 002b:00007f22de3f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  722.423410][T17026] RAX: ffffffffffffffda RBX: 00007f22e07b6168 RCX: 00007f22e058e969
[  722.423431][T17026] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f22e07b6168
[  722.423450][T17026] RBP: 00007f22e07b6160 R08: 0000000000000000 R09: 0000000000000000
[  722.423471][T17026] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f22e07b616c
[  722.423492][T17026] R13: 0000000000000000 R14: 00007ffe72af6940 R15: 00007ffe72af6a28
[  722.423534][T17026]  </TASK>
[  722.670738][   T55] Bluetooth: hci5: command tx timeout
[  722.912293][T16984] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  722.954278][T16984] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  723.279289][T16984] team0: Port device team_slave_0 added
[  723.307306][T16984] team0: Port device team_slave_1 added
[  723.352060][T10372] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  723.359544][T10372] batman_adv: batadv0: Removing interface: batadv_slave_0
[  723.403033][T10372] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  723.410506][T10372] batman_adv: batadv0: Removing interface: batadv_slave_1
[  723.560689][T10372] veth1_macvtap: left promiscuous mode
[  723.591195][T10372] veth0_macvtap: left promiscuous mode
[  723.919834][T17055] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2420'.
[  723.919867][T17056] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2420'.
[  724.160332][   T30] audit: type=1107 audit(4294967492.469:34): pid=17054 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=''
[  724.185009][   T30] audit: type=1107 audit(4294967492.469:35): pid=17054 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=''
[  724.212191][   T30] audit: type=1107 audit(4294967492.469:36): pid=17054 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=''
[  724.280800][T10372] team0 (unregistering): Port device team_slave_1 removed
[  724.356006][T10372] team0 (unregistering): Port device team_slave_0 removed
[  724.467816][   T55] Bluetooth: hci0: command tx timeout
[  724.713064][   T55] Bluetooth: hci5: command tx timeout
[  724.982727][T16963] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  725.022472][T16984] batman_adv: batadv0: Adding interface: batadv_slave_0
[  725.029486][T16984] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  725.085410][T16984] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  725.110917][T16984] batman_adv: batadv0: Adding interface: batadv_slave_1
[  725.118070][T16984] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  725.146603][T16984] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  725.171257][T16963] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  725.188837][T16963] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  725.254134][T16963] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  725.370947][T16984] hsr_slave_0: entered promiscuous mode
[  725.382746][T16984] hsr_slave_1: entered promiscuous mode
[  725.389941][T16984] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  725.405109][T16984] Cannot create hsr debugfs directory
[  725.850905][T16963] 8021q: adding VLAN 0 to HW filter on device bond0
[  725.939008][T16963] 8021q: adding VLAN 0 to HW filter on device team0
[  725.975304][T10372] bridge0: port 1(bridge_slave_0) entered blocking state
[  725.982546][T10372] bridge0: port 1(bridge_slave_0) entered forwarding state
[  726.017871][T16984] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  726.045749][T10372] bridge0: port 2(bridge_slave_1) entered blocking state
[  726.052963][T10372] bridge0: port 2(bridge_slave_1) entered forwarding state
[  726.077405][T16984] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  726.113102][T16984] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  726.130773][T16984] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  726.335527][T16984] 8021q: adding VLAN 0 to HW filter on device bond0
[  726.368302][T16984] 8021q: adding VLAN 0 to HW filter on device team0
[  726.394693][T10372] bridge0: port 1(bridge_slave_0) entered blocking state
[  726.401944][T10372] bridge0: port 1(bridge_slave_0) entered forwarding state
[  726.434329][T10372] bridge0: port 2(bridge_slave_1) entered blocking state
[  726.441574][T10372] bridge0: port 2(bridge_slave_1) entered forwarding state
[  726.541900][   T55] Bluetooth: hci0: command tx timeout
[  726.644290][T16963] 8021q: adding VLAN 0 to HW filter on device batadv0
[  726.775407][T16963] veth0_vlan: entered promiscuous mode
[  726.820007][T16963] veth1_vlan: entered promiscuous mode
[  726.908828][T16963] veth0_macvtap: entered promiscuous mode
[  726.947147][T16963] veth1_macvtap: entered promiscuous mode
[  726.979265][T16984] 8021q: adding VLAN 0 to HW filter on device batadv0
[  727.009167][T16963] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  727.024966][T16963] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  727.045331][T16963] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  727.073247][T16963] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  727.093150][T16963] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  727.104538][T16963] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  727.133336][T16963] batman_adv: batadv0: Interface activated: batadv_slave_0
[  727.158929][T16963] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  727.180433][T16963] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  727.190875][T16963] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  727.209928][T16963] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  727.219843][T16963] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  727.230558][T16963] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  727.243732][T16963] batman_adv: batadv0: Interface activated: batadv_slave_1
[  727.266178][T16963] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  727.276801][T16963] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  727.291951][T16963] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  727.301080][T16963] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  727.455865][T10372] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  727.475119][T10372] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  727.527445][T10372] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  727.546918][T10372] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  727.576846][T16984] veth0_vlan: entered promiscuous mode
[  727.597980][T16984] veth1_vlan: entered promiscuous mode
[  727.701969][T16984] veth0_macvtap: entered promiscuous mode
[  727.767090][T16984] veth1_macvtap: entered promiscuous mode
[  727.796600][T17083] block2mtd: illegal erase size
[  727.989694][T16984] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  728.030783][T16984] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  728.054494][T16984] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  728.103249][T16984] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  728.143046][T16984] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  728.200051][T16984] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  728.271423][T16984] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  728.304996][T16984] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  728.317049][T16984] batman_adv: batadv0: Interface activated: batadv_slave_0
[  728.354607][T16984] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  728.371673][T16984] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  728.382535][T16984] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  728.393230][T16984] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  728.403485][T16984] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  728.414084][T16984] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  728.424532][T16984] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  728.435911][T16984] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  728.447907][T16984] batman_adv: batadv0: Interface activated: batadv_slave_1
[  728.567126][T16984] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  728.580020][T16984] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  728.631793][T16984] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  728.641669][T16984] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  728.895778][T10370] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  728.914072][T10370] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  728.977905][T10370] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  728.997989][T10370] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  730.583460][T17113] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2421'.
[  731.765388][T17137] block2mtd: illegal erase size
[  732.654199][T17146] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2436'.
[  737.110138][T17208] FAULT_INJECTION: forcing a failure.
[  737.110138][T17208] name failslab, interval 1, probability 0, space 0, times 0
[  737.170825][T17208] CPU: 0 UID: 0 PID: 17208 Comm: syz.4.2450 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[  737.170868][T17208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  737.170887][T17208] Call Trace:
[  737.170897][T17208]  <TASK>
[  737.170909][T17208]  dump_stack_lvl+0x16c/0x1f0
[  737.170958][T17208]  should_fail_ex+0x512/0x640
[  737.171007][T17208]  ? fs_reclaim_acquire+0xae/0x150
[  737.171055][T17208]  ? ima_alloc_init_template+0x19d/0x720
[  737.171082][T17208]  should_failslab+0xc2/0x120
[  737.171120][T17208]  __kmalloc_noprof+0xd2/0x510
[  737.171156][T17208]  ? __print_lock_name+0xc1/0xe0
[  737.171193][T17208]  ima_alloc_init_template+0x19d/0x720
[  737.171226][T17208]  ? take_dentry_name_snapshot+0x319/0x7d0
[  737.171272][T17208]  ima_store_measurement+0x1eb/0x5c0
[  737.171308][T17208]  ? __pfx_ima_store_measurement+0x10/0x10
[  737.171341][T17208]  ? vfs_getxattr_alloc+0xec/0x340
[  737.171403][T17208]  ? __pfx_ima_get_hash_algo+0x10/0x10
[  737.171455][T17208]  process_measurement+0x1ddb/0x23e0
[  737.171520][T17208]  ? __pfx_process_measurement+0x10/0x10
[  737.171565][T17208]  ? __lock_acquire+0x5ca/0x1ba0
[  737.171608][T17208]  ? init_file+0x93/0x4c0
[  737.171641][T17208]  ? alloc_empty_file+0x73/0x1e0
[  737.171679][T17208]  ? hugetlb_file_setup+0x4cd/0x620
[  737.171718][T17208]  ? ksys_mmap_pgoff+0x189/0x5c0
[  737.171762][T17208]  ? __x64_sys_mmap+0x125/0x190
[  737.171864][T17208]  ima_file_mmap+0x1b1/0x1d0
[  737.171911][T17208]  ? __pfx_ima_file_mmap+0x10/0x10
[  737.171970][T17208]  security_mmap_file+0x88c/0x990
[  737.172032][T17208]  vm_mmap_pgoff+0xec/0x450
[  737.172083][T17208]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  737.172128][T17208]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  737.172174][T17208]  ? hugetlbfs_get_inode+0x31f/0x730
[  737.172226][T17208]  ksys_mmap_pgoff+0x1c8/0x5c0
[  737.172273][T17208]  ? rcu_is_watching+0x12/0xc0
[  737.172307][T17208]  __x64_sys_mmap+0x125/0x190
[  737.172344][T17208]  do_syscall_64+0xcd/0x230
[  737.172392][T17208]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  737.172426][T17208] RIP: 0033:0x7f22e058e969
[  737.172451][T17208] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  737.172483][T17208] RSP: 002b:00007f22e133f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  737.172514][T17208] RAX: ffffffffffffffda RBX: 00007f22e07b5fa0 RCX: 00007f22e058e969
[  737.172535][T17208] RDX: 0000000000000005 RSI: 0000000000200004 RDI: 0000000000000000
[  737.172555][T17208] RBP: 00007f22e0610ab1 R08: 000000000000000d R09: 0000300200000000
[  737.172575][T17208] R10: 0000000000040eb2 R11: 0000000000000246 R12: 0000000000000000
[  737.172595][T17208] R13: 0000000000000000 R14: 00007f22e07b5fa0 R15: 00007ffe72af6a28
[  737.172637][T17208]  </TASK>
[  737.889695][   T30] audit: type=1804 audit(4294967506.199:37): pid=17208 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.4.2450" name="anon_hugepage" dev="hugetlbfs" ino=59297 res=0 errno=0
[  739.423368][T17236] netlink: 93 bytes leftover after parsing attributes in process `syz.0.2457'.
[  739.509935][T17239] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2458'.
[  739.950629][T17253] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2462'.
[  741.488258][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  741.517506][ T5835] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  741.532489][ T5835] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  741.550258][ T5835] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  741.558205][ T5835] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  742.085182][T17267] chnl_net:caif_netlink_parms(): no params data found
[  742.140971][T17272] FAULT_INJECTION: forcing a failure.
[  742.140971][T17272] name failslab, interval 1, probability 0, space 0, times 0
[  742.194996][T17272] CPU: 0 UID: 0 PID: 17272 Comm: syz.5.2468 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[  742.195041][T17272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  742.195061][T17272] Call Trace:
[  742.195072][T17272]  <TASK>
[  742.195084][T17272]  dump_stack_lvl+0x16c/0x1f0
[  742.195134][T17272]  should_fail_ex+0x512/0x640
[  742.195190][T17272]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  742.195231][T17272]  should_failslab+0xc2/0x120
[  742.195271][T17272]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  742.195307][T17272]  ? is_bad_inode+0xd/0x40
[  742.195350][T17272]  ? ima_d_path+0xbd/0x2a0
[  742.195388][T17272]  ima_d_path+0xbd/0x2a0
[  742.195415][T17272]  ? vfs_getxattr_alloc+0xec/0x340
[  742.195467][T17272]  ? __pfx_ima_d_path+0x10/0x10
[  742.195506][T17272]  ? __pfx_ima_get_hash_algo+0x10/0x10
[  742.195563][T17272]  process_measurement+0x1d86/0x23e0
[  742.195627][T17272]  ? __pfx_process_measurement+0x10/0x10
[  742.195674][T17272]  ? __lock_acquire+0x5ca/0x1ba0
[  742.195720][T17272]  ? init_file+0x93/0x4c0
[  742.195756][T17272]  ? alloc_empty_file+0x73/0x1e0
[  742.195795][T17272]  ? hugetlb_file_setup+0x4cd/0x620
[  742.195834][T17272]  ? ksys_mmap_pgoff+0x189/0x5c0
[  742.195877][T17272]  ? __x64_sys_mmap+0x125/0x190
[  742.195971][T17272]  ima_file_mmap+0x1b1/0x1d0
[  742.196022][T17272]  ? __pfx_ima_file_mmap+0x10/0x10
[  742.196082][T17272]  security_mmap_file+0x88c/0x990
[  742.196128][T17272]  vm_mmap_pgoff+0xec/0x450
[  742.196196][T17272]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  742.196241][T17272]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  742.196288][T17272]  ? hugetlbfs_get_inode+0x31f/0x730
[  742.196340][T17272]  ksys_mmap_pgoff+0x1c8/0x5c0
[  742.196390][T17272]  ? rcu_is_watching+0x12/0xc0
[  742.196425][T17272]  __x64_sys_mmap+0x125/0x190
[  742.196468][T17272]  do_syscall_64+0xcd/0x230
[  742.196521][T17272]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  742.196555][T17272] RIP: 0033:0x7fab8138e969
[  742.196581][T17272] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  742.196614][T17272] RSP: 002b:00007fab82213038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  742.196644][T17272] RAX: ffffffffffffffda RBX: 00007fab815b5fa0 RCX: 00007fab8138e969
[  742.196667][T17272] RDX: 0000000000000005 RSI: 0000000000200004 RDI: 0000000000000000
[  742.196687][T17272] RBP: 00007fab81410ab1 R08: 000000000000000d R09: 0000300200000000
[  742.196708][T17272] R10: 0000000000040eb2 R11: 0000000000000246 R12: 0000000000000000
[  742.196728][T17272] R13: 0000000000000000 R14: 00007fab815b5fa0 R15: 00007fffad685488
[  742.196771][T17272]  </TASK>
[  742.458558][    C0] vkms_vblank_simulate: vblank timer overrun
[  742.626034][T17267] bridge0: port 1(bridge_slave_0) entered blocking state
[  742.633671][T17267] bridge0: port 1(bridge_slave_0) entered disabled state
[  742.641112][T17267] bridge_slave_0: entered allmulticast mode
[  742.649046][T17267] bridge_slave_0: entered promiscuous mode
[  742.660839][T17267] bridge0: port 2(bridge_slave_1) entered blocking state
[  742.668599][T17267] bridge0: port 2(bridge_slave_1) entered disabled state
[  742.675914][T17267] bridge_slave_1: entered allmulticast mode
[  742.683900][T17267] bridge_slave_1: entered promiscuous mode
[  742.783555][T17267] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  742.797823][T17267] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  742.963388][T17267] team0: Port device team_slave_0 added
[  742.994926][T17267] team0: Port device team_slave_1 added
[  743.103274][T17267] batman_adv: batadv0: Adding interface: batadv_slave_0
[  743.110382][T17267] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  743.158901][T17267] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  743.175089][T17267] batman_adv: batadv0: Adding interface: batadv_slave_1
[  743.187139][T17267] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  743.220503][T17267] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  743.406816][T17267] hsr_slave_0: entered promiscuous mode
[  743.414704][T17267] hsr_slave_1: entered promiscuous mode
[  743.436938][T17267] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  743.447938][T17267] Cannot create hsr debugfs directory
[  743.581574][   T55] Bluetooth: hci2: command tx timeout
[  744.116384][T17267] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  744.202265][T17306] netlink: 'syz.0.2474': attribute type 1 has an invalid length.
[  744.359277][T17267] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  744.532327][T17267] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  744.783525][T17267] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  745.018545][T17313] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2476'.
[  745.175528][T17313] geneve1: entered allmulticast mode
[  745.528082][T17267] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  745.605232][T17267] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  745.625525][T17267] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  745.661410][   T55] Bluetooth: hci2: command tx timeout
[  745.691582][T17267] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  745.942406][T17330] vhci_hcd: default hub control req: 0508 vffff i0004 l3
[  746.564406][T17267] 8021q: adding VLAN 0 to HW filter on device bond0
[  747.031361][T17267] 8021q: adding VLAN 0 to HW filter on device team0
[  747.159487][T10380] bridge0: port 1(bridge_slave_0) entered blocking state
[  747.166779][T10380] bridge0: port 1(bridge_slave_0) entered forwarding state
[  747.227862][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  747.235126][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  747.763283][   T55] Bluetooth: hci2: command tx timeout
[  748.386496][T17267] 8021q: adding VLAN 0 to HW filter on device batadv0
[  748.723908][T17267] veth0_vlan: entered promiscuous mode
[  749.350382][T17267] veth1_vlan: entered promiscuous mode
[  749.539983][T17267] veth0_macvtap: entered promiscuous mode
[  749.627492][T17267] veth1_macvtap: entered promiscuous mode
[  749.822292][   T55] Bluetooth: hci2: command tx timeout
[  750.014496][T17267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  750.049184][T17267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  750.071449][T17267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  750.101186][T17267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  750.131231][T17267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  750.161097][T17267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  750.186905][T17267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  750.223952][T17267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  750.241897][T17267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  750.241928][T17267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  750.243696][T17267] batman_adv: batadv0: Interface activated: batadv_slave_0
[  750.289300][T17267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  750.289343][T17267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  750.289361][T17267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  750.289383][T17267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  750.289401][T17267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  750.289424][T17267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  750.289441][T17267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  750.289463][T17267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  750.289481][T17267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  750.289504][T17267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  750.293803][T17267] batman_adv: batadv0: Interface activated: batadv_slave_1
[  750.312441][T17267] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  750.312494][T17267] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  750.312538][T17267] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  750.312578][T17267] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  750.699728][T17384] ima: policy update failed
[  750.699920][   T30] audit: type=1802 audit(4294967519.009:38): pid=17384 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.2494" res=0 errno=0
[  750.703437][T17384] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2494'.
[  750.755056][ T7269] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  750.755086][ T7269] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  751.003541][T10376] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  751.003573][T10376] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  752.385948][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  752.386058][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  758.981373][T17482] vhci_hcd: default hub control req: 0508 vffff i0004 l3
[  759.078926][T17484] blktrace: Concurrent blktraces are not allowed on mtdblock0
[  764.028031][T17549] FAULT_INJECTION: forcing a failure.
[  764.028031][T17549] name failslab, interval 1, probability 0, space 0, times 0
[  764.082424][T17549] CPU: 0 UID: 0 PID: 17549 Comm: syz.5.2536 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[  764.082468][T17549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  764.082485][T17549] Call Trace:
[  764.082495][T17549]  <TASK>
[  764.082506][T17549]  dump_stack_lvl+0x16c/0x1f0
[  764.082551][T17549]  should_fail_ex+0x512/0x640
[  764.082599][T17549]  ? __kmalloc_noprof+0xbf/0x510
[  764.082636][T17549]  ? fib_default_rule_add+0x4f/0x420
[  764.082669][T17549]  should_failslab+0xc2/0x120
[  764.082706][T17549]  __kmalloc_noprof+0xd2/0x510
[  764.082748][T17549]  fib_default_rule_add+0x4f/0x420
[  764.082786][T17549]  fib4_rules_init+0x7c/0x1c0
[  764.082832][T17549]  fib_net_init+0x1dc/0x3f0
[  764.082864][T17549]  ? __pfx___register_sysctl_table+0x10/0x10
[  764.082900][T17549]  ? __pfx_fib_net_init+0x10/0x10
[  764.082932][T17549]  ? lockdep_init_map_type+0x5c/0x280
[  764.082974][T17549]  ? do_init_timer+0xc9/0x110
[  764.083008][T17549]  ? devinet_init_net+0x5c2/0x910
[  764.083049][T17549]  ? __pfx_fib_net_init+0x10/0x10
[  764.083081][T17549]  ops_init+0x1df/0x5f0
[  764.083120][T17549]  setup_net+0x21e/0x850
[  764.083178][T17549]  ? __pfx_setup_net+0x10/0x10
[  764.083210][T17549]  ? lockdep_init_map_type+0x5c/0x280
[  764.083253][T17549]  ? __pfx_down_read_killable+0x10/0x10
[  764.083306][T17549]  ? debug_mutex_init+0x37/0x70
[  764.083363][T17549]  copy_net_ns+0x2a6/0x5f0
[  764.083407][T17549]  create_new_namespaces+0x3ea/0xad0
[  764.083451][T17549]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  764.083490][T17549]  ksys_unshare+0x45b/0xa40
[  764.083533][T17549]  ? __pfx_ksys_unshare+0x10/0x10
[  764.083573][T17549]  ? xfd_validate_state+0x5d/0x180
[  764.083635][T17549]  ? rcu_is_watching+0x12/0xc0
[  764.083675][T17549]  __x64_sys_unshare+0x31/0x40
[  764.083718][T17549]  do_syscall_64+0xcd/0x230
[  764.083767][T17549]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  764.083799][T17549] RIP: 0033:0x7fab8138e969
[  764.083830][T17549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  764.083861][T17549] RSP: 002b:00007fab821f2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  764.083892][T17549] RAX: ffffffffffffffda RBX: 00007fab815b6080 RCX: 00007fab8138e969
[  764.083913][T17549] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  764.083932][T17549] RBP: 00007fab81410ab1 R08: 0000000000000000 R09: 0000000000000000
[  764.083951][T17549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  764.083970][T17549] R13: 0000000000000000 R14: 00007fab815b6080 R15: 00007fffad685488
[  764.084011][T17549]  </TASK>
[  764.348096][    C0] vkms_vblank_simulate: vblank timer overrun
[  766.392023][T17598] netlink: 93 bytes leftover after parsing attributes in process `syz.5.2546'.
[  766.448506][T17595] netlink: 93 bytes leftover after parsing attributes in process `syz.5.2546'.
[  768.495516][T17628] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  770.453759][T17663] ksmbd: Unknown IPC event: 14, ignore.
[  770.687209][T17666] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2563'.
[  771.427970][T17668] ima: policy update failed
[  771.438128][   T30] audit: type=1802 audit(4294967539.749:39): pid=17668 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.5.2572" res=0 errno=0
[  771.484297][T17668] netlink: 25 bytes leftover after parsing attributes in process `syz.5.2572'.
[  774.253814][T17704] ksmbd: Unknown IPC event: 14, ignore.
[  774.769397][T17713] Console: switching to colour VGA+ 80x25
[  774.810811][T17713] FAULT_INJECTION: forcing a failure.
[  774.810811][T17713] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  774.868630][T17713] CPU: 0 UID: 0 PID: 17713 Comm: syz.3.2574 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[  774.868663][T17713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  774.868676][T17713] Call Trace:
[  774.868683][T17713]  <TASK>
[  774.868691][T17713]  dump_stack_lvl+0x16c/0x1f0
[  774.868726][T17713]  should_fail_ex+0x512/0x640
[  774.868761][T17713]  should_fail_alloc_page+0xe7/0x130
[  774.868790][T17713]  prepare_alloc_pages+0x3c2/0x610
[  774.868831][T17713]  ? rcu_is_watching+0x12/0xc0
[  774.868854][T17713]  __alloc_frozen_pages_noprof+0x18f/0x23a0
[  774.868885][T17713]  ? __lock_acquire+0x5ca/0x1ba0
[  774.868916][T17713]  ? xas_create+0x1d7/0x1460
[  774.868949][T17713]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  774.868975][T17713]  ? cgroup_rstat_updated+0x2a/0xb20
[  774.869022][T17713]  ? __lock_acquire+0x5ca/0x1ba0
[  774.869049][T17713]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  774.869080][T17713]  ? policy_nodemask+0xea/0x4e0
[  774.869112][T17713]  alloc_pages_mpol+0x1fb/0x550
[  774.869140][T17713]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  774.869188][T17713]  ? filemap_get_entry+0x1a7/0x3b0
[  774.869224][T17713]  folio_alloc_noprof+0x20/0x2d0
[  774.869257][T17713]  filemap_alloc_folio_noprof+0x3a1/0x470
[  774.869285][T17713]  ? __pfx_filemap_alloc_folio_noprof+0x10/0x10
[  774.869311][T17713]  ? rcu_is_watching+0x12/0xc0
[  774.869336][T17713]  __filemap_get_folio+0x5e9/0xc10
[  774.869386][T17713]  ioctx_alloc+0x761/0x2060
[  774.869430][T17713]  ? __pfx_ioctx_alloc+0x10/0x10
[  774.869460][T17713]  ? __might_fault+0x13b/0x190
[  774.869493][T17713]  __x64_sys_io_setup+0xc9/0x210
[  774.869526][T17713]  do_syscall_64+0xcd/0x230
[  774.869559][T17713]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  774.869581][T17713] RIP: 0033:0x7effcff8e969
[  774.869598][T17713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  774.869639][T17713] RSP: 002b:00007effd0e60038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce
[  774.869660][T17713] RAX: ffffffffffffffda RBX: 00007effd01b6080 RCX: 00007effcff8e969
[  774.869675][T17713] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 000000000000ffff
[  774.869688][T17713] RBP: 00007effd0010ab1 R08: 0000000000000000 R09: 0000000000000000
[  774.869702][T17713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  774.869715][T17713] R13: 0000000000000000 R14: 00007effd01b6080 R15: 00007ffcadc921e8
[  774.869744][T17713]  </TASK>
[  775.323493][T17712] ==================================================================
[  775.323515][T17712] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0xa03/0xc70
[  775.323563][T17712] Read of size 2 at addr ffff88807d834bf2 by task syz.3.2574/17712
[  775.323590][T17712] 
[  775.323605][T17712] CPU: 1 UID: 0 PID: 17712 Comm: syz.3.2574 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[  775.323644][T17712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  775.323664][T17712] Call Trace:
[  775.323674][T17712]  <TASK>
[  775.323686][T17712]  dump_stack_lvl+0x116/0x1f0
[  775.323732][T17712]  print_report+0xc3/0x670
[  775.323769][T17712]  ? __virt_addr_valid+0x5e/0x590
[  775.323811][T17712]  ? __phys_addr+0xc6/0x150
[  775.323853][T17712]  ? fbcon_prepare_logo+0xa03/0xc70
[  775.323892][T17712]  kasan_report+0xe0/0x110
[  775.323931][T17712]  ? fbcon_prepare_logo+0xa03/0xc70
[  775.323974][T17712]  kasan_check_range+0xef/0x1a0
[  775.324019][T17712]  __asan_memcpy+0x23/0x60
[  775.324079][T17712]  fbcon_prepare_logo+0xa03/0xc70
[  775.324127][T17712]  fbcon_init+0xd77/0x1900
[  775.324166][T17712]  ? __pfx_drm_fb_helper_set_par+0x10/0x10
[  775.324205][T17712]  visual_init+0x31d/0x620
[  775.324257][T17712]  do_bind_con_driver.isra.0+0x57a/0xbf0
[  775.324300][T17712]  store_bind+0x61d/0x760
[  775.324337][T17712]  ? sysfs_file_kobj+0xe4/0x290
[  775.324382][T17712]  ? __pfx_store_bind+0x10/0x10
[  775.324413][T17712]  dev_attr_store+0x55/0x80
[  775.324464][T17712]  ? __pfx_dev_attr_store+0x10/0x10
[  775.324501][T17712]  sysfs_kf_write+0xef/0x150
[  775.324546][T17712]  kernfs_fop_write_iter+0x351/0x510
[  775.324585][T17712]  ? __pfx_sysfs_kf_write+0x10/0x10
[  775.324632][T17712]  vfs_write+0x5ba/0x1180
[  775.324661][T17712]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  775.324703][T17712]  ? __pfx___mutex_lock+0x10/0x10
[  775.324745][T17712]  ? __pfx_vfs_write+0x10/0x10
[  775.324787][T17712]  ksys_write+0x12a/0x240
[  775.324817][T17712]  ? __pfx_ksys_write+0x10/0x10
[  775.324847][T17712]  ? rcu_is_watching+0x12/0xc0
[  775.324903][T17712]  do_syscall_64+0xcd/0x230
[  775.324955][T17712]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  775.324992][T17712] RIP: 0033:0x7effcff8e969
[  775.325017][T17712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  775.325057][T17712] RSP: 002b:00007effd0e81038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  775.325089][T17712] RAX: ffffffffffffffda RBX: 00007effd01b5fa0 RCX: 00007effcff8e969
[  775.325111][T17712] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003
[  775.325132][T17712] RBP: 00007effd0010ab1 R08: 0000000000000000 R09: 0000000000000000
[  775.325158][T17712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  775.325178][T17712] R13: 0000000000000000 R14: 00007effd01b5fa0 R15: 00007ffcadc921e8
[  775.325214][T17712]  </TASK>
[  775.325225][T17712] 
[  775.325233][T17712] Allocated by task 16984:
[  775.325248][T17712]  kasan_save_stack+0x33/0x60
[  775.325285][T17712]  kasan_save_track+0x14/0x30
[  775.325316][T17712]  __kasan_kmalloc+0xaa/0xb0
[  775.325349][T17712]  __kmalloc_node_track_caller_noprof+0x221/0x510
[  775.325392][T17712]  kstrdup+0x53/0x100
[  775.325428][T17712]  kstrdup_const+0x63/0x80
[  775.325468][T17712]  kobject_rename+0x136/0x260
[  775.325516][T17712]  device_rename+0x130/0x230
[  775.325567][T17712]  netif_change_name+0x27c/0x920
[  775.325598][T17712]  do_setlink.constprop.0+0x33fe/0x44b0
[  775.325637][T17712]  rtnl_newlink+0x1446/0x2000
[  775.325671][T17712]  rtnetlink_rcv_msg+0x95b/0xe90
[  775.325709][T17712]  netlink_rcv_skb+0x16a/0x440
[  775.325749][T17712]  netlink_unicast+0x53a/0x7f0
[  775.325784][T17712]  netlink_sendmsg+0x8d1/0xdd0
[  775.325820][T17712]  __sys_sendto+0x495/0x510
[  775.325847][T17712]  __x64_sys_sendto+0xe0/0x1c0
[  775.325878][T17712]  do_syscall_64+0xcd/0x230
[  775.325924][T17712]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  775.325956][T17712] 
[  775.325963][T17712] The buggy address belongs to the object at ffff88807d834be0
[  775.325963][T17712]  which belongs to the cache kmalloc-16 of size 16
[  775.325992][T17712] The buggy address is located 7 bytes to the right of
[  775.325992][T17712]  allocated 11-byte region [ffff88807d834be0, ffff88807d834beb)
[  775.326037][T17712] 
[  775.326053][T17712] The buggy address belongs to the physical page:
[  775.326065][T17712] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7d834
[  775.326093][T17712] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  775.326124][T17712] page_type: f5(slab)
[  775.326150][T17712] raw: 00fff00000000000 ffff88801b441640 dead000000000100 dead000000000122
[  775.326184][T17712] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[  775.326204][T17712] page dumped because: kasan: bad access detected
[  775.326219][T17712] page_owner tracks the page as allocated
[  775.326232][T17712] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5824, tgid 5824 (syz-executor), ts 128812733174, free_ts 128785813595
[  775.326287][T17712]  post_alloc_hook+0x181/0x1b0
[  775.326316][T17712]  get_page_from_freelist+0x135c/0x3920
[  775.326352][T17712]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  775.326385][T17712]  new_slab+0x94/0x340
[  775.326432][T17712]  ___slab_alloc+0xd9c/0x1940
[  775.326481][T17712]  __slab_alloc.constprop.0+0x56/0xb0
[  775.326535][T17712]  __kvmalloc_node_noprof+0x3a6/0x600
[  775.326566][T17712]  xt_replace_table+0x1e3/0x950
[  775.326609][T17712]  __do_replace+0x1cf/0x9e0
[  775.326651][T17712]  do_ipt_set_ctl+0x7f7/0xa60
[  775.326696][T17712]  nf_setsockopt+0x8a/0xf0
[  775.326729][T17712]  ip_setsockopt+0xcb/0xf0
[  775.326772][T17712]  tcp_setsockopt+0xa4/0x100
[  775.326819][T17712]  do_sock_setsockopt+0x221/0x470
[  775.326858][T17712]  __sys_setsockopt+0x120/0x1a0
[  775.326890][T17712]  __x64_sys_setsockopt+0xbd/0x160
[  775.326923][T17712] page last free pid 15 tgid 15 stack trace:
[  775.326939][T17712]  __free_frozen_pages+0x69d/0xff0
[  775.326987][T17712]  tlb_remove_table_rcu+0x116/0x1a0
[  775.327015][T17712]  rcu_core+0x799/0x14e0
[  775.327070][T17712]  handle_softirqs+0x216/0x8e0
[  775.327103][T17712]  run_ksoftirqd+0x3a/0x60
[  775.327139][T17712]  smpboot_thread_fn+0x3f4/0xae0
[  775.327173][T17712]  kthread+0x3c2/0x780
[  775.327216][T17712]  ret_from_fork+0x45/0x80
[  775.327268][T17712]  ret_from_fork_asm+0x1a/0x30
[  775.327315][T17712] 
[  775.327322][T17712] Memory state around the buggy address:
[  775.327338][T17712]  ffff88807d834a80: 00 00 fc fc fa fb fc fc 00 00 fc fc 00 00 fc fc
[  775.327366][T17712]  ffff88807d834b00: 00 03 fc fc fa fb fc fc fa fb fc fc 00 06 fc fc
[  775.327389][T17712] >ffff88807d834b80: fa fb fc fc 00 00 fc fc 00 03 fc fc 00 03 fc fc
[  775.327411][T17712]                                                              ^
[  775.327430][T17712]  ffff88807d834c00: 00 06 fc fc 00 00 fc fc 00 00 fc fc 00 02 fc fc
[  775.327453][T17712]  ffff88807d834c80: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc
[  775.327475][T17712] ==================================================================
[  775.327492][T17712] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  775.327512][T17712] CPU: 1 UID: 0 PID: 17712 Comm: syz.3.2574 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[  775.327557][T17712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  775.327576][T17712] Call Trace:
[  775.327589][T17712]  <TASK>
[  775.327601][T17712]  dump_stack_lvl+0x3d/0x1f0
[  775.327649][T17712]  panic+0x71c/0x800
[  775.327698][T17712]  ? __pfx_panic+0x10/0x10
[  775.327746][T17712]  ? __pfx__printk+0x10/0x10
[  775.327795][T17712]  ? fbcon_prepare_logo+0xa03/0xc70
[  775.327832][T17712]  check_panic_on_warn+0xab/0xb0
[  775.327901][T17712]  end_report+0x107/0x170
[  775.327941][T17712]  kasan_report+0xee/0x110
[  775.327985][T17712]  ? fbcon_prepare_logo+0xa03/0xc70
[  775.328028][T17712]  kasan_check_range+0xef/0x1a0
[  775.328081][T17712]  __asan_memcpy+0x23/0x60
[  775.328133][T17712]  fbcon_prepare_logo+0xa03/0xc70
[  775.328180][T17712]  fbcon_init+0xd77/0x1900
[  775.328218][T17712]  ? __pfx_drm_fb_helper_set_par+0x10/0x10
[  775.328255][T17712]  visual_init+0x31d/0x620
[  775.328306][T17712]  do_bind_con_driver.isra.0+0x57a/0xbf0
[  775.328347][T17712]  store_bind+0x61d/0x760
[  775.328383][T17712]  ? sysfs_file_kobj+0xe4/0x290
[  775.328431][T17712]  ? __pfx_store_bind+0x10/0x10
[  775.328469][T17712]  dev_attr_store+0x55/0x80
[  775.328509][T17712]  ? __pfx_dev_attr_store+0x10/0x10
[  775.328553][T17712]  sysfs_kf_write+0xef/0x150
[  775.328604][T17712]  kernfs_fop_write_iter+0x351/0x510
[  775.328646][T17712]  ? __pfx_sysfs_kf_write+0x10/0x10
[  775.328696][T17712]  vfs_write+0x5ba/0x1180
[  775.328729][T17712]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  775.328778][T17712]  ? __pfx___mutex_lock+0x10/0x10
[  775.328823][T17712]  ? __pfx_vfs_write+0x10/0x10
[  775.328871][T17712]  ksys_write+0x12a/0x240
[  775.328916][T17712]  ? __pfx_ksys_write+0x10/0x10
[  775.328945][T17712]  ? rcu_is_watching+0x12/0xc0
[  775.328981][T17712]  do_syscall_64+0xcd/0x230
[  775.329032][T17712]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  775.329072][T17712] RIP: 0033:0x7effcff8e969
[  775.329101][T17712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  775.329137][T17712] RSP: 002b:00007effd0e81038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  775.329169][T17712] RAX: ffffffffffffffda RBX: 00007effd01b5fa0 RCX: 00007effcff8e969
[  775.329195][T17712] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003
[  775.329233][T17712] RBP: 00007effd0010ab1 R08: 0000000000000000 R09: 0000000000000000
[  775.329254][T17712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  775.329278][T17712] R13: 0000000000000000 R14: 00007effd01b5fa0 R15: 00007ffcadc921e8
[  775.329323][T17712]  </TASK>
[  775.329633][T17712] Kernel Offset: disabled