last executing test programs:

6.049227441s ago: executing program 2 (id=2974):
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) (async)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000)
r0 = getpid()
process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) (async)
syz_clone3(&(0x7f00000002c0)={0x200000000, 0x0, 0x0, 0x0, {0x32}, &(0x7f0000000480)=""/57, 0x39, &(0x7f00000004c0)=""/135, &(0x7f0000000280)=[r0, r0, r0, r0], 0x4}, 0x58) (async)
process_madvise$auto(0xffffffffffffffff, 0x0, 0x7fffffff, 0x3ff, 0x7ff) (async)
ioctl$auto(0x3, 0x400454ca, 0x38)
io_uring_setup$auto(0x6, 0x0) (async)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x10001}, 0x1) (async)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x1, 0x106)
openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/trace\x00', 0x20600, 0x0)
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, 0x0, 0x400000, 0x0)
r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000d80), 0xffffffffffffffff) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL802154_CMD_SET_PAN_ID(r2, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)={&(0x7f00000012c0)={0x20, r1, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3f44}]}, 0x20}, 0x1, 0x0, 0x0, 0x2000001}, 0x4880)
syz_clone(0x20060511, 0x0, 0x0, 0x0, 0x0, 0x0)

5.677095432s ago: executing program 1 (id=2975):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
setsockopt$auto(0x3, 0x1, 0x1d, 0x0, 0x9)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)

5.664143929s ago: executing program 2 (id=2976):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
setsockopt$auto(0x3, 0x1, 0x1d, 0x0, 0x9)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)

4.645433109s ago: executing program 2 (id=2981):
prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0) (async)
r1 = socket(0x2, 0x3, 0xa)
getsockopt$auto(r1, 0x0, 0x29, 0x0, &(0x7f0000000040)=0xdbb) (async)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) (async)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) (async)
r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0)
ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) (async)
ioctl$auto_PPPIOCSPASS(r2, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) (async)
ioctl$auto_PPPIOCSPASS(r2, 0x40107447, &(0x7f0000000080)={0x9, &(0x7f0000000000)={0xc, 0xf1, 0xb0, @raw=0x43}})
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) (async)
prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2)
syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) (async)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async)
r4 = socket(0xa, 0x2, 0x3a) (async)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x600002, 0x0) (async)
ptrace$auto(0x10, r5, 0x4, 0x8000040006) (async)
ptrace$auto(0xf, r5, 0xfffffffffffffffe, 0x8000000000000000)
setsockopt$auto(r4, 0x29, 0x39, 0x0, 0x110)
write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async)
r6 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000004400)='/dev/dsp1\x00', 0x1, 0x0)
ioctl$auto_SNDCTL_DSP_GETTRIGGER(r6, 0x80045010, &(0x7f0000004440)) (async)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/afs/rootcell\x00', 0x1cb842, 0x0) (async)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async)
mmap$auto(0x0, 0x20005, 0xdf, 0xeb1, r3, 0x3)
setsockopt$auto(0xffffffffffffffff, 0x1, 0x1021, 0x0, 0xd)

4.579969142s ago: executing program 1 (id=2982):
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0)
bpf$auto(0x0, &(0x7f0000000080)=@bpf_attr_4={0x9, 0xffffffffffffffff, 0xffffffff}, 0xd)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, 0x0, 0x2dc08f24db163610, 0x0)
adjtimex$auto(&(0x7f00000004c0)={0xf33236e, 0x0, 0x0, 0xfffffffffffffffd, 0x20000000000000d4, 0x1, 0x6, 0x0, 0x7, 0x368a, 0x4, {0x100000000, 0x10000}, 0x7, 0x1, 0xfffffffffffffffa, 0x1007fff, 0x0, 0x8, 0xfff, 0xdfffffffffff628e, 0x6, 0x6, 0x808})
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x941, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x129001, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0)
write$auto(r0, &(0x7f00000002c0)='/dg\"w\xa8\x9a\x1e\xc6\x89\x00\x10\x9e\t\xe3Qn\x13FZQ\xdb)0ja', 0xa3db)
r1 = openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/bluetooth/hci5/rfkill30/type\x00', 0x40100, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
write$auto_proc_pid_attr_operations_base(0xffffffffffffffff, &(0x7f0000000080)="a77811a402", 0x5)
r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000280), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$auto(0x3, 0x6a, 0x7, 0xffffffffffffffff, 0x3)
process_vm_readv$auto(0x0, &(0x7f0000000180)={&(0x7f0000000140)="8a1651100c827a7b88bd409ccd719b92081ad7d77b7edb5696468295db324910a95bda4a9b2903bf095d68a9b9b8ec0084db7b9c674765900efacbb7", 0x18c24736}, 0x7, &(0x7f0000000200)={&(0x7f00000001c0)="7be32cd3d2a4770ca133338b9b2aefaf6cc9be7124e355", 0x492}, 0xc79, 0x9)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
unshare$auto(0x40000080)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
socket(0x21, 0xa, 0x300)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0xa)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00)
mincore$auto(0x1000, 0x0, 0x0)
openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x101402, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000003680)={'wlan0\x00', <r5=>0x0})
sendmsg$auto_NL80211_CMD_NEW_KEY(r4, &(0x7f00000048c0)={0x0, 0x0, &(0x7f0000004880)={&(0x7f0000000380)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010029bd7000fddbdf250b00000008000300", @ANYRES32=r5, @ANYBLOB="04000a"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x890)
poll$auto(&(0x7f0000000040)={r1, 0x1000, 0x1c9}, 0x2, 0x7)

4.336914216s ago: executing program 3 (id=2984):
mmap$auto(0x1, 0x20009, 0x8, 0xeb1, 0x7f, 0x8000)
mmap$auto(0x1, 0x4, 0x7ff, 0x8000012, 0xffffffffffffffff, 0x4006)
openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x110)
io_uring_setup$auto(0x1, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty53\x00', 0x200, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/auth.rpcsec.context/channel\x00', 0x101002, 0x0)
r0 = socket(0x11, 0x3, 0x9)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48})
sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0x1aa, &(0x7f0000000100)={&(0x7f0000000040)='Jg', 0x49}, 0x5, &(0x7f0000000180), 0x5}}, 0x2, 0x3)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r2 = socket(0x2b, 0x1, 0x1)
setsockopt$auto(r2, 0x0, 0x1, 0x0, 0x1e)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x7, 0xc45d, 0x80, 0x6, 0x3, 0x2, 0x3, 0x3, 0x62, 0x80000022, 0x7, 0x6d3e, 0x2000000004000009, 0x2, 0x6]}, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa901, 0x0)
ioctl$auto(r3, 0x5523, r3)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x0, 0x0)
io_uring_setup$auto(0x311, 0x0)
close_range$auto(0x2, 0x8, 0x0)
futex$auto(0x0, 0x89, 0x808, 0x0, 0x0, 0xfffffffa)
r4 = openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000080)='/dev/etherd/discover\x00', 0x8101, 0x0)
writev$auto(r4, &(0x7f0000000140)={0x0, 0xe4}, 0x4)

3.493149631s ago: executing program 2 (id=2985):
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/block/nbd9/queue/iosched/read_expire\x00', 0x206a1, 0x0) (async)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0xa, 0x3, 0x3a) (async)
setsockopt$auto(0x400000000000003, 0x29, 0xd0, 0x0, 0x4)

3.411619129s ago: executing program 2 (id=2986):
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x4, 0x28000)
r0 = prctl$auto_SECCOMP_MODE_STRICT(0xfffffff8, 0x1, 0x0, 0x7, 0x8)
ioctl$auto_HDIO_GETGEO(r0, 0x301, &(0x7f0000000100)="9ffc1fbcabac25c66375001ac1f341632305986acf2198455ab105d1d162aa0d224bc90986d7c1d9c43865a0caba6600b7e6d421914481ddc779a8b83e450b5096e8aea25221e06512b5fd3fc0bbcb1e22a0a143a719240f0752c8cf863178adddcc8e4590a7f23ae11098391056148f61ee9ddb690857e20fda8525a85523655efc203a7e31e846ff75e19054a35c3147d4e0b1a3021ba067")
close_range$auto(0x2, 0x8, 0x0)
close_range$auto(0x2, 0x8, 0x0)
bpf$auto(0x0, &(0x7f0000000080)=@bpf_attr_4={0x9, 0xffffffffffffffff, 0xffffffff}, 0xd)
socket(0x2, 0x80002, 0x73)
r1 = socket(0xa, 0x1, 0x84)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
ppoll$auto(&(0x7f00000002c0)={r1, 0x1, 0xd75}, 0x2, 0x0, 0x0, 0x8)
openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/modules\x00', 0x40000, 0x0)
sendmsg$auto_NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc}, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9)
read$auto(0x3, 0x0, 0x7)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r3 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0)
ioctl$auto_RTC_RD_TIME(r3, 0x80247009, 0x0)
r4 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fb0\x00', 0x20401, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x4601, 0x0)

3.361528555s ago: executing program 3 (id=2987):
r0 = socket(0x23, 0x80805, 0x0)
inotify_init1$auto(0x1000013)
mmap$auto(0x0, 0x2020009, 0x126, 0xf8, 0xffffffffffffffff, 0x8000)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/scsi/scsi\x00', 0x400, 0x0)
read$auto(r1, &(0x7f0000000000)='/\x00', 0x6)
r2 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
ioctl$auto(r0, 0x5, r0)
bind$auto(0x3, &(0x7f0000000040)=@ethernet={0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1cc5087217524dd0}}, 0x6a)
ioctl$auto(0x3, 0x89e0, 0x38)
r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x80081, 0x0)
write$auto_seq_oss_f_ops_seq_oss(r3, &(0x7f00000002c0)="f618deadf7e888b1ff8bff71c49054428f819e30236ce79200d01532f2ed0d000000008d5d8e9dea0337f5095b82a54456f845800adbfbd11b66630e687bbca2612c912a6f57eb9f9944281954e2c5da22daf73acc711a3d9b6758b7a6e74bae890345225264da35ac3be11d2f555b8d08cef68f4a3aa938391dfbc0841813c93c41ee53b7e310c21563c1d8cbcde6549675fbe14b917c5b0a23069452100c3110990884271e91b8f6497e89091dc41c4cdd1769725f5f6d78aaac6367115bb64416e289", 0xc4)
unshare$auto(0x3)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptyc9\x00', 0x290040, 0x0)
r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0)
ioctl$auto_TCFLSH2(r4, 0x80045439, 0x0)
ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0)
mmap$auto(0x0, 0x400008, 0xb05, 0x9b72, r4, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0)
close_range$auto(r4, 0x8, 0x0)
r5 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$auto_dma_heap_fops_dma_heap(r5, 0xffffffffffdffe00, &(0x7f00000003c0)="d163cf31057f8cdef6f25b13475e1d82462e3a61e7296117b8c15d6c776a1878a4aa81e85e4941a3658c089de8253ea1e77e31d259552e14eca1dd21c4c3059054141f26800cd0895d4936aa2ccc95cde6d172f2592ea04bd113e35b840f982a6f509713ade1b1bada7c58988269ae2842d420fb58f9cf21606a59551fd0eb871e79f26aeed0c1ba067231e3b292b63643b3b30d71006b52208fd8ccf247ccd5487b2f20ac24a8f5")
ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4)
r6 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x24)
mmap$auto(0x0, 0x4020009, 0x7ffd, 0xeb1, 0x401, 0x8000)
read$auto(r6, 0x0, 0xbcd5)
close_range$auto(0x2, 0x8, 0x0)

3.125434446s ago: executing program 1 (id=2989):
mmap$auto(0x0, 0x5, 0xdf, 0x9b71, 0x7, 0x27ffc)
r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
recvmmsg$auto(0x3, 0x0, 0x10002, 0x700, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
socket(0x22, 0xa, 0xe)
sendmmsg$auto(0xffffffffffffffff, 0x0, 0x200009a9, 0x4)
mmap$auto(0x8e9, 0x20009, 0x1, 0xeb3, 0x401, 0x8000)
read$auto(r0, &(0x7f00000001c0)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0xc)
mmap$auto(0x1, 0x2000d, 0x3, 0xfffffffffffffff8, 0x401, 0x8000)
mmap$auto(0x6, 0x20009, 0x100000000, 0x111, 0x40000000000a5, 0x400000000008000)
move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x40)
r1 = fcntl$auto(0x8000000000000001, 0x7fffffff, 0x8)
pwrite64$auto(0xffffffffffffffff, 0x0, 0x81, 0x4000000000000005)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ioctl$auto_FS_IOC_ZERO_RANGE(r1, 0x40305839, 0x9)
r2 = openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x101202, 0x0)
write$auto(r2, 0x0, 0x5)
read$auto(0xffffffffffffffff, &(0x7f0000000000)='%\x00', 0xa)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, 0x0, 0x258002, 0x0)
read$auto(r2, 0x0, 0x1f43)
unshare$auto(0x40000080)
socket(0x2a, 0x1, 0xc)
setsockopt$auto(r1, 0x1, 0x1000, 0x0, 0x101)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000040)="10678899b7fce7fcb2655e7d5de436da3a41")
socket(0x11, 0x3, 0x2)
getpeername$auto(0x3, 0x0, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/fs/ext4/sda1/err_ratelimit_burst\x00', 0x103841, 0x0)
write$auto(r3, &(0x7f0000003080)='/sys/devices/virtual/tty/ptyw9/power/runtime_status\x00', 0x13)
writev$auto(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0xfffbffff00000001}, 0x6)

2.45595784s ago: executing program 2 (id=2990):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x12, 0x401, 0x8003)
getpid()
ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0)
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
readv$auto(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x40200}, 0x3)
ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, 0x0)
ppoll$auto(&(0x7f0000000000)={r0, 0x40}, 0x2, 0x0, 0x0, 0x8)
modify_ldt$auto(0x1, 0x0, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0)
sysfs$auto(0x2, 0x8, 0xbba)
r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/lru_gen_full\x00', 0x0, 0x0)
pread64$auto(r1, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x400)
inotify_rm_watch$auto(0xffffffffffffffff, 0x8001)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
getpid()
r3 = prctl$auto(0x203e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0x2000040080000004, 0xe)
io_uring_setup$auto(0x6, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000600), r4)
sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000200)=ANY=[@ANYBLOB="b1cfcf98a023803241248a9488efc3595daa939584482a58aa4c945cd7f65707bd0e569d3e3a71d105fb43814561d5368a359d8b3f6a6357c93c4942c2f5465c515fcd4dbbe035d2c622ed8c96a776c87ae5b41c86fbd14ce21228106f4f57edf6bb8b06274963bd", @ANYRES16=r5, @ANYRES32=r4], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x80)
select$auto(0x2, 0x0, 0x0, &(0x7f0000000340)={[0x1ff, 0x2, 0xd, 0x1, 0x948b, 0x7, 0x15f4da0a, 0x3, 0x2, 0x62, 0x6, 0x7, 0x7, 0xd, 0x1000000002, 0x6]}, 0x0)
mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000)
write$auto(0x3, 0x0, 0xffd8)
unshare$auto(0x40000080)
writev$auto(r3, &(0x7f00000001c0)={&(0x7f0000000080)="33c67e45a517b96e75e4c9759a537f2ce21a21e95d939f73e4d0b1bfeb05dbb62263679e1ab40050ba"}, 0x10001)
openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs1\x00', 0x48080, 0x0)

2.241624577s ago: executing program 3 (id=2991):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
setsockopt$auto(0x3, 0x1, 0x1d, 0x0, 0x9)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (fail_nth: 1)

2.097235591s ago: executing program 0 (id=2992):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r0 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/fail_io_timeout/probability\x00', 0x20000, 0x0)
getsockopt$auto_SO_RESERVE_MEM(r0, 0x5, 0x49, &(0x7f00000002c0)='/sys/kernel/debug/tracing/events/vmalloc\x85\v\x00\x00\x00\x00\x00\x00;w\x89\x01\x8e\x81\v\xf5\x99\xc3Z\x065\xce\xb6W\x8b\xd9\xa6\x852\xfcq\x8fOe\xc8\xdf\xec_dX\x04\x00\x00\x00\x00\x00\x00\x00=\x9e\x83p\xe1\x1b\xec\x99\xcc^\x8b\xca\f\x17\x9a\t\xbe*8\x1d\xa3\xc6\xb3Q\xb9\xed\xd9bueU\xa2\xaf\x0f:\x83\x9e\a\xd89\xdb\'%7\x008^R\vxh\xaa\xba\xcdT\r\x93>\x1d\x0e\x1e\xaf\xe1\xe7\x92\xebc\xd4\x9ad+\x99\x11\x92X\x05\xd2\xac\xa7\xd4\xe6\xe4[kw\x14\xa9\x91\xac\f\x1d\xdb\x80\xba\xa9_$\xb0\x93\x9d\x9f\x84\xbf\xa6`\xa0&\x14U\xb3\x02\xd1\x9a\xb8\xcfB\x98\xb7\xd0\xa4\xd3\xb8\x8b\xbc\r\x03\x93\xf6\xc0\xe6\xba\x01~\b\x1b\xbb{\xd7q\xde\x9d0\xcf\xa5\x16\xb1\xe9kSV\xcb\xa4|k\xa9X\xc0\xdf^P0\x83\x0f\x89\xd8\x16\xe1\vv\xf9\xe1z\x94\xa1\x1b\xaca\xc9y\xf8\x82A\x8d\xafO\xc6\x01\x02\x13\xd8\xd31a\xc2\xed5\xcbf\\M\xd6^<(,5\x92\x02H\x1f\xb3\xad$\xa6\xdb\x03=\n\xf0\x99<H\xca\xd9\x9e\xb6\xf511\x00\x7fH\xb5\x9c\x9b\x10R\x06|I[\xfe.\x89\xc3\x9b\x11\xebic\xbd^\xd2\x80\xf4\xc2%\x80\x98<\xd9\xe4\xbd1\xc0\xec\x10;Q\xf8\x80fbu\xd3\xa6x\xeb]l\xbc~${K\xba\x9e\xcf1!\xbe|\xfa\xc1&\xad\r\xa4\xa9I\xfeU\x83\'g\xba\xe8\xb6\xa2\a\x92\xce\x15\xcey\xce]\xd5\x82\x81\xa5\v\xc6y,\x96\x9e\xfb\x98\xc9\x15Rb\xf6\xb8la\xfa\x9b:\xdb\r\xf0\xc6\x0f\xd0\xe4L\x8d\x81\xa8\xc0\ve\xf9^\x96\x83Q\xbe[`\x02\xa8\x83\xa6\xf1\xf2\x8cA\x82;\xc5\x89n\xadN\xe4\x86\"\xd5\xb5\x18d\x90\xf1\x11\xd8', &(0x7f0000000000)=0x9)
read$auto(0x3, 0x0, 0x80)
r1 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC0D0c\x00', 0x2000, 0x0)
ioctl$auto_SNDRV_PCM_IOCTL_READN_FRAMES2(r1, 0x80184153, &(0x7f00000001c0)={0x4, &(0x7f0000000180)=&(0x7f0000000100)="87caa264851682bc5dab24f200cc6c36af83a0792dae19bdff9776e461787042c241135fad2cc6ffef6e6cf623a1e4d485e48d231bb9b75056e821493c57e93a914c4868f5c21f7c38a1e612d8084183f5935a0aac9bac8fe9ea817d0683fb0a719f464429cc", 0x1})
r2 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0)
write$auto(r2, 0x0, 0x9)

2.09441665s ago: executing program 1 (id=2993):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000004680), 0xffffffffffffffff)
r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop6\x00', 0x0, 0x0)
io_uring_setup$auto(0x101, 0x0)
unshare$auto(0x40000080)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x200, 0x0)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0)
r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0x7, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x2, 0x3, 0x95f4da0a, 0xefffffffffffffff, 0x3, 0x62, 0x80000001, 0x10000000000004, 0x6d40, 0x1, 0x2, 0xfffffffffffffffe]}, 0x0)
openat$auto_percpu_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2b, 0x1, 0x1)
write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.controllers\x00', 0x2, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000001100)=""/4111, 0x100f)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file1/file0\x00', 0x8580, 0x6c)
mknodat$auto(r6, &(0x7f00000003c0)='./file0\x00', 0xfff, 0xfffffff8)
renameat2$auto(r4, &(0x7f0000000200)='./file1\x00', r6, 0x0, 0x11)
ioctl$auto_SG_GET_RESERVED_SIZE(r2, 0x4c08, 0x0)
r7 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fs/cifs/SecurityFlags\x00', 0x48041, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/bus/usb/drivers/dvb_usb_dibusb_mb/uevent\x00', 0x800, 0x0)
write$auto(r7, 0x0, 0x2)
sendmsg$auto_OVS_VPORT_CMD_DEL(r0, &(0x7f00000049c0)={0x0, 0x0, &(0x7f0000004980)={&(0x7f00000046c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010026bd7000fedbdf250272eab370a889f70d15b1d8db000000"], 0x20}, 0x1, 0x0, 0x0, 0x40040801}, 0x4000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/mm/ksm/use_zero_pages\x00', 0x111082, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xffffffff, 0x401, 0x8000)
sysfs$auto(0x2, 0x3c, 0x0)
r8 = fsopen$auto(0x0, 0x1)
fsconfig$auto(r8, 0x6, 0x0, 0x0, 0x0)

1.811973224s ago: executing program 0 (id=2994):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
nanosleep$auto(&(0x7f0000000180)={0x2, 0x44d4}, 0x0)
getpid()
clock_nanosleep$auto(0x9, 0x0, 0x0, 0x0)
r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x12102, 0x0)
mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000)
open(&(0x7f0000000100)='./file0\x00', 0x299b4bf652a26aa1, 0x111)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
msync$auto(0x100005ee5e40d, 0xd5f6, 0xffffffff)
write$auto(r0, 0x0, 0x30007e)
mmap$auto(0x9, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0xb)
mmap$auto(0x3c3794d4, 0x6, 0xdf, 0x19, 0xffffffffffffffff, 0x8000)
openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000080)='/proc/kpageflags\x00', 0x2, 0x0)
pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x00\rB\x1cJ\x99\x00:c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3)
mmap$auto(0x0, 0x2000a, 0x10000000000dc, 0xeb2, 0x401, 0x8000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x155)
socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55)
mq_notify$auto(0x4, &(0x7f0000000040)={@sival_ptr=0x0, @inferred, 0x1, @_tid})
sendmsg$auto_NL802154_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0}, 0x80)
sendmmsg$auto(0xffffffffffffffff, &(0x7f00000000c0)={{0x0, 0x6, 0x0, 0xa7, &(0x7f0000000040), 0x8000, 0x1}, 0x8}, 0x1, 0x9)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0xff, 0x0, 0x1, 0x3}, 0xed7138c}, 0xb, 0x0)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0)
ioctl$auto(r1, 0xc0104d08, r1)

1.346794662s ago: executing program 3 (id=2995):
r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x101c82, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x7ffd)
close_range$auto(r0, 0xffffffffffffffff, 0x4)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x100, 0x0)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000240)='/dev/usbmon35\x00', 0x400, 0x0)
mkdir$auto(&(0x7f0000000100)='./file0\x00', 0x7)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x10000, 0x41)
getdents$auto(r1, 0x0, 0x2)
mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/audit\x00', 0x200, 0x0)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x101102, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0)
r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
mmap$auto(0x0, 0x3, 0x4000000000df, 0x1ff, r3, 0x92e3)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0x200009, 0x7)
io_uring_setup$auto(0x7, 0x0)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon21\x00', 0xe001, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r4 = socket(0x10, 0x2, 0x4)
close_range$auto(0x2, r2, 0x0)
r5 = socket(0x10, 0x2, 0xc)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r5, @ANYRES8=r5], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80)
write$auto(r4, &(0x7f0000000000)='-\x00', 0xfdef)
close_range$auto(0x2, 0x8, 0x0)

1.061527327s ago: executing program 3 (id=2996):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
getpid()
ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0)
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0)
syz_genetlink_get_family_id$auto_seg6(&(0x7f0000002e40), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$auto(r2, 0x104000000000010e, 0xc, 0x0, 0x6)
r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000580), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_LEAVE_MESH(r2, &(0x7f0000000640)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x2c, r3, 0x200, 0x70bd2c, 0x25dfdbfd, {}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x3}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x98}, @NL80211_ATTR_STA_TX_POWER={0x6, 0x114, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
readv$auto(r1, &(0x7f0000000680)={0x0, 0x40200}, 0x3)
ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, 0x0)
r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_DEL_STATION(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000380)={&(0x7f00000001c0)={0x19c, r4, 0x400, 0x70bd2d, 0x25dfdbfc, {}, [@NL80211_ATTR_STA_SUPPORTED_CHANNELS={0xb9, 0xbd, "bbaeb7fd4143e33c45a80219239474f90823b27629dcc907953d774d2fd4e2fa0f3938ecccd15a509821796bc8e0049edc4d4b5e7b745c1551c7dbafddc6e59a4929f79f5935d2f5591ed3b9ab6e961babb1f5b5f277290ab8cedaf10f658c92b631b6bc674b69e91eabc7ea8caa737d0c4c77a7ab6222c70743879481763ee6b76efc27ab26e876ce0458486b6b39a072cc637454eb796aa7408d4d372798a81e2cee5f9ec168478330561fd65bc4c1b6d3ab48e8"}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0xd}, @NL80211_ATTR_MLD_ADDR={0x69, 0x13a, "27d3d385c891d39ede37889306b25d80f4ad55a534ce308923e5e862d7563da54744bcc7830e9df5cae9efbc6e407e639378d3dec7b7c2d0085c651bc1d80b5728e5badf18faf06b71df9dde519ea6ced70cdaadba67ffe9498139ac2adad26d0ea70c08d0"}, @NL80211_ATTR_PROBE_RESP={0x49, 0x91, "eddae42f28381ac2a0b8e87b051ae09dcce04de4340222469d968ee33d82b71d9e83ebd784e4f440bce9ffb8a85c0e7fe9ff315d03f7f4f7d22c1f20b7bda72fb5589066fc"}, @NL80211_ATTR_PMK={0xa, 0xfe, "3574d8a0512e"}]}, 0x19c}, 0x1, 0x0, 0x0, 0x4040115}, 0x20048082)
ppoll$auto(&(0x7f0000000000)={r0, 0x40}, 0x2, 0x0, 0x0, 0x8)
r5 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aab4)
flock$auto(r5, 0x1)
r6 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0)
write$auto_mousedev_fops_mousedev(r6, 0x0, 0x0)
mmap$auto(0x0, 0x8000000000000000, 0xdf, 0xeb1, 0x401, 0x8000)
r7 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_OVS_FLOW_CMD_GET(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={0x128, r7, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0x10c, 0x1, 0x0, 0x1, [@nested={0x108, 0x10, 0x0, 0x1, [@nested={0x104, 0x8, 0x0, 0x1, [@generic="99cb9d0ac5e7ca3db865f48743213f4895a92d889bcc52161a9db0c71042415f87e61e3975a378b736c3306b1a3ee4ce8b655fea2d69b00098f23b1cb37bf85739d04fb10a01766880ff82bbcaf8ffcc48221b11ee52385f95f3ca6366d40c8f351f1acb026136efeac333f139dc70761cb1b8ab2088cd036ec759ace6a86b542d5d8052a4be21311d98044cbdc3a15d34c29150d2cf295ab86ea42b51a5745e2911d0571fa6c66dad9cb30216732f9ba61fcdae60832bfa6da7e5c55339f2d80fbc2405cdbdf77856206c82c836024e4169fc9784aeafa9debd822a1bcf47979c0c1de2e67b3f8f747ebdf057a5be35", @generic="1a327b07757bb36f5c3608656cec1929"]}]}]}, @OVS_FLOW_ATTR_PROBE={0x4}]}, 0x128}, 0x1, 0x0, 0x0, 0x24040071}, 0x800)
write$auto(0x3, 0x0, 0xfdef)
read$auto(0x3, 0x0, 0xf3c)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4004)
ioctl$auto_SNDCTL_DSP_SYNC(r0, 0x5001, 0xfffffffffffffffc)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0)
pread64$auto(0xffffffffffffffff, 0x0, 0x7ff, 0x400)
inotify_rm_watch$auto(r1, 0x8001)

960.28576ms ago: executing program 1 (id=2997):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000680)='/dev/video15\x00', 0x20281, 0x0)
r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/036/001\x00', 0xa901, 0x0)
mmap$auto(0x0, 0x0, 0x4000000000df, 0x19, r0, 0x7)
openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0)
timer_create$auto(0x1, 0x0, 0x0)
mq_notify$auto(r1, &(0x7f0000000180)={@sival_ptr=0x0, @inferred=r1, 0x1, @_sigev_thread={0x0, 0x0}})
timer_gettime$auto(0x0, 0x0)
bind$auto(0x3, &(0x7f0000000080)=@llc={0x1a, 0x1, 0x49, 0x6, 0x18, 0x5, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x6a)
mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0xffe0}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311)
ioctl$auto(0x3, 0x80000541b, 0x38)
socket$nl_generic(0x10, 0x3, 0x10)
memfd_create$auto(&(0x7f0000000200)='!\x00', 0x14)
fallocate$auto(0x8000000000000003, 0x0, 0xd, 0x2cbd5d)
mmap$auto(0x0, 0x400008, 0x6, 0x9b72, 0x3, 0x8000)
timer_settime$auto(0x66c8ece2, 0x617c, &(0x7f0000000000)={{0x9, 0xc}, {0xa, 0x3ff}}, &(0x7f0000000240)={{0x1, 0x8}, {0x1, 0x7}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000480), r2)
ioperm$auto(0x5, 0x9, 0x3ffffffc)
r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv6/conf/macvtap0/router_solicitation_interval\x00', 0x400100, 0x0)
bpf$auto(0x5, &(0x7f0000001540)=@bpf_attr_3={0x9, 0x4, 0x10000, 0x1, 0x9, 0x80000000, 0x3, 0x1000, 0x10000, "06dbde4e070000001b0000000800", 0x0, 0x6, 0x2, 0x100, 0x0, 0x81, 0x200, 0x1, 0x4, 0x5, @attach_prog_fd=r1, 0x5, 0x1ff, 0x100000002, 0x1, 0xe4, 0x6}, 0x1000)
lseek$auto(r3, 0x0, 0x0)
mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
r4 = clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
ptrace$auto(0x4206, r4, 0x0, 0x200005)
chmod$auto(&(0x7f0000000040)='./file0\x00', 0x10fe)
sendmsg$auto_MACSEC_CMD_DEL_TXSA(r2, &(0x7f0000000fc0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004}, 0x4802)
ioctl$auto(0x3, 0x8108551b, 0x1)

876.922399ms ago: executing program 0 (id=2998):
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x28, 0x0, 0x400, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_MCAST_FLAGS_PRIV={0x8, 0x27, 0x4}, @BATADV_ATTR_NEIGH_ADDRESS={0xa, 0x18, @remote}]}, 0x28}, 0x1, 0x0, 0x0, 0x4c894}, 0x24008000) (async, rerun: 64)
socket(0x10, 0x2, 0x0) (rerun: 64)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0xa, 0x0) (async)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x2000, 0x0) (async)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0)
openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000000), 0x181882, 0x0) (async, rerun: 32)
openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) (async, rerun: 32)
epoll_create$auto(0x100008) (async, rerun: 64)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x40242, 0x0) (rerun: 64)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0)
read$auto(r2, 0x0, 0x20)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x10}, 0x3) (async)
close_range$auto(0x2, 0x8, 0x0) (async, rerun: 32)
r3 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000700), 0xffffffffffffffff) (rerun: 32)
sendmsg$auto_IPVS_CMD_SET_CONFIG(r0, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f00000007c0)={0x1c, r3, 0x1, 0x70bd28, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3a8935ae}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) (async, rerun: 64)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) (rerun: 64)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)

798.848962ms ago: executing program 1 (id=2999):
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x2, 0x800, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0xffffffffffffffff, 0x8)
r0 = socket(0xa, 0x2, 0x0)
r1 = socket(0x22, 0x3, 0x1)
connect$auto(r1, &(0x7f00000018c0)=@generic={0xa}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
mmap$auto(0x200, 0x400008, 0x200, 0x9b72, r0, 0x6)
r2 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0)
write$auto_proc_mem_operations_base(r2, &(0x7f0000001680), 0x0)
mmap$auto(0x0, 0x20009, 0x4001000000df, 0xeb1, 0x401, 0x8000)
r3 = wait4$auto(0xffffffffffffffff, &(0x7f0000000100)=0x6, 0x7, &(0x7f0000000140)={{0x1004000, 0x3}, {0xff, 0x5}, 0x289, 0x1, 0xffffffff, 0xd39, 0x4, 0x9, 0x6b21, 0x200, 0x1, 0x0, 0x7ff, 0x4, 0x8, 0xff})
syz_clone3(&(0x7f0000000080)={0x123060000, 0x0, 0x0, 0x0, {0x14}, 0x0, 0x0, 0x0, &(0x7f00000011c0)=[r3], 0x1}, 0x58)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x1ffff000, 0x7, 0x100000000)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2)
shmget$auto(0x8, 0x10563, 0x568d1af2)
statmount$auto(0x0, 0x0, 0x201, 0x9)
ioperm$auto(0x7, 0x6, 0x2)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0)

703.411284ms ago: executing program 0 (id=3000):
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x102, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x3, 0x6)
r0 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0)
socketpair$auto(0x1e, 0x3, 0xfffffffe, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x3}, 0x7}, 0x3, 0xcad7)
mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
close_range$auto(0x2, 0x8, 0x0)

548.798465ms ago: executing program 0 (id=3001):
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/block/parameters/events_dfl_poll_msecs\x00', 0x80002, 0x0)
mmap$auto(0x0, 0x4000b, 0x7, 0x9b72, 0x7, 0x28000)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
inotify_init1$auto(0x3000000000000)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x25, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x15, 0x5, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x183042, 0x0)
mmap$auto(0x7fff, 0x4, 0x400000000000df, 0x14, 0x401, 0x4)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000)
syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff)
sendmmsg$auto(0x3, 0x0, 0x2, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r1 = pidfd_open$auto(0x1, 0x0)
setns(r1, 0x20000)
socket(0x2, 0x1, 0x106)
socket(0x2, 0x1, 0x0)
shutdown$auto(0x200000003, 0x2)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, 0x0, 0x100382, 0x0)
close_range$auto(0x2, r0, 0xd989)
memfd_create$auto(0x0, 0xe)
socket(0x1d, 0x2, 0x7)
socket$nl_generic(0x10, 0x3, 0x10)

195.814071ms ago: executing program 0 (id=3002):
unshare$auto(0x40000080)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
read$auto(0xffffffffffffffff, 0x0, 0x1f40)
stat$auto(0x0, &(0x7f0000000380)={0x3, 0x3, 0x6, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0xa, 0xff, 0x100, 0x401, 0x5f57, 0x80000000, 0xaa})
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x0, 0x0)
writev$auto(r1, &(0x7f0000000180)={0x0, 0x200000007}, 0x3)
inotify_add_watch$auto(r1, &(0x7f0000000040)='./file0\x00', 0x5)
getsockopt$auto_SO_PASSCRED(0xffffffffffffffff, 0x1, 0x10, 0x0, 0x0)
mmap$auto(0x0, 0x400005, 0x800000000000df, 0x9b72, 0x2, 0x8000)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x20048801)
ioperm$auto(0x400000ffff, 0xe, 0x1)
syz_genetlink_get_family_id$auto_taskstats(0x0, 0xffffffffffffffff)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
pread64$auto(0xffffffffffffffff, 0x0, 0xe, 0x100000000007)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
statmount$auto(0x0, 0x0, 0xfffff7fffffffffa, 0x81)
getsockopt$auto_SO_PASSCRED(r0, 0x9, 0x10, &(0x7f00000000c0)='/dev/tty12\x00', &(0x7f0000000140)=0x401)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r2, 0x0, 0x20)
r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0)
writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3)
io_setup$auto(0xffff, &(0x7f0000000580))
write$auto(0x3, 0x0, 0xfffffdef)
r4 = socket$nl_generic(0x11, 0x3, 0x10)
bind$auto(r4, &(0x7f0000000200)=@generic={0x11, "0000100000000000929e006300"}, 0x80)

0s ago: executing program 3 (id=3003):
r0 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000080), 0x454542, 0x0)
writev$auto(r0, &(0x7f00000000c0)={&(0x7f0000000380)="7f8a3a06e7677942bb6593d2926e2875dd49f6c5c67e76e2806c33fb83a97eddb84cbf7e18a1790c66d6cedfd343fb5941a4059fcce9611cf14e6c8b8f5f4bf4af10803f0359e47a40d8242e", 0xfffffffffffffeff}, 0x9)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0xfffffffb)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x2003f0, 0x15)
madvise$auto(0x0, 0x200007, 0x19)
pselect6$auto(0x9, &(0x7f0000000000)={[0x8, 0x4, 0x0, 0x6, 0x8001, 0x4000000000002bc8, 0xfff, 0x1, 0xfffffffffffffffe, 0xffffffff, 0x8000000000000001, 0xfffffffffffffffd, 0x211, 0x2, 0x8, 0x1]}, 0x0, 0x0, 0x0, 0x0)
r1 = socket(0xa, 0x2, 0x73)
sendto$auto(r1, 0x0, 0x402, 0x0, &(0x7f0000000000)=@generic={0xa, "e2c48340020000803636166b00"}, 0x1c)
sysfs$auto(0x80000001, 0x0, 0x7)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x734f, 0x35, 0x67f, 0x1ffde, 0x7, 0x3, 0x20000002, 0xd, 0x3, 0x1, 0x2091, 0xb4, 0x9, 0x6, 0x6, 0x80, 0x4, 0x1cd7, 0x1000, 0x2000, 0x203, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x1fe, 0xd)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x20008000)
keyctl$auto(0x1d, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x8)
open(&(0x7f0000000100)='.\x00', 0x591002, 0x408)
r2 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000140), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)

kernel console output (not intermixed with test programs):


				
	




	
				
	

	

		
		

	
			

			

			

			

			

			

			

			

			

			


	
		

	


	
	

		
	
		
	
	



			








	





	




		

		

			

	

	


	



	





	




	






	




	




		





	

	

		
		

	
				
	
	



	
			

			
	
		

	










	




	

		

	

	










	






	
		
	
	
		

	
	

	






	




	





		







				
		
	
	
	

	


	


	

	
		
	

	
		
[  818.271968][   T30] audit: type=1800 audit(4295012344.107:22): pid=18051 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2398" name="dbroot" dev="configfs" ino=58170 res=0 errno=0
[  818.300827][T18051] FAULT_INJECTION: forcing a failure.
[  818.300827][T18051] name failslab, interval 1, probability 0, space 0, times 0
[  818.332152][T18051] CPU: 1 UID: 0 PID: 18051 Comm: syz.2.2398 Tainted: G     U              6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  818.332195][T18051] Tainted: [U]=USER
[  818.332204][T18051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  818.332221][T18051] Call Trace:
[  818.332229][T18051]  <TASK>
[  818.332238][T18051]  dump_stack_lvl+0x16c/0x1f0
[  818.332286][T18051]  should_fail_ex+0x512/0x640
[  818.332330][T18051]  should_failslab+0xc2/0x120
[  818.332357][T18051]  __kmalloc_cache_noprof+0x6a/0x3e0
[  818.332395][T18051]  ? snd_pcm_oss_change_params_locked+0x247/0x3a30
[  818.332432][T18051]  snd_pcm_oss_change_params_locked+0x247/0x3a30
[  818.332466][T18051]  ? __might_resched+0x5/0x5e0
[  818.332496][T18051]  ? trace_contention_end+0xdd/0x130
[  818.332537][T18051]  ? __mutex_lock+0x1ca/0xb90
[  818.332561][T18051]  ? tomoyo_path_number_perm+0x18d/0x580
[  818.332604][T18051]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  818.332642][T18051]  ? __pfx___mutex_lock+0x10/0x10
[  818.332672][T18051]  ? rcu_is_watching+0x12/0xc0
[  818.332701][T18051]  ? __might_fault+0xe3/0x190
[  818.332745][T18051]  snd_pcm_oss_get_active_substream+0x168/0x1d0
[  818.332782][T18051]  snd_pcm_oss_ioctl+0x31aa/0x37a0
[  818.332816][T18051]  ? __fget_files+0x204/0x3c0
[  818.332853][T18051]  ? hook_file_ioctl_common+0x145/0x410
[  818.332887][T18051]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  818.332923][T18051]  ? __fget_files+0x20e/0x3c0
[  818.332963][T18051]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  818.332997][T18051]  __x64_sys_ioctl+0x18e/0x210
[  818.333030][T18051]  do_syscall_64+0xcd/0x490
[  818.333055][T18051]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  818.333100][T18051] RIP: 0033:0x7f13e878e929
[  818.333123][T18051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  818.333153][T18051] RSP: 002b:00007f13e9653038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  818.333183][T18051] RAX: ffffffffffffffda RBX: 00007f13e89b5fa0 RCX: 00007f13e878e929
[  818.333205][T18051] RDX: 0000000000000000 RSI: 00000000c0045005 RDI: 0000000000000005
[  818.333224][T18051] RBP: 00007f13e8810b39 R08: 0000000000000000 R09: 0000000000000000
[  818.333243][T18051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  818.333260][T18051] R13: 0000000000000000 R14: 00007f13e89b5fa0 R15: 00007ffd3562ba48
[  818.333288][T18051]  </TASK>
[  818.575038][    C1] vkms_vblank_simulate: vblank timer overrun
[  818.598673][ T6184] Bluetooth: hci2: command tx timeout
[  818.758454][T18062] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2400'.
[  818.995051][T18070] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  819.110948][T18071] snd_dummy snd_dummy.0: control 16781581:65539:6:�'x?F���/��zF˷fC���:7 is already present
[  819.234506][T18064] block2mtd: parameter too long
[  819.336762][T18074] ieee80211 phy23: Selected rate control algorithm 'minstrel_ht'
[  819.364613][T18076] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  820.890164][T18106] caif:caif_disconnect_client(): nothing to disconnect
[  820.970962][T18114] FAULT_INJECTION: forcing a failure.
[  820.970962][T18114] name failslab, interval 1, probability 0, space 0, times 0
[  820.983891][T18114] CPU: 0 UID: 0 PID: 18114 Comm: syz.3.2412 Tainted: G     U              6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  820.983944][T18114] Tainted: [U]=USER
[  820.983955][T18114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  820.983994][T18114] Call Trace:
[  820.984004][T18114]  <TASK>
[  820.984016][T18114]  dump_stack_lvl+0x16c/0x1f0
[  820.984072][T18114]  should_fail_ex+0x512/0x640
[  820.984124][T18114]  should_failslab+0xc2/0x120
[  820.984155][T18114]  __kmalloc_cache_noprof+0x6a/0x3e0
[  820.984200][T18114]  ? kvm_uevent_notify_change.part.0+0x2b2/0x450
[  820.984240][T18114]  kvm_uevent_notify_change.part.0+0x2b2/0x450
[  820.984277][T18114]  ? __pfx_kvm_vm_release+0x10/0x10
[  820.984327][T18114]  kvm_put_kvm+0xe4/0xb40
[  820.984382][T18114]  ? __pfx_kvm_vm_release+0x10/0x10
[  820.984465][T18114]  kvm_vm_release+0x3c/0x50
[  820.984516][T18114]  __fput+0x402/0xb70
[  820.984552][T18114]  task_work_run+0x150/0x240
[  820.984603][T18114]  ? __pfx_task_work_run+0x10/0x10
[  820.984653][T18114]  ? __pfx___do_sys_close_range+0x10/0x10
[  820.984708][T18114]  exit_to_user_mode_loop+0xeb/0x110
[  820.984760][T18114]  do_syscall_64+0x3f6/0x490
[  820.984792][T18114]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  820.984826][T18114] RIP: 0033:0x7f817b78e929
[  820.984850][T18114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  820.984884][T18114] RSP: 002b:00007f81795f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  820.984916][T18114] RAX: 0000000000000000 RBX: 00007f817b9b5fa0 RCX: 00007f817b78e929
[  820.984938][T18114] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002
[  820.984958][T18114] RBP: 00007f817b810b39 R08: 0000000000000000 R09: 0000000000000000
[  820.984978][T18114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  820.984997][T18114] R13: 0000000000000000 R14: 00007f817b9b5fa0 R15: 00007ffc8398f738
[  820.985029][T18114]  </TASK>
[  822.110734][T18117] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  822.152574][T18117] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  822.158845][T18117] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  822.165283][T18117] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  822.176634][T18117] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  822.186726][T18117] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  822.193562][T18117] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  822.201305][T18117] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  823.507579][T18167] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2421'.
[  823.559445][T18173] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2423'.
[  823.601962][T18173] bond0: (slave bond_slave_1): Releasing backup interface
[  823.651830][ T6184] Bluetooth: hci1: command 0x0406 tx timeout
[  823.765595][T18179] perf: Dynamic interrupt throttling disabled, can hang your system!
[  823.784814][T18181] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2426'.
[  824.090750][T18188] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2428'.
[  824.112701][T18188] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2428'.
[  824.124950][T18188] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2428'.
[  824.151018][T18188] netlink: 102 bytes leftover after parsing attributes in process `syz.0.2428'.
[  824.221906][ T6184] Bluetooth: hci2: command 0x0c1a tx timeout
[  824.228062][T17221] Bluetooth: hci4: command 0x0c1a tx timeout
[  824.234088][ T6352] Bluetooth: hci3: command 0x0406 tx timeout
[  824.563883][T18195] ieee80211 phy24: Selected rate control algorithm 'minstrel_ht'
[  824.745542][T18204] ieee80211 phy25: Selected rate control algorithm 'minstrel_ht'
[  824.904121][T18207] caif:caif_disconnect_client(): nothing to disconnect
[  825.160121][T18216] FAULT_INJECTION: forcing a failure.
[  825.160121][T18216] name failslab, interval 1, probability 0, space 0, times 0
[  825.253324][T18216] CPU: 0 UID: 0 PID: 18216 Comm: syz.2.2433 Tainted: G     U              6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  825.253362][T18216] Tainted: [U]=USER
[  825.253370][T18216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  825.253384][T18216] Call Trace:
[  825.253391][T18216]  <TASK>
[  825.253399][T18216]  dump_stack_lvl+0x16c/0x1f0
[  825.253438][T18216]  should_fail_ex+0x512/0x640
[  825.253473][T18216]  should_failslab+0xc2/0x120
[  825.253495][T18216]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  825.253529][T18216]  ? security_inode_alloc+0x3b/0x2b0
[  825.253556][T18216]  security_inode_alloc+0x3b/0x2b0
[  825.253581][T18216]  inode_init_always_gfp+0xce4/0x1030
[  825.253617][T18216]  alloc_inode+0x86/0x240
[  825.253639][T18216]  sock_alloc+0x40/0x280
[  825.253662][T18216]  __sock_create+0xc1/0x8d0
[  825.253693][T18216]  __sys_socket+0x14d/0x260
[  825.253721][T18216]  ? __pfx___sys_socket+0x10/0x10
[  825.253750][T18216]  ? xfd_validate_state+0x61/0x180
[  825.253779][T18216]  ? __pfx___do_sys_close_range+0x10/0x10
[  825.253817][T18216]  __x64_sys_socket+0x72/0xb0
[  825.253846][T18216]  do_syscall_64+0xcd/0x490
[  825.253867][T18216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  825.253891][T18216] RIP: 0033:0x7f13e878e929
[  825.253908][T18216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  825.253931][T18216] RSP: 002b:00007f13e9653038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  825.253953][T18216] RAX: ffffffffffffffda RBX: 00007f13e89b5fa0 RCX: 00007f13e878e929
[  825.253968][T18216] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  825.253982][T18216] RBP: 00007f13e8810b39 R08: 0000000000000000 R09: 0000000000000000
[  825.254016][T18216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  825.254031][T18216] R13: 0000000000000000 R14: 00007f13e89b5fa0 R15: 00007ffd3562ba48
[  825.254054][T18216]  </TASK>
[  825.254072][T18216] socket: no more sockets
[  825.366861][T18221] FAULT_INJECTION: forcing a failure.
[  825.366861][T18221] name fail_futex, interval 1, probability 0, space 0, times 0
[  825.551981][T18221] CPU: 1 UID: 0 PID: 18221 Comm: syz.1.2434 Tainted: G     U              6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  825.552035][T18221] Tainted: [U]=USER
[  825.552045][T18221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  825.552062][T18221] Call Trace:
[  825.552071][T18221]  <TASK>
[  825.552081][T18221]  dump_stack_lvl+0x16c/0x1f0
[  825.552131][T18221]  should_fail_ex+0x512/0x640
[  825.552176][T18221]  get_futex_key+0x1d0/0x1540
[  825.552209][T18221]  ? __pfx_get_futex_key+0x10/0x10
[  825.552242][T18221]  ? stack_trace_save+0x8e/0xc0
[  825.552273][T18221]  futex_wait_setup+0x9d/0x550
[  825.552318][T18221]  __futex_wait+0x194/0x2f0
[  825.552357][T18221]  ? __pfx___futex_wait+0x10/0x10
[  825.552399][T18221]  ? __pfx_futex_wake_mark+0x10/0x10
[  825.552439][T18221]  ? rcu_is_watching+0x12/0xc0
[  825.552467][T18221]  ? lock_release+0x201/0x2f0
[  825.552506][T18221]  futex_wait+0xe8/0x380
[  825.552545][T18221]  ? __pfx_futex_wait+0x10/0x10
[  825.552592][T18221]  do_futex+0x229/0x350
[  825.552624][T18221]  ? __pfx_do_futex+0x10/0x10
[  825.552658][T18221]  ? __pfx___might_resched+0x10/0x10
[  825.552689][T18221]  __x64_sys_futex+0x1e0/0x4c0
[  825.552722][T18221]  ? __pfx_blkcg_maybe_throttle_current+0x10/0x10
[  825.552758][T18221]  ? __pfx___x64_sys_futex+0x10/0x10
[  825.552792][T18221]  ? __pfx___do_sys_close_range+0x10/0x10
[  825.552838][T18221]  do_syscall_64+0xcd/0x490
[  825.552864][T18221]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  825.552891][T18221] RIP: 0033:0x7f8c7978e929
[  825.552913][T18221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  825.552941][T18221] RSP: 002b:00007f8c775d50e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  825.552966][T18221] RAX: ffffffffffffffda RBX: 00007f8c799b6088 RCX: 00007f8c7978e929
[  825.552985][T18221] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f8c799b6088
[  825.553002][T18221] RBP: 00007f8c799b6080 R08: 0000000000000000 R09: 0000000000000000
[  825.553018][T18221] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c799b608c
[  825.553049][T18221] R13: 0000000000000000 R14: 00007ffe58ff3e00 R15: 00007ffe58ff3ee8
[  825.553077][T18221]  </TASK>
[  825.777615][    C1] vkms_vblank_simulate: vblank timer overrun
[  825.990641][T18226] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2436'.
[  826.292677][T17221] Bluetooth: hci4: command 0x0c1a tx timeout
[  826.298743][ T6184] Bluetooth: hci2: command 0x0c1a tx timeout
[  826.999228][T17221] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  827.033365][T17221] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  827.040608][T17221] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  827.053531][T17221] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  827.101937][T17221] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  827.227496][T12147] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  827.408697][T12147] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  827.590743][T18255] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2444'.
[  827.613335][T12147] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  827.770927][T12147] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  827.811016][T18244] chnl_net:caif_netlink_parms(): no params data found
[  827.879363][T18262] FAULT_INJECTION: forcing a failure.
[  827.879363][T18262] name fail_futex, interval 1, probability 0, space 0, times 0
[  827.893291][T18262] CPU: 0 UID: 0 PID: 18262 Comm: syz.2.2446 Tainted: G     U              6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  827.893325][T18262] Tainted: [U]=USER
[  827.893332][T18262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  827.893345][T18262] Call Trace:
[  827.893351][T18262]  <TASK>
[  827.893358][T18262]  dump_stack_lvl+0x16c/0x1f0
[  827.893394][T18262]  should_fail_ex+0x512/0x640
[  827.893428][T18262]  get_futex_key+0x1d0/0x1540
[  827.893454][T18262]  ? __pfx_get_futex_key+0x10/0x10
[  827.893480][T18262]  ? stack_trace_save+0x8e/0xc0
[  827.893503][T18262]  futex_wait_setup+0x9d/0x550
[  827.893537][T18262]  __futex_wait+0x194/0x2f0
[  827.893567][T18262]  ? __pfx___futex_wait+0x10/0x10
[  827.893599][T18262]  ? __pfx_futex_wake_mark+0x10/0x10
[  827.893631][T18262]  ? rcu_is_watching+0x12/0xc0
[  827.893657][T18262]  ? lock_release+0x201/0x2f0
[  827.893688][T18262]  futex_wait+0xe8/0x380
[  827.893718][T18262]  ? __pfx_futex_wait+0x10/0x10
[  827.893754][T18262]  do_futex+0x229/0x350
[  827.893779][T18262]  ? __pfx_do_futex+0x10/0x10
[  827.893805][T18262]  ? __pfx___might_resched+0x10/0x10
[  827.893827][T18262]  __x64_sys_futex+0x1e0/0x4c0
[  827.893853][T18262]  ? __pfx_blkcg_maybe_throttle_current+0x10/0x10
[  827.893889][T18262]  ? __pfx___x64_sys_futex+0x10/0x10
[  827.893915][T18262]  ? __pfx___do_sys_close_range+0x10/0x10
[  827.893956][T18262]  do_syscall_64+0xcd/0x490
[  827.893995][T18262]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  827.894018][T18262] RIP: 0033:0x7f13e878e929
[  827.894035][T18262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  827.894059][T18262] RSP: 002b:00007f13e96530e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  827.894081][T18262] RAX: ffffffffffffffda RBX: 00007f13e89b5fa8 RCX: 00007f13e878e929
[  827.894097][T18262] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f13e89b5fa8
[  827.894112][T18262] RBP: 00007f13e89b5fa0 R08: 0000000000000000 R09: 0000000000000000
[  827.894126][T18262] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f13e89b5fac
[  827.894141][T18262] R13: 0000000000000000 R14: 00007ffd3562b960 R15: 00007ffd3562ba48
[  827.894163][T18262]  </TASK>
[  828.371810][T17221] Bluetooth: hci2: command 0x0c1a tx timeout
[  828.377872][T17221] Bluetooth: hci4: command 0x0c1a tx timeout
[  828.555602][T18244] bridge0: port 1(bridge_slave_0) entered blocking state
[  828.563983][T18244] bridge0: port 1(bridge_slave_0) entered disabled state
[  828.571101][T18244] bridge_slave_0: entered allmulticast mode
[  828.617761][T18244] bridge_slave_0: entered promiscuous mode
[  828.653671][T18244] bridge0: port 2(bridge_slave_1) entered blocking state
[  828.660817][T18244] bridge0: port 2(bridge_slave_1) entered disabled state
[  828.699422][T18244] bridge_slave_1: entered allmulticast mode
[  828.718994][T18244] bridge_slave_1: entered promiscuous mode
[  828.935645][T18244] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  828.967511][T18244] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  829.001005][T12147] bridge_slave_1: left allmulticast mode
[  829.001039][T12147] bridge_slave_1: left promiscuous mode
[  829.001192][T12147] bridge0: port 2(bridge_slave_1) entered disabled state
[  829.030602][T12147] bridge_slave_0: left allmulticast mode
[  829.030625][T12147] bridge_slave_0: left promiscuous mode
[  829.030758][T12147] bridge0: port 1(bridge_slave_0) entered disabled state
[  829.041797][T18277] netlink: 'syz.1.2449': attribute type 1 has an invalid length.
[  829.171844][T17221] Bluetooth: hci0: command tx timeout
[  830.116591][T12147] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  830.145725][T12147] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  830.198687][T12147] bond0 (unregistering): Released all slaves
[  830.211304][T18297] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2450'.
[  830.292396][T18244] team0: Port device team_slave_0 added
[  830.330984][T18244] team0: Port device team_slave_1 added
[  830.396751][T12147] HfR: left promiscuous mode
[  830.408343][T18301] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  830.435659][T18301] snd_dummy snd_dummy.0: control 16781581:65539:6:�'x?F���/��zF˷fC���:7 is already present
[  831.013345][T18244] batman_adv: batadv0: Adding interface: batadv_slave_0
[  831.021386][T18244] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  831.047300][    C1] vkms_vblank_simulate: vblank timer overrun
[  831.101819][T18244] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  831.114372][T18244] batman_adv: batadv0: Adding interface: batadv_slave_1
[  831.121644][T18244] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  831.147568][    C1] vkms_vblank_simulate: vblank timer overrun
[  831.171857][T18244] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  831.251835][T17221] Bluetooth: hci0: command tx timeout
[  831.402328][T18244] hsr_slave_0: entered promiscuous mode
[  831.412569][T18244] hsr_slave_1: entered promiscuous mode
[  831.449863][T18244] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  831.457869][T18244] Cannot create hsr debugfs directory
[  832.095285][T12147] hsr_slave_0: left promiscuous mode
[  832.122497][T12147] hsr_slave_1: left promiscuous mode
[  832.131193][T12147] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  832.165613][T12147] batman_adv: batadv0: Removing interface: batadv_slave_0
[  832.224070][T12147] veth1_macvtap: left promiscuous mode
[  832.243308][T12147] veth0_macvtap: left promiscuous mode
[  832.248959][T12147] veth1_vlan: left promiscuous mode
[  832.265075][T12147] veth0_vlan: left promiscuous mode
[  832.585421][T12147] team0 (unregistering): Port device team_slave_1 removed
[  832.618417][T12147] team0 (unregistering): Port device team_slave_0 removed
[  832.884690][T18361] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2459'.
[  833.332427][T17221] Bluetooth: hci0: command tx timeout
[  833.503954][T18244] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  833.525963][T18244] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  833.555156][T18244] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  833.605253][T18244] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  833.788187][T18244] 8021q: adding VLAN 0 to HW filter on device bond0
[  833.859165][T18244] 8021q: adding VLAN 0 to HW filter on device team0
[  833.873988][ T6247] bridge0: port 1(bridge_slave_0) entered blocking state
[  833.881139][ T6247] bridge0: port 1(bridge_slave_0) entered forwarding state
[  833.916587][ T6247] bridge0: port 2(bridge_slave_1) entered blocking state
[  833.923749][ T6247] bridge0: port 2(bridge_slave_1) entered forwarding state
[  833.946529][T18244] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  834.251298][T18244] 8021q: adding VLAN 0 to HW filter on device batadv0
[  834.345473][T18244] veth0_vlan: entered promiscuous mode
[  834.383046][T18244] veth1_vlan: entered promiscuous mode
[  834.453410][T18244] veth0_macvtap: entered promiscuous mode
[  834.462856][T18244] veth1_macvtap: entered promiscuous mode
[  834.480673][T18244] batman_adv: batadv0: Interface activated: batadv_slave_0
[  834.519638][T18244] batman_adv: batadv0: Interface activated: batadv_slave_1
[  834.541184][T18420] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2465'.
[  834.568855][T18244] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  834.587135][T18429] futex_wake_op: syz.2.2466 tries to shift op by -9; fix this program
[  834.604212][T18244] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  834.613570][T18244] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  834.644682][T18244] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  834.743523][T18244] ieee80211 phy26: Selected rate control algorithm 'minstrel_ht'
[  834.975945][ T6247] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  834.985583][T18244] ieee80211 phy27: Selected rate control algorithm 'minstrel_ht'
[  835.042061][ T6247] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  835.181169][T12147] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  835.201869][T12147] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  835.412099][T17221] Bluetooth: hci0: command tx timeout
[  836.110178][ T6184] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  836.117705][ T6184] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  836.125367][ T6184] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  836.147610][ T6184] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  836.155725][ T6184] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  836.898250][T18478] chnl_net:caif_netlink_parms(): no params data found
[  837.025388][T18478] bridge0: port 1(bridge_slave_0) entered blocking state
[  837.036827][T18478] bridge0: port 1(bridge_slave_0) entered disabled state
[  837.045126][T18478] bridge_slave_0: entered allmulticast mode
[  837.074502][T18478] bridge_slave_0: entered promiscuous mode
[  837.122708][T18478] bridge0: port 2(bridge_slave_1) entered blocking state
[  837.139810][T18508] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2476'.
[  837.182193][T18478] bridge0: port 2(bridge_slave_1) entered disabled state
[  837.202052][T18478] bridge_slave_1: entered allmulticast mode
[  837.219390][T18478] bridge_slave_1: entered promiscuous mode
[  837.319515][T18478] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  837.330858][T18519] pty pty175: ldisc open failed (-12), clearing slot 175
[  837.344505][T18478] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  837.663030][T18478] team0: Port device team_slave_0 added
[  837.704694][T18478] team0: Port device team_slave_1 added
[  837.875331][T18478] batman_adv: batadv0: Adding interface: batadv_slave_0
[  837.893333][T18478] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  837.932689][T18546] size and base must be multiples of 4 kiB
[  837.951793][T18546] CPU: 0 UID: 0 PID: 18546 Comm: syz.0.2481 Tainted: G     U              6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  837.951835][T18546] Tainted: [U]=USER
[  837.951844][T18546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  837.951861][T18546] Call Trace:
[  837.951869][T18546]  <TASK>
[  837.951878][T18546]  dump_stack_lvl+0x16c/0x1f0
[  837.951927][T18546]  mtrr_add+0xdf/0x110
[  837.951960][T18546]  mtrr_ioctl+0x7ef/0xcf0
[  837.951994][T18546]  ? __pfx_mtrr_ioctl+0x10/0x10
[  837.952029][T18546]  ? rcu_is_watching+0x12/0xc0
[  837.952063][T18546]  ? __fget_files+0x20e/0x3c0
[  837.952101][T18546]  ? __pfx_mtrr_ioctl+0x10/0x10
[  837.952135][T18546]  proc_reg_unlocked_ioctl+0x229/0x320
[  837.952176][T18546]  ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10
[  837.952221][T18546]  __x64_sys_ioctl+0x18e/0x210
[  837.952255][T18546]  do_syscall_64+0xcd/0x490
[  837.952281][T18546]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  837.952309][T18546] RIP: 0033:0x7f566338e929
[  837.952329][T18546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  837.952364][T18546] RSP: 002b:00007f56641b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  837.952390][T18546] RAX: ffffffffffffffda RBX: 00007f56635b6160 RCX: 00007f566338e929
[  837.952409][T18546] RDX: 0000000000000003 RSI: 00000000400c4d01 RDI: 0000000000000003
[  837.952427][T18546] RBP: 00007f5663410b39 R08: 0000000000000000 R09: 0000000000000000
[  837.952443][T18546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  837.952460][T18546] R13: 0000000000000000 R14: 00007f56635b6160 R15: 00007ffe6e925ec8
[  837.952487][T18546]  </TASK>
[  837.958825][T18478] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  838.211856][ T6184] Bluetooth: hci3: command tx timeout
[  838.221247][T18478] batman_adv: batadv0: Adding interface: batadv_slave_1
[  838.235993][T18478] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  838.302517][T18478] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  838.436256][T18552] netlink: Conntrack attr type has unexpected length (type=3, length=0, expected=8)
[  838.489565][T18478] hsr_slave_0: entered promiscuous mode
[  838.512360][T18478] hsr_slave_1: entered promiscuous mode
[  838.546198][T18478] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  838.569475][T18478] Cannot create hsr debugfs directory
[  839.261495][T18478] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  839.301927][T18559] rnbd_client L213: map_device: Parameters missing
[  839.316950][T18560] rnbd_client L213: map_device: Parameters missing
[  839.365263][T18478] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  839.478624][T18478] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  839.556493][T18572] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  839.570261][T18572] snd_dummy snd_dummy.0: control 16781581:65539:6:�'x?F���/��zF˷fC���:7 is already present
[  839.615974][T18478] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  839.827109][T18478] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  839.853556][T18478] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  839.862882][T18478] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  839.879029][T18478] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  839.963209][T18478] 8021q: adding VLAN 0 to HW filter on device bond0
[  839.985479][T18478] 8021q: adding VLAN 0 to HW filter on device team0
[  839.998122][T16728] bridge0: port 1(bridge_slave_0) entered blocking state
[  840.005306][T16728] bridge0: port 1(bridge_slave_0) entered forwarding state
[  840.031068][T16728] bridge0: port 2(bridge_slave_1) entered blocking state
[  840.038186][T16728] bridge0: port 2(bridge_slave_1) entered forwarding state
[  840.093218][T18582] nbd: must specify at least one socket
[  840.233898][T18478] 8021q: adding VLAN 0 to HW filter on device batadv0
[  840.292173][ T6184] Bluetooth: hci3: command tx timeout
[  840.485973][T18478] veth0_vlan: entered promiscuous mode
[  840.517682][T18478] veth1_vlan: entered promiscuous mode
[  840.618011][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[  840.626515][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[  840.640948][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[  840.643559][T18478] veth0_macvtap: entered promiscuous mode
[  840.653507][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[  840.661388][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[  840.668448][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[  840.669003][T18478] veth1_macvtap: entered promiscuous mode
[  840.677275][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[  840.687121][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[  840.830800][T18478] batman_adv: batadv0: Interface activated: batadv_slave_0
[  840.878468][T18478] batman_adv: batadv0: Interface activated: batadv_slave_1
[  840.972239][T18478] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  840.981048][T18478] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  840.991225][T18478] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  841.001377][T18478] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  841.087521][T18590] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  841.124464][T18590] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  841.141145][T18590] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  841.147924][T18590] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  841.169998][T18590] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  841.193918][T18590] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  841.211331][T18590] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  841.229574][T18590] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  841.243285][T18478] ieee80211 phy28: Selected rate control algorithm 'minstrel_ht'
[  841.320898][ T6247] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  841.344950][T18478] ieee80211 phy29: Selected rate control algorithm 'minstrel_ht'
[  841.353093][ T6247] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  841.379397][ T6247] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  841.391029][ T6247] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  841.456617][T18607] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2491'.
[  841.470493][T18607] ipvlan0: entered allmulticast mode
[  841.480419][T18607] veth0_vlan: entered allmulticast mode
[  841.765969][T18618] vivid-003: =================  START STATUS  =================
[  841.805322][T18618] vivid-003: Radio HW Seek Mode: Bounded
[  841.830919][T18618] vivid-003: Radio Programmable HW Seek: false
[  841.848814][T18618] vivid-003: RDS Rx I/O Mode: Block I/O
[  841.863524][T18618] vivid-003: Generate RBDS Instead of RDS: false
[  841.879082][T18618] vivid-003: RDS Reception: true
[  841.884318][T18618] vivid-003: RDS Program Type: 0 inactive
[  841.902321][T18618] vivid-003: RDS PS Name:  inactive
[  841.924453][T18618] vivid-003: RDS Radio Text:  inactive
[  841.934987][T18618] vivid-003: RDS Traffic Announcement: false inactive
[  841.954403][T18618] vivid-003: RDS Traffic Program: false inactive
[  841.996493][T18618] vivid-003: RDS Music: false inactive
[  842.019376][T18618] vivid-003: ==================  END STATUS  ==================
[  842.206391][T18612] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2472'.
[  842.456570][T18629] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  842.539722][T18632] snd_dummy snd_dummy.0: control 16781581:65539:6:�'x?F���/��zF˷fC���:7 is already present
[  842.564247][T18631] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2496'.
[  842.611825][ T6184] Bluetooth: hci4: command 0x0c1a tx timeout
[  842.818457][ T6184] Bluetooth: hci3: unexpected subevent 0x19 length: 252 > 28
[  842.827568][ T6184] Bluetooth: hci3: Unable to find connection with handle 0xc3d2
[  843.159142][T18648] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2500'.
[  843.173038][ T6184] Bluetooth: hci0: command 0x0c1a tx timeout
[  843.179057][T17221] Bluetooth: hci2: command 0x0c1a tx timeout
[  843.254249][ T6184] Bluetooth: hci3: command 0x0419 tx timeout
[  843.604621][T18659] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2501'.
[  844.889169][T18694] hub 8-0:1.0: USB hub found
[  844.894263][T18694] hub 8-0:1.0: 1 port detected
[  845.257800][ T6184] Bluetooth: hci0: command 0x0c1a tx timeout
[  845.320133][T18715] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2512'.
[  845.338717][ T6184] Bluetooth: hci3: command 0x0419 tx timeout
[  845.493850][T18696] FAULT_INJECTION: forcing a failure.
[  845.493850][T18696] name fail_futex, interval 1, probability 0, space 0, times 0
[  845.507479][T18696] CPU: 1 UID: 0 PID: 18696 Comm: syz.3.2511 Tainted: G     U              6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  845.507524][T18696] Tainted: [U]=USER
[  845.507531][T18696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  845.507560][T18696] Call Trace:
[  845.507566][T18696]  <TASK>
[  845.507574][T18696]  dump_stack_lvl+0x16c/0x1f0
[  845.507609][T18696]  should_fail_ex+0x512/0x640
[  845.507642][T18696]  get_futex_key+0x293/0x1540
[  845.507667][T18696]  ? __pfx_get_futex_key+0x10/0x10
[  845.507690][T18696]  ? __mutex_trylock_common+0xe9/0x250
[  845.507719][T18696]  ? __pfx___mutex_trylock_common+0x10/0x10
[  845.507749][T18696]  futex_wake+0xea/0x530
[  845.507776][T18696]  ? rcu_is_watching+0x12/0xc0
[  845.507796][T18696]  ? trace_contention_end+0xdd/0x130
[  845.507824][T18696]  ? __pfx_futex_wake+0x10/0x10
[  845.507853][T18696]  ? rcu_is_watching+0x12/0xc0
[  845.507873][T18696]  ? rcu_is_watching+0x12/0xc0
[  845.507893][T18696]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  845.507929][T18696]  do_futex+0x1e3/0x350
[  845.507953][T18696]  ? __pfx_do_futex+0x10/0x10
[  845.507977][T18696]  ? lock_release+0x201/0x2f0
[  845.508006][T18696]  mm_release+0x24e/0x300
[  845.508028][T18696]  do_exit+0x683/0x2bd0
[  845.508077][T18696]  ? futex_wake+0x456/0x530
[  845.508106][T18696]  ? __pfx_do_exit+0x10/0x10
[  845.508134][T18696]  ? do_raw_spin_lock+0x12c/0x2b0
[  845.508166][T18696]  ? get_signal+0x8f5/0x26d0
[  845.508187][T18696]  ? rcu_is_watching+0x12/0xc0
[  845.508209][T18696]  do_group_exit+0xd3/0x2a0
[  845.508238][T18696]  get_signal+0x2673/0x26d0
[  845.508261][T18696]  ? rcu_is_watching+0x12/0xc0
[  845.508282][T18696]  ? __might_fault+0x13b/0x190
[  845.508312][T18696]  ? rcu_is_watching+0x12/0xc0
[  845.508333][T18696]  ? __pfx_get_signal+0x10/0x10
[  845.508355][T18696]  ? do_futex+0x122/0x350
[  845.508380][T18696]  ? __pfx_do_futex+0x10/0x10
[  845.508406][T18696]  arch_do_signal_or_restart+0x8f/0x790
[  845.508430][T18696]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  845.508462][T18696]  exit_to_user_mode_loop+0x84/0x110
[  845.508495][T18696]  do_syscall_64+0x3f6/0x490
[  845.508515][T18696]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  845.508542][T18696] RIP: 0033:0x7f3cadf8e929
[  845.508558][T18696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  845.508581][T18696] RSP: 002b:00007f3caee240e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  845.508620][T18696] RAX: fffffffffffffe00 RBX: 00007f3cae1b6168 RCX: 00007f3cadf8e929
[  845.508636][T18696] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3cae1b6168
[  845.508651][T18696] RBP: 00007f3cae1b6160 R08: 0000000000000000 R09: 0000000000000000
[  845.508666][T18696] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3cae1b616c
[  845.508680][T18696] R13: 0000000000000000 R14: 00007ffd4b09ee40 R15: 00007ffd4b09ef28
[  845.508721][T18696]  </TASK>
[  845.793772][    C1] vkms_vblank_simulate: vblank timer overrun
[  845.958924][T18730] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input56
[  846.248108][T18734] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input57
[  846.426422][T18747] random: crng reseeded on system resumption
[  846.436148][T18747] PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
[  846.457933][T18747] PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
[  846.498572][T18747] PM: hibernation: Marking nosave pages: [mem 0xbfffd000-0xffffffff]
[  846.574854][T18747] PM: hibernation: Basic memory bitmaps created
[  847.040593][T18762] caif:caif_disconnect_client(): nothing to disconnect
[  847.126086][T18754] PM: hibernation: Basic memory bitmaps freed
[  847.331867][ T6184] Bluetooth: hci0: command 0x0c1a tx timeout
[  847.411962][ T6184] Bluetooth: hci3: command 0x0419 tx timeout
[  847.918309][T18783] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2526'.
[  848.122150][T18785] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2525'.
[  848.917321][T18803] vivid-007: =================  START STATUS  =================
[  848.981304][T18803] vivid-007: Enable Output Cropping: true
[  848.999807][T18803] vivid-007: Enable Output Composing: true
[  849.041799][T18803] vivid-007: Enable Output Scaler: true
[  849.071792][T18803] vivid-007: Tx RGB Quantization Range: Automatic
[  849.079405][T18803] vivid-007: Transmit Mode: HDMI
[  849.116793][T18803] vivid-007: Hotplug Present: 0x00000000
[  849.180719][T18803] vivid-007: RxSense Present: 0x00000000
[  849.191409][T18803] vivid-007: EDID Present: 0x00000000
[  849.197027][T18803] vivid-007: ==================  END STATUS  ==================
[  849.226555][T18829] futex_wake_op: syz.0.2534 tries to shift op by 64; fix this program
[  849.263521][T18829] vhci_hcd: invalid port number 21
[  849.268827][T18829] vhci_hcd: Wrong hub descriptor type for USB 3.0 roothub.
[  849.358531][T18831] FAULT_INJECTION: forcing a failure.
[  849.358531][T18831] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  849.451066][T18831] CPU: 0 UID: 0 PID: 18831 Comm: syz.0.2535 Tainted: G     U              6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  849.451108][T18831] Tainted: [U]=USER
[  849.451117][T18831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  849.451133][T18831] Call Trace:
[  849.451141][T18831]  <TASK>
[  849.451151][T18831]  dump_stack_lvl+0x16c/0x1f0
[  849.451197][T18831]  should_fail_ex+0x512/0x640
[  849.451249][T18831]  _copy_from_user+0x2e/0xd0
[  849.451292][T18831]  sctp_setsockopt+0x2045/0xb870
[  849.451333][T18831]  ? __pfx_sctp_setsockopt+0x10/0x10
[  849.451369][T18831]  ? __pfx_aa_sk_perm+0x10/0x10
[  849.451401][T18831]  ? percpu_counter_add_batch+0xb8/0x1f0
[  849.451440][T18831]  ? sock_common_setsockopt+0x2e/0xf0
[  849.451472][T18831]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  849.451504][T18831]  do_sock_setsockopt+0x221/0x470
[  849.451534][T18831]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  849.451563][T18831]  ? __fget_files+0x204/0x3c0
[  849.451599][T18831]  ? rcu_is_watching+0x12/0xc0
[  849.451626][T18831]  ? lock_release+0x201/0x2f0
[  849.451669][T18831]  __sys_setsockopt+0x120/0x1a0
[  849.451713][T18831]  __x64_sys_setsockopt+0xbd/0x160
[  849.451757][T18831]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  849.451800][T18831]  do_syscall_64+0xcd/0x490
[  849.451825][T18831]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  849.451852][T18831] RIP: 0033:0x7f566338e929
[  849.451872][T18831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  849.451900][T18831] RSP: 002b:00007f56641f2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  849.451925][T18831] RAX: ffffffffffffffda RBX: 00007f56635b5fa0 RCX: 00007f566338e929
[  849.451943][T18831] RDX: 0000000000000000 RSI: 0000010000000084 RDI: 0000000000000005
[  849.451959][T18831] RBP: 00007f5663410b39 R08: 0000000000000010 R09: 0000000000000000
[  849.451976][T18831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  849.451993][T18831] R13: 0000000000000000 R14: 00007f56635b5fa0 R15: 00007ffe6e925ec8
[  849.452018][T18831]  </TASK>
[  849.805310][ T6184] Bluetooth: hci3: command 0x0419 tx timeout
[  850.231300][T18854] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  850.244916][T18854] snd_dummy snd_dummy.0: control 16781581:65539:6:�'x?F���/��zF˷fC���:7 is already present
[  850.451151][T18857] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2539'.
[  850.642322][T18861] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  850.701412][T18860] snd_dummy snd_dummy.0: control 16781581:65539:6:�'x?F���/��zF˷fC���:7 is already present
[  852.359503][T18905] netlink: 354 bytes leftover after parsing attributes in process `syz.2.2550'.
[  852.635580][T18901] Invalid ELF header magic: != ELF
[  852.946952][T18919] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input58
[  853.542209][T18938] FAULT_INJECTION: forcing a failure.
[  853.542209][T18938] name failslab, interval 1, probability 0, space 0, times 0
[  853.557768][T18938] CPU: 0 UID: 0 PID: 18938 Comm: syz.3.2557 Tainted: G     U              6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  853.557817][T18938] Tainted: [U]=USER
[  853.557827][T18938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  853.557846][T18938] Call Trace:
[  853.557854][T18938]  <TASK>
[  853.557865][T18938]  dump_stack_lvl+0x16c/0x1f0
[  853.557917][T18938]  should_fail_ex+0x512/0x640
[  853.557965][T18938]  should_failslab+0xc2/0x120
[  853.558006][T18938]  __kmalloc_cache_noprof+0x6a/0x3e0
[  853.558065][T18938]  ? kvm_uevent_notify_change.part.0+0x2b2/0x450
[  853.558122][T18938]  kvm_uevent_notify_change.part.0+0x2b2/0x450
[  853.558157][T18938]  ? __pfx_kvm_vm_release+0x10/0x10
[  853.558213][T18938]  kvm_put_kvm+0xe4/0xb40
[  853.558264][T18938]  ? __pfx_kvm_vm_release+0x10/0x10
[  853.558313][T18938]  kvm_vm_release+0x3c/0x50
[  853.558361][T18938]  __fput+0x402/0xb70
[  853.558395][T18938]  task_work_run+0x150/0x240
[  853.558442][T18938]  ? __pfx_task_work_run+0x10/0x10
[  853.558490][T18938]  ? __pfx___do_sys_close_range+0x10/0x10
[  853.558541][T18938]  exit_to_user_mode_loop+0xeb/0x110
[  853.558592][T18938]  do_syscall_64+0x3f6/0x490
[  853.558621][T18938]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  853.558653][T18938] RIP: 0033:0x7f3cadf8e929
[  853.558677][T18938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  853.558711][T18938] RSP: 002b:00007f3caee66038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  853.558742][T18938] RAX: 0000000000000000 RBX: 00007f3cae1b5fa0 RCX: 00007f3cadf8e929
[  853.558763][T18938] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002
[  853.558782][T18938] RBP: 00007f3cae010b39 R08: 0000000000000000 R09: 0000000000000000
[  853.558801][T18938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  853.558820][T18938] R13: 0000000000000000 R14: 00007f3cae1b5fa0 R15: 00007ffd4b09ef28
[  853.558850][T18938]  </TASK>
[  854.208937][T18937] ima: policy update failed
[  854.222039][   T30] audit: type=1802 audit(4295012380.057:23): pid=18937 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.2559" res=0 errno=0
[  856.221663][T19009] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2572'.
[  856.248269][T19009] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2572'.
[  856.289610][   T30] audit: type=1800 audit(4295012382.127:24): pid=18988 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2570" name="SYSV000007ff" dev="hugetlbfs" ino=0 res=0 errno=0
[  856.664649][T19028] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2576'.
[  857.494797][T19032] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2577'.
[  857.644600][T19047] netlink: 'syz.1.2580': attribute type 11 has an invalid length.
[  857.652654][T19047] netlink: 'syz.1.2580': attribute type 11 has an invalid length.
[  857.660525][T19047] netlink: 'syz.1.2580': attribute type 11 has an invalid length.
[  858.717376][T19064] syz.2.2585(19064): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[  858.751175][T19041] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888078002e00 pfn:0x78000
[  858.761392][T19041] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  858.769979][T19041] memcg:ffff888025cf9001
[  858.774687][T19041] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  858.782847][T19041] page_type: f5(slab)
[  858.786888][T19041] raw: 00fff00000000040 ffff88801d378000 0000000000000000 0000000000000001
[  858.796292][T19041] raw: ffff888078002e00 00000000800b0009 00000000f5000000 ffff888025cf9001
[  858.805273][T19041] head: 00fff00000000040 ffff88801d378000 0000000000000000 0000000000000001
[  858.814115][T19041] head: ffff888078002e00 00000000800b0009 00000000f5000000 ffff888025cf9001
[  858.823419][T19041] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff
[  858.832253][T19041] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  858.840979][T19041] page dumped because: unmovable page
[  858.846388][T19041] page_owner tracks the page as allocated
[  858.852294][T19041] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 14781, tgid 14775 (syz.2.1735), ts 657760496970, free_ts 657525219062
[  858.873952][T19041]  post_alloc_hook+0x1c0/0x230
[  858.878813][T19041]  get_page_from_freelist+0x1321/0x3890
[  858.884503][T19041]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  858.890478][T19041]  alloc_pages_mpol+0x1fb/0x550
[  858.895397][T19041]  new_slab+0x23b/0x330
[  858.899585][T19041]  ___slab_alloc+0xd9c/0x1940
[  858.904359][T19041]  __slab_alloc.constprop.0+0x56/0xb0
[  858.910050][T19041]  kmem_cache_alloc_noprof+0xef/0x3b0
[  858.915510][T19041]  sk_prot_alloc+0x60/0x2a0
[  858.920683][T19041]  sk_alloc+0x36/0xc20
[  859.079904][T19047] could not allocate digest TFM handle binfmt_misc
[  859.100746][T19041]  inet_create+0x3a1/0x1090
[  859.105332][T19041]  __sock_create+0x338/0x8d0
[  859.109981][T19041]  __sys_socket+0x14d/0x260
[  859.114953][T19041]  __x64_sys_socket+0x72/0xb0
[  859.119703][T19041]  do_syscall_64+0xcd/0x490
[  859.125950][T19041]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  859.132119][T19041] page last free pid 14769 tgid 14762 stack trace:
[  859.138828][T19041]  __free_frozen_pages+0x7fe/0x1180
[  859.148894][T19041]  __put_partials+0x16d/0x1c0
[  859.153674][T19041]  qlist_free_all+0x4d/0x120
[  859.158338][T19041]  kasan_quarantine_reduce+0x195/0x1e0
[  859.164090][T19041]  __kasan_slab_alloc+0x69/0x90
[  859.169018][T19041]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  859.175030][T19041]  getname_flags.part.0+0x4c/0x550
[  859.180203][T19041]  getname_flags+0x93/0xf0
[  859.184710][T19041]  do_sys_openat2+0xb8/0x1d0
[  859.189365][T19041]  __x64_sys_openat+0x174/0x210
[  859.194320][T19041]  do_syscall_64+0xcd/0x490
[  859.198876][T19041]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  859.397820][T19075] cougar: G6 mapped to space
[  860.786142][T19099] FAULT_INJECTION: forcing a failure.
[  860.786142][T19099] name failslab, interval 1, probability 0, space 0, times 0
[  860.809070][T19099] CPU: 1 UID: 0 PID: 19099 Comm: syz.0.2590 Tainted: G     U              6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  860.809113][T19099] Tainted: [U]=USER
[  860.809123][T19099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  860.809140][T19099] Call Trace:
[  860.809149][T19099]  <TASK>
[  860.809159][T19099]  dump_stack_lvl+0x16c/0x1f0
[  860.809209][T19099]  should_fail_ex+0x512/0x640
[  860.809253][T19099]  ? snd_pcm_plugin_build+0x434/0x650
[  860.809289][T19099]  should_failslab+0xc2/0x120
[  860.809316][T19099]  __kmalloc_noprof+0xd2/0x510
[  860.809365][T19099]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  860.809415][T19099]  snd_pcm_plugin_build+0x434/0x650
[  860.809454][T19099]  snd_pcm_plugin_build_mulaw+0x280/0x7a0
[  860.809496][T19099]  ? __pfx_mulaw_decode+0x10/0x10
[  860.809532][T19099]  ? __pfx_snd_pcm_plugin_build_mulaw+0x10/0x10
[  860.809574][T19099]  ? snd_pcm_hw_params+0xcd/0x1b40
[  860.809608][T19099]  snd_pcm_plug_format_plugins+0xbe7/0x1430
[  860.809642][T19099]  ? __pfx_snd_pcm_plug_format_plugins+0x10/0x10
[  860.809677][T19099]  ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10
[  860.809714][T19099]  snd_pcm_oss_change_params_locked+0x2dec/0x3a30
[  860.809757][T19099]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  860.809798][T19099]  snd_pcm_oss_get_active_substream+0x168/0x1d0
[  860.809829][T19099]  snd_pcm_oss_ioctl+0x30f1/0x37a0
[  860.809859][T19099]  ? __fget_files+0x204/0x3c0
[  860.809890][T19099]  ? hook_file_ioctl_common+0x145/0x410
[  860.809916][T19099]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  860.809945][T19099]  ? __fget_files+0x20e/0x3c0
[  860.809978][T19099]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  860.810006][T19099]  __x64_sys_ioctl+0x18e/0x210
[  860.810033][T19099]  do_syscall_64+0xcd/0x490
[  860.810055][T19099]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  860.810079][T19099] RIP: 0033:0x7f566338e929
[  860.810097][T19099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  860.810120][T19099] RSP: 002b:00007f56641d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  860.810143][T19099] RAX: ffffffffffffffda RBX: 00007f56635b6080 RCX: 00007f566338e929
[  860.810158][T19099] RDX: 0000200000000000 RSI: 00000000c0045004 RDI: 0000000000000006
[  860.810173][T19099] RBP: 00007f5663410b39 R08: 0000000000000000 R09: 0000000000000000
[  860.810187][T19099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  860.810201][T19099] R13: 0000000000000000 R14: 00007f56635b6080 R15: 00007ffe6e925ec8
[  860.810223][T19099]  </TASK>
[  861.058900][    C1] vkms_vblank_simulate: vblank timer overrun
[  863.312634][T19142] FAULT_INJECTION: forcing a failure.
[  863.312634][T19142] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  863.377675][T19142] CPU: 0 UID: 0 PID: 19142 Comm: syz.0.2601 Tainted: G     U              6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  863.377711][T19142] Tainted: [U]=USER
[  863.377718][T19142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  863.377731][T19142] Call Trace:
[  863.377738][T19142]  <TASK>
[  863.377745][T19142]  dump_stack_lvl+0x16c/0x1f0
[  863.377782][T19142]  should_fail_ex+0x512/0x640
[  863.377816][T19142]  should_fail_alloc_page+0xe7/0x130
[  863.377838][T19142]  prepare_alloc_pages+0x3c2/0x610
[  863.377865][T19142]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  863.377899][T19142]  ? kasan_save_stack+0x42/0x60
[  863.377940][T19142]  ? kasan_save_stack+0x33/0x60
[  863.377970][T19142]  ? kasan_save_stack+0x42/0x60
[  863.377998][T19142]  ? kasan_save_stack+0x33/0x60
[  863.378025][T19142]  ? kasan_save_track+0x14/0x30
[  863.378053][T19142]  ? __kasan_slab_alloc+0x89/0x90
[  863.378083][T19142]  ? kmem_cache_alloc_noprof+0x1cb/0x3b0
[  863.378112][T19142]  ? __anon_vma_prepare+0x344/0x5e0
[  863.378139][T19142]  ? __vmf_anon_prepare+0x11c/0x240
[  863.378167][T19142]  ? __handle_mm_fault+0x27f6/0x5490
[  863.378192][T19142]  ? handle_mm_fault+0x589/0xd10
[  863.378217][T19142]  ? __get_user_pages+0x589/0x3b80
[  863.378238][T19142]  ? populate_vma_page_range+0x278/0x3a0
[  863.378263][T19142]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  863.378293][T19142]  ? __x64_sys_mmap+0x125/0x190
[  863.378319][T19142]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  863.378340][T19142]  ? rcu_is_watching+0x12/0xc0
[  863.378360][T19142]  ? lock_acquire+0x2cd/0x350
[  863.378385][T19142]  ? local_lock_release+0x99/0x140
[  863.378405][T19142]  ? rcu_is_watching+0x12/0xc0
[  863.378428][T19142]  ? lock_release+0x201/0x2f0
[  863.378464][T19142]  ? rcu_is_watching+0x12/0xc0
[  863.378491][T19142]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  863.378523][T19142]  ? policy_nodemask+0xea/0x4e0
[  863.378556][T19142]  alloc_pages_mpol+0x1fb/0x550
[  863.378574][T19142]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  863.378592][T19142]  ? __anon_vma_prepare+0x2db/0x5e0
[  863.378618][T19142]  ? rcu_is_watching+0x12/0xc0
[  863.378637][T19142]  ? lock_release+0x201/0x2f0
[  863.378662][T19142]  folio_alloc_mpol_noprof+0x36/0x2f0
[  863.378685][T19142]  vma_alloc_folio_noprof+0xed/0x1e0
[  863.378707][T19142]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  863.378728][T19142]  ? __anon_vma_prepare+0x2e2/0x5e0
[  863.378758][T19142]  __handle_mm_fault+0x2f21/0x5490
[  863.378786][T19142]  ? __pfx___handle_mm_fault+0x10/0x10
[  863.378818][T19142]  ? find_vma+0xbf/0x140
[  863.378836][T19142]  ? __pfx_find_vma+0x10/0x10
[  863.378856][T19142]  handle_mm_fault+0x589/0xd10
[  863.378890][T19142]  __get_user_pages+0x589/0x3b80
[  863.378915][T19142]  ? __pfx_mt_find+0x10/0x10
[  863.378935][T19142]  ? __pfx___get_user_pages+0x10/0x10
[  863.378958][T19142]  ? __pfx___might_resched+0x10/0x10
[  863.378977][T19142]  ? cap_capable+0xb3/0x250
[  863.378997][T19142]  populate_vma_page_range+0x278/0x3a0
[  863.379021][T19142]  ? __pfx_populate_vma_page_range+0x10/0x10
[  863.379045][T19142]  ? __pfx_find_vma_intersection+0x10/0x10
[  863.379067][T19142]  ? do_mmap+0x69c/0x1210
[  863.379089][T19142]  __mm_populate+0x1d8/0x380
[  863.379113][T19142]  ? __pfx___mm_populate+0x10/0x10
[  863.379137][T19142]  ? up_write+0x1b2/0x520
[  863.379171][T19142]  vm_mmap_pgoff+0x362/0x450
[  863.379191][T19142]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  863.379213][T19142]  ? __x64_sys_futex+0x1e0/0x4c0
[  863.379238][T19142]  ? __x64_sys_futex+0x1e9/0x4c0
[  863.379263][T19142]  ksys_mmap_pgoff+0x7d/0x5c0
[  863.379283][T19142]  ? xfd_validate_state+0x61/0x180
[  863.379308][T19142]  ? __pfx_do_writev+0x10/0x10
[  863.379335][T19142]  __x64_sys_mmap+0x125/0x190
[  863.379363][T19142]  do_syscall_64+0xcd/0x490
[  863.379382][T19142]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  863.379404][T19142] RIP: 0033:0x7f566338e929
[  863.379419][T19142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  863.379439][T19142] RSP: 002b:00007f56641d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  863.379459][T19142] RAX: ffffffffffffffda RBX: 00007f56635b6080 RCX: 00007f566338e929
[  863.379473][T19142] RDX: 00000000000000df RSI: 000000000040000b RDI: 0000000000000000
[  863.379485][T19142] RBP: 00007f5663410b39 R08: 0000000000000002 R09: 0000000000008000
[  863.379498][T19142] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000
[  863.379516][T19142] R13: 0000000000000000 R14: 00007f56635b6080 R15: 00007ffe6e925ec8
[  863.379536][T19142]  </TASK>
[  864.381104][T19141] netlink: 13 bytes leftover after parsing attributes in process `syz.0.2601'.
[  864.659438][T19151] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2603'.
[  864.731359][T19151] mac80211_hwsim hwsim22 wlan1: entered allmulticast mode
[  864.897437][T19165] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  864.991321][T19155] snd_dummy snd_dummy.0: control 16781581:65539:6:�'x?F���/��zF˷fC���:7 is already present
[  865.963325][T19185] FAULT_INJECTION: forcing a failure.
[  865.963325][T19185] name failslab, interval 1, probability 0, space 0, times 0
[  866.039292][T19185] CPU: 0 UID: 0 PID: 19185 Comm: syz.2.2608 Tainted: G     U              6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  866.039335][T19185] Tainted: [U]=USER
[  866.039344][T19185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  866.039360][T19185] Call Trace:
[  866.039367][T19185]  <TASK>
[  866.039376][T19185]  dump_stack_lvl+0x16c/0x1f0
[  866.039422][T19185]  should_fail_ex+0x512/0x640
[  866.039463][T19185]  ? tomoyo_encode2+0x100/0x3e0
[  866.039497][T19185]  should_failslab+0xc2/0x120
[  866.039521][T19185]  __kmalloc_noprof+0xd2/0x510
[  866.039561][T19185]  tomoyo_encode2+0x100/0x3e0
[  866.039597][T19185]  tomoyo_encode+0x29/0x50
[  866.039630][T19185]  tomoyo_realpath_from_path+0x18f/0x6e0
[  866.039668][T19185]  ? tomoyo_profile+0x47/0x60
[  866.039708][T19185]  tomoyo_path_number_perm+0x245/0x580
[  866.039737][T19185]  ? tomoyo_path_number_perm+0x237/0x580
[  866.039767][T19185]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  866.039802][T19185]  ? preempt_count_add+0x76/0x150
[  866.039848][T19185]  ? rcu_is_watching+0x12/0xc0
[  866.039873][T19185]  ? __fget_files+0x204/0x3c0
[  866.039906][T19185]  ? hook_file_ioctl_common+0x145/0x410
[  866.039933][T19185]  ? lock_release+0x201/0x2f0
[  866.039975][T19185]  ? __fget_files+0x20e/0x3c0
[  866.040011][T19185]  security_file_ioctl+0x9b/0x240
[  866.040044][T19185]  __x64_sys_ioctl+0xb7/0x210
[  866.040074][T19185]  do_syscall_64+0xcd/0x490
[  866.040097][T19185]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  866.040123][T19185] RIP: 0033:0x7f13e878e929
[  866.040142][T19185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  866.040169][T19185] RSP: 002b:00007f13e95f0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  866.040194][T19185] RAX: ffffffffffffffda RBX: 00007f13e89b6240 RCX: 00007f13e878e929
[  866.040212][T19185] RDX: 0000000000000024 RSI: 00000000000089f0 RDI: 0000000000000003
[  866.040228][T19185] RBP: 00007f13e95f0090 R08: 0000000000000000 R09: 0000000000000000
[  866.040243][T19185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  866.040258][T19185] R13: 0000000000000001 R14: 00007f13e89b6240 R15: 00007ffd3562ba48
[  866.040282][T19185]  </TASK>
[  866.040299][T19185] ERROR: Out of memory at tomoyo_realpath_from_path.
[  866.410371][T19192] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2611'.
[  866.965223][T19194] FAULT_INJECTION: forcing a failure.
[  866.965223][T19194] name failslab, interval 1, probability 0, space 0, times 0
[  866.978316][T19194] CPU: 1 UID: 0 PID: 19194 Comm: syz.3.2612 Tainted: G     U              6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  866.978347][T19194] Tainted: [U]=USER
[  866.978354][T19194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  866.978366][T19194] Call Trace:
[  866.978372][T19194]  <TASK>
[  866.978379][T19194]  dump_stack_lvl+0x16c/0x1f0
[  866.978413][T19194]  should_fail_ex+0x512/0x640
[  866.978445][T19194]  should_failslab+0xc2/0x120
[  866.978471][T19194]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  866.978514][T19194]  ? __pfx___vma_enter_locked+0x10/0x10
[  866.978552][T19194]  ? vm_area_dup+0x27/0x8d0
[  866.978583][T19194]  vm_area_dup+0x27/0x8d0
[  866.978609][T19194]  dup_mmap+0x877/0x21d0
[  866.978636][T19194]  ? __pfx_dup_mmap+0x10/0x10
[  866.978659][T19194]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  866.978691][T19194]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  866.978722][T19194]  ? __pfx___might_resched+0x10/0x10
[  866.978744][T19194]  ? mm_init+0xd3b/0x13c0
[  866.978765][T19194]  copy_process+0x4081/0x76a0
[  866.978789][T19194]  ? __pfx___futex_wait+0x10/0x10
[  866.978822][T19194]  ? __pfx_copy_process+0x10/0x10
[  866.978845][T19194]  ? lock_release+0x201/0x2f0
[  866.978875][T19194]  kernel_clone+0xfc/0x960
[  866.978909][T19194]  ? __pfx_kernel_clone+0x10/0x10
[  866.978940][T19194]  __do_sys_clone+0xce/0x120
[  866.978964][T19194]  ? __pfx___do_sys_clone+0x10/0x10
[  866.978988][T19194]  ? lock_release+0x201/0x2f0
[  866.979017][T19194]  ? xfd_validate_state+0x61/0x180
[  866.979047][T19194]  do_syscall_64+0xcd/0x490
[  866.979066][T19194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  866.979086][T19194] RIP: 0033:0x7f3cadf8e929
[  866.979101][T19194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  866.979121][T19194] RSP: 002b:00007f3caee65fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  866.979140][T19194] RAX: ffffffffffffffda RBX: 00007f3cae1b5fa0 RCX: 00007f3cadf8e929
[  866.979154][T19194] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411
[  866.979166][T19194] RBP: 00007f3cae010b39 R08: 0000000000000000 R09: 0000000000000000
[  866.979179][T19194] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  866.979190][T19194] R13: 0000000000000000 R14: 00007f3cae1b5fa0 R15: 00007ffd4b09ef28
[  866.979208][T19194]  </TASK>
[  867.999037][T19221] futex_wake_op: syz.2.2616 tries to shift op by 64; fix this program
[  868.237240][T19222] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888078002e00 pfn:0x78000
[  868.358075][T19229] FAULT_INJECTION: forcing a failure.
[  868.358075][T19229] name failslab, interval 1, probability 0, space 0, times 0
[  868.398507][T19222] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  868.429712][T19229] CPU: 1 UID: 0 PID: 19229 Comm: syz.3.2617 Tainted: G     U              6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  868.429759][T19229] Tainted: [U]=USER
[  868.429769][T19229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  868.429786][T19229] Call Trace:
[  868.429795][T19229]  <TASK>
[  868.429804][T19229]  dump_stack_lvl+0x16c/0x1f0
[  868.429854][T19229]  should_fail_ex+0x512/0x640
[  868.429898][T19229]  should_failslab+0xc2/0x120
[  868.429925][T19229]  __kmalloc_cache_noprof+0x6a/0x3e0
[  868.429962][T19229]  ? kobject_uevent_env+0x265/0x1870
[  868.429997][T19229]  kobject_uevent_env+0x265/0x1870
[  868.430029][T19229]  ? __pfx_dev_uevent_name+0x10/0x10
[  868.430074][T19229]  ? kfree+0x2b4/0x4d0
[  868.430107][T19229]  ? kvm_uevent_notify_change.part.0+0x32d/0x450
[  868.430141][T19229]  kvm_uevent_notify_change.part.0+0x3ae/0x450
[  868.430173][T19229]  ? __pfx_kvm_vm_release+0x10/0x10
[  868.430216][T19229]  kvm_put_kvm+0xe4/0xb40
[  868.430260][T19229]  ? __pfx_kvm_vm_release+0x10/0x10
[  868.430303][T19229]  kvm_vm_release+0x3c/0x50
[  868.430343][T19229]  __fput+0x402/0xb70
[  868.430374][T19229]  task_work_run+0x150/0x240
[  868.430416][T19229]  ? __pfx_task_work_run+0x10/0x10
[  868.430457][T19229]  ? __pfx___do_sys_close_range+0x10/0x10
[  868.430502][T19229]  exit_to_user_mode_loop+0xeb/0x110
[  868.430546][T19229]  do_syscall_64+0x3f6/0x490
[  868.430573][T19229]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  868.430602][T19229] RIP: 0033:0x7f3cadf8e929
[  868.430622][T19229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  868.430652][T19229] RSP: 002b:00007f3caee66038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  868.430679][T19229] RAX: 0000000000000000 RBX: 00007f3cae1b5fa0 RCX: 00007f3cadf8e929
[  868.430696][T19229] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002
[  868.430712][T19229] RBP: 00007f3cae010b39 R08: 0000000000000000 R09: 0000000000000000
[  868.430729][T19229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  868.430745][T19229] R13: 0000000000000000 R14: 00007f3cae1b5fa0 R15: 00007ffd4b09ef28
[  868.430771][T19229]  </TASK>
[  868.446148][T19222] memcg:ffff888025cf9001
[  868.599095][    C0] vkms_vblank_simulate: vblank timer overrun
[  868.665867][T19222] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  868.674141][T19222] page_type: f5(slab)
[  868.689789][T19222] raw: 00fff00000000040 ffff88801d378000 0000000000000000 0000000000000001
[  868.735888][T19222] raw: ffff888078002e00 00000000800b0009 00000000f5000000 ffff888025cf9001
[  868.795819][T19222] head: 00fff00000000040 ffff88801d378000 0000000000000000 0000000000000001
[  868.829840][T19222] head: ffff888078002e00 00000000800b0009 00000000f5000000 ffff888025cf9001
[  868.854556][T19222] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff
[  868.877612][T19222] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  868.901365][T19222] page dumped because: unmovable page
[  868.909999][T19222] page_owner tracks the page as allocated
[  868.915348][T19236] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  868.925841][T19222] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 14781, tgid 14775 (syz.2.1735), ts 657760496970, free_ts 657525219062
[  868.946656][T19236] snd_dummy snd_dummy.0: control 16781581:65539:6:�'x?F���/��zF˷fC���:7 is already present
[  868.959610][T19222]  post_alloc_hook+0x1c0/0x230
[  868.969699][T19222]  get_page_from_freelist+0x1321/0x3890
[  868.975322][T19222]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  868.981565][T19222]  alloc_pages_mpol+0x1fb/0x550
[  868.986696][T19222]  new_slab+0x23b/0x330
[  868.990908][T19222]  ___slab_alloc+0xd9c/0x1940
[  868.995903][T19222]  __slab_alloc.constprop.0+0x56/0xb0
[  869.001327][T19222]  kmem_cache_alloc_noprof+0xef/0x3b0
[  869.007264][T19222]  sk_prot_alloc+0x60/0x2a0
[  869.011808][T19222]  sk_alloc+0x36/0xc20
[  869.016152][T19222]  inet_create+0x3a1/0x1090
[  869.020773][T19222]  __sock_create+0x338/0x8d0
[  869.025866][T19222]  __sys_socket+0x14d/0x260
[  869.030489][T19222]  __x64_sys_socket+0x72/0xb0
[  869.035317][T19222]  do_syscall_64+0xcd/0x490
[  869.040212][T19222]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  869.046246][T19222] page last free pid 14769 tgid 14762 stack trace:
[  869.053566][T19222]  __free_frozen_pages+0x7fe/0x1180
[  869.058898][T19222]  __put_partials+0x16d/0x1c0
[  869.063699][T19222]  qlist_free_all+0x4d/0x120
[  869.068505][T19222]  kasan_quarantine_reduce+0x195/0x1e0
[  869.074144][T19222]  __kasan_slab_alloc+0x69/0x90
[  869.079126][T19222]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  869.084755][T19222]  getname_flags.part.0+0x4c/0x550
[  869.089984][T19222]  getname_flags+0x93/0xf0
[  869.094497][T19222]  do_sys_openat2+0xb8/0x1d0
[  869.099252][T19222]  __x64_sys_openat+0x174/0x210
[  869.104228][T19222]  do_syscall_64+0xcd/0x490
[  869.107016][T19238] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2619'.
[  869.108857][T19222]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  869.394885][T19248] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2624'.
[  869.894483][T19256] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2625'.
[  869.985923][T19264] FAULT_INJECTION: forcing a failure.
[  869.985923][T19264] name failslab, interval 1, probability 0, space 0, times 0
[  870.021131][T19264] CPU: 1 UID: 0 PID: 19264 Comm: syz.0.2628 Tainted: G     U              6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  870.021179][T19264] Tainted: [U]=USER
[  870.021190][T19264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  870.021205][T19264] Call Trace:
[  870.021212][T19264]  <TASK>
[  870.021220][T19264]  dump_stack_lvl+0x16c/0x1f0
[  870.021264][T19264]  should_fail_ex+0x512/0x640
[  870.021301][T19264]  should_failslab+0xc2/0x120
[  870.021323][T19264]  __kmalloc_cache_noprof+0x6a/0x3e0
[  870.021355][T19264]  ? kobject_uevent_env+0x265/0x1870
[  870.021384][T19264]  kobject_uevent_env+0x265/0x1870
[  870.021410][T19264]  ? __pfx_dev_uevent_name+0x10/0x10
[  870.021442][T19264]  ? kfree+0x2b4/0x4d0
[  870.021469][T19264]  ? kvm_uevent_notify_change.part.0+0x32d/0x450
[  870.021498][T19264]  kvm_uevent_notify_change.part.0+0x3ae/0x450
[  870.021525][T19264]  ? __pfx_kvm_vm_release+0x10/0x10
[  870.021560][T19264]  kvm_put_kvm+0xe4/0xb40
[  870.021598][T19264]  ? __pfx_kvm_vm_release+0x10/0x10
[  870.021633][T19264]  kvm_vm_release+0x3c/0x50
[  870.021668][T19264]  __fput+0x402/0xb70
[  870.021692][T19264]  task_work_run+0x150/0x240
[  870.021728][T19264]  ? __pfx_task_work_run+0x10/0x10
[  870.021764][T19264]  ? __pfx___do_sys_close_range+0x10/0x10
[  870.021802][T19264]  exit_to_user_mode_loop+0xeb/0x110
[  870.021838][T19264]  do_syscall_64+0x3f6/0x490
[  870.021860][T19264]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  870.021883][T19264] RIP: 0033:0x7f566338e929
[  870.021901][T19264] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  870.021924][T19264] RSP: 002b:00007f56641f2038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  870.021947][T19264] RAX: 0000000000000000 RBX: 00007f56635b5fa0 RCX: 00007f566338e929
[  870.021962][T19264] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002
[  870.021976][T19264] RBP: 00007f5663410b39 R08: 0000000000000000 R09: 0000000000000000
[  870.021990][T19264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  870.022010][T19264] R13: 0000000000000000 R14: 00007f56635b5fa0 R15: 00007ffe6e925ec8
[  870.022032][T19264]  </TASK>
[  870.582990][T19285] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2632'.
[  870.609181][ T8231] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  870.660048][ T8231] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  870.678986][ T8231] bond0 (unregistering): Released all slaves
[  870.700161][T19285] hsr0: entered allmulticast mode
[  870.708573][T19285] hsr_slave_0: entered allmulticast mode
[  870.754894][T19285] hsr_slave_1: entered allmulticast mode
[  870.776408][ T8231] .^: left promiscuous mode
[  870.890332][T17221] Bluetooth: hci0: unexpected event 0x23 length: 127 > 13
[  870.915625][ T8231] HfR: left promiscuous mode
[  871.000776][T19304] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  871.031983][T19297] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  871.055893][T19297] snd_dummy snd_dummy.0: control 16781581:65539:6:�'x?F���/��zF˷fC���:7 is already present
[  871.466699][ T8231] hsr_slave_0: left promiscuous mode
[  871.472643][ T8231] hsr_slave_1: left promiscuous mode
[  871.481441][ T8231] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  871.497777][ T8231] batman_adv: batadv0: Removing interface: batadv_slave_0
[  871.514265][ T8231] veth1_macvtap: left allmulticast mode
[  871.520253][ T8231] veth1_macvtap: left promiscuous mode
[  871.526156][ T8231] veth0_macvtap: left promiscuous mode
[  871.531805][ T8231] veth1_vlan: left promiscuous mode
[  871.537384][ T8231] veth0_vlan: left promiscuous mode
[  871.760415][ T8231] team0 (unregistering): Port device team_slave_1 removed
[  871.798104][ T8231] team0 (unregistering): Port device team_slave_0 removed
[  871.849860][T19322] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888078001700 pfn:0x78000
[  871.913559][T19322] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  871.981030][T19322] memcg:ffff888025cf9001
[  872.052556][T19322] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  872.108147][T19322] page_type: f5(slab)
[  872.113730][T19322] raw: 00fff00000000040 ffff88801d378000 0000000000000000 0000000000000001
[  872.122747][T19322] raw: ffff888078001700 00000000800b0006 00000000f5000000 ffff888025cf9001
[  872.133232][T19322] head: 00fff00000000040 ffff88801d378000 0000000000000000 0000000000000001
[  872.142929][T19322] head: ffff888078001700 00000000800b0006 00000000f5000000 ffff888025cf9001
[  872.175600][T19322] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff
[  872.204947][T19322] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  872.223827][T19322] page dumped because: unmovable page
[  872.229540][T19322] page_owner tracks the page as allocated
[  872.240215][T19322] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 14781, tgid 14775 (syz.2.1735), ts 657760496970, free_ts 657525219062
[  872.301032][T19322]  post_alloc_hook+0x1c0/0x230
[  872.317032][T19322]  get_page_from_freelist+0x1321/0x3890
[  872.330629][T19322]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  872.356675][T19322]  alloc_pages_mpol+0x1fb/0x550
[  872.361682][T19322]  new_slab+0x23b/0x330
[  872.369024][T19322]  ___slab_alloc+0xd9c/0x1940
[  872.373889][T19322]  __slab_alloc.constprop.0+0x56/0xb0
[  872.379486][T19322]  kmem_cache_alloc_noprof+0xef/0x3b0
[  872.380722][T19319] could not allocate digest TFM handle binfmt_misc
[  872.428820][T19338] : Can't lookup blockdev
[  872.434581][T19322]  sk_prot_alloc+0x60/0x2a0
[  872.463593][T19322]  sk_alloc+0x36/0xc20
[  872.923709][T19322]  inet_create+0x3a1/0x1090
[  872.928334][T19322]  __sock_create+0x338/0x8d0
[  872.952021][T19322]  __sys_socket+0x14d/0x260
[  872.963738][T19322]  __x64_sys_socket+0x72/0xb0
[  872.984117][T19322]  do_syscall_64+0xcd/0x490
[  872.988683][T19322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  873.003759][T19322] page last free pid 14769 tgid 14762 stack trace:
[  873.010294][T19322]  __free_frozen_pages+0x7fe/0x1180
[  873.046127][T19322]  __put_partials+0x16d/0x1c0
[  873.058336][T19322]  qlist_free_all+0x4d/0x120
[  873.070608][T19322]  kasan_quarantine_reduce+0x195/0x1e0
[  873.087017][T19322]  __kasan_slab_alloc+0x69/0x90
[  873.091950][T19322]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  873.106547][T19322]  getname_flags.part.0+0x4c/0x550
[  873.113487][T19322]  getname_flags+0x93/0xf0
[  873.122287][T19322]  do_sys_openat2+0xb8/0x1d0
[  873.127197][T19322]  __x64_sys_openat+0x174/0x210
[  873.132198][T19322]  do_syscall_64+0xcd/0x490
[  873.137114][T19322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  873.384344][T19352] FAULT_INJECTION: forcing a failure.
[  873.384344][T19352] name failslab, interval 1, probability 0, space 0, times 0
[  873.456222][T19352] CPU: 0 UID: 0 PID: 19352 Comm: syz.1.2645 Tainted: G     U              6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  873.456273][T19352] Tainted: [U]=USER
[  873.456284][T19352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  873.456303][T19352] Call Trace:
[  873.456312][T19352]  <TASK>
[  873.456323][T19352]  dump_stack_lvl+0x16c/0x1f0
[  873.456376][T19352]  should_fail_ex+0x512/0x640
[  873.456423][T19352]  should_failslab+0xc2/0x120
[  873.456452][T19352]  __kmalloc_cache_noprof+0x6a/0x3e0
[  873.456493][T19352]  ? kobject_uevent_env+0x265/0x1870
[  873.456531][T19352]  kobject_uevent_env+0x265/0x1870
[  873.456565][T19352]  ? __pfx_dev_uevent_name+0x10/0x10
[  873.456616][T19352]  ? kfree+0x2b4/0x4d0
[  873.456656][T19352]  ? kvm_uevent_notify_change.part.0+0x32d/0x450
[  873.456692][T19352]  kvm_uevent_notify_change.part.0+0x3ae/0x450
[  873.456724][T19352]  ? __pfx_kvm_vm_release+0x10/0x10
[  873.456766][T19352]  kvm_put_kvm+0xe4/0xb40
[  873.456811][T19352]  ? __pfx_kvm_vm_release+0x10/0x10
[  873.456854][T19352]  kvm_vm_release+0x3c/0x50
[  873.456895][T19352]  __fput+0x402/0xb70
[  873.456924][T19352]  task_work_run+0x150/0x240
[  873.456966][T19352]  ? __pfx_task_work_run+0x10/0x10
[  873.457007][T19352]  ? __pfx___do_sys_close_range+0x10/0x10
[  873.457052][T19352]  exit_to_user_mode_loop+0xeb/0x110
[  873.457096][T19352]  do_syscall_64+0x3f6/0x490
[  873.457122][T19352]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  873.457150][T19352] RIP: 0033:0x7f417298e929
[  873.457171][T19352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  873.457200][T19352] RSP: 002b:00007f4173822038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  873.457245][T19352] RAX: 0000000000000000 RBX: 00007f4172bb5fa0 RCX: 00007f417298e929
[  873.457265][T19352] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002
[  873.457283][T19352] RBP: 00007f4172a10b39 R08: 0000000000000000 R09: 0000000000000000
[  873.457302][T19352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  873.457320][T19352] R13: 0000000000000000 R14: 00007f4172bb5fa0 R15: 00007ffe978f5068
[  873.457349][T19352]  </TASK>
[  873.676381][    C0] vkms_vblank_simulate: vblank timer overrun
[  874.182196][T19369] ieee80211 phy30: Selected rate control algorithm 'minstrel_ht'
[  875.196287][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[  875.202981][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[  875.259867][T19402] zswap: compressor  not available
[  875.400072][T19414] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.2661: iget: checksum invalid
[  875.412587][T19414] platform regulatory.0: loading /lib/firmware/updates/6.16.0-rc2-syzkaller/regulatory.db failed with error -74
[  875.583389][T19414] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.2661: iget: checksum invalid
[  875.594832][T19414] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74
[  875.605298][T19414] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.2661: iget: checksum invalid
[  875.616590][T19414] platform regulatory.0: loading /lib/firmware/6.16.0-rc2-syzkaller/regulatory.db failed with error -74
[  875.642431][T19414] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.2661: iget: checksum invalid
[  875.671941][T19414] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74
[  875.681514][T19414] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74
[  875.691703][T19414] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  876.200045][T19413] ima: policy update failed
[  876.207270][   T30] audit: type=1802 audit(4295012402.056:25): pid=19413 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.2661" res=0 errno=0
[  876.587180][T19444] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.2666: iget: checksum invalid
[  876.601550][T19444] platform regulatory.0: loading /lib/firmware/updates/6.16.0-rc2-syzkaller/regulatory.db failed with error -74
[  876.630296][T19444] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.2666: iget: checksum invalid
[  876.641710][T19444] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74
[  876.654433][T19444] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.2666: iget: checksum invalid
[  876.666674][T19444] platform regulatory.0: loading /lib/firmware/6.16.0-rc2-syzkaller/regulatory.db failed with error -74
[  876.678467][T19444] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.2666: iget: checksum invalid
[  876.691081][T19444] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74
[  876.702791][T19444] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74
[  876.731523][T19444] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  877.275435][   T30] audit: type=1800 audit(4295012403.117:26): pid=19465 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2671" name="lu_gp_id" dev="configfs" ino=67021 res=0 errno=0
[  877.346409][T19465] FAULT_INJECTION: forcing a failure.
[  877.346409][T19465] name failslab, interval 1, probability 0, space 0, times 0
[  877.381641][T19465] CPU: 0 UID: 0 PID: 19465 Comm: syz.3.2671 Tainted: G     U              6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  877.381691][T19465] Tainted: [U]=USER
[  877.381703][T19465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  877.381722][T19465] Call Trace:
[  877.381731][T19465]  <TASK>
[  877.381742][T19465]  dump_stack_lvl+0x16c/0x1f0
[  877.381798][T19465]  should_fail_ex+0x512/0x640
[  877.381848][T19465]  ? lsm_blob_alloc+0x68/0x90
[  877.381897][T19465]  should_failslab+0xc2/0x120
[  877.381929][T19465]  __kmalloc_noprof+0xd2/0x510
[  877.381982][T19465]  lsm_blob_alloc+0x68/0x90
[  877.382032][T19465]  security_prepare_creds+0x30/0x270
[  877.382080][T19465]  prepare_creds+0x56f/0x7d0
[  877.382128][T19465]  __sys_setfsuid+0xda/0x350
[  877.382161][T19465]  ? rcu_is_watching+0x12/0xc0
[  877.382196][T19465]  do_syscall_64+0xcd/0x490
[  877.382227][T19465]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  877.382261][T19465] RIP: 0033:0x7f3cadf8e929
[  877.382284][T19465] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  877.382319][T19465] RSP: 002b:00007f3caee66038 EFLAGS: 00000246 ORIG_RAX: 000000000000007a
[  877.382350][T19465] RAX: ffffffffffffffda RBX: 00007f3cae1b5fa0 RCX: 00007f3cadf8e929
[  877.382381][T19465] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000ee00
[  877.382401][T19465] RBP: 00007f3cae010b39 R08: 0000000000000000 R09: 0000000000000000
[  877.382422][T19465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  877.382442][T19465] R13: 0000000000000000 R14: 00007f3cae1b5fa0 R15: 00007ffd4b09ef28
[  877.382474][T19465]  </TASK>
[  877.643637][T19471] FAULT_INJECTION: forcing a failure.
[  877.643637][T19471] name failslab, interval 1, probability 0, space 0, times 0
[  877.656683][T19471] CPU: 0 UID: 0 PID: 19471 Comm: syz.2.2673 Tainted: G     U              6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  877.656713][T19471] Tainted: [U]=USER
[  877.656720][T19471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  877.656732][T19471] Call Trace:
[  877.656737][T19471]  <TASK>
[  877.656744][T19471]  dump_stack_lvl+0x16c/0x1f0
[  877.656779][T19471]  should_fail_ex+0x512/0x640
[  877.656811][T19471]  should_failslab+0xc2/0x120
[  877.656829][T19471]  __kmalloc_cache_noprof+0x6a/0x3e0
[  877.656856][T19471]  ? kobject_uevent_env+0x265/0x1870
[  877.656881][T19471]  kobject_uevent_env+0x265/0x1870
[  877.656904][T19471]  ? __pfx_dev_uevent_name+0x10/0x10
[  877.656932][T19471]  ? kfree+0x2b4/0x4d0
[  877.656955][T19471]  ? kvm_uevent_notify_change.part.0+0x32d/0x450
[  877.656979][T19471]  kvm_uevent_notify_change.part.0+0x3ae/0x450
[  877.657001][T19471]  ? __pfx_kvm_vm_release+0x10/0x10
[  877.657031][T19471]  kvm_put_kvm+0xe4/0xb40
[  877.657062][T19471]  ? __pfx_kvm_vm_release+0x10/0x10
[  877.657093][T19471]  kvm_vm_release+0x3c/0x50
[  877.657123][T19471]  __fput+0x402/0xb70
[  877.657144][T19471]  task_work_run+0x150/0x240
[  877.657175][T19471]  ? __pfx_task_work_run+0x10/0x10
[  877.657205][T19471]  ? __pfx___do_sys_close_range+0x10/0x10
[  877.657238][T19471]  exit_to_user_mode_loop+0xeb/0x110
[  877.657269][T19471]  do_syscall_64+0x3f6/0x490
[  877.657288][T19471]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  877.657309][T19471] RIP: 0033:0x7f13e878e929
[  877.657324][T19471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  877.657351][T19471] RSP: 002b:00007f13e9653038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  877.657370][T19471] RAX: 0000000000000000 RBX: 00007f13e89b5fa0 RCX: 00007f13e878e929
[  877.657383][T19471] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002
[  877.657395][T19471] RBP: 00007f13e8810b39 R08: 0000000000000000 R09: 0000000000000000
[  877.657408][T19471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  877.657420][T19471] R13: 0000000000000000 R14: 00007f13e89b5fa0 R15: 00007ffd3562ba48
[  877.657439][T19471]  </TASK>
[  878.192792][T19480] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  878.242782][T19479] snd_dummy snd_dummy.0: control 16781581:65539:6:�'x?F���/��zF˷fC���:7 is already present
[  878.428257][T19483] zswap: compressor 000 not available
[  878.844784][T19511] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2681'.
[  879.142633][T19520] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2682'.
[  881.084285][T19568] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2699'.
[  881.160385][T19581] random: crng reseeded on system resumption
[  881.185489][T19581] PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
[  881.200149][T19581] PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
[  881.229629][T19581] PM: hibernation: Marking nosave pages: [mem 0xbfffd000-0xffffffff]
[  881.274625][T19581] PM: hibernation: Basic memory bitmaps created
[  881.349090][T19589] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2704'.
[  881.444656][T19594] binder: 19584:19594 ioctl c0306201 2000000003c0 returned -14
	
	
		

	

	
		

		

		
		
	


	


		

	


	
		

	


	
	

		
	
		
	
	

	



			








	
		

	






		
		




		





	

	














	

	

	
		
	
	
	
	






	




	




		






		


	


	

	
		
	

	
		

	
						
	
	
	

	



	



	



		


	


	

	
		


		

	

		


	



	
						

	
		

	


		

		
	
		
	
	

	



			








	


			



			

			


	
			
				
	



			
	

	
	
	
	


	
	
	






	






	








		








	

	
		


		

	

		


	



	
	
	
	


	
	
	


	
	
	


	
	
		


	
	
		

					
	
	

	

	
	
		
		


	

	

	
	
		
		




		

	

		


	


			

	
	
	

			

	
	
	

			




	





	

	









		









	

	









		






	


	



	

	
		

				



				



		
	
	

	


	
						
	

	
		
	




	
				
	

	
		
	

	
		


		

	

		


	


	

	
		
	

	
		
	
				
	



			




		
	
				
	



			



		
	
				
	



			



		
	
				
	



			


		


		



		



	





	
		

	


	
	

		
	
		
	
	

	



			








	

	





	


	
















	






	




	




		








	
		

	


	
	

		
	
		
	
	

	



			








	

	





	


	
















	






	






	






		








	

	
		





	

	









		









	

	









		




	

	
		

	
		

	


	
	

		
	
		
	
	

	



			








	

	





	


	
















	






	




	




		







	
				
	
	



	
	
	




	
				
	




	
				
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	

	
		
[  914.633010][T20428] sd 0:0:1:0: PR command failed: 1026
[  914.638496][T20428] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  914.671853][T20424] netlink: 326 bytes leftover after parsing attributes in process `syz.2.2867'.
[  914.694568][T20428] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  915.079940][T20439] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2872'.
[  915.239151][   T30] audit: type=1800 audit(4295012441.106:28): pid=20446 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2873" name="dbroot" dev="configfs" ino=71473 res=0 errno=0
[  915.274190][T20444] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2872'.
[  915.283904][T20446] db_root: not a directory: /dev/audio1
[  915.469839][T20462] vmstat_refresh: nr_hugetlb -15872
[  915.657726][T20466] [U] 
[  915.660462][T20466] [U] 
[  915.663206][T20466] [U] 
[  915.665951][T20466] [U] 
[  915.691039][T20466] [U] 
[  915.693773][T20466] [U] 
[  915.696471][T20466] [U] 
[  915.699171][T20466] [U] 
[  915.758629][T20466] [U] 
[  915.761416][T20466] [U] 
[  915.764200][T20466] [U] 
[  915.766952][T20466] [U] 
[  915.909084][T20466] [U] 
[  915.911958][T20466] [U] 
[  915.914708][T20466] [U] 
[  915.917459][T20466] [U] 
[  915.955102][T20466] [U] 
[  915.957935][T20466] [U] 
[  915.960647][T20466] [U] 
[  915.963358][T20466] [U] 
[  915.987910][T20469] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2876'.
[  916.031452][T20466] [U] 
[  916.034185][T20466] [U] 
[  916.036890][T20466] [U] 
[  916.039583][T20466] [U] 
[  916.094734][T20466] [U] 
[  916.097466][T20466] [U] 
[  916.100175][T20466] [U] 
[  916.102888][T20466] [U] 
[  916.115409][T20466] [U] 
[  916.118175][T20466] [U] 
[  916.120952][T20466] [U] 
[  916.123705][T20466] [U] 
[  916.152029][T20466] [U] 
[  916.154811][T20466] [U] 
[  916.157561][T20466] [U] 
[  916.160305][T20466] [U] 
[  916.166318][T20466] [U] 
[  916.169052][T20466] [U] 
[  916.171754][T20466] [U] 
[  916.174467][T20466] [U] 
[  916.180076][T20466] [U] 
[  916.182813][T20466] [U] 
[  916.185516][T20466] [U] 
[  916.188219][T20466] [U] 
[  916.194088][T20466] [U] 
[  916.196830][T20466] [U] 
[  916.199552][T20466] [U] 
[  916.202269][T20466] [U] 
[  916.210356][T20466] [U] 
[  916.213090][T20466] [U] 
[  916.215789][T20466] [U] 
[  916.218490][T20466] [U] 
[  916.283257][T20466] [U] 
[  916.286027][T20466] [U] 
[  916.288780][T20466] [U] 
[  916.291528][T20466] [U] 
[  916.296112][T20466] [U] 
[  916.298844][T20466] [U] 
[  916.301541][T20466] [U] 
[  916.304252][T20466] [U] 
[  916.308738][T20466] [U] 
[  916.311468][T20466] [U] 
[  916.314177][T20466] [U] 
[  916.316882][T20466] [U] 
[  916.319931][T20466] [U] 
[  916.322683][T20466] [U] 
[  916.325439][T20466] [U] 
[  916.328194][T20466] [U] 
[  916.332818][T20466] [U] 
[  916.335552][T20466] [U] 
[  916.338259][T20466] [U] 
[  916.340963][T20466] [U] 
[  916.345287][T20466] [U] 
[  916.348004][T20466] [U] 
[  916.350713][T20466] [U] 
[  916.353425][T20466] [U] 
[  916.419067][T20466] [U] 
[  916.421785][T20466] [U] 
[  916.424496][T20466] [U] 
[  916.427227][T20466] [U] 
[  916.479921][T20466] [U] 
[  916.482730][T20466] [U] 
[  916.485430][T20466] [U] 
[  916.488129][T20466] [U] 
[  916.558722][T20466] [U] 
[  916.561487][T20466] [U] 
[  916.564250][T20466] [U] 
[  916.567004][T20466] [U] 
[  916.572798][T20466] [U] 
[  916.575566][T20466] [U] 
[  916.578311][T20466] [U] 
[  916.581056][T20466] [U] 
[  916.585463][T20466] [U] 
[  916.588229][T20466] [U] 
[  916.590974][T20466] [U] 
[  916.593740][T20466] [U] 
[  916.596723][T20466] [U] 
[  916.599439][T20466] [U] 
[  916.602193][T20466] [U] 
[  916.604902][T20466] [U] 
[  916.609159][T20466] [U] 
[  916.611884][T20466] [U] 
[  916.614592][T20466] [U] 
[  916.617380][T20466] [U] 
[  916.622020][T20466] [U] 
[  916.624787][T20466] [U] 
[  916.627535][T20466] [U] 
[  916.630272][T20466] [U] 
[  916.700060][T20485] [U] 
[  916.720898][T20483] Console: switching to colour frame buffer device 128x48
[  917.026640][T20502] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2884'.
[  917.275788][T20510] scsi_strcpy_devinfo: vendor string '��/&c��~n]	�|
[  917.275788][T20510] M�' is too long
[  917.317404][T20510] scsi_strcpy_devinfo: model string '�Dd5��K�2b�
[  917.317404][T20510] ���W����� ��' is too long
[  918.383928][T20556] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2894'.
[  918.446447][T20551] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2893'.
[  918.714269][T20562] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2895'.
[  919.653150][T20596] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2904'.
[  921.289498][T20650] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  921.302352][T20650] snd_dummy snd_dummy.0: control 16781581:65539:6:�'x?F���/��zF˷fC���:7 is already present
[  921.737536][T20655] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.2915: iget: checksum invalid
[  921.748723][T20655] platform regulatory.0: loading /lib/firmware/updates/6.16.0-rc2-syzkaller/regulatory.db failed with error -74
[  921.760882][T20655] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.2915: iget: checksum invalid
[  921.771972][T20655] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74
[  921.782639][T20655] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.2915: iget: checksum invalid
[  921.794190][T20655] platform regulatory.0: loading /lib/firmware/6.16.0-rc2-syzkaller/regulatory.db failed with error -74
[  921.805736][T20655] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.2915: iget: checksum invalid
[  921.817224][T20655] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74
[  921.826607][T20655] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74
[  921.836262][T20655] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  922.141763][T20663] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2917'.
[  922.155731][T20663] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  922.163745][T20663] batman_adv: batadv0: Removing interface: batadv_slave_0
[  922.172762][T20663] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  922.180512][T20663] batman_adv: batadv0: Removing interface: batadv_slave_1
[  922.285392][T20666] ubi: mtd0 is already attached to ubi0
[  922.298007][T20666] Invalid ELF header magic: != ELF
[  923.824864][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[  923.831242][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[  923.838591][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[  923.846926][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[  923.854449][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[  923.860790][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[  923.868158][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[  923.874574][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[  926.306721][T20789] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2938'.
[  927.271749][T20821] netlink: 'syz.2.2944': attribute type 11 has an invalid length.
[  929.772222][T20904] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2962'.
[  930.121722][T20916] FAULT_INJECTION: forcing a failure.
[  930.121722][T20916] name failslab, interval 1, probability 0, space 0, times 0
[  930.150910][T20916] CPU: 1 UID: 0 PID: 20916 Comm: syz.1.2965 Tainted: G     U              6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  930.150948][T20916] Tainted: [U]=USER
[  930.150956][T20916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  930.150969][T20916] Call Trace:
[  930.150976][T20916]  <TASK>
[  930.150985][T20916]  dump_stack_lvl+0x16c/0x1f0
[  930.151033][T20916]  should_fail_ex+0x512/0x640
[  930.151070][T20916]  should_failslab+0xc2/0x120
[  930.151147][T20916]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  930.151190][T20916]  ? dst_alloc+0x99/0x1a0
[  930.151226][T20916]  dst_alloc+0x99/0x1a0
[  930.151259][T20916]  rt_dst_alloc+0x35/0x3a0
[  930.151290][T20916]  ip_route_output_key_hash_rcu+0x87a/0x28f0
[  930.151332][T20916]  ip_route_output_key_hash+0x137/0x2e0
[  930.151378][T20916]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  930.151430][T20916]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  930.151467][T20916]  ? percpu_counter_add_batch+0xb8/0x1f0
[  930.151500][T20916]  ip_route_output_flow+0x27/0x150
[  930.151537][T20916]  tcp_v4_connect+0x13fd/0x1bd0
[  930.151572][T20916]  ? __pfx_tcp_v4_connect+0x10/0x10
[  930.151603][T20916]  ? futex_unqueue+0x133/0x2c0
[  930.151628][T20916]  ? rcu_is_watching+0x12/0xc0
[  930.151650][T20916]  ? lock_release+0x201/0x2f0
[  930.151681][T20916]  __inet_stream_connect+0x3c8/0x1020
[  930.151719][T20916]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  930.151747][T20916]  ? __pfx___inet_stream_connect+0x10/0x10
[  930.151781][T20916]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  930.151816][T20916]  ? __pfx___might_resched+0x10/0x10
[  930.151839][T20916]  ? inet_stream_connect+0x43/0xa0
[  930.151871][T20916]  ? rcu_is_watching+0x12/0xc0
[  930.151893][T20916]  ? inet_stream_connect+0x43/0xa0
[  930.151924][T20916]  ? rcu_is_watching+0x12/0xc0
[  930.151946][T20916]  ? inet_stream_connect+0x43/0xa0
[  930.151989][T20916]  inet_stream_connect+0x57/0xa0
[  930.152020][T20916]  kernel_connect+0x104/0x180
[  930.152043][T20916]  ? __pfx_kernel_connect+0x10/0x10
[  930.152069][T20916]  ? rcu_is_watching+0x12/0xc0
[  930.152091][T20916]  ? smc_connect+0xd5/0x760
[  930.152121][T20916]  ? rcu_is_watching+0x12/0xc0
[  930.152141][T20916]  ? smc_connect+0xd5/0x760
[  930.152170][T20916]  smc_connect+0x4c7/0x760
[  930.152199][T20916]  ? __pfx_smc_connect+0x10/0x10
[  930.152226][T20916]  __sys_connect_file+0x141/0x1a0
[  930.152258][T20916]  __sys_connect+0x13b/0x160
[  930.152286][T20916]  ? __pfx___sys_connect+0x10/0x10
[  930.152330][T20916]  ? xfd_validate_state+0x61/0x180
[  930.152361][T20916]  ? __pfx_do_writev+0x10/0x10
[  930.152391][T20916]  __x64_sys_connect+0x72/0xb0
[  930.152419][T20916]  do_syscall_64+0xcd/0x490
[  930.152438][T20916]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  930.152458][T20916] RIP: 0033:0x7f417298e929
[  930.152482][T20916] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  930.152506][T20916] RSP: 002b:00007f4173822038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  930.152525][T20916] RAX: ffffffffffffffda RBX: 00007f4172bb5fa0 RCX: 00007f417298e929
[  930.152539][T20916] RDX: 0000000000000054 RSI: 0000200000000080 RDI: 0000000000000003
[  930.152552][T20916] RBP: 00007f4172a10b39 R08: 0000000000000000 R09: 0000000000000000
[  930.152565][T20916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  930.152577][T20916] R13: 0000000000000000 R14: 00007f4172bb5fa0 R15: 00007ffe978f5068
[  930.152597][T20916]  </TASK>
[  930.491662][    C1] vkms_vblank_simulate: vblank timer overrun
[  932.343893][T20986] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2978'.
[  932.430565][T20988] sd 0:0:1:0: PR command failed: 1026
[  932.436862][T20988] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  932.444539][T20988] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  932.455407][T20988] i2c i2c-0: delete_device: Can't parse I2C address
[  933.779941][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[  933.786409][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[  933.806747][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[  933.813864][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[  933.822397][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[  933.829512][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[  933.838066][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[  933.847234][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[  934.738144][T21038] nvme_fabrics: missing parameter 'transport=%s'
[  934.778214][T21038] nvme_fabrics: missing parameter 'nqn=%s'
[  935.448728][T21056] FAULT_INJECTION: forcing a failure.
[  935.448728][T21056] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  935.461993][T21056] CPU: 1 UID: 0 PID: 21056 Comm: syz.3.2991 Tainted: G     U              6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  935.462028][T21056] Tainted: [U]=USER
[  935.462035][T21056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  935.462047][T21056] Call Trace:
[  935.462053][T21056]  <TASK>
[  935.462061][T21056]  dump_stack_lvl+0x16c/0x1f0
[  935.462095][T21056]  should_fail_ex+0x512/0x640
[  935.462126][T21056]  _copy_from_user+0x2e/0xd0
[  935.462155][T21056]  copy_msghdr_from_user+0x98/0x160
[  935.462187][T21056]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  935.462223][T21056]  ___sys_recvmsg+0xdb/0x1a0
[  935.462252][T21056]  ? __pfx____sys_recvmsg+0x10/0x10
[  935.462292][T21056]  do_recvmmsg+0x2fe/0x750
[  935.462323][T21056]  ? __pfx_do_recvmmsg+0x10/0x10
[  935.462352][T21056]  ? ksys_write+0x190/0x250
[  935.462379][T21056]  ? rcu_is_watching+0x12/0xc0
[  935.462400][T21056]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  935.462436][T21056]  ? __fget_files+0x20e/0x3c0
[  935.462464][T21056]  __x64_sys_recvmmsg+0x22a/0x280
[  935.462483][T21056]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  935.462505][T21056]  do_syscall_64+0xcd/0x490
[  935.462523][T21056]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  935.462543][T21056] RIP: 0033:0x7f3cadf8e929
[  935.462558][T21056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  935.462578][T21056] RSP: 002b:00007f3caee24038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  935.462597][T21056] RAX: ffffffffffffffda RBX: 00007f3cae1b6160 RCX: 00007f3cadf8e929
[  935.462611][T21056] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003
[  935.462623][T21056] RBP: 00007f3caee24090 R08: 0000000000000000 R09: 0000000000000000
[  935.462635][T21056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  935.462648][T21056] R13: 0000000000000000 R14: 00007f3cae1b6160 R15: 00007ffd4b09ef28
[  935.462666][T21056]  </TASK>
[  935.910706][T21067] CIFS: VFS: Invalid SecurityFlags: 
[  935.916659][T21067] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2993'.
[  936.337669][T21070] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2995'.
[  936.592438][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[  936.598847][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[  937.102484][T21092] caif:caif_disconnect_client(): nothing to disconnect
[  937.670718][T21102] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3003'.
[  937.690837][T21103] Console: switching to colour VGA+ 37x48
[  937.760516][T21097] ==================================================================
[  937.760568][T21097] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0xa03/0xc70
[  937.760624][T21097] Read of size 256 at addr ffff888034636fb6 by task syz.0.3002/21097
[  937.760652][T21097] 
[  937.760670][T21097] CPU: 1 UID: 0 PID: 21097 Comm: syz.0.3002 Tainted: G     U              6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  937.760715][T21097] Tainted: [U]=USER
[  937.760725][T21097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  937.760743][T21097] Call Trace:
[  937.760753][T21097]  <TASK>
[  937.760765][T21097]  dump_stack_lvl+0x116/0x1f0
[  937.760824][T21097]  print_report+0xcd/0x680
[  937.760874][T21097]  ? __virt_addr_valid+0x81/0x610
[  937.760905][T21097]  ? __phys_addr+0xe8/0x180
[  937.760937][T21097]  ? fbcon_prepare_logo+0xa03/0xc70
[  937.760983][T21097]  kasan_report+0xe0/0x110
[  937.761010][T21097]  ? fbcon_prepare_logo+0xa03/0xc70
[  937.761062][T21097]  kasan_check_range+0x100/0x1b0
[  937.761096][T21097]  __asan_memcpy+0x23/0x60
[  937.761137][T21097]  fbcon_prepare_logo+0xa03/0xc70
[  937.761193][T21097]  fbcon_init+0xd77/0x1900
[  937.761239][T21097]  ? __pfx_drm_fb_helper_set_par+0x10/0x10
[  937.761292][T21097]  visual_init+0x320/0x620
[  937.761333][T21097]  do_bind_con_driver.isra.0+0x57a/0xbf0
[  937.761386][T21097]  store_bind+0x61d/0x760
[  937.761435][T21097]  ? __pfx_store_bind+0x10/0x10
[  937.761478][T21097]  dev_attr_store+0x55/0x80
[  937.761505][T21097]  ? __pfx_dev_attr_store+0x10/0x10
[  937.761532][T21097]  sysfs_kf_write+0xf2/0x150
[  937.761572][T21097]  kernfs_fop_write_iter+0x354/0x510
[  937.761603][T21097]  ? __pfx_sysfs_kf_write+0x10/0x10
[  937.761642][T21097]  vfs_write+0x6c4/0x1150
[  937.761686][T21097]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  937.761720][T21097]  ? __pfx___mutex_lock+0x10/0x10
[  937.761758][T21097]  ? __pfx_vfs_write+0x10/0x10
[  937.761811][T21097]  ksys_write+0x12a/0x250
[  937.761847][T21097]  ? __pfx_ksys_write+0x10/0x10
[  937.761887][T21097]  do_syscall_64+0xcd/0x490
[  937.761910][T21097]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  937.761936][T21097] RIP: 0033:0x7f566338e929
[  937.761956][T21097] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  937.761982][T21097] RSP: 002b:00007f56641f2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  937.762006][T21097] RAX: ffffffffffffffda RBX: 00007f56635b5fa0 RCX: 00007f566338e929
[  937.762025][T21097] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003
[  937.762041][T21097] RBP: 00007f5663410b39 R08: 0000000000000000 R09: 0000000000000000
[  937.762057][T21097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  937.762072][T21097] R13: 0000000000000000 R14: 00007f56635b5fa0 R15: 00007ffe6e925ec8
[  937.762096][T21097]  </TASK>
[  937.762105][T21097] 
[  937.762112][T21097] The buggy address belongs to the physical page:
[  937.762122][T21097] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x4d4 pfn:0x34634
[  937.762144][T21097] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  937.762164][T21097] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  937.762193][T21097] page_type: f8(unknown)
[  937.762215][T21097] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000
[  937.762239][T21097] raw: 00000000000004d4 0000000000000000 00000001f8000000 0000000000000000
[  937.762263][T21097] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000
[  937.762286][T21097] head: 00000000000004d4 0000000000000000 00000001f8000000 0000000000000000
[  937.762309][T21097] head: 00fff00000000002 ffffea0000d18d01 00000000ffffffff 00000000ffffffff
[  937.762332][T21097] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  937.762347][T21097] page dumped because: kasan: bad access detected
[  937.762359][T21097] page_owner tracks the page as allocated
[  937.762368][T21097] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x140dc0(GFP_USER|__GFP_ZERO|__GFP_COMP), pid 21097, tgid 21096 (syz.0.3002), ts 937727411249, free_ts 937722881116
[  937.762408][T21097]  post_alloc_hook+0x1c0/0x230
[  937.762442][T21097]  get_page_from_freelist+0x1321/0x3890
[  937.762477][T21097]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  937.762513][T21097]  __alloc_pages_noprof+0xb/0x1b0
[  937.762550][T21097]  ___kmalloc_large_node+0x84/0x1e0
[  937.762580][T21097]  __kmalloc_large_node_noprof+0x1c/0x70
[  937.762612][T21097]  __kmalloc_noprof.cold+0xc/0x61
[  937.762652][T21097]  vc_do_resize+0x1de/0x10e0
[  937.762691][T21097]  fbcon_init+0xd53/0x1900
[  937.762732][T21097]  visual_init+0x320/0x620
[  937.762764][T21097]  do_bind_con_driver.isra.0+0x57a/0xbf0
[  937.762813][T21097]  store_bind+0x61d/0x760
[  937.762853][T21097]  dev_attr_store+0x55/0x80
[  937.762877][T21097]  sysfs_kf_write+0xf2/0x150
[  937.762908][T21097]  kernfs_fop_write_iter+0x354/0x510
[  937.762936][T21097]  vfs_write+0x6c4/0x1150
[  937.762974][T21097] page last free pid 21097 tgid 21096 stack trace:
[  937.762990][T21097]  __free_frozen_pages+0x7fe/0x1180
[  937.763025][T21097]  __folio_put+0x329/0x450
[  937.763066][T21097]  vc_do_resize+0xe29/0x10e0
[  937.763103][T21097]  fbcon_startup+0x427/0xba0
[  937.763144][T21097]  do_bind_con_driver.isra.0+0x207/0xbf0
[  937.763186][T21097]  store_bind+0x61d/0x760
[  937.763224][T21097]  dev_attr_store+0x55/0x80
[  937.763247][T21097]  sysfs_kf_write+0xf2/0x150
[  937.763277][T21097]  kernfs_fop_write_iter+0x354/0x510
[  937.763305][T21097]  vfs_write+0x6c4/0x1150
[  937.763341][T21097]  ksys_write+0x12a/0x250
[  937.763378][T21097]  do_syscall_64+0xcd/0x490
[  937.763403][T21097]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  937.763432][T21097] 
[  937.763439][T21097] Memory state around the buggy address:
[  937.763455][T21097]  ffff888034636f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  937.763476][T21097]  ffff888034636f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  937.763498][T21097] >ffff888034637000: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  937.763515][T21097]                    ^
[  937.763529][T21097]  ffff888034637080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  937.763551][T21097]  ffff888034637100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  937.763568][T21097] ==================================================================
[  937.763601][T21097] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  937.763623][T21097] CPU: 1 UID: 0 PID: 21097 Comm: syz.0.3002 Tainted: G     U              6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  937.763684][T21097] Tainted: [U]=USER
[  937.763696][T21097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  937.763715][T21097] Call Trace:
[  937.763726][T21097]  <TASK>
[  937.763738][T21097]  dump_stack_lvl+0x3d/0x1f0
[  937.763794][T21097]  panic+0x71c/0x800
[  937.763837][T21097]  ? __pfx_panic+0x10/0x10
[  937.763878][T21097]  ? rcu_is_watching+0x12/0xc0
[  937.763912][T21097]  ? fbcon_prepare_logo+0xa03/0xc70
[  937.763967][T21097]  ? fbcon_prepare_logo+0xa03/0xc70
[  937.764033][T21097]  check_panic_on_warn+0xab/0xb0
[  937.764081][T21097]  end_report+0x107/0x170
[  937.764134][T21097]  kasan_report+0xee/0x110
[  937.764165][T21097]  ? fbcon_prepare_logo+0xa03/0xc70
[  937.764224][T21097]  kasan_check_range+0x100/0x1b0
[  937.764263][T21097]  __asan_memcpy+0x23/0x60
[  937.764308][T21097]  fbcon_prepare_logo+0xa03/0xc70
[  937.764367][T21097]  fbcon_init+0xd77/0x1900
[  937.764406][T21097]  ? __pfx_drm_fb_helper_set_par+0x10/0x10
[  937.764449][T21097]  visual_init+0x320/0x620
[  937.764480][T21097]  do_bind_con_driver.isra.0+0x57a/0xbf0
[  937.764521][T21097]  store_bind+0x61d/0x760
[  937.764561][T21097]  ? __pfx_store_bind+0x10/0x10
[  937.764596][T21097]  dev_attr_store+0x55/0x80
[  937.764618][T21097]  ? __pfx_dev_attr_store+0x10/0x10
[  937.764640][T21097]  sysfs_kf_write+0xf2/0x150
[  937.764670][T21097]  kernfs_fop_write_iter+0x354/0x510
[  937.764695][T21097]  ? __pfx_sysfs_kf_write+0x10/0x10
[  937.764725][T21097]  vfs_write+0x6c4/0x1150
[  937.764759][T21097]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  937.764793][T21097]  ? __pfx___mutex_lock+0x10/0x10
[  937.764815][T21097]  ? __pfx_vfs_write+0x10/0x10
[  937.764857][T21097]  ksys_write+0x12a/0x250
[  937.764891][T21097]  ? __pfx_ksys_write+0x10/0x10
[  937.764930][T21097]  do_syscall_64+0xcd/0x490
[  937.764953][T21097]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  937.764978][T21097] RIP: 0033:0x7f566338e929
[  937.764996][T21097] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  937.765021][T21097] RSP: 002b:00007f56641f2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  937.765044][T21097] RAX: ffffffffffffffda RBX: 00007f56635b5fa0 RCX: 00007f566338e929
[  937.765062][T21097] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003
[  937.765077][T21097] RBP: 00007f5663410b39 R08: 0000000000000000 R09: 0000000000000000
[  937.765093][T21097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  937.765108][T21097] R13: 0000000000000000 R14: 00007f56635b5fa0 R15: 00007ffe6e925ec8
[  937.765132][T21097]  </TASK>
[  937.765532][T21097] Kernel Offset: disabled