last executing test programs: 10m24.328246983s ago: executing program 3 (id=322): writev$auto(0x3, 0x0, 0x8009) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_OVS_FLOW_CMD_DEL(r0, 0x0, 0x800) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) mmap$auto(0x3, 0x402000b, 0x2000006, 0xeb1, 0x401, 0xfff) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000000c0), 0xffffffffffffffff) r2 = syz_clone(0x20a08200, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid$auto(r2, r2) r3 = gettid() mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$auto(r4, 0x1, 0x9, 0x0, 0x0) r5 = getpid() rt_tgsigqueueinfo$auto(r5, r3, 0x21, &(0x7f0000000400)={@siginfo_0_0={0x3, 0x9, 0xcce3, @_sigfault={0x0, @_trapno=0x3}}}) sendmsg$auto_NL802154_CMD_SET_LBT_MODE(r0, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f0000000300)={0x28, r1, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@NL802154_ATTR_SEC_LEVEL={0x4}, @NL802154_ATTR_PAGE={0x5, 0x7, 0xd5}, @NL802154_ATTR_SCAN_DONE_REASON={0x5, 0x25, 0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x814}, 0x20008000) unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/all_slaves_active\x00', 0xb02, 0x0) pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x58, 0x0) r6 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/usbmon8\x00', 0x640, 0x0) read$auto_mon_fops_binary_mon_bin(r6, 0x0, 0x2f) ioctl$auto_MON_IOCG_STATS(r6, 0x80089203, 0x0) 10m21.323734584s ago: executing program 1 (id=329): mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) write$auto(0xffffffffffffffff, 0x0, 0x6) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8502, 0x0) write$auto(r0, 0x0, 0x80001) sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(0xffffffffffffffff, 0x0, 0x4000000) move_pages$auto(0x1, 0x400000000f54, 0x0, 0x0, 0x0, 0x8000000000000000) open(0x0, 0x2a4c0, 0x40) execve$auto(0x0, 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x10001, 0x7fffffffffffffff, 0xe817) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r1, r1, 0x0, 0x3) r2 = openat$auto_random_fops_random(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, r2, 0x10008000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/pci0000:00/0000:00:01.3/config\x00', 0x2, 0x0) pwritev$auto(r3, &(0x7f0000000100)={&(0x7f0000000080), 0xe001}, 0x3, 0xe, 0x3) r4 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000001bc0)='/dev/sequencer2\x00', 0x1, 0x0) ioctl$auto_SNDCTL_SEQ_OUTOFBAND(r4, 0x40085112, 0x0) mmap$auto(0x7fffffe, 0x6, 0x40005, 0x13, 0x3fd, 0x9) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0) 10m20.227854249s ago: executing program 3 (id=330): openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa2840, 0x0) ioctl$auto_USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f0000000000)={0x20, 0xc, 0x4, 0xfff8, 0x2, 0x8000004, &(0x7f0000000180)="d2e63f98c49517a01a9370634af7652abdb8a9c5d9682174181a30d7312e9a60324ed0e59b0e23b6f49335761a1dcca0ea668db9728c45d6e59a2355c62f91d9fd8352ac480a1ce0572e01a3bff0700d6b0af7f64dbc8a5cde1c83884d65a4b3677b7f4768b32d92c997ced60001000000000000226f5310a64e1862ba7efc6e76be9751aa71e74c11dcd1d197abe614e570d9da52b3c3b8957bd7759214e8c28af88c07098aa4aef938b7afa5b80f7e878840ce0921ff37dfb57c0af5c515820534a056"}) openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/uprobe_events\x00', 0x0, 0x0) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) ioctl$auto(r0, 0x5522, 0xf15) r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20400, 0x0) ioctl$auto_FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000080)) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0xe983, 0xdb, 0xeb1, 0x401, 0x8000) memfd_create$auto(0x0, 0xb) socketpair$auto(0x1, 0x2, 0xd, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x20000, 0x0) open(0x0, 0x22240, 0x55) r2 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(r2, 0x40106f52, r3) set_mempolicy$auto(0x2, 0x0, 0x4) mmap$auto(0x0, 0x5, 0x4000000000e2, 0xeb1, 0x401, 0x8000) r4 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x1c8340, 0x0) ioctl$auto(r4, 0xc0045401, r4) shmget$auto(0x8, 0x10565, 0x7ff) shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffa) shmctl$auto(0x0, 0x0, 0xfffffffffffffffd) 10m19.341051962s ago: executing program 3 (id=334): mmap$auto(0x0, 0x240009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) epoll_create$auto(0x83e) r0 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r1 = pidfd_open$auto(0x1, 0x0) setns(r1, 0x8000000) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto(r2, 0x2284, r0) 10m18.142937785s ago: executing program 3 (id=336): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000023c0)='/proc/self/net/tls_stat\x00', 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000400), r0) sendmsg$auto_ETHTOOL_MSG_MODULE_EEPROM_GET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)={0x34, r1, 0x305, 0x70bd26, 0x25dfdbfc, {}, [@ETHTOOL_A_MODULE_EEPROM_LENGTH={0x8, 0x3, 0x4}, @ETHTOOL_A_MODULE_EEPROM_OFFSET={0x8, 0x2, 0x1}, @ETHTOOL_A_MODULE_EEPROM_PAGE={0x5, 0x4, 0x9}, @ETHTOOL_A_MODULE_EEPROM_I2C_ADDRESS={0x5, 0x6, 0xe}]}, 0x34}, 0x1, 0x0, 0x0, 0x34044040}, 0x4) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/pci0000:00/0000:00:00.0/enable\x00', 0x18b042, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/dummy0/mtu\x00', 0xe3102, 0x0) sendfile$auto(r2, r2, 0x0, 0x2) readv$auto(0x3, &(0x7f0000000040)={&(0x7f0000000000), 0x36a}, 0x6) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x25, 0x1, 0x3) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xfd, 0x0, 0xfffffffffffffffd) connect$auto(0x3, 0x0, 0x54) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x1c, r4, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0xfffffffc}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4002000}, 0x40010) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffff}, 0x1, 0x0, 0x0, 0x9}, 0x100007}, 0x3, 0x0) 10m16.8929017s ago: executing program 3 (id=338): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/oom_adj\x00', 0x4000, 0x0) read$auto(r0, 0x0, 0x7) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) socket(0x10, 0x4, 0xffffffc0) io_uring_register$auto_IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, &(0x7f00000002c0)="d05d6f2f716f74230faba010656e878f1af86cd29108de4bf8bb61f80c2d38d4a7038ba0c7c51f76e06d4a15ba90d087513109136561924733c1d54fc9a8f5ee48b052879f664c3f8328365e88c643d7de7d513c46d805b35a6cae38c311835bed572cd39d6b1a5b", 0x5) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x8000, 0x0, 0x0, &(0x7f0000000240)={[0x8, 0x6, 0x8, 0x8fd6, 0x948b, 0x3, 0x100000001, 0x4000000000005, 0x6, 0x2, 0x8, 0x0, 0x1, 0xffffffff, 0x100, 0x18]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r3, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r3, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) getpid() ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, 0x0, 0x4000000) sendmsg$auto_MACSEC_CMD_ADD_TXSA(0xffffffffffffffff, 0x0, 0x4000000) writev$auto(r1, &(0x7f0000000200)={0x0, 0x9}, 0x3) mmap$auto(0x0, 0x20009, 0x5, 0xeb2, 0x8, 0x1008000) r4 = socket(0x10, 0x2, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/pid_for_children\x00') sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r4, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="180027"], 0x1ac}, 0x1, 0x0, 0x0, 0x4000044}, 0x40000) 10m14.799314645s ago: executing program 1 (id=341): exit$auto(0x6) timer_delete$auto(0x2) mmap$auto(0x8, 0x20009, 0x8, 0xeb1, 0x7f, 0x8000) rseq$auto(0x0, 0xfffffff5, 0x0, 0x5) sysfs$auto(0x2, 0x10000000000002a, 0x0) mmap$auto(0x0, 0x40009, 0x7, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000000), 0x48041, 0x0) ioctl$auto_USB_RAW_IOCTL_EP0_STALL(r0, 0x550c, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendto$auto(0x3, 0x0, 0x2000f, 0x0, 0x0, 0x1c) sendmsg$auto_NL802154_CMD_DEL_SEC_LEVEL(0xffffffffffffffff, 0x0, 0x8000800) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) r1 = openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000001580)='/sys/kernel/debug/tracing/events/vmalloc/enable\x00', 0x204, 0x1a00) r2 = openat$auto_show_traces_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/available_tracers\x00', 0x40000, 0x0) read$auto_show_traces_fops_trace(r2, &(0x7f0000000640)=""/188, 0xbc) read$auto(r1, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) socket(0x2, 0x5, 0x0) accept$auto(0x3, 0xffffffffffffffff, 0xffffffffffffffff) listmount$auto(0x0, 0x0, 0xf4240, 0x1) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x60040, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', 0x0, 0x1000005, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x20000044) 10m14.767710769s ago: executing program 3 (id=343): setgroups$auto(0xa1, &(0x7f0000000000)=0xc) r0 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f0000002a40)='/proc/self/uid_map\x00', 0x28400, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) eventfd$auto(0x8e) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x22a40, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r2 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0xffffffffffffffff) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(r2, 0x4020ae76, r3) close_range$auto(0x2, 0x8, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) setregid$auto(0x0, 0x0) fsconfig$auto(r3, 0x1, &(0x7f0000000240)='\x00', &(0x7f0000000400)="1030e45d444f82a6abd304d88b847ff0b0fa1a49fb838575da9b484ef6f64de4c79d45d76af726f32837928e8d171597677454f1a7564f8db5f038853520f93268cd307cbfcec55fc361aa", 0x0) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(r3, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="f8000000", @ANYRES16=0x0, @ANYBLOB="100110900000fddbdf250f00007e48d6cb39784c1391b8c37b45a5e96c59a9dd8f7fae5f00de844a7f96c67b5c187936e167f1d005af5e0dac1bd59f29dcaa1ba70ed8cb09f407d4e442196893f9bf286a09822d36ba8bacf5019eb48974776a4e7726f7932165bedd821a284f369cd7680d0fed5d798ee6050442502676307117b99d1ec9b5c61ef78e589fdfc2d8f902aefe2192352cac2ddd93950af9f48b745b839dd141dde42fafbcfdb32212efd443bc42333a94dbd409f3476d5ff100b97b7ec1cf527771eef3e45db2d2050b2eee64be236f47d1c9bc476e7a390e41e42a20c4c3831a88aa000000000000000000"], 0xf8}, 0x1, 0x0, 0x0, 0x20000014}, 0x444) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/fail-nth\x00', 0x0, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x1c, 0x0, 0x1, 0x70bd2b, 0x25dfdbfa, {}, [@HWSIM_ATTR_REG_CUSTOM_REG={0x8, 0xc, 0x2}]}, 0x1c}}, 0x4044820) read$auto_proc_uid_map_operations_base(r0, &(0x7f0000002a80)=""/38, 0x26) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f00000034c0), 0xffffffffffffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/hugetlb.1GB.usage_in_bytes\x00', 0x10b142, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r7 = openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x2, 0x0) read$auto(r7, 0x0, 0x2) r8 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x501, 0x0) ioctl$auto_FUSE_DEV_IOC_CLONE(r8, 0x8004e500, 0x0) sendmsg$auto_NFSD_CMD_LISTENER_SET(r5, &(0x7f0000003700)={0x0, 0x0, &(0x7f00000036c0)={&(0x7f0000003500)={0x14, r6, 0x1, 0x70bd2b, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 10m13.293216697s ago: executing program 1 (id=345): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x8000, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) read$auto(0xca, 0x0, 0x200) ioctl$auto_RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000040)={0x1, 0xa, {0x5, 0x5, 0x2, 0xfffff30d, 0xd17, 0x9, 0x5, 0x5, 0x6}}) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0xa, 0x0) r1 = socket(0xa, 0x2, 0x0) r2 = socket(0xa, 0x3, 0xff) connect$auto(r2, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) mmap$auto(0x200, 0x400008, 0x200, 0x9b72, r1, 0x6) r3 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x20401, 0x0) write$auto_proc_mem_operations_base(r3, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4001000000df, 0xeb1, 0x401, 0x8000) syz_clone3(&(0x7f0000000080)={0x123060000, 0x0, 0x0, 0x0, {0x14}, 0x0, 0x0, 0x0, &(0x7f00000011c0)=[0x0], 0x1}, 0x58) madvise$auto(0x1ffff000, 0x7, 0x100000000) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) 10m11.279605116s ago: executing program 1 (id=349): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0xe983, 0xa3, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x3, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0xfffd, 0x8000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x181702, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/workqueue/nf_ft_offload_stats/affinity_scope\x00', 0x8000, 0x0) read$auto(r0, 0x0, 0x20) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0x2, 0x801, 0x106) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r1 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtd0ro\x00', 0x0, 0x0) ioctl$auto_BLKPG2(r1, 0x1269, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) socket(0x29, 0x2, 0x0) statmount$auto(0x0, 0x0, 0x1fe, 0xd) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) sched_get_priority_min$auto(0x40) close_range$auto(0x2, 0x8, 0x0) futex$auto(0x0, 0x85, 0x104, 0x0, 0x0, 0x7fffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/vub300/parameters/disable_offload_processing\x00', 0x8002, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/security/tomoyo/stat\x00', 0x149902, 0x0) write$auto(0x3, 0x0, 0xffd8) io_uring_setup$auto(0x6, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xb02, 0x0) pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0xf0f7}, 0x1, 0x3, 0x9) read$auto(0x3, 0x0, 0xf34) 10m9.72371685s ago: executing program 1 (id=353): r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/bus/usb/023/001\x00', 0x201, 0x0) ioctl$auto_USBDEVFS_DROP_PRIVILEGES(r0, 0x4004551e, &(0x7f0000000000)=0x2) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto(0xffffffffffffffff, 0x2, 0x9) ioctl$auto(0xffffffffffffffff, 0x400c4d01, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x101c82, 0x0) write$auto(r2, &(0x7f0000000180)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) fcntl$auto(r1, 0x26, 0x2) ioctl$auto_USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000000040)={0x0, 0x6, "7636151d9b02ba4db36efb8adaeb205400000000000000043bc0ef02be6b53ab874d163664e76626154e19585266b4280ac77b4953f03208c9d0d81de29f87c95b44caf734b5f2e59f69b0fe4a5494f48d5300607cd488d34e391975e1aa7743567ce0d261d206000000000000954234be5d151787f0c9c66dc02b5a5a89a56682d5cf67fb6efb456c4569af2df4c3e2fe0f9223c43727d728cc77183d2ceb9a4b6797048cd4d028ae420b7deabc0000a367d87ec44bbe2522227a45c3c8c514c1bae057da778404ca39ef604724c73e5f577cda46ab42dd3392401d1c9bf8ba15c8299371980687c12430b63a504592439e05809ff2a6567c1efbb23f7596b3"}) 10m8.807342593s ago: executing program 1 (id=355): setgroups$auto(0xa1, &(0x7f0000000000)=0xc) r0 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f0000002a40)='/proc/self/uid_map\x00', 0x28400, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) eventfd$auto(0x8e) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x22a40, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r2 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0xffffffffffffffff) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(r2, 0x4020ae76, r3) close_range$auto(0x2, 0x8, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) setregid$auto(0x0, 0x0) fsconfig$auto(r3, 0x1, &(0x7f0000000240)='\x00', &(0x7f0000000400)="1030e45d444f82a6abd304d88b847ff0b0fa1a49fb838575da9b484ef6f64de4c79d45d76af726f32837928e8d171597677454f1a7564f8db5f038853520f93268cd307cbfcec55fc361aa", 0x0) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(r3, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="f8000000", @ANYRES16=0x0, @ANYBLOB="100110900000fddbdf250f00007e48d6cb39784c1391b8c37b45a5e96c59a9dd8f7fae5f00de844a7f96c67b5c187936e167f1d005af5e0dac1bd59f29dcaa1ba70ed8cb09f407d4e442196893f9bf286a09822d36ba8bacf5019eb48974776a4e7726f7932165bedd821a284f369cd7680d0fed5d798ee6050442502676307117b99d1ec9b5c61ef78e589fdfc2d8f902aefe2192352cac2ddd93950af9f48b745b839dd141dde42fafbcfdb32212efd443bc42333a94dbd409f3476d5ff100b97b7ec1cf527771eef3e45db2d2050b2eee64be236f47d1c9bc476e7a390e41e42a20c4c3831a88aa000000000000000000"], 0xf8}, 0x1, 0x0, 0x0, 0x20000014}, 0x444) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/fail-nth\x00', 0x0, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x1c, 0x0, 0x1, 0x70bd2b, 0x25dfdbfa, {}, [@HWSIM_ATTR_REG_CUSTOM_REG={0x8, 0xc, 0x2}]}, 0x1c}}, 0x4044820) read$auto_proc_uid_map_operations_base(r0, &(0x7f0000002a80)=""/38, 0x26) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f00000034c0), 0xffffffffffffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/hugetlb.1GB.usage_in_bytes\x00', 0x10b142, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r7 = openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x2, 0x0) read$auto(r7, 0x0, 0x2) r8 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x501, 0x0) ioctl$auto_FUSE_DEV_IOC_CLONE(r8, 0x8004e500, 0x0) sendmsg$auto_NFSD_CMD_LISTENER_SET(r5, &(0x7f0000003700)={0x0, 0x0, &(0x7f00000036c0)={&(0x7f0000003500)={0x14, r6, 0x1, 0x70bd2b, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 9m59.627794946s ago: executing program 32 (id=343): setgroups$auto(0xa1, &(0x7f0000000000)=0xc) r0 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f0000002a40)='/proc/self/uid_map\x00', 0x28400, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) eventfd$auto(0x8e) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x22a40, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r2 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0xffffffffffffffff) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(r2, 0x4020ae76, r3) close_range$auto(0x2, 0x8, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) setregid$auto(0x0, 0x0) fsconfig$auto(r3, 0x1, &(0x7f0000000240)='\x00', &(0x7f0000000400)="1030e45d444f82a6abd304d88b847ff0b0fa1a49fb838575da9b484ef6f64de4c79d45d76af726f32837928e8d171597677454f1a7564f8db5f038853520f93268cd307cbfcec55fc361aa", 0x0) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(r3, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="f8000000", @ANYRES16=0x0, @ANYBLOB="100110900000fddbdf250f00007e48d6cb39784c1391b8c37b45a5e96c59a9dd8f7fae5f00de844a7f96c67b5c187936e167f1d005af5e0dac1bd59f29dcaa1ba70ed8cb09f407d4e442196893f9bf286a09822d36ba8bacf5019eb48974776a4e7726f7932165bedd821a284f369cd7680d0fed5d798ee6050442502676307117b99d1ec9b5c61ef78e589fdfc2d8f902aefe2192352cac2ddd93950af9f48b745b839dd141dde42fafbcfdb32212efd443bc42333a94dbd409f3476d5ff100b97b7ec1cf527771eef3e45db2d2050b2eee64be236f47d1c9bc476e7a390e41e42a20c4c3831a88aa000000000000000000"], 0xf8}, 0x1, 0x0, 0x0, 0x20000014}, 0x444) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/fail-nth\x00', 0x0, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x1c, 0x0, 0x1, 0x70bd2b, 0x25dfdbfa, {}, [@HWSIM_ATTR_REG_CUSTOM_REG={0x8, 0xc, 0x2}]}, 0x1c}}, 0x4044820) read$auto_proc_uid_map_operations_base(r0, &(0x7f0000002a80)=""/38, 0x26) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f00000034c0), 0xffffffffffffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/hugetlb.1GB.usage_in_bytes\x00', 0x10b142, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r7 = openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x2, 0x0) read$auto(r7, 0x0, 0x2) r8 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x501, 0x0) ioctl$auto_FUSE_DEV_IOC_CLONE(r8, 0x8004e500, 0x0) sendmsg$auto_NFSD_CMD_LISTENER_SET(r5, &(0x7f0000003700)={0x0, 0x0, &(0x7f00000036c0)={&(0x7f0000003500)={0x14, r6, 0x1, 0x70bd2b, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 9m53.61996833s ago: executing program 33 (id=355): setgroups$auto(0xa1, &(0x7f0000000000)=0xc) r0 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f0000002a40)='/proc/self/uid_map\x00', 0x28400, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) eventfd$auto(0x8e) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x22a40, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r2 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0xffffffffffffffff) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(r2, 0x4020ae76, r3) close_range$auto(0x2, 0x8, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) setregid$auto(0x0, 0x0) fsconfig$auto(r3, 0x1, &(0x7f0000000240)='\x00', &(0x7f0000000400)="1030e45d444f82a6abd304d88b847ff0b0fa1a49fb838575da9b484ef6f64de4c79d45d76af726f32837928e8d171597677454f1a7564f8db5f038853520f93268cd307cbfcec55fc361aa", 0x0) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(r3, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="f8000000", @ANYRES16=0x0, @ANYBLOB="100110900000fddbdf250f00007e48d6cb39784c1391b8c37b45a5e96c59a9dd8f7fae5f00de844a7f96c67b5c187936e167f1d005af5e0dac1bd59f29dcaa1ba70ed8cb09f407d4e442196893f9bf286a09822d36ba8bacf5019eb48974776a4e7726f7932165bedd821a284f369cd7680d0fed5d798ee6050442502676307117b99d1ec9b5c61ef78e589fdfc2d8f902aefe2192352cac2ddd93950af9f48b745b839dd141dde42fafbcfdb32212efd443bc42333a94dbd409f3476d5ff100b97b7ec1cf527771eef3e45db2d2050b2eee64be236f47d1c9bc476e7a390e41e42a20c4c3831a88aa000000000000000000"], 0xf8}, 0x1, 0x0, 0x0, 0x20000014}, 0x444) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/fail-nth\x00', 0x0, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x1c, 0x0, 0x1, 0x70bd2b, 0x25dfdbfa, {}, [@HWSIM_ATTR_REG_CUSTOM_REG={0x8, 0xc, 0x2}]}, 0x1c}}, 0x4044820) read$auto_proc_uid_map_operations_base(r0, &(0x7f0000002a80)=""/38, 0x26) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f00000034c0), 0xffffffffffffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/hugetlb.1GB.usage_in_bytes\x00', 0x10b142, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r7 = openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x2, 0x0) read$auto(r7, 0x0, 0x2) r8 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x501, 0x0) ioctl$auto_FUSE_DEV_IOC_CLONE(r8, 0x8004e500, 0x0) sendmsg$auto_NFSD_CMD_LISTENER_SET(r5, &(0x7f0000003700)={0x0, 0x0, &(0x7f00000036c0)={&(0x7f0000003500)={0x14, r6, 0x1, 0x70bd2b, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 8.528513485s ago: executing program 4 (id=1961): mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video20\x00', 0x80000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto(0x3, 0xc0205649, 0x38) sendmsg$auto_OVS_FLOW_CMD_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) write$auto(0xffffffffffffffff, 0x0, 0x6) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8502, 0x0) write$auto(r1, 0x0, 0x80001) sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(0xffffffffffffffff, 0x0, 0x4000000) move_pages$auto(0x1, 0x400000000f54, 0x0, 0x0, 0x0, 0x8000000000000000) open(0x0, 0x2a4c0, 0x40) execve$auto(0x0, 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x10001, 0x7fffffffffffffff, 0xe817) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r2, r2, 0x0, 0x3) r3 = openat$auto_random_fops_random(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000) prctl$auto(0x23, 0x7, 0x7fffffffefff, 0x0, 0x0) brk$auto(0x7fffffffafff) brk$auto(0x7fffffffefff) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, r3, 0x10008000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/pci0000:00/0000:00:01.3/config\x00', 0x2, 0x0) pwritev$auto(r4, &(0x7f0000000100)={&(0x7f0000000080), 0xe001}, 0x3, 0xe, 0x3) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000001bc0)='/dev/sequencer2\x00', 0x1, 0x0) 5.66212438s ago: executing program 2 (id=1975): openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x8002, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x6}, 0x6, 0xffffffffffffffff, 0x80000000004, 0x2e) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x408802, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/ip_vs\x00', 0x183f01, 0x0) read$auto(r1, &(0x7f0000000440)='2\x06J Nwe0\xbd\"\x8f\xe5h_b\xde\x19\xa5\x0e\xfa\xe0\xcb\xb7\xaceW\x1a\x1f\xae\xd8\xfe\x01Y\xd6\xba\xde3\xc7\xf8\x91\xda\xf6_%\xf30\xdc\x97<\xf3A\xa7\xb4\x8dj\xbd\x02\xb1}{e\xf64\xecC\x83,\xecp7j\xf8<\xc8x\xd4\xb0\x1d\b\xb08\x01\x9e\x9et\x8aa\xe1\re\xcf\x8e\x02\xeeW\xf0z\vk\x02_\xdb\x15f8>;zM\xa95\x16\xe9l\xf5\xaa\xaa\x03\x18p\x0e\xde$\xc3\xa9\xac\xc7\x98\x05<\xef\xcd@z\fx}F\x93\xe1\xbd\xb3s\x80\xc1e\xe9T1\xbf\xc8_^\a\x03\xad\ni\n~-u)\x88\x97\xed\xa7\x9b\x0f\xef\x99\x13\xdc<\xd1{\br\xd6[\xd3\xa9-(KH\b\xdfJ\xdek\xef\xc9\xd7\n\x83m\x86\xf2\a\x8d\x19\xe0\\\xf0lg?\x98\xc8\x8e\xbd2?C\xa5\x8a\xe3\xc6\xd7\x00\x14n\xb8<\xab\x96\x8d\xa1\xf4\x87\xe5\a:z\xea\xcc\xa1\x8d\xae8\x12\xa6\xb9\xd99\xaa\xc5\x10\xad\xdd\x89\xddC\xf5\xd2Q\x92\xcd\xcc\x9f\x1a\xdbR\xeeL:\x87\xb3\xb0\x84\x1bR\xf2\xe2/\xa3\x0e\x90\x98\x8c\xc0\xa4\xda+U\b\x88\xa7\x88\x1fC\xbb\xa8\xce\x0f\xd5\xdew\x99\x18G.s\x16\xfa\xf2\x96|\x1e]\xe5\xf8\xb1\x8b.}\x841\xd8\x98\xd8f86h\xab\x94\x7f\xc4<\x03\xdd\x86=\xb6\x1e@\xab6\x81\xce\xaa\xcf\xfd\x947\xc3\x86\xfe\xb7O\xd9\xa9\xb6[\xcc\xd8\xe1\xa9\x84[\xe0\xd4\x03\x90@\x03\xbe\xba\xee\xed\xe9\xb1\xd2\xf1\x8cgn\xb7m/\xf1\"\xc2\xeb\x1d\x04\xf3\xf1\x96\xf2\x00C\xf0wg\xd6\x11\x18\xb5o\x9d\xd7`\xce\x81\x9b1b\x8ce\x99*\xa3\xd2\x8dAw\xd9\xa6l\\\x17\xbb\xf6\xe2\xa2<\n\xc0\f:\x97\xff\xc6y\x05<\xa6\x81\xd92\xc9\x9e\f[\xf9\xfc\xf1ih\"J\x92\xd2\xd4\xc2\xe8\x89 \x81\xbf8C\xa9\x1at\xa1\xdc\x94\xc5\xc8K\xbb\x14h\xa9)\xaa\xf2\xda\xaf\xb1\rs\xe6\x97\x1e\xcc6\x94\xff\x1b\x8e\x98\xf7\xa0', 0x67b) socket(0x1e, 0x3, 0x5ef) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccW\x1c\x94t\x98\xc6\xd7\x9dh\xdf\x91\xd9\x1ew\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5,\xcc\xfa`\xfa\x90\xf0C\xdc\xbebBW\x8a\x95\xf4\x14\xc7\x90V\xe7a\xfb*\xcc6\xba\x9ef\x19R\xff\xd2\xd8\x98\xa8\x17\xcb\x84\xe8\xfb\x00`\xc2\xce~U\xca\\\xc1\xb7\xf1\n\xb9\xbfk\x1e\xdb\xed\x81{\x1f\x18j\x16\rk\x0eO\xe3\xa78&Z\x9e\xbf\x84\xd6\x1f\xe8\x88\x1f\xbc\x1eT\xa6{9hb\xbc\x1a\\\xb3\x846&\x1a\xbb\x9c:e\x9c\x18\x11\xf0\x8eQ\xd8\x8a3^?\x13\x00\xcbx\xb2\x18e\x95$\x9d\x804', 0x100000a3d9) setsockopt$auto(0xffffffffffffffff, 0x9, 0x69ce, &(0x7f0000000040)='(%}[\x00', 0x3) ioctl$auto_VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f00000000c0)={0x80000001, r1}) r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_LINK_GET(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000051c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c0000001b0556d8d289c35866b4e1295f609058e7db519ec0552d01c65113d020dfcdb7d23e1c731b32a261fee111", @ANYRES16=r3, @ANYBLOB="010326bd7000fedbdf25080000000800048004000180"], 0x1c}, 0x1, 0x0, 0x0, 0x24000055}, 0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x3, 0xdf, 0x400000000009b72, 0x2, 0x8000000000000001) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/fs/cifs/smbd_send_credit_target\x00', 0x141001, 0x0) write$auto(r5, &(0x7f0000000040)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x6) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/virtual/tty/ptyqe/power/control\x00', 0xa0b02, 0x0) r6 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/security/tomoyo/profile\x00', 0x48802, 0x0) read$auto(r6, 0x0, 0xb4d3) mmap$auto(0x0, 0x9, 0xdb, 0x9b72, 0x5, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) semctl$auto_SETVAL(0x0, 0x7, 0x10, 0xfff) 4.315133338s ago: executing program 5 (id=1977): bpf$auto(0x6, 0xffffffffffffffff, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) socketpair$auto(0xfff, 0x5, 0x10, 0x0) (async) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/dev_snmp6/veth0_vlan\x00', 0x0, 0x0) read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000040)=""/27, 0x1b) (async) ioprio_set$auto(0x3, 0x0, 0x4b34) socket(0x15, 0x5, 0x0) (async) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0xa, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) (async) mmap$auto(0x8000000000, 0xc3a, 0xe2, 0x9b72, 0x7, 0x1000) (async) sysfs$auto(0x2, 0x4d, 0x0) (async) fsopen$auto(0x0, 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) (async) clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) (async) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) (async) flock$auto(0x6, 0x1) io_uring_setup$auto(0x6, 0x0) (async) close_range$auto(0x2, 0x8000, 0x0) (async) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x1c9002, 0x0) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x8001, 0x2) shmget$auto(0xa, 0x10563, 0x568d1af2) 4.239399308s ago: executing program 2 (id=1978): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x202, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x81) gettid() mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r1 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cpu/0/msr\x00', 0x8142, 0x0) ioctl$auto_X86_IOC_WRMSR_REGS(r1, 0xc02063a1, &(0x7f0000000440)=[0x2, 0x7, 0x9, 0x3, 0x4, 0x7f, 0x3, 0x2]) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$auto_ipsec_dbg_fops_ipsec(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim6/ports/0/ipsec\x00', 0x80, 0x0) r2 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r2, 0x107, 0x5, 0x0, 0x8004) r3 = socket(0x8, 0x1, 0x400) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r4, 0x0, 0x20) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x182, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x5}, 0x3) ioperm$auto(0x3, 0xe, 0x2000000000000149) msgctl$auto_IPC_RMID(0x9, 0x0, 0x0) statx$auto(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x6, 0x7, &(0x7f0000000280)={0x8, 0x86c1, 0x120000000000, 0x5, 0x0, 0xee00, 0x40, 0x0, 0xfffffffffffff5f7, 0x4, 0x7fffffff, 0xd7a2, {0xd, 0xccb}, {0x6, 0xcd}, {0xd, 0x3}, {0x2, 0x5}, 0xfffffbff, 0x1, 0xe, 0x5, 0xe, 0xfe, 0x6, 0x8, 0xf, 0x2, 0xd, 0xb0, [0x7fffffffffffffff, 0x2, 0x3, 0x40, 0x9, 0x7f, 0x4e4c, 0x8, 0xffffffffffff6f4c]}) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={0x0, 0x3d0}, 0x1, 0x0, 0x0, 0x4004004}, 0x800) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/stat/rt_cache\x00', 0x20000, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x8080, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, r0, 0x8000) io_uring_setup$auto(0x4, 0x0) socket(0x2, 0x3, 0xa) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) 3.800613801s ago: executing program 4 (id=1979): r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket(0x1a, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x16f802, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x1, 0x1, 0x4) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)=ANY=[@ANYRESOCT=r1, @ANYRES8=r0, @ANYRES8=r0], 0x18}, 0x1, 0x0, 0x0, 0x600040a4}, 0x80) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2b, 0x1, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) eventfd$auto(0x3) r5 = socketpair$auto(0x9, 0x2, 0xb, 0x0) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyd9\x00', 0x0, 0x0) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/mem\x00', 0x40100, 0x0) ioctl$auto_TIOCSETD2(r6, 0x5423, 0x0) openat$auto_full_fops_mem(0xffffffffffffff9c, &(0x7f0000000040), 0x200000, 0x0) ioctl$auto(0x3, 0x540b, 0x1) mlockall$auto(0x800000000000005) getsockopt$auto(r5, 0xf, 0xdc6, &(0x7f00000001c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', &(0x7f0000000280)=0x9) 3.765195212s ago: executing program 2 (id=1980): socket(0x10, 0x2, 0x4) mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f00000000c0)={0xdd, 0x0, [{0x6e0, 0x400, 0x2}]}) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) bpf$auto(0x8, &(0x7f00000001c0)=@task_fd_query={0x0, 0xffffffffffffffff, 0x0, 0x10017, 0x800020010080c, 0x2, 0x5f, 0x20000000000803, 0x2000000000000003}, 0x6f0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0x6, 0x2}, 0x8000, 0x0, 0x6) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_netdev(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x20, r3, 0x1, 0x70bd26, 0x25dfdbff, {}, [@NETDEV_A_PAGE_POOL_ID={0xc, 0x1, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x0) 3.295614633s ago: executing program 0 (id=1981): close_range$auto(0xffffffffffffffff, 0x8, 0x0) pidfd_open$auto(0x1, 0x0) socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x0, @remote}, 0x6e) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/vivid.0/video4linux/video12/power/control\x00', 0x1a1d00, 0x0) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/tracing_cpumask\x00', 0x688480, 0x0) mmap$auto(0x0, 0x20009, 0x7, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/bpq1/mtu\x00', 0x84002, 0x0) socketpair$auto(0x1, 0x1, 0x4, 0x0) inotify_init1$auto(0x3000000000000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, 0x0, 0xeac40, 0x0) socket(0x10, 0x2, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x20480, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0) socket(0xa, 0x2, 0x0) inotify_init1$auto(0x3000000000000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socketpair$auto(0x3, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12de82, 0x0) ioctl$auto(0x3, 0x40106f52, r0) 3.072002041s ago: executing program 5 (id=1982): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x5) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) futex_waitv$auto(&(0x7f0000000300)={0x7f, 0x100000001, 0x2}, 0x1, 0x0, &(0x7f0000000340)={0x92, 0x6}, 0x0) writev$auto(0xffffffffffffffff, 0x0, 0x3) socket(0x11, 0x2, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x4, 0xa, 0x48}) socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast1}, 0x6a) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) close_range$auto(0x0, 0xfffffffffffff000, 0x101) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xca481, 0x0) r1 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(r1, r1, 0x0) ioctl$auto_BLKTRACESETUP32(0xffffffffffffffff, 0xc0401273, &(0x7f0000000400)={"1483d1982625d5279e966a944dcd59a0896f65b50720b78ad86c63bb4f7ee897", 0x300, 0x8, 0x0, 0x9, 0x1, 0x0}) ioctl$auto_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000480)={"6e846fffa429728880cfe6215632ec0e046278588428bf78d4e5deae3aeb1a5d", 0x9, 0xb, 0x200, 0x200, 0x3ff, r2}) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x8, 0x1ff, 0x7c9, 0x26, 0x4909b6f5, 0x1ffde, 0x7, 0x3, 0x20000009, 0x8, 0x3, 0x4, 0x1, 0xb4, 0x9, 0x8, 0x10003, 0x80, 0x3, 0x0, 0xa, 0x22000, 0x200, 0xffffff28, 0x84, 0x0, 0x0, 0x0, 0xffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x80000, 0x0, 0xffff, 0x10, 0x0, 0x8, 0x10000, 0x0, 0x0, 0x0, 0x6, 0xbdcc, 0x0, 0xfffffffffffffffe]}, 0x1fe, 0x9) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x1892, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000380)="7b6df145d9b58ab9f7e441f22bd8a6e47699da04bd7172bf2707eef380f49c71f48bdb83adb1380c223b4d639f4317d91c36fa877cde9bb227092faddf4d1d463fea36b2ade45b8ec4df6b33558f539da0300fb35d2ec20b3d205db781c3d43047375d98bfffed6ffcef75aef65b13db885cccf58bf3da", 0x5, 0xa505}, 0x800}, 0x7, 0x4008) socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) unshare$auto(0x40000080) write$auto(0x3, 0x0, 0xffd8) read$auto(r0, 0x0, 0x20) madvise$auto(0x0, 0x5, 0x15) 3.024503654s ago: executing program 0 (id=1983): socket(0x2b, 0x4, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/block/nbd4/queue/optimal_io_size\x00', 0x40000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/nullb0\x00', 0x54081, 0x0) ioctl$auto_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000240)={"ef65ce7cb454168d6c0000000000002713df81000000ffffffffffffff2900", 0x3ff, 0x408, 0xffc, 0x400004, 0x200000000040000d}) ioctl$auto_BLKTRACETEARDOWN(r1, 0x1276, 0xc00) ioctl$auto_BLKTRACETEARDOWN(r1, 0x1276, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/system/node/node0/hugepages/hugepages-1048576kB/demote\x00', 0x1, 0x0) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="e9dfa2ab81a6a7835fcabc7addbd767ea23faa30422c4006091130cf36ed19d31452667a255036d74f288c1b1c8ff36f16ae7faee7d965e655ebbdebb068c4323d094bc1", @ANYRES16=0x0, @ANYBLOB="00032cbd7000fedbdf250200000000003500060000000800130001000100"], 0x24}, 0x1, 0x0, 0x0, 0x4c894}, 0x4008800) r3 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0) mmap$auto(0x0, 0x4000005, 0xfffffffffffffe01, 0x8051, 0x3, 0x10000000008000) mremap$auto(0x4000, 0xfee0, 0x3fd6, 0x3, 0xfffff000) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="14008601", @ANYRES16=0x0, @ANYRES8=r3], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) write$auto(r2, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x8) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000240)='/dev/usbmon35\x00', 0x640, 0x0) keyctl$auto(0x12, 0x102000000010001, 0x7f, 0x200, 0x3) read$auto(0xffffffffffffffff, 0x0, 0x80000000006) mmap$auto(0x0, 0x9, 0x2, 0x40eb2, 0xffffffffffffffff, 0x300000000000) r4 = openat$auto_generic(0xffffffffffffff9c, &(0x7f00000032c0)='/proc/kmsg\x00', 0x80002, 0x0) poll$auto(&(0x7f0000000040)={r4, 0x1000, 0x1c9}, 0x2, 0x7) bind$auto(0x3, &(0x7f0000000040)=@l2tp={0x2, 0x0, @broadcast}, 0x6a) mincore$auto(0x7ff, 0x7fffffff, &(0x7f0000000300)='\x00') gettimeofday$auto(&(0x7f0000000180)={0xa, 0xfffffffffffffffc}, &(0x7f00000001c0)={0x3d, 0x400}) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/035/001\x00', 0xa000, 0x0) 2.946725525s ago: executing program 2 (id=1984): mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_TASKSTATS_CMD_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xec}, 0x1, 0x0, 0x0, 0x4001}, 0x20000000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0x1f40) socket(0xb, 0x80000, 0x2) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x4}, 0x6) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x18dd01, 0x0) bpf$auto(0x4, 0x0, 0x6f4) r1 = socket(0x1a, 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r3 = socket(0x2b, 0x1, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) statx$auto(0xffffffffffffffff, 0x0, 0x6d7, 0x8, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mlock$auto(0x112, 0x80006) mlockall$auto(0x800000000000005) madvise$auto(0x0, 0x200007, 0x19) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) getsockopt$auto_SO_TXREHASH(r1, 0xced5, 0x4a, &(0x7f0000000080)='/dev/kvm\x00', &(0x7f0000000180)=0x7) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, 0x0, 0x9, 0x0, 0x1f, 0x9}, 0x800009}, 0x7, 0x20000000) 2.562600165s ago: executing program 0 (id=1985): sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000a, 0x8e051, 0xffffffffffffffff, 0x0) r0 = ioctl$auto_TUNSETVNETLE2(0xffffffffffffffff, 0x400454dc, &(0x7f0000000180)=0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_SESSION_CREATE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x14, r2, 0x1, 0x70bd27, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x20000010}, 0x40) sendmsg$auto_L2TP_CMD_SESSION_DELETE(r0, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x20000000) pread64$auto(0xffffffffffffffff, 0x0, 0x2, 0x100000005) ioctl$auto_SW_SYNC_GET_DEADLINE(0xffffffffffffffff, 0xc0105702, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x121900, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto(0xffffffffffffffff, 0x5410, 0xffffffffffffffff) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x10000, 0x7, 0xf, 0x40000000008fd6, 0x948b, 0x7, 0x15f4da0a, 0x3, 0x3, 0x62, 0x4, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/rose3/statistics/tx_packets\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000001100)=""/192, 0xc0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) madvise$auto(0x0, 0x2000040080000004, 0xe) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) write$auto(r5, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x10b142, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) read$auto(0x3, 0x0, 0x80) sendfile$auto(r6, r6, 0x0, 0x5) mprotect$auto(0x200000807000, 0x806121, 0x6) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000001f00), 0xffffffffffffffff) 2.4967363s ago: executing program 4 (id=1986): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000080)=""/64, 0x40) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/lapb4/carrier\x00', 0x20340, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) io_uring_setup$auto(0x0, &(0x7f0000000140)={0x4, 0x2, 0x6, 0x6, 0x5, 0xef, 0xffffffffffffffff, [0x3, 0x10000, 0x101], {0x7ff, 0x3, 0xc, 0x6, 0x0, 0x0, 0xfc2, 0x6}, {0x7, 0x5, 0x6, 0x8b83, 0xc, 0x8000, 0x9, 0xc4e, 0x7}}) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='p'], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000001140)=""/4093, 0xffd) select$auto(0x1, &(0x7f0000000140)={[0x5, 0x1, 0x6, 0x2, 0x5, 0x3, 0x9, 0x10001, 0x7, 0xffffffff00000001, 0xf, 0x0, 0xffffffffffffffff, 0xfffffffffffffffb, 0x4, 0x7]}, &(0x7f00000001c0)={[0x9, 0x5, 0x36, 0xfffffffffffffc00, 0x4, 0x3, 0x3, 0x40, 0x401, 0x40, 0x8, 0x5, 0xe, 0x1, 0xfffffffffffffffc, 0xfffffffffffffff4]}, &(0x7f0000000240)={[0x9, 0x8, 0x1000, 0x62, 0x6, 0x9, 0x101, 0x400, 0x5, 0xb7a, 0x8000000000000001, 0x8, 0x0, 0x3, 0x1, 0xb6]}, &(0x7f00000000c0)={0x7, 0x4}) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = socket(0x2, 0x2, 0x0) getsockopt$auto(r2, 0x0, 0x17, 0xfffffffffffffffc, 0x0) socket(0x2, 0x1, 0x106) setresuid$auto(0x0, 0x8, 0x0) setfsuid$auto(0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r3 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x80440, 0x0) ioctl$auto_I2C_TIMEOUT(r3, 0x702, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x359e42, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/net/rpc/nfs4.nametoid/channel\x00', 0x8f3b7a51b8162d21, 0x0) 2.077959626s ago: executing program 4 (id=1987): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000002c0), 0xffffffffffffffff) r3 = openat$auto_nsim_psample_enable_fops_psample(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim0/psample/enable\x00', 0x2, 0x0) write$auto_nsim_psample_enable_fops_psample(r3, &(0x7f0000000380)='F', 0x1) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_TSCONFIG_GET(r4, &(0x7f0000002080)={0x0, 0x0, &(0x7f0000002040)={&(0x7f0000002000)=ANY=[@ANYBLOB, @ANYRES16=r2, @ANYBLOB="01002abd7000fbdbdf252e000000180001801400020062726964676530000000000000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x0) waitid$auto_P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f00000000c0)={@_si_pad}, 0x2, &(0x7f0000000200)={{0x3, 0x67}, {0x1, 0x2d9}, 0x6, 0x3, 0x5, 0x9, 0x180000000000, 0xc, 0x2, 0x9, 0x5, 0x3, 0x917, 0x80000001, 0x401}) lstat$auto(&(0x7f0000000140)='./file0\x00', &(0x7f0000000480)={0x3, 0xe37f00, 0xc2, 0x7, 0xee00, 0x0, 0x0, 0x6, 0x2, 0x8, 0x7, 0x8, 0x4d7, 0xd997, 0x8, 0x74, 0x8}) msgctl$auto_IPC_INFO(0x37, 0x3, &(0x7f0000000540)={{0x9, 0xffffffffffffffff, 0xee01, 0xaf03, 0x6, 0x5, 0x400}, &(0x7f0000000180)=0x5, &(0x7f0000000300)=0x4, 0xfffffffffffffffb, 0xfffffffffffffffc, 0xdc7, 0x1, 0x9, 0xffff, 0xe9cc, 0x2, @inferred=0xffffffffffffffff, @raw=0x6}) r5 = syz_genetlink_get_family_id$auto_thermal(&(0x7f0000000880), r4) sendmsg$auto_THERMAL_GENL_CMD_THRESHOLD_ADD(r4, &(0x7f0000000980)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000940)={&(0x7f00000008c0)={0x48, r5, 0x10, 0x70bd25, 0x25dfdbfe, {}, [@THERMAL_GENL_ATTR_CDEV_CUR_STATE={0x8, 0x10, 0x1}, @THERMAL_GENL_ATTR_CDEV_MAX_STATE={0x8, 0x11, 0xb}, @THERMAL_GENL_ATTR_CDEV_NAME={0x14, 0x12, 'vxcan1\x00'}, @THERMAL_GENL_ATTR_TZ_TEMP={0x8, 0x3, 0x3ff}, @THERMAL_GENL_ATTR_CPU_CAPABILITY_PERFORMANCE={0x8, 0x16, 0x1ae}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000801) r6 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/driver/rtc\x00', 0x88000, 0x0) pread64$auto(r6, 0x0, 0x20, 0x1300) openat$auto_fuse_dir_operations_dir(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/bluetooth/hci1/power\x00', 0x10000, 0x0) timer_create$auto_CLOCK_REALTIME(0x0, &(0x7f00000001c0)={@sival_int=0x10000, @inferred, 0x9}, 0x0) sendmsg$auto_TIPC_NL_NODE_GET(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000001e40)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="0103000000"], 0x14}, 0x1, 0x0, 0x0, 0x2000000}, 0x4) 1.522657917s ago: executing program 2 (id=1988): socket(0xa, 0x1, 0x84) mmap$auto(0x200, 0xc, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/controlC0\x00', 0x8800, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_WOWLAN(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000100)=ANY=[@ANYBLOB="581d0000", @ANYRES16=r3, @ANYBLOB="010027bd7000fbdbdf254a00000041000e001bc6e7e10bc66696ea9b05d53fcb46cdea5e227f20ea27bbee943b059ee673eb196cbf758915ad0d31d27b34b0e98cd68af9d349f9047fced322702974000000"], 0x58}}, 0x4004010) r4 = getpgid(0x0) pidfd_open$auto(r4, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc4c85513, &(0x7f0000000240)={{@raw=0x1000, 0x81, 0x2, 0x9000000, "d5c8516798cf3d9ef2276045b627b5e193deae86d5d13eae93cbf92978b473b76ebdf49f54ff64ae2b2be273", @inferred=r4}, 0x0, @integer64=@value=[0x5094, 0x80, 0x3, 0x2, 0x3ff, 0x6, 0xbbd9, 0x5, 0x8, 0x5a, 0x1000000ffffffff, 0x1, 0x0, 0xfffffffffffffff7, 0xe97f, 0x7, 0xfffffffffffffffa, 0x0, 0x0, 0x0, 0x5, 0x4, 0x4, 0x3, 0x100000001, 0x200, 0x77, 0x8, 0xd87, 0x5, 0x400, 0x8000000000000000, 0x4, 0x40, 0xfffffffffffffffd, 0x6, 0x80000001, 0x9, 0x8, 0x40, 0x5, 0x6, 0x8, 0xd3, 0xd8f, 0x6b, 0xffffffffffffff3b, 0x100000001, 0x6eb, 0x1, 0x9, 0x0, 0x6, 0x7, 0x5, 0xf3, 0x9, 0xf3, 0xe00000000, 0x1, 0x81, 0x4, 0xffffffffffffffff, 0x2], "3e3cd047009f50266bd113418563744250b6b00b06f79fa889ff50a7dc83985ecaa5164ee4be6cb7b344201d35810e9bb78073e4e639e3f5c9a97bcb001db97f033d891de096e58b2bd2d4fa7f38dd47ce3a3da9522947dd250f2404d797ae274c3ed84c420000000000007f7e2e34bd28e9b6ebffa8710eed00"}) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x745502, 0x0) read$auto(r5, 0x0, 0x20) writev$auto(r0, &(0x7f0000000200)={0x0, 0x3}, 0x3) prctl$auto(0x16, 0x1, 0x6, 0x7fffffff, 0x4) uname$auto(0x0) mmap$auto(0xffffffffffffffff, 0xa7, 0xe3, 0x840009b72, r5, 0xa0) socketpair$auto(0x3, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r6 = socket(0xa, 0x3, 0x3b) capget$auto(0x0, 0xfffffffffffffffe) getsockopt$auto(r6, 0x29, 0x30, 0x0, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2480c2, 0x0) ioctl$auto(0x3, 0x80026f48, r7) setsockopt$auto(0x3, 0x10000000084, 0x85, 0x0, 0x90) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) 1.518995318s ago: executing program 4 (id=1989): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/net/rpc/nfs4.nametoid/channel\x00', 0x8f3b7a51b8162d21, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0) mmap$auto(0x0, 0xfffffffffefffffb, 0xdd, 0xeb0, 0x40000000000a5, 0x8000) ioctl$auto(r0, 0x402c542d, 0x38) getpid() mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r1, 0x0, 0x100000a3d9) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r2, 0x4, 0x7ff) ptrace$auto_PTRACE_SINGLEBLOCK(0x21, r2, 0x7, 0x7) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) 1.390881344s ago: executing program 0 (id=1990): socket(0x2, 0x5, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000002ec0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000240)={0x30, r1, 0x1, 0x70bd29, 0x25dfdbff, {}, [@ETHTOOL_A_LINKMODES_OURS={0x4}, @ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x11}, 0x2400c802) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0x3, 0x10000000084, 0x2, 0x0, 0x4) shmat$auto(0x200, &(0x7f0000000040)='syz_tun\x00', 0xfffffffc) 1.287113737s ago: executing program 0 (id=1991): sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000a, 0x8e051, 0xffffffffffffffff, 0x0) r0 = ioctl$auto_TUNSETVNETLE2(0xffffffffffffffff, 0x400454dc, &(0x7f0000000180)=0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_SESSION_CREATE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x14, r2, 0x1, 0x70bd27, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x20000010}, 0x40) sendmsg$auto_L2TP_CMD_SESSION_DELETE(r0, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x20000000) pread64$auto(0xffffffffffffffff, 0x0, 0x2, 0x100000005) ioctl$auto_SW_SYNC_GET_DEADLINE(0xffffffffffffffff, 0xc0105702, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x121900, 0x0) writev$auto(0x3, 0x0, 0x8) r3 = open(&(0x7f00000000c0)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r4, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) bpf$auto(0x0, 0x0, 0x10) flock$auto(r3, 0x6) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto(0xffffffffffffffff, 0x5410, 0xffffffffffffffff) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x10000, 0x7, 0xf, 0x40000000008fd6, 0x948b, 0x7, 0x15f4da0a, 0x3, 0x3, 0x62, 0x4, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/rose3/statistics/tx_packets\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000001100)=""/192, 0xc0) write$auto(r5, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) madvise$auto(0x0, 0x2000040080000004, 0xe) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) r7 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/loop5\x00', 0x54f202, 0x0) write$auto(r7, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x10b142, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 924.276998ms ago: executing program 5 (id=1992): close_range$auto(0xffffffffffffffff, 0x8, 0x0) pidfd_open$auto(0x1, 0x0) socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x0, @remote}, 0x6e) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/vivid.0/video4linux/video12/power/control\x00', 0x1a1d00, 0x0) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/tracing_cpumask\x00', 0x688480, 0x0) mmap$auto(0x0, 0x20009, 0x7, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/bpq1/mtu\x00', 0x84002, 0x0) socketpair$auto(0x1, 0x1, 0x4, 0x0) inotify_init1$auto(0x3000000000000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, 0x0, 0xeac40, 0x0) socket(0x10, 0x2, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x20480, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x0) inotify_init1$auto(0x3000000000000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socketpair$auto(0x3, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12de82, 0x0) ioctl$auto(0x3, 0x40106f52, r0) 658.094843ms ago: executing program 2 (id=1993): mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) r0 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r0, 0x0, 0x9, 0x20000000) write$auto(0x3, 0x0, 0xfffffdef) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(r2, 0x0, 0x0) sendmsg$auto_NLBL_UNLABEL_C_STATICADD(r2, 0x0, 0x20000000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x4000000000001, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x20000002, 0xfffffffffffffffe]}, 0x0) socket(0x1a, 0x4, 0x6) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000023, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r3, &(0x7f0000000e00)="51426572911c17e9dd66bf94ea32689283bb895dbc0a97721ed6e250c974356905898b7d48acecddf280cf6dd4ba18c1aa3928071cac85025ceab0e2f34f37ddec138ea587fc4def825608b0ab2a6ecac42062bd3c58ba606307b7471b20a40ffa168b91dde4727571c4ec94bfbde1df90ccb265ffda374c98ffb1ee22069af38a3f200532dbbe5e98f4455170e9a137517b9b7b8840359940ab00f37125c2bec0ac36606b6c69edb35967d723fb81a15faea2bd280d1581ad1ef597bb4dc09f6a5d53aaff1877b77c4e425761dc09d34498c1fce72c0ba1041a99b8748a37597b9567cda1de2cbf6962798e5ee11bf7cb2c70a9502f33c43b8e5dc54de743a2e24cb94c22d669b434888a7ce4cb16cd77b324258e07af32adc0cb38f8c622085783f6804edc3913fb9e98c55713fa0bf8101ad0f6f43407ce4be0001d1bb201bec283ade79ab23484c1076e703864629ac9a6031533dc956f705f89f0e0ef7d3109e46859d1f2ad1b8cb3cfcedf868a3be101e8b9acd75e39e6a27a541aa9fe86ad3119b7049c3fad2a901222eb948cabb4b5c3e5ba6ffc02a15bf7d550b00ab0f3dd3002924f7bd0701269ae293c4cb231b9127d1f6b38dd6fbb3429905384eed7eed9330a9c5e732bdd510169d9ca3e420ea2102be3770a0ab598c037b8f01e8910cf8b0942aafb156ac90724cf552df158a7f59c26e62f3fcf32d860c2259cb1b3118a773ff3cfbaf9c5b068dade5cd7778f1ea98700629b62534735fef3071c30afa6ea26f7e651ec140936c07d9e90f1c9faef3e05376b1e121af6a6691616c10e19fd4f16b1858b44d99e597908cda0e8fa8c21d8b700987d7723a4b5a4ff3c371f2d1cb9fb2f054abc58727239ba67a173f1431083fedc7c4304488c13c75e4995a58ac9de085377356ddc5338aeb44e7f3d06f82a5e0c846159c881a0395a3dbf32a9f2530a520721431a752b13b01a89bdf2b38387b72e8a533936623ec396f6ef94ddfcca047bf20a6fe450a03dedb36a57355e2519ff579b5c63095f48407ece8a7c6c4f5b2582616f0a6bba059810c0a28355fb08dceec9e290026452c3135f8ad93f9617f22e590122d43f6fdc1ea0f9ec12c551b5127108443bb081f7a89660034ea4f3c4305108428cc91918dbb28c2a117f09609e40903b13055e92a727afa767b1f97df335ee729686c0113e4cc18aa50f4ad82b1d403cc6c11ac3bf63415560417d7d488df01b69c925ca3fce60ca7ac767fd11df61caf62f3ab67dad043faf1cc334903e0f419c2e97553ecaad5814bf097192e76e9a16bc5c9be932718aba32cd7dbcc6bc634a463c6f709cc81963b39442e710c14c7e107b0aeb7b6a0e3f3757860d10dd741863277c43ce4dcec49f4558959b08f59182baf4f250aa045fee383ceaec280817bf222dfbeeca8c1ec8473176326c1ffd49ea072b5f3c73f36865b6052a1595c1bb76cfe37f976848fbcb408381ddeff9c318a2e6bbfe6c18ef16531fec3c47874a5391238c0d6b0e033db3fce94127cc9c98a4211e5d873f7b4810846d96be2d6cac532fce0ddee737e4d1ddb65b8b2449984a897e4090449ed4fb4006fb9d133e51396d4664a3f0c395c5b24781f8389979ccb565c6461b66db7134d15cff5ae8f935a5bcb23caace2edd2b37a726575e3cb0528de05edd9f03e30feb617767b6a557280a0a288b52af44a1607b6063867e5c9d8d56c44968fd509b5983fa06e6b1eefb2f8cee0c1cb49b8b569cf13b77adbc22ce972cd718167ac571ee41a446d13931f849d5636c729996b36ec84171fde260a4e01e9770cf687591a79833ae6473c51e12c0faab96ef093e6178d485526dbf775c94324c76bd4af2652e9036b1cc0d3df05c9232ee6eef7c4f46a6cf8ad160ad087aba6928bf156bf3ade1d135a965c4a2b283485737da67fe99227f2fbfb3baa74d75fe29122adfd82fcb9325b7ea826a52559654e76d494a374d9535facfcd4ab248e388c516bb8a0dc151b1557e418fd7c625c67ab1c50d6f05b97ba15c55631aeea44b21131aa93ead176f7bfd1418856e28782f004f272738827a64bb695f6b6a08cff8d1917be52a8851bd2bfd57d08bb0660e2ffc23792a419c2e9b006e3b0ad05044d99b97391fd2cceb86cf26acebe089a861340b04fd01e1baa70583032a30ea2e605217b80f7ee16d7e28be43d12bb2b67937dd26a8aeb84fef2f2d52f75232a400e7b279dcfc01953b0c46203477a50b5853e8f7b14b2ba31db742504bca6ed95b18846706c9fd85bf2a3a2642029b9ff2828bf0f7cbd96109a237961be8fe5c62f0fcc04c994f123f4a22f048403eac9308cfd2f2e4350c72e9ef83416ce973d3aa90d281a0275886dd3858b5869784ae58e257aa5af6d373dcc9cf520e364be748833adbb10daa6f6a334b51d27529d86ea5ce874562f9f93da45d244224b936fced3b658abbe7aa1f0d502fffce823f528ab47ea3540722f144733666229ae08cfc7e61247742ea4e3c180938ae7c7b81c1ee975c831f79672e044cefc49894c2ab73bba2580ac476cc0e56b6748b8edbb37a3f8dda7ffad4ec07abce7c4d10fc32e40d5a9db37f7b1e3a6eabedbefa9dd8eef189b92363d3391d384af26b7d47958d3d82845c9b668da5bcbd64058dc9e1c6d903ab5d2aa049d197116a11309a1abe9e5b3f9e7f1c623242b1d8089bc369d145a7070e8a9bdf543dbffe899ff9366009a3b0424a634681b530dad9ef23f136a10c7287068e57f3c2de45adf0a105c328e0035b97168f4c17aa4610b2e6e1a6ba0b71c06417b7a9497be4a009b19d7162adfd4d7b6490faf3782a920281333ad09b848ab5f4d15534b8c4e43dc9604b0630f8d349b2c80a98fde04693c31cbed7d460edfc0138dcc5d3974e682bbd555ac19625bf6e0607d8803391ec9c2dc41fc4e8bceae4f53507137324dd02914a067d52a577b812ddac4a34765c26a98839b3edb6290abff0c75991d6f8c1bd7540f38a7f25fec2f3539f894c938e1f3cf0ff1e6994d6a6ecc457a482f045ba712a85e8e31afd49c8e3480dc1c36d56ab2eceac6e5a847455d8ef4e3d45cd463c421bd1bce2ca57dd88f0e7ab3446cdfa8cb3914c240936f1738af7009e9131b240b59af55d7e38307b91fc8f00410cfdcfacaa341607a801afa63640091eb00b860700ea882878a8d9838f5597b970366be7d167ddebfe3c9253b5dbf7f30a67ee4d87dccb3c723c20200aa5fc036caf12811b19ce49c81ce328d7b24587353ecb99bafd327e33303cf447b36800d1bed8ee10df527d55c0d5f7506fb11cb1338074113579e665c6f3cffde5a8ee98a7bf3f8157986cf7c1c5dbdedaacbe3946b3d8809dec7387f006c062b93b6b481a806e5544ddeea7218fcc15c25a88164bfd0735e6290167cb2dbf4b4a317ba00b1fc27d203a6cff71ef8fe97a97d8e07af2ce1d0a0a2aa9ede7dd0572325075c83c2ecf866aa01654eff55ebe4e489e72152e6a3090e2348732704eb02997ffd23a63faabfbbbd1fb124cab606faed24a393058cea1c1286001ee5c0c1fa26b6a81ebdd4718a94cebdb45bfe812c771df398d3305da03d37ced9d0242b6da212dc9f5c14d7ff999bee20f6621792d1442e449eba8589a823e5e99c65fdffbaefe89e2e32406ec4cf574e335e2d288e4cdad56f4b1b57c364ed3e28809e480d6f410c7ebf43bd2a605d6a8c9facae6b7f8f2c56f792ae21fc0cc5dd9beae0cab3547ebb5467183c2f01bc315bd7bd191088886752dc5108093bdbc91348743440130f33d3dfa9c25490245e5fa904f8660e82253c826b7bea4e9a7a1c627e10c56d71878a644bd176016f29cf5398be14cc0fdec45c65e2b967aedb75212eed1eb05a44da62190009d1c08163b74813b82c27f1e6cd681a4b5150f967444b7bc930da68603fd706e96ba8663b2e50ef0a9b04e321a8a337b08fea7288a3fef5062c7e4c17ad3d490870d39c10b78a74eab25c993527e313a4f59d86de55aa9a8a63f734c2db556692fe993b0cd08e0ab5434c9ec02d5127354f55e6b5d5a7b61685d02edae21ece71d203abf7408211229a9ebbfdeffa2c0f38db274066d0706d80398c172e6daf4a0dce62c2287cbf0d30cfa313d7baf4e5caa18f594f0ab0d854f3cef76ff83e96fa49d0e0f8a47193b51a0a45aee2e1d9a5b372b8ee828f645a06979ec351d798480c7824e846028c02f58b5641acbae1e2079abd86182a662bb1642c9346d7fba628fb012da293acef33b8b76a8885c2e5d685348b6148c5b44409f58d8d5f29344fe8a2e4c2432ae622bb1912ea65d5574bff895025bd72cd780d59cbaa0886afd5d6676d2de6266903115525c075cc3f75ce9eba3787a890e1f758f0e502c4c9c0538dc94", 0xc2d) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) mmap$auto(0x0, 0x40009, 0xdf, 0x9b76, 0xffffffffffffffff, 0x28000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x81a, r2, 0x8000) 528.652634ms ago: executing program 5 (id=1994): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000009c0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_ACT(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000100)={0x2c, r1, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@ETHTOOL_A_CABLE_TEST_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40801}, 0x80) 354.697945ms ago: executing program 0 (id=1995): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) clone$auto(0xb74b, 0xfffffffe, &(0x7f00000003c0)=0x99, 0x0, 0xc) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x183841, 0x0) write$auto(r0, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) r1 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000001900), 0xc0041, 0x0) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) ioctl$auto(r1, 0x40246f4c, 0x38) 325.2692ms ago: executing program 5 (id=1996): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0xa, 0x1, 0x84) socket(0x23, 0x80805, 0x0) fanotify_init$auto(0x5, 0x2000000000002) io_uring_setup$auto(0x3, 0x0) pipe$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) socket(0x2, 0x3, 0xa) socket(0x2, 0x801, 0x106) socket(0x15, 0x5, 0x0) socket(0x10, 0x2, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @loopback, 0x3}, 0x55) write$auto(0x3, 0x0, 0x578) (fail_nth: 26) 163.7613ms ago: executing program 4 (id=1997): unshare$auto(0x40000080) (async) setsockopt$auto(0xffffffffffffffff, 0x8, 0x7fff, &(0x7f0000000040)='/dev/tty0\x00', 0x78e) r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000001900), 0xffffffffffffffff) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async) openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, 0x0, 0x981e82, 0x0) socket(0x6, 0x2, 0x80000000) (async) close_range$auto(0x2, 0x8, 0x0) (async) bpf$auto(0x0, &(0x7f0000000340)=@bpf_attr_5={@target_fd=0x5, 0x7f, 0x9c, 0x7b2, 0x1, @relative_id=0xfa, 0x80}, 0x96) preadv$auto(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f00000001c0), 0x82}, 0x8, 0x6, 0x5) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000b00), 0xffffffffffffffff) (async) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) (async) sendmsg$auto_MACSEC_CMD_GET_TXSC(r0, &(0x7f00000000c0)={0x0, 0xf00, &(0x7f0000000000)={&(0x7f0000001940)={0x14, r1, 0x186f202170196f7b, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x200008d0}, 0x40080c4) 0s ago: executing program 5 (id=1998): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x34, r1, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, 'HfR\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}, @OVS_DP_ATTR_USER_FEATURES={0x8, 0x5, 0xfffffff8}]}, 0x34}, 0x1, 0x0, 0x0, 0x801}, 0x80) open(&(0x7f0000000380)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x103040, 0xd1) kernel console output (not intermixed with test programs): noprof+0x5a/0x3b0 [ 593.981717][T12422] should_failslab+0xc2/0x120 [ 593.981749][T12422] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 593.981776][T12422] ? __pfx___might_resched+0x10/0x10 [ 593.981801][T12422] ? __anon_vma_prepare+0xae/0x5e0 [ 593.981831][T12422] __anon_vma_prepare+0xae/0x5e0 [ 593.981855][T12422] ? __filemap_get_folio+0x32b/0xc30 [ 593.981890][T12422] __vmf_anon_prepare+0x11c/0x240 [ 593.981929][T12422] hugetlb_fault+0x1ba4/0x2f40 [ 593.981958][T12422] ? __pfx_hugetlb_fault+0x10/0x10 [ 593.981992][T12422] ? find_vma+0xbf/0x140 [ 593.982022][T12422] ? __pfx_find_vma+0x10/0x10 [ 593.982057][T12422] handle_mm_fault+0xbfa/0xd10 [ 593.982083][T12422] ? __bpf_trace_exceptions+0x1/0x40 [ 593.982121][T12422] do_user_addr_fault+0x7a6/0x1370 [ 593.982162][T12422] ? rcu_is_watching+0x12/0xc0 [ 593.982189][T12422] exc_page_fault+0x5c/0xb0 [ 593.982214][T12422] asm_exc_page_fault+0x26/0x30 [ 593.982236][T12422] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 593.982272][T12422] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 593.982295][T12422] RSP: 0018:ffffc9000bea7cf8 EFLAGS: 00050246 [ 593.982314][T12422] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000008 [ 593.982328][T12422] RDX: ffffed100d4b2341 RSI: 0000000000000000 RDI: ffff88806a591a00 [ 593.982343][T12422] RBP: 0000000000000008 R08: 0000000000000001 R09: ffffed100d4b2340 [ 593.982357][T12422] R10: ffff88806a591a07 R11: 0000000000000000 R12: 0000000000000000 [ 593.982371][T12422] R13: ffff88806a591a00 R14: 0000000000000000 R15: 0000000000000008 [ 593.982401][T12422] _copy_from_user+0x98/0xd0 [ 593.982442][T12422] sctp_setsockopt+0x2045/0xb870 [ 593.982481][T12422] ? __pfx_sctp_setsockopt+0x10/0x10 [ 593.982511][T12422] ? find_held_lock+0x2b/0x80 [ 593.982538][T12422] ? aa_sock_opt_perm+0xfd/0x1c0 [ 593.982572][T12422] ? sock_common_setsockopt+0x2e/0xf0 [ 593.982603][T12422] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 593.982637][T12422] do_sock_setsockopt+0xf3/0x1d0 [ 593.982674][T12422] __sys_setsockopt+0x120/0x1a0 [ 593.982704][T12422] __x64_sys_setsockopt+0xbd/0x160 [ 593.982727][T12422] ? do_syscall_64+0x91/0x490 [ 593.982752][T12422] ? lockdep_hardirqs_on+0x7c/0x110 [ 593.982777][T12422] do_syscall_64+0xcd/0x490 [ 593.982806][T12422] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 593.982829][T12422] RIP: 0033:0x7eff3978ebe9 [ 593.982849][T12422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 593.982882][T12422] RSP: 002b:00007eff3a653038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 593.982910][T12422] RAX: ffffffffffffffda RBX: 00007eff399b6090 RCX: 00007eff3978ebe9 [ 593.982931][T12422] RDX: 0000000000000081 RSI: 0000010000000084 RDI: 0000000000000003 [ 593.982952][T12422] RBP: 00007eff39811e19 R08: 0000000000000008 R09: 0000000000000000 [ 593.982971][T12422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 593.982990][T12422] R13: 00007eff399b6128 R14: 00007eff399b6090 R15: 00007ffea33a2b08 [ 593.983033][T12422] [ 595.221621][T12441] netlink: 146 bytes leftover after parsing attributes in process `syz.5.1163'. [ 595.842330][T12442] can: request_module (can-proto-0) failed. [ 597.637332][ T30] audit: type=1804 audit(4294967491.340:24): pid=12468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1171" name="/newroot/sys/kernel/tracing/free_buffer" dev="tracefs" ino=32 res=1 errno=0 [ 597.966491][T12469] FAULT_INJECTION: forcing a failure. [ 597.966491][T12469] name fail_futex, interval 1, probability 0, space 0, times 0 [ 597.990541][T12469] CPU: 0 UID: 0 PID: 12469 Comm: syz.2.1170 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 597.990574][T12469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 597.990587][T12469] Call Trace: [ 597.990595][T12469] [ 597.990603][T12469] dump_stack_lvl+0x16c/0x1f0 [ 597.990632][T12469] should_fail_ex+0x512/0x640 [ 597.990664][T12469] get_futex_key+0x1d0/0x1560 [ 597.990695][T12469] ? __pfx_get_futex_key+0x10/0x10 [ 597.990723][T12469] ? __mutex_trylock_common+0xe9/0x250 [ 597.990762][T12469] futex_wake+0xea/0x530 [ 597.990797][T12469] ? __pfx_futex_wake+0x10/0x10 [ 597.990843][T12469] do_futex+0x1e3/0x350 [ 597.990872][T12469] ? __pfx_do_futex+0x10/0x10 [ 597.990898][T12469] ? __might_fault+0xe3/0x190 [ 597.990932][T12469] mm_release+0x24e/0x300 [ 597.990959][T12469] do_exit+0x68e/0x2bf0 [ 597.990997][T12469] ? __pfx_do_exit+0x10/0x10 [ 597.991027][T12469] ? do_raw_spin_lock+0x12c/0x2b0 [ 597.991071][T12469] ? find_held_lock+0x2b/0x80 [ 597.991098][T12469] do_group_exit+0xd3/0x2a0 [ 597.991133][T12469] get_signal+0x2673/0x26d0 [ 597.991167][T12469] ? do_raw_spin_lock+0x12c/0x2b0 [ 597.991203][T12469] ? __pfx_get_signal+0x10/0x10 [ 597.991229][T12469] ? do_futex+0x122/0x350 [ 597.991258][T12469] ? __pfx_do_futex+0x10/0x10 [ 597.991292][T12469] arch_do_signal_or_restart+0x8f/0x790 [ 597.991325][T12469] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 597.991372][T12469] exit_to_user_mode_loop+0x84/0x110 [ 597.991408][T12469] do_syscall_64+0x3f6/0x490 [ 597.991437][T12469] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 597.991460][T12469] RIP: 0033:0x7fd59bd8ebe9 [ 597.991478][T12469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 597.991500][T12469] RSP: 002b:00007fd59cbb50e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 597.991521][T12469] RAX: fffffffffffffe00 RBX: 00007fd59bfb6098 RCX: 00007fd59bd8ebe9 [ 597.991537][T12469] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fd59bfb6098 [ 597.991551][T12469] RBP: 00007fd59bfb6090 R08: 0000000000000000 R09: 0000000000000000 [ 597.991564][T12469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 597.991577][T12469] R13: 00007fd59bfb6128 R14: 00007ffc6e117230 R15: 00007ffc6e117318 [ 597.991606][T12469] [ 598.226238][ C0] vkms_vblank_simulate: vblank timer overrun [ 598.916666][T12485] svc: failed to register nfsdv3 RPC service (errno 111). [ 598.989220][T12485] svc: failed to register nfsaclv3 RPC service (errno 111). [ 599.231348][T12495] ubi: mtd0 is already attached to ubi0 [ 600.081524][ T30] audit: type=1326 audit(4294967493.780:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12499 comm="syz.0.1177" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff90398ebe9 code=0x0 [ 602.900491][ T52] Bluetooth: hci0: Unable to find connection for big 0xd2 [ 605.964164][T12594] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19 [ 606.360385][T12595] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20 [ 607.179836][T12604] FAULT_INJECTION: forcing a failure. [ 607.179836][T12604] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 607.227785][T12604] CPU: 1 UID: 0 PID: 12604 Comm: syz.0.1202 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 607.227831][T12604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 607.227849][T12604] Call Trace: [ 607.227859][T12604] [ 607.227871][T12604] dump_stack_lvl+0x16c/0x1f0 [ 607.227914][T12604] should_fail_ex+0x512/0x640 [ 607.227958][T12604] _copy_from_user+0x2e/0xd0 [ 607.228005][T12604] move_addr_to_kernel+0x65/0x170 [ 607.228054][T12604] __sys_bind+0x11b/0x260 [ 607.228102][T12604] ? __pfx___sys_bind+0x10/0x10 [ 607.228166][T12604] ? __pfx_ksys_write+0x10/0x10 [ 607.228207][T12604] __x64_sys_bind+0x72/0xb0 [ 607.228246][T12604] ? lockdep_hardirqs_on+0x7c/0x110 [ 607.228275][T12604] do_syscall_64+0xcd/0x490 [ 607.228309][T12604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 607.228337][T12604] RIP: 0033:0x7ff90398ebe9 [ 607.228358][T12604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 607.228385][T12604] RSP: 002b:00007ff901bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 607.228410][T12604] RAX: ffffffffffffffda RBX: 00007ff903bb5fa0 RCX: 00007ff90398ebe9 [ 607.228428][T12604] RDX: 000000000000006b RSI: 0000000000000000 RDI: 0000000000000003 [ 607.228444][T12604] RBP: 00007ff901bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 607.228467][T12604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 607.228483][T12604] R13: 00007ff903bb6038 R14: 00007ff903bb5fa0 R15: 00007ffddaf8c548 [ 607.228517][T12604] [ 607.845661][T12612] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 608.634948][T12614] ubi: mtd0 is already attached to ubi0 [ 608.917398][T12630] FAULT_INJECTION: forcing a failure. [ 608.917398][T12630] name failslab, interval 1, probability 0, space 0, times 0 [ 608.969187][T12630] CPU: 0 UID: 0 PID: 12630 Comm: syz.0.1208 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 608.969239][T12630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 608.969259][T12630] Call Trace: [ 608.969269][T12630] [ 608.969281][T12630] dump_stack_lvl+0x16c/0x1f0 [ 608.969322][T12630] should_fail_ex+0x512/0x640 [ 608.969359][T12630] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 608.969402][T12630] should_failslab+0xc2/0x120 [ 608.969445][T12630] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 608.969484][T12630] ? __alloc_skb+0x2b2/0x380 [ 608.969522][T12630] __alloc_skb+0x2b2/0x380 [ 608.969554][T12630] ? __pfx___alloc_skb+0x10/0x10 [ 608.969589][T12630] ? __pfx___might_resched+0x10/0x10 [ 608.969631][T12630] netlink_alloc_large_skb+0x69/0x130 [ 608.969671][T12630] netlink_sendmsg+0x6a1/0xdd0 [ 608.969715][T12630] ? __pfx_netlink_sendmsg+0x10/0x10 [ 608.969757][T12630] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 608.969815][T12630] __sys_sendto+0x4a0/0x520 [ 608.969847][T12630] ? __pfx___sys_sendto+0x10/0x10 [ 608.969910][T12630] ? ksys_write+0x1ac/0x250 [ 608.969945][T12630] ? __pfx_ksys_write+0x10/0x10 [ 608.969989][T12630] __x64_sys_sendto+0xe0/0x1c0 [ 608.970019][T12630] ? do_syscall_64+0x91/0x490 [ 608.970056][T12630] ? lockdep_hardirqs_on+0x7c/0x110 [ 608.970089][T12630] do_syscall_64+0xcd/0x490 [ 608.970129][T12630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 608.970163][T12630] RIP: 0033:0x7ff903990a7c [ 608.970188][T12630] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 608.970229][T12630] RSP: 002b:00007ff901bf4ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 608.970260][T12630] RAX: ffffffffffffffda RBX: 00007ff901bf4fc0 RCX: 00007ff903990a7c [ 608.970281][T12630] RDX: 0000000000000020 RSI: 00007ff901bf5010 RDI: 0000000000000003 [ 608.970301][T12630] RBP: 0000000000000000 R08: 00007ff901bf4f14 R09: 000000000000000c [ 608.970321][T12630] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 608.970340][T12630] R13: 00007ff901bf4f68 R14: 00007ff901bf5010 R15: 0000000000000000 [ 608.970381][T12630] [ 609.191818][ C0] vkms_vblank_simulate: vblank timer overrun [ 609.294702][T12634] FAULT_INJECTION: forcing a failure. [ 609.294702][T12634] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 609.294898][T12634] CPU: 0 UID: 0 PID: 12634 Comm: syz.2.1210 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 609.294947][T12634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 609.294966][T12634] Call Trace: [ 609.294977][T12634] [ 609.294988][T12634] dump_stack_lvl+0x16c/0x1f0 [ 609.295028][T12634] should_fail_ex+0x512/0x640 [ 609.295073][T12634] should_fail_alloc_page+0xe7/0x130 [ 609.295122][T12634] prepare_alloc_pages+0x3c2/0x610 [ 609.295178][T12634] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 609.295227][T12634] ? __pfx_stack_trace_save+0x10/0x10 [ 609.295272][T12634] ? look_up_lock_class+0x59/0x150 [ 609.295309][T12634] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 609.295348][T12634] ? find_held_lock+0x2b/0x80 [ 609.295407][T12634] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 609.295459][T12634] ? policy_nodemask+0xea/0x4e0 [ 609.295506][T12634] alloc_pages_mpol+0x1fb/0x550 [ 609.295551][T12634] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 609.295609][T12634] alloc_pages_noprof+0x131/0x390 [ 609.295654][T12634] __pmd_alloc+0x3b/0x930 [ 609.295705][T12634] __handle_mm_fault+0xa06/0x2a50 [ 609.295745][T12634] ? mt_find+0x3ef/0xa30 [ 609.295795][T12634] ? __pfx___handle_mm_fault+0x10/0x10 [ 609.295825][T12634] ? __pfx_mt_find+0x10/0x10 [ 609.295888][T12634] ? find_vma+0xbf/0x140 [ 609.295938][T12634] ? __pfx_find_vma+0x10/0x10 [ 609.295986][T12634] handle_mm_fault+0x589/0xd10 [ 609.296022][T12634] ? __bpf_trace_exceptions+0x1/0x40 [ 609.296077][T12634] do_user_addr_fault+0x7a6/0x1370 [ 609.296132][T12634] ? rcu_is_watching+0x12/0xc0 [ 609.296172][T12634] exc_page_fault+0x5c/0xb0 [ 609.296205][T12634] asm_exc_page_fault+0x26/0x30 [ 609.296235][T12634] RIP: 0010:rep_movs_alternative+0x11/0x90 [ 609.296283][T12634] Code: e9 14 23 04 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f [ 609.296314][T12634] RSP: 0018:ffffc9000432faf0 EFLAGS: 00050202 [ 609.296339][T12634] RAX: 0000000000000030 RBX: 0000000000000002 RCX: 0000000000000002 [ 609.296358][T12634] RDX: ffffed100b06c801 RSI: ffff888058364000 RDI: 0000000000000000 [ 609.296378][T12634] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed100b06c800 [ 609.296396][T12634] R10: ffff888058364001 R11: 0000000000000000 R12: ffffc9000432fda0 [ 609.296416][T12634] R13: 0000000000000002 R14: ffff888058364000 R15: 00007ffffffff000 [ 609.296458][T12634] _copy_to_iter+0x383/0x16f0 [ 609.296507][T12634] ? __mutex_unlock_slowpath+0x163/0x800 [ 609.296552][T12634] ? __pfx__copy_to_iter+0x10/0x10 [ 609.296598][T12634] ? kernfs_seq_stop+0xcd/0x120 [ 609.296636][T12634] ? kernfs_put_active+0x86/0xe0 [ 609.296689][T12634] seq_read_iter+0xcf8/0x12c0 [ 609.296752][T12634] kernfs_fop_read_iter+0x40f/0x5a0 [ 609.296781][T12634] ? rw_verify_area+0xcf/0x6c0 [ 609.296816][T12634] vfs_read+0x8bc/0xc60 [ 609.296875][T12634] ? __pfx___mutex_lock+0x10/0x10 [ 609.296918][T12634] ? __pfx_vfs_read+0x10/0x10 [ 609.296984][T12634] ksys_read+0x12a/0x250 [ 609.297021][T12634] ? __pfx_ksys_read+0x10/0x10 [ 609.297070][T12634] do_syscall_64+0xcd/0x490 [ 609.297110][T12634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 609.297141][T12634] RIP: 0033:0x7fd59bd8ebe9 [ 609.297165][T12634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 609.297195][T12634] RSP: 002b:00007fd59cbd6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 609.297223][T12634] RAX: ffffffffffffffda RBX: 00007fd59bfb5fa0 RCX: 00007fd59bd8ebe9 [ 609.297243][T12634] RDX: 0000000000000020 RSI: 0000000000000000 RDI: 0000000000000003 [ 609.297261][T12634] RBP: 00007fd59cbd6090 R08: 0000000000000000 R09: 0000000000000000 [ 609.297280][T12634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 609.297297][T12634] R13: 00007fd59bfb6038 R14: 00007fd59bfb5fa0 R15: 00007ffc6e117318 [ 609.297336][T12634] [ 612.170210][ T52] Bluetooth: hci2: Unable to find connection for big 0xd2 [ 612.983687][T12695] ubi: mtd0 is already attached to ubi0 [ 614.330137][T12713] tc_dump_action: action bad kind [ 615.428158][T12728] FAULT_INJECTION: forcing a failure. [ 615.428158][T12728] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 615.451415][T12728] CPU: 1 UID: 0 PID: 12728 Comm: syz.0.1232 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 615.451463][T12728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 615.451483][T12728] Call Trace: [ 615.451494][T12728] [ 615.451505][T12728] dump_stack_lvl+0x16c/0x1f0 [ 615.451548][T12728] should_fail_ex+0x512/0x640 [ 615.451601][T12728] should_fail_alloc_page+0xe7/0x130 [ 615.451654][T12728] prepare_alloc_pages+0x3c2/0x610 [ 615.451703][T12728] ? rcu_is_watching+0x12/0xc0 [ 615.451741][T12728] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 615.451790][T12728] ? rcu_is_watching+0x12/0xc0 [ 615.451823][T12728] ? trace_mm_page_alloc+0x11f/0x1a0 [ 615.451866][T12728] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 615.451896][T12728] ? stack_trace_save+0x8e/0xc0 [ 615.451923][T12728] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 615.451962][T12728] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 615.451990][T12728] ? __get_vm_area_node+0x1ca/0x330 [ 615.452026][T12728] ? __vmalloc_node_noprof+0xad/0xf0 [ 615.452046][T12728] ? __do_sys_init_module+0x158/0x250 [ 615.452077][T12728] ? do_syscall_64+0xcd/0x490 [ 615.452102][T12728] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 615.452138][T12728] alloc_pages_bulk_noprof+0x71c/0x1410 [ 615.452167][T12728] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 615.452204][T12728] ? policy_nodemask+0xea/0x4e0 [ 615.452239][T12728] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 615.452270][T12728] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 615.452313][T12728] kasan_populate_vmalloc+0xf1/0x1f0 [ 615.452348][T12728] alloc_vmap_area+0x959/0x29c0 [ 615.452395][T12728] ? __pfx_alloc_vmap_area+0x10/0x10 [ 615.452438][T12728] __get_vm_area_node+0x1ca/0x330 [ 615.452481][T12728] __vmalloc_node_range_noprof+0x271/0x14b0 [ 615.452505][T12728] ? __do_sys_init_module+0x158/0x250 [ 615.452539][T12728] ? futex_private_hash_put+0x176/0x300 [ 615.452572][T12728] ? __do_sys_init_module+0x158/0x250 [ 615.452627][T12728] ? __pfx_futex_wait+0x10/0x10 [ 615.452662][T12728] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 615.452687][T12728] ? rcu_is_watching+0x12/0xc0 [ 615.452713][T12728] ? aa_get_newest_label+0xd2/0x250 [ 615.452754][T12728] ? __do_sys_init_module+0x158/0x250 [ 615.452786][T12728] __vmalloc_node_noprof+0xad/0xf0 [ 615.452807][T12728] ? __do_sys_init_module+0x158/0x250 [ 615.452843][T12728] __do_sys_init_module+0x158/0x250 [ 615.452876][T12728] ? __pfx___do_sys_init_module+0x10/0x10 [ 615.452922][T12728] ? xfd_validate_state+0x61/0x180 [ 615.452956][T12728] ? __pfx_ksys_write+0x10/0x10 [ 615.452992][T12728] do_syscall_64+0xcd/0x490 [ 615.453021][T12728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 615.453044][T12728] RIP: 0033:0x7ff90398ebe9 [ 615.453062][T12728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 615.453085][T12728] RSP: 002b:00007ff901bf6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000af [ 615.453108][T12728] RAX: ffffffffffffffda RBX: 00007ff903bb5fa0 RCX: 00007ff90398ebe9 [ 615.453124][T12728] RDX: 0000000000000000 RSI: 00000000000ffff9 RDI: 0000000000000000 [ 615.453138][T12728] RBP: 00007ff903a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 615.453152][T12728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 615.453166][T12728] R13: 00007ff903bb6038 R14: 00007ff903bb5fa0 R15: 00007ffddaf8c548 [ 615.453196][T12728] [ 615.907711][ T52] Bluetooth: hci4: Unable to find connection for big 0xd2 [ 615.955958][ T30] audit: type=1326 audit(4294967509.660:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12724 comm="syz.2.1231" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd59bd8ebe9 code=0x0 [ 617.615575][T12770] ubi: mtd0 is already attached to ubi0 [ 619.761584][T12795] ubi: mtd0 is already attached to ubi0 [ 620.493299][ T30] audit: type=1326 audit(4294967298.140:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12799 comm="syz.5.1246" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f225478ebe9 code=0x0 [ 620.769802][T12803] kAFS: Invalid Command on /proc/fs/afs/cells file [ 623.327969][T12851] batman_adv: batadv0: adding TT local entry 00:00:03:00:00:00 to non-existent VLAN 3 [ 623.582578][T12859] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1258'. [ 623.920696][T12874] FAULT_INJECTION: forcing a failure. [ 623.920696][T12874] name failslab, interval 1, probability 0, space 0, times 0 [ 623.970383][T12874] CPU: 1 UID: 0 PID: 12874 Comm: syz.4.1261 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 623.970427][T12874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 623.970445][T12874] Call Trace: [ 623.970455][T12874] [ 623.970466][T12874] dump_stack_lvl+0x16c/0x1f0 [ 623.970505][T12874] should_fail_ex+0x512/0x640 [ 623.970553][T12874] ? __kmalloc_noprof+0xbf/0x510 [ 623.970593][T12874] ? net_alloc_generic+0x1e/0x70 [ 623.970630][T12874] should_failslab+0xc2/0x120 [ 623.970671][T12874] __kmalloc_noprof+0xd2/0x510 [ 623.970719][T12874] net_alloc_generic+0x1e/0x70 [ 623.970757][T12874] copy_net_ns+0xc6/0x5f0 [ 623.970796][T12874] ? copy_cgroup_ns+0x71/0x700 [ 623.970835][T12874] create_new_namespaces+0x3ea/0xa90 [ 623.970879][T12874] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 623.970919][T12874] ksys_unshare+0x45b/0xa40 [ 623.970963][T12874] ? __pfx_ksys_unshare+0x10/0x10 [ 623.971003][T12874] ? ksys_write+0x1ac/0x250 [ 623.971050][T12874] __x64_sys_unshare+0x31/0x40 [ 623.971092][T12874] do_syscall_64+0xcd/0x490 [ 623.971139][T12874] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 623.971173][T12874] RIP: 0033:0x7eff3978ebe9 [ 623.971199][T12874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 623.971229][T12874] RSP: 002b:00007eff3a674038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 623.971261][T12874] RAX: ffffffffffffffda RBX: 00007eff399b5fa0 RCX: 00007eff3978ebe9 [ 623.971281][T12874] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 623.971300][T12874] RBP: 00007eff3a674090 R08: 0000000000000000 R09: 0000000000000000 [ 623.971318][T12874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 623.971336][T12874] R13: 00007eff399b6038 R14: 00007eff399b5fa0 R15: 00007ffea33a2b08 [ 623.971376][T12874] [ 624.783194][ T30] audit: type=1326 audit(4294967302.422:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12882 comm="syz.4.1262" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7eff3978ebe9 code=0x0 [ 624.987144][T12890] svc: failed to register nfsdv3 RPC service (errno 111). [ 625.046922][T12890] svc: failed to register nfsaclv3 RPC service (errno 111). [ 626.383415][T12921] FAULT_INJECTION: forcing a failure. [ 626.383415][T12921] name failslab, interval 1, probability 0, space 0, times 0 [ 626.399960][T12921] CPU: 0 UID: 0 PID: 12921 Comm: syz.2.1266 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 626.399993][T12921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 626.400007][T12921] Call Trace: [ 626.400014][T12921] [ 626.400023][T12921] dump_stack_lvl+0x16c/0x1f0 [ 626.400052][T12921] should_fail_ex+0x512/0x640 [ 626.400079][T12921] ? fs_reclaim_acquire+0xae/0x150 [ 626.400117][T12921] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 626.400147][T12921] should_failslab+0xc2/0x120 [ 626.400177][T12921] __kmalloc_noprof+0xd2/0x510 [ 626.400217][T12921] tomoyo_realpath_from_path+0xc2/0x6e0 [ 626.400250][T12921] ? tomoyo_profile+0x47/0x60 [ 626.400286][T12921] tomoyo_path_number_perm+0x245/0x580 [ 626.400310][T12921] ? tomoyo_path_number_perm+0x237/0x580 [ 626.400339][T12921] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 626.400366][T12921] ? find_held_lock+0x2b/0x80 [ 626.400416][T12921] ? hook_file_ioctl_common+0x145/0x410 [ 626.400457][T12921] security_file_ioctl+0x9b/0x240 [ 626.400484][T12921] __x64_sys_ioctl+0xb7/0x210 [ 626.400523][T12921] do_syscall_64+0xcd/0x490 [ 626.400552][T12921] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 626.400575][T12921] RIP: 0033:0x7fd59bd8ebe9 [ 626.400597][T12921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 626.400620][T12921] RSP: 002b:00007fd59cbb5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 626.400642][T12921] RAX: ffffffffffffffda RBX: 00007fd59bfb6090 RCX: 00007fd59bd8ebe9 [ 626.400658][T12921] RDX: 0000000000000000 RSI: 00000000c048aeca RDI: 0000000000000004 [ 626.400672][T12921] RBP: 00007fd59cbb5090 R08: 0000000000000000 R09: 0000000000000000 [ 626.400687][T12921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 626.400700][T12921] R13: 00007fd59bfb6128 R14: 00007fd59bfb6090 R15: 00007ffc6e117318 [ 626.400730][T12921] [ 626.402431][T12921] ERROR: Out of memory at tomoyo_realpath_from_path. [ 626.664485][T12916] FAULT_INJECTION: forcing a failure. [ 626.664485][T12916] name failslab, interval 1, probability 0, space 0, times 0 [ 626.680626][T12916] CPU: 0 UID: 0 PID: 12916 Comm: syz.5.1267 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 626.680673][T12916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 626.680693][T12916] Call Trace: [ 626.680703][T12916] [ 626.680716][T12916] dump_stack_lvl+0x16c/0x1f0 [ 626.680757][T12916] should_fail_ex+0x512/0x640 [ 626.680797][T12916] ? fs_reclaim_acquire+0xae/0x150 [ 626.680849][T12916] should_failslab+0xc2/0x120 [ 626.680892][T12916] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 626.680934][T12916] ? __alloc_skb+0x2b2/0x380 [ 626.680974][T12916] __alloc_skb+0x2b2/0x380 [ 626.681005][T12916] ? __pfx___alloc_skb+0x10/0x10 [ 626.681040][T12916] ? __pfx___might_resched+0x10/0x10 [ 626.681070][T12916] ? __lock_acquire+0xb97/0x1ce0 [ 626.681129][T12916] netlink_alloc_large_skb+0x69/0x130 [ 626.681170][T12916] netlink_sendmsg+0x6a1/0xdd0 [ 626.681214][T12916] ? __pfx_netlink_sendmsg+0x10/0x10 [ 626.681256][T12916] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 626.681316][T12916] ____sys_sendmsg+0xa95/0xc70 [ 626.681363][T12916] ? copy_msghdr_from_user+0x10a/0x160 [ 626.681400][T12916] ? __pfx_____sys_sendmsg+0x10/0x10 [ 626.681453][T12916] ? kfree+0x24f/0x4d0 [ 626.681483][T12916] ? futex_unqueue+0x133/0x2c0 [ 626.681529][T12916] ___sys_sendmsg+0x134/0x1d0 [ 626.681575][T12916] ? __pfx____sys_sendmsg+0x10/0x10 [ 626.681648][T12916] ? __pfx___might_resched+0x10/0x10 [ 626.681688][T12916] __sys_sendmmsg+0x200/0x420 [ 626.681728][T12916] ? __pfx___sys_sendmmsg+0x10/0x10 [ 626.681776][T12916] ? __pfx_do_futex+0x10/0x10 [ 626.681839][T12916] ? xfd_validate_state+0x61/0x180 [ 626.681896][T12916] __x64_sys_sendmmsg+0x9c/0x100 [ 626.681931][T12916] ? lockdep_hardirqs_on+0x7c/0x110 [ 626.681965][T12916] do_syscall_64+0xcd/0x490 [ 626.682005][T12916] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 626.682038][T12916] RIP: 0033:0x7f225478ebe9 [ 626.682062][T12916] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 626.682095][T12916] RSP: 002b:00007f22555aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 626.682127][T12916] RAX: ffffffffffffffda RBX: 00007f22549b5fa0 RCX: 00007f225478ebe9 [ 626.682149][T12916] RDX: 0000000000000002 RSI: 0000200000000080 RDI: 0000000000000003 [ 626.682168][T12916] RBP: 00007f2254811e19 R08: 0000000000000000 R09: 0000000000000000 [ 626.682194][T12916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 626.682212][T12916] R13: 00007f22549b6038 R14: 00007f22549b5fa0 R15: 00007ffe9f514258 [ 626.682254][T12916] [ 627.824571][T12945] ubi: mtd0 is already attached to ubi0 [ 630.434674][T12972] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input21 [ 630.744551][T12972] input: failed to attach handler evdev to device input21, error: -4 [ 631.192710][T12975] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input22 [ 631.412942][T12734] Bluetooth: hci0: Unable to find connection for big 0xd2 [ 631.872719][T12997] syz_tun: tun_chr_ioctl cmd 21731 [ 632.329853][T13007] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1288'. [ 632.339158][T13007] macsec0: entered promiscuous mode [ 632.437114][T13007] macsec0: entered allmulticast mode [ 632.444637][T13007] veth1_macvtap: entered allmulticast mode [ 632.906035][T13005] could not allocate digest TFM handle [ 633.910167][T13033] ubi: mtd0 is already attached to ubi0 [ 635.007624][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 635.014084][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 635.113222][T13053] FAULT_INJECTION: forcing a failure. [ 635.113222][T13053] name failslab, interval 1, probability 0, space 0, times 0 [ 635.147142][T13053] CPU: 1 UID: 0 PID: 13053 Comm: syz.2.1298 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 635.147190][T13053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 635.147210][T13053] Call Trace: [ 635.147220][T13053] [ 635.147233][T13053] dump_stack_lvl+0x16c/0x1f0 [ 635.147275][T13053] should_fail_ex+0x512/0x640 [ 635.147315][T13053] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 635.147354][T13053] should_failslab+0xc2/0x120 [ 635.147397][T13053] __kmalloc_cache_noprof+0x6a/0x3e0 [ 635.147434][T13053] ? snd_seq_pool_new+0x44/0x230 [ 635.147483][T13053] ? __pfx_snd_seq_open+0x10/0x10 [ 635.147533][T13053] snd_seq_pool_new+0x44/0x230 [ 635.147585][T13053] seq_create_client1+0x66/0x5e0 [ 635.147629][T13053] ? __pfx_snd_seq_open+0x10/0x10 [ 635.147670][T13053] snd_seq_open+0x59/0x550 [ 635.147711][T13053] ? __pfx_snd_seq_open+0x10/0x10 [ 635.147750][T13053] snd_open+0x22a/0x4c0 [ 635.147793][T13053] ? __pfx_snd_open+0x10/0x10 [ 635.147831][T13053] chrdev_open+0x231/0x6a0 [ 635.147873][T13053] ? __pfx_apparmor_file_open+0x10/0x10 [ 635.147925][T13053] ? __pfx_chrdev_open+0x10/0x10 [ 635.147973][T13053] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 635.148019][T13053] do_dentry_open+0x97f/0x1530 [ 635.148071][T13053] ? __pfx_chrdev_open+0x10/0x10 [ 635.148121][T13053] vfs_open+0x82/0x3f0 [ 635.148175][T13053] path_openat+0x1de4/0x2cb0 [ 635.148229][T13053] ? __pfx_path_openat+0x10/0x10 [ 635.148279][T13053] do_filp_open+0x20b/0x470 [ 635.148312][T13053] ? __pfx_do_filp_open+0x10/0x10 [ 635.148362][T13053] ? alloc_fd+0x471/0x7d0 [ 635.148395][T13053] do_sys_openat2+0x11b/0x1d0 [ 635.148432][T13053] ? __pfx_do_sys_openat2+0x10/0x10 [ 635.148480][T13053] __x64_sys_openat+0x174/0x210 [ 635.148518][T13053] ? __pfx___x64_sys_openat+0x10/0x10 [ 635.148575][T13053] do_syscall_64+0xcd/0x490 [ 635.148606][T13053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 635.148630][T13053] RIP: 0033:0x7fd59bd8ebe9 [ 635.148649][T13053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 635.148673][T13053] RSP: 002b:00007fd59cbd6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 635.148695][T13053] RAX: ffffffffffffffda RBX: 00007fd59bfb5fa0 RCX: 00007fd59bd8ebe9 [ 635.148710][T13053] RDX: 0000000000040a40 RSI: 0000200000001d40 RDI: ffffffffffffff9c [ 635.148725][T13053] RBP: 00007fd59be11e19 R08: 0000000000000000 R09: 0000000000000000 [ 635.148739][T13053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 635.148753][T13053] R13: 00007fd59bfb6038 R14: 00007fd59bfb5fa0 R15: 00007ffc6e117318 [ 635.148785][T13053] [ 636.874782][ T30] audit: type=1800 audit(4294967314.518:29): pid=13066 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1300" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 syzkaller syzkaller login: [ 637.495721][ T30] audit: type=1326 audit(4294967315.128:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13073 comm="syz.4.1302" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7eff3978ebe9 code=0x0 [ 639.239835][T13105] svc: failed to register nfsdv3 RPC service (errno 111). [ 639.287180][T13105] svc: failed to register nfsaclv3 RPC service (errno 111). [ 639.668300][T13123] FAULT_INJECTION: forcing a failure. [ 639.668300][T13123] name failslab, interval 1, probability 0, space 0, times 0 [ 639.693502][T13123] CPU: 1 UID: 0 PID: 13123 Comm: syz.2.1312 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 639.693546][T13123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 639.693565][T13123] Call Trace: [ 639.693574][T13123] [ 639.693585][T13123] dump_stack_lvl+0x16c/0x1f0 [ 639.693623][T13123] should_fail_ex+0x512/0x640 [ 639.693660][T13123] ? __kmalloc_noprof+0xbf/0x510 [ 639.693701][T13123] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 639.693747][T13123] should_failslab+0xc2/0x120 [ 639.693789][T13123] __kmalloc_noprof+0xd2/0x510 [ 639.693826][T13123] ? kmem_cache_free+0x2d1/0x4d0 [ 639.693867][T13123] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 639.693923][T13123] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 639.693970][T13123] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 639.694011][T13123] ? rcu_is_watching+0x12/0xc0 [ 639.694058][T13123] ? bpf_lsm_capable+0x9/0x10 [ 639.694087][T13123] ? security_capable+0x7e/0x260 [ 639.694144][T13123] genl_rcv_msg+0x55c/0x800 [ 639.694191][T13123] ? __pfx_genl_rcv_msg+0x10/0x10 [ 639.694233][T13123] ? __pfx_seg6_genl_sethmac+0x10/0x10 [ 639.694294][T13123] netlink_rcv_skb+0x155/0x420 [ 639.694337][T13123] ? __pfx_genl_rcv_msg+0x10/0x10 [ 639.694382][T13123] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 639.694438][T13123] ? netlink_deliver_tap+0x1ae/0xd30 [ 639.694479][T13123] genl_rcv+0x28/0x40 [ 639.694517][T13123] netlink_unicast+0x5aa/0x870 [ 639.694559][T13123] ? __pfx_netlink_unicast+0x10/0x10 [ 639.694597][T13123] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 639.694632][T13123] ? __lock_acquire+0xb97/0x1ce0 [ 639.694685][T13123] netlink_sendmsg+0x8d1/0xdd0 [ 639.694729][T13123] ? __pfx_netlink_sendmsg+0x10/0x10 [ 639.694772][T13123] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 639.694830][T13123] ____sys_sendmsg+0xa95/0xc70 [ 639.694877][T13123] ? copy_msghdr_from_user+0x10a/0x160 [ 639.694911][T13123] ? __pfx_____sys_sendmsg+0x10/0x10 [ 639.694974][T13123] ___sys_sendmsg+0x134/0x1d0 [ 639.695010][T13123] ? __pfx____sys_sendmsg+0x10/0x10 [ 639.695078][T13123] ? __mutex_unlock_slowpath+0x140/0x800 [ 639.695128][T13123] __sys_sendmsg+0x16d/0x220 [ 639.695164][T13123] ? __pfx___sys_sendmsg+0x10/0x10 [ 639.695228][T13123] do_syscall_64+0xcd/0x490 [ 639.695266][T13123] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 639.695311][T13123] RIP: 0033:0x7fd59bd8ebe9 [ 639.695339][T13123] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 639.695365][T13123] RSP: 002b:00007fd59cbd6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 639.695391][T13123] RAX: ffffffffffffffda RBX: 00007fd59bfb5fa0 RCX: 00007fd59bd8ebe9 [ 639.695409][T13123] RDX: 000000000400c810 RSI: 0000200000001440 RDI: 0000000000000003 [ 639.695425][T13123] RBP: 00007fd59cbd6090 R08: 0000000000000000 R09: 0000000000000000 [ 639.695442][T13123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 639.695457][T13123] R13: 00007fd59bfb6038 R14: 00007fd59bfb5fa0 R15: 00007ffc6e117318 [ 639.695492][T13123] [ 641.881457][T13143] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 641.888424][T13143] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 642.016076][T13143] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 642.035675][T13143] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 642.143833][T13143] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 642.218467][T13143] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 642.263742][T13143] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 642.350125][T13143] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 642.367978][T13143] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 642.406388][T13143] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 642.910915][T13162] svc: failed to register nfsdv3 RPC service (errno 111). [ 642.968640][T13162] svc: failed to register nfsaclv3 RPC service (errno 111). [ 643.876924][T12734] Bluetooth: hci0: command 0x0406 tx timeout [ 644.118885][T12734] Bluetooth: hci1: command 0x0406 tx timeout [ 644.295241][T12734] Bluetooth: hci2: command 0x0406 tx timeout [ 644.435505][T12734] Bluetooth: hci4: command 0x0406 tx timeout [ 645.538864][T13217] ubi: mtd0 is already attached to ubi0 [ 645.957666][T12734] Bluetooth: hci0: command 0x0406 tx timeout [ 646.194693][T12734] Bluetooth: hci1: command 0x0406 tx timeout [ 646.218719][T13221] ubi: mtd0 is already attached to ubi0 [ 646.354757][T12734] Bluetooth: hci2: command 0x0406 tx timeout [ 646.399325][T12734] Bluetooth: hci2: Unable to find connection for big 0xd2 g&[ 646.514199][T12734] Bluetooth: hci4: command 0x0406 tx timeout [ 646.514650][ T5863] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 646.520333][ T5863] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15 [ 646.535682][ T5863] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 648.023388][ T30] audit: type=1326 audit(4294967325.674:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13249 comm="syz.4.1337" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7eff3978ebe9 code=0x0 [ 648.273720][ T5863] Bluetooth: hci1: command 0x0406 tx timeout [ 648.607566][ T5863] Bluetooth: hci4: command 0x0406 tx timeout [ 648.711517][ T30] audit: type=1326 audit(4294967326.364:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13258 comm="syz.2.1338" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd59bd8ebe9 code=0x0 [ 650.732423][T13289] svc: failed to register nfsdv3 RPC service (errno 111). [ 650.819558][T13289] svc: failed to register nfsaclv3 RPC service (errno 111). [ 651.930877][ T30] audit: type=1326 audit(4294967329.576:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13312 comm="syz.0.1352" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff90398ebe9 code=0x0 [ 653.566096][T13326] ALSA: mixer_oss: invalid OSS volume '' [ 655.320705][T13361] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1362'. [ 656.560060][T13380] random: crng reseeded on system resumption [ 659.175654][T13419] ubi: mtd0 is already attached to ubi0 [ 659.584906][T13425] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input24 [ 660.537273][T13427] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input25 [ 661.885358][T13460] svc: failed to register nfsdv3 RPC service (errno 111). [ 661.929676][T13460] svc: failed to register nfsaclv3 RPC service (errno 111). [ 662.704660][T13482] ubi: mtd0 is already attached to ubi0 [ 663.882494][T13492] netlink: 334 bytes leftover after parsing attributes in process `syz.5.1390'. [ 663.987172][T13489] ubi: mtd0 is already attached to ubi0 [ 665.195031][T13496] FAULT_INJECTION: forcing a failure. [ 665.195031][T13496] name failslab, interval 1, probability 0, space 0, times 0 [ 665.279382][T13496] CPU: 0 UID: 0 PID: 13496 Comm: syz.5.1391 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 665.279428][T13496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 665.279449][T13496] Call Trace: [ 665.279460][T13496] [ 665.279472][T13496] dump_stack_lvl+0x16c/0x1f0 [ 665.279515][T13496] should_fail_ex+0x512/0x640 [ 665.279555][T13496] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 665.279594][T13496] should_failslab+0xc2/0x120 [ 665.279638][T13496] __kmalloc_cache_noprof+0x6a/0x3e0 [ 665.279671][T13496] ? debug_mutex_init+0x37/0x70 [ 665.279704][T13496] ? single_open+0x4d/0x1f0 [ 665.279756][T13496] ? __pfx_blk_mq_debugfs_show+0x10/0x10 [ 665.279807][T13496] single_open+0x4d/0x1f0 [ 665.279859][T13496] blk_mq_debugfs_open+0xde/0x1b0 [ 665.279892][T13496] ? __pfx_blk_mq_debugfs_open+0x10/0x10 [ 665.279932][T13496] full_proxy_open_regular+0x1b9/0x360 [ 665.279987][T13496] do_dentry_open+0x97f/0x1530 [ 665.280030][T13496] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 665.280089][T13496] vfs_open+0x82/0x3f0 [ 665.280143][T13496] path_openat+0x1de4/0x2cb0 [ 665.280197][T13496] ? __pfx_path_openat+0x10/0x10 [ 665.280248][T13496] do_filp_open+0x20b/0x470 [ 665.280289][T13496] ? __pfx_do_filp_open+0x10/0x10 [ 665.280359][T13496] ? alloc_fd+0x471/0x7d0 [ 665.280407][T13496] do_sys_openat2+0x11b/0x1d0 [ 665.280459][T13496] ? __pfx_do_sys_openat2+0x10/0x10 [ 665.280527][T13496] __x64_sys_openat+0x174/0x210 [ 665.280581][T13496] ? __pfx___x64_sys_openat+0x10/0x10 [ 665.280650][T13496] do_syscall_64+0xcd/0x490 [ 665.280692][T13496] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 665.280726][T13496] RIP: 0033:0x7f225478ebe9 [ 665.280752][T13496] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 665.280784][T13496] RSP: 002b:00007f22555aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 665.280815][T13496] RAX: ffffffffffffffda RBX: 00007f22549b5fa0 RCX: 00007f225478ebe9 [ 665.280837][T13496] RDX: 0000000000000002 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 665.280859][T13496] RBP: 00007f2254811e19 R08: 0000000000000000 R09: 0000000000000000 [ 665.280879][T13496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 665.280899][T13496] R13: 00007f22549b6038 R14: 00007f22549b5fa0 R15: 00007ffe9f514258 [ 665.280950][T13496] [ 666.979095][ T30] audit: type=1326 audit(4294967344.643:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13517 comm="syz.4.1396" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7eff3978ebe9 code=0x0 [ 669.166051][T13532] FAULT_INJECTION: forcing a failure. [ 669.166051][T13532] name failslab, interval 1, probability 0, space 0, times 0 [ 669.203379][T13532] CPU: 1 UID: 0 PID: 13532 Comm: syz.0.1399 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 669.203427][T13532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 669.203448][T13532] Call Trace: [ 669.203459][T13532] [ 669.203472][T13532] dump_stack_lvl+0x16c/0x1f0 [ 669.203514][T13532] should_fail_ex+0x512/0x640 [ 669.203553][T13532] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 669.203594][T13532] should_failslab+0xc2/0x120 [ 669.203638][T13532] __kmalloc_cache_noprof+0x6a/0x3e0 [ 669.203675][T13532] ? find_held_lock+0x2b/0x80 [ 669.203706][T13532] ? audit_log_d_path+0xe7/0x200 [ 669.203755][T13532] audit_log_d_path+0xe7/0x200 [ 669.203800][T13532] audit_log_d_path_exe+0x46/0x70 [ 669.203846][T13532] audit_log_task+0x31d/0x3f0 [ 669.203897][T13532] ? __pfx_audit_log_task+0x10/0x10 [ 669.203948][T13532] ? arch_do_signal_or_restart+0x211/0x790 [ 669.204000][T13532] audit_seccomp+0x79/0x1f0 [ 669.204040][T13532] __secure_computing+0x2bf/0x320 [ 669.204082][T13532] syscall_trace_enter+0x89/0x240 [ 669.204137][T13532] do_syscall_64+0x347/0x490 [ 669.204177][T13532] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 669.204211][T13532] RIP: 0033:0x7ff90398ebe9 [ 669.204237][T13532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 669.204269][T13532] RSP: 002b:00007ff901bf59f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 669.204300][T13532] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007ff90398ebe9 [ 669.204327][T13532] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 000000000000000b [ 669.204347][T13532] RBP: 00007ff901bf6040 R08: 00007ff9046fb000 R09: 000000000000000b [ 669.204368][T13532] R10: 000000000001fe50 R11: 0000000000000246 R12: 0000000000000000 [ 669.204388][T13532] R13: 00007ff903bb6038 R14: 00007ff903bb5fa0 R15: 00007ffddaf8c548 [ 669.204432][T13532] [ 669.241833][ T30] audit: type=1326 audit(4294967346.834:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13531 comm="syz.0.1399" exe="" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff90398ebe9 code=0x0 [ 669.646204][T13552] ubi: mtd0 is already attached to ubi0 [ 671.077765][T13568] ubi: mtd0 is already attached to ubi0 [ 671.250568][T13569] svc: failed to register nfsdv3 RPC service (errno 111). [ 671.548800][T13569] svc: failed to register nfsaclv3 RPC service (errno 111). [ 672.909449][T13594] svc: failed to register nfsdv3 RPC service (errno 111). [ 673.004960][T13594] svc: failed to register nfsaclv3 RPC service (errno 111). [ 673.053196][T13604] FAULT_INJECTION: forcing a failure. [ 673.053196][T13604] name failslab, interval 1, probability 0, space 0, times 0 [ 673.127486][T13604] CPU: 1 UID: 0 PID: 13604 Comm: syz.5.1410 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 673.127534][T13604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 673.127553][T13604] Call Trace: [ 673.127563][T13604] [ 673.127576][T13604] dump_stack_lvl+0x16c/0x1f0 [ 673.127619][T13604] should_fail_ex+0x512/0x640 [ 673.127659][T13604] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 673.127698][T13604] should_failslab+0xc2/0x120 [ 673.127743][T13604] __kmalloc_cache_noprof+0x6a/0x3e0 [ 673.127778][T13604] ? tty_alloc_file+0x3f/0xa0 [ 673.127819][T13604] ? __pfx_ptmx_open+0x10/0x10 [ 673.127849][T13604] tty_alloc_file+0x3f/0xa0 [ 673.127887][T13604] ptmx_open+0x61/0x360 [ 673.127917][T13604] ? __pfx_ptmx_open+0x10/0x10 [ 673.127955][T13604] chrdev_open+0x231/0x6a0 [ 673.127997][T13604] ? __pfx_apparmor_file_open+0x10/0x10 [ 673.128052][T13604] ? __pfx_chrdev_open+0x10/0x10 [ 673.128096][T13604] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 673.128141][T13604] do_dentry_open+0x97f/0x1530 [ 673.128183][T13604] ? __pfx_chrdev_open+0x10/0x10 [ 673.128234][T13604] vfs_open+0x82/0x3f0 [ 673.128287][T13604] path_openat+0x1de4/0x2cb0 [ 673.128340][T13604] ? __pfx_path_openat+0x10/0x10 [ 673.128390][T13604] do_filp_open+0x20b/0x470 [ 673.128430][T13604] ? __pfx_do_filp_open+0x10/0x10 [ 673.128500][T13604] ? alloc_fd+0x471/0x7d0 [ 673.128552][T13604] do_sys_openat2+0x11b/0x1d0 [ 673.128614][T13604] ? __pfx_do_sys_openat2+0x10/0x10 [ 673.128681][T13604] __x64_sys_openat+0x174/0x210 [ 673.128750][T13604] ? __pfx___x64_sys_openat+0x10/0x10 [ 673.128821][T13604] do_syscall_64+0xcd/0x490 [ 673.128862][T13604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 673.128895][T13604] RIP: 0033:0x7f225478ebe9 [ 673.128920][T13604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 673.128961][T13604] RSP: 002b:00007f2255589038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 673.128992][T13604] RAX: ffffffffffffffda RBX: 00007f22549b6090 RCX: 00007f225478ebe9 [ 673.129014][T13604] RDX: 0000000000040001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 673.129035][T13604] RBP: 00007f2254811e19 R08: 0000000000000000 R09: 0000000000000000 [ 673.129054][T13604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 673.129072][T13604] R13: 00007f22549b6128 R14: 00007f22549b6090 R15: 00007ffe9f514258 [ 673.129115][T13604] [ 673.781957][T13610] netlink: 186 bytes leftover after parsing attributes in process `syz.4.1414'. [ 673.840501][T13611] ubi: mtd0 is already attached to ubi0 [ 676.408042][T13637] svc: failed to register nfsdv3 RPC service (errno 111). [ 676.521313][T13637] svc: failed to register nfsaclv3 RPC service (errno 111). [ 676.567012][T13647] sctp: Changing rto_alpha or rto_beta may lead to suboptimal rtt/srtt estimations! [ 676.926454][T13653] svc: failed to register nfsdv3 RPC service (errno 111). [ 676.947884][T13653] svc: failed to register nfsaclv3 RPC service (errno 111). [ 678.726673][T13682] random: crng reseeded on system resumption [ 679.666750][ T5863] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 679.818000][T13700] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 679.920585][T13702] netlink: 266 bytes leftover after parsing attributes in process `syz.2.1437'. [ 680.010644][T13702] IPv6: NLM_F_CREATE should be specified when creating new route [ 681.036192][T13714] ubi: mtd0 is already attached to ubi0 [ 682.312280][T13736] FAULT_INJECTION: forcing a failure. [ 682.312280][T13736] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 682.336437][T13736] CPU: 1 UID: 0 PID: 13736 Comm: syz.2.1444 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 682.336480][T13736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 682.336499][T13736] Call Trace: [ 682.336509][T13736] [ 682.336521][T13736] dump_stack_lvl+0x16c/0x1f0 [ 682.336562][T13736] should_fail_ex+0x512/0x640 [ 682.336607][T13736] _copy_from_iter+0x29f/0x16f0 [ 682.336656][T13736] ? __alloc_skb+0x200/0x380 [ 682.336689][T13736] ? __pfx__copy_from_iter+0x10/0x10 [ 682.336738][T13736] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 682.336774][T13736] ? __lock_acquire+0xb97/0x1ce0 [ 682.336828][T13736] netlink_sendmsg+0x829/0xdd0 [ 682.336871][T13736] ? __pfx_netlink_sendmsg+0x10/0x10 [ 682.336911][T13736] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 682.336968][T13736] ____sys_sendmsg+0xa95/0xc70 [ 682.337012][T13736] ? copy_msghdr_from_user+0x10a/0x160 [ 682.337047][T13736] ? __pfx_____sys_sendmsg+0x10/0x10 [ 682.337110][T13736] ___sys_sendmsg+0x134/0x1d0 [ 682.337154][T13736] ? __pfx____sys_sendmsg+0x10/0x10 [ 682.337225][T13736] ? __mutex_unlock_slowpath+0x140/0x800 [ 682.337274][T13736] __sys_sendmsg+0x16d/0x220 [ 682.337310][T13736] ? __pfx___sys_sendmsg+0x10/0x10 [ 682.337369][T13736] do_syscall_64+0xcd/0x490 [ 682.337407][T13736] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 682.337439][T13736] RIP: 0033:0x7fd59bd8ebe9 [ 682.337464][T13736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 682.337494][T13736] RSP: 002b:00007fd59cbd6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 682.337522][T13736] RAX: ffffffffffffffda RBX: 00007fd59bfb5fa0 RCX: 00007fd59bd8ebe9 [ 682.337542][T13736] RDX: 0000000004008000 RSI: 0000200000000980 RDI: 0000000000000005 [ 682.337560][T13736] RBP: 00007fd59cbd6090 R08: 0000000000000000 R09: 0000000000000000 [ 682.337578][T13736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 682.337597][T13736] R13: 00007fd59bfb6038 R14: 00007fd59bfb5fa0 R15: 00007ffc6e117318 [ 682.337636][T13736] [ 683.357849][T13748] ubi: mtd0 is already attached to ubi0 [ 683.686173][T13754] ubi: mtd0 is already attached to ubi0 [ 684.276731][ T30] audit: type=1326 audit(4294967361.932:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13758 comm="syz.2.1450" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd59bd8ebe9 code=0x0 [ 685.035327][T13773] svc: failed to register nfsdv3 RPC service (errno 111). [ 685.072637][T13773] svc: failed to register nfsaclv3 RPC service (errno 111). [ 691.451084][T13868] FAULT_INJECTION: forcing a failure. [ 691.451084][T13868] name failslab, interval 1, probability 0, space 0, times 0 [ 691.484565][T13868] CPU: 0 UID: 0 PID: 13868 Comm: syz.0.1470 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 691.484600][T13868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 691.484614][T13868] Call Trace: [ 691.484622][T13868] [ 691.484632][T13868] dump_stack_lvl+0x16c/0x1f0 [ 691.484662][T13868] should_fail_ex+0x512/0x640 [ 691.484691][T13868] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 691.484723][T13868] should_failslab+0xc2/0x120 [ 691.484755][T13868] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 691.484784][T13868] ? sk_prot_alloc+0x60/0x2a0 [ 691.484820][T13868] sk_prot_alloc+0x60/0x2a0 [ 691.484852][T13868] sk_alloc+0x36/0xc20 [ 691.484876][T13868] tipc_sk_create+0xcf/0x21a0 [ 691.484916][T13868] ? find_held_lock+0x2b/0x80 [ 691.484940][T13868] ? __sock_create+0x2f2/0x8d0 [ 691.484977][T13868] __sock_create+0x335/0x8d0 [ 691.485016][T13868] __sys_socket+0x14d/0x260 [ 691.485050][T13868] ? __pfx___sys_socket+0x10/0x10 [ 691.485085][T13868] ? xfd_validate_state+0x61/0x180 [ 691.485128][T13868] __x64_sys_socket+0x72/0xb0 [ 691.485161][T13868] ? lockdep_hardirqs_on+0x7c/0x110 [ 691.485195][T13868] do_syscall_64+0xcd/0x490 [ 691.485225][T13868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 691.485249][T13868] RIP: 0033:0x7ff90398ebe9 [ 691.485268][T13868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 691.485291][T13868] RSP: 002b:00007ff901bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 691.485313][T13868] RAX: ffffffffffffffda RBX: 00007ff903bb5fa0 RCX: 00007ff90398ebe9 [ 691.485329][T13868] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 000000000000001e [ 691.485342][T13868] RBP: 00007ff903a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 691.485356][T13868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 691.485370][T13868] R13: 00007ff903bb6038 R14: 00007ff903bb5fa0 R15: 00007ffddaf8c548 [ 691.485399][T13868] [ 692.627027][T13884] svc: failed to register nfsdv3 RPC service (errno 111). [ 692.663015][T13884] svc: failed to register nfsaclv3 RPC service (errno 111). [ 693.192916][T13885] svc: failed to register nfsdv3 RPC service (errno 111). [ 693.262818][T13885] svc: failed to register nfsaclv3 RPC service (errno 111). [ 694.244384][T13908] ubi: mtd0 is already attached to ubi0 [ 695.451484][T13919] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1483'. [ 695.966084][ T30] audit: type=1326 audit(4294967373.648:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13927 comm="syz.4.1486" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7eff3978ebe9 code=0x0 [ 696.430687][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 696.437875][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 696.869082][ T5863] Bluetooth: hci0: Unable to find connection for big 0xd2 [ 697.939741][T13973] ubi: mtd0 is already attached to ubi0 [ 699.294592][T13989] ubi: mtd0 is already attached to ubi0 [ 700.836442][T14003] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1503'. [ 701.491308][T14026] : Can't lookup blockdev [ 701.625044][T14023] nbd: socks must be embedded in a SOCK_ITEM attr [ 702.400396][T14035] Console: switching to colour VGA+ 80x25 [ 704.102451][T14053] svc: failed to register nfsdv3 RPC service (errno 111). [ 704.136948][T14053] svc: failed to register nfsaclv3 RPC service (errno 111). [ 704.964977][ T5863] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 705.376199][T14076] ubi: mtd0 is already attached to ubi0 [ 707.585771][T14105] ubi: mtd0 is already attached to ubi0 [ 707.602379][ T5863] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 707.690251][T14109] ubi: mtd0 is already attached to ubi0 [ 708.590695][T14117] ubi: mtd0 is already attached to ubi0 [ 708.711118][T14123] ERROR: Out of memory at tomoyo_memory_ok. [ 708.722566][T14123] ERROR: Domain ' /sbin/init /etc/init.d/rcS /etc/init.d/S50sshd /sbin/start-stop-daemon /usr/sbin/sshd /usr/libexec/sshd-session /bin/sh /root/syz-executor /root/syz-executor /newroot/300/:,' not defined. [ 708.920550][T14127] FAULT_INJECTION: forcing a failure. [ 708.920550][T14127] name failslab, interval 1, probability 0, space 0, times 0 [ 708.933450][T14127] CPU: 0 UID: 0 PID: 14127 Comm: syz.0.1530 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 708.933481][T14127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 708.933495][T14127] Call Trace: [ 708.933503][T14127] [ 708.933511][T14127] dump_stack_lvl+0x16c/0x1f0 [ 708.933542][T14127] should_fail_ex+0x512/0x640 [ 708.933570][T14127] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 708.933607][T14127] should_failslab+0xc2/0x120 [ 708.933638][T14127] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 708.933667][T14127] ? ptlock_alloc+0x1f/0x70 [ 708.933694][T14127] ptlock_alloc+0x1f/0x70 [ 708.933716][T14127] pte_alloc_one+0x82/0x3a0 [ 708.933742][T14127] __pte_alloc+0x6d/0x3c0 [ 708.933773][T14127] ? __pfx___pte_alloc+0x10/0x10 [ 708.933812][T14127] do_pte_missing+0x285a/0x3ba0 [ 708.933847][T14127] __handle_mm_fault+0x152a/0x2a50 [ 708.933880][T14127] ? __pfx___handle_mm_fault+0x10/0x10 [ 708.933904][T14127] ? folio_mark_accessed+0xc1/0xc00 [ 708.933935][T14127] ? __pfx_folio_mark_accessed+0x10/0x10 [ 708.933966][T14127] ? find_held_lock+0x2b/0x80 [ 708.934006][T14127] handle_mm_fault+0x589/0xd10 [ 708.934035][T14127] __get_user_pages+0x551/0x34a0 [ 708.934084][T14127] ? register_lock_class+0x41/0x4c0 [ 708.934115][T14127] ? __pfx___get_user_pages+0x10/0x10 [ 708.934149][T14127] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 708.934181][T14127] __gup_longterm_locked+0xa92/0x17e0 [ 708.934217][T14127] ? __lock_acquire+0xb97/0x1ce0 [ 708.934253][T14127] ? __pfx___gup_longterm_locked+0x10/0x10 [ 708.934304][T14127] pin_user_pages_remote+0xed/0x140 [ 708.934342][T14127] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 708.934377][T14127] ? mm_access+0x22d/0x2e0 [ 708.934421][T14127] process_vm_rw_core.constprop.0+0x41b/0x970 [ 708.934469][T14127] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 708.934503][T14127] ? import_ubuf+0x1b6/0x220 [ 708.934546][T14127] ? iovec_from_user+0xbb/0x140 [ 708.934582][T14127] process_vm_rw+0x216/0x2c0 [ 708.934618][T14127] ? __pfx_process_vm_rw+0x10/0x10 [ 708.934655][T14127] ? ksys_write+0x190/0x250 [ 708.934713][T14127] ? ksys_write+0x1ac/0x250 [ 708.934755][T14127] ? __pfx_ksys_write+0x10/0x10 [ 708.934790][T14127] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 708.934821][T14127] ? do_syscall_64+0x91/0x490 [ 708.934849][T14127] ? lockdep_hardirqs_on+0x7c/0x110 [ 708.934873][T14127] do_syscall_64+0xcd/0x490 [ 708.934901][T14127] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 708.934923][T14127] RIP: 0033:0x7ff90398ebe9 [ 708.934941][T14127] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 708.934963][T14127] RSP: 002b:00007ff901bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 708.934984][T14127] RAX: ffffffffffffffda RBX: 00007ff903bb5fa0 RCX: 00007ff90398ebe9 [ 708.934999][T14127] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000688 [ 708.935013][T14127] RBP: 00007ff901bf6090 R08: 0000000000000006 R09: 0000000000000000 [ 708.935027][T14127] R10: 0000200000000280 R11: 0000000000000246 R12: 0000000000000001 [ 708.935041][T14127] R13: 00007ff903bb6038 R14: 00007ff903bb5fa0 R15: 00007ffddaf8c548 [ 708.935070][T14127] [ 709.677037][T14132] syz_tun: tun_chr_ioctl cmd 21731 [ 709.827001][T14136] random: crng reseeded on system resumption [ 710.691566][T14141] zswap: compressor not available [ 711.984437][T14173] svc: failed to register nfsdv3 RPC service (errno 111). [ 712.009207][T14173] svc: failed to register nfsaclv3 RPC service (errno 111). [ 713.950583][T14194] tc_dump_action: action bad kind [ 715.661483][ T5863] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 715.730520][T14227] FAULT_INJECTION: forcing a failure. [ 715.730520][T14227] name failslab, interval 1, probability 0, space 0, times 0 [ 715.752371][T14227] CPU: 0 UID: 0 PID: 14227 Comm: syz.0.1550 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 715.752416][T14227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 715.752436][T14227] Call Trace: [ 715.752446][T14227] [ 715.752460][T14227] dump_stack_lvl+0x16c/0x1f0 [ 715.752503][T14227] should_fail_ex+0x512/0x640 [ 715.752541][T14227] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 715.752580][T14227] should_failslab+0xc2/0x120 [ 715.752624][T14227] __kmalloc_cache_noprof+0x6a/0x3e0 [ 715.752660][T14227] ? kvm_dev_ioctl+0xa7a/0x1af0 [ 715.752709][T14227] kvm_dev_ioctl+0xa7a/0x1af0 [ 715.752750][T14227] ? find_held_lock+0x2b/0x80 [ 715.752783][T14227] ? hook_file_ioctl_common+0x145/0x410 [ 715.752820][T14227] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 715.752857][T14227] ? __fget_files+0x20e/0x3c0 [ 715.752907][T14227] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 715.752944][T14227] __x64_sys_ioctl+0x18e/0x210 [ 715.753003][T14227] do_syscall_64+0xcd/0x490 [ 715.753044][T14227] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 715.753077][T14227] RIP: 0033:0x7ff90398ebe9 [ 715.753111][T14227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 715.753144][T14227] RSP: 002b:00007ff901bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 715.753175][T14227] RAX: ffffffffffffffda RBX: 00007ff903bb5fa0 RCX: 00007ff90398ebe9 [ 715.753198][T14227] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000006 [ 715.753218][T14227] RBP: 00007ff903a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 715.753237][T14227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 715.753256][T14227] R13: 00007ff903bb6038 R14: 00007ff903bb5fa0 R15: 00007ffddaf8c548 [ 715.753305][T14227] [ 716.189379][T14229] ubi: mtd0 is already attached to ubi0 [ 718.741269][ T30] audit: type=1326 audit(4294967396.439:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14263 comm="syz.0.1556" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff90398ebe9 code=0x0 [ 720.046291][ T5863] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 721.219216][T14301] ERROR: Out of memory at tomoyo_memory_ok. [ 721.311116][ T30] audit: type=1326 audit(4294967399.010:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14312 comm="syz.5.1566" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f225478ebe9 code=0x0 [ 728.404523][ T5863] Bluetooth: hci0: Unable to find connection for big 0xd2 [ 730.105332][ T30] audit: type=1326 audit(4294967407.755:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14420 comm="syz.5.1585" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f225478ebe9 code=0x0 [ 731.467734][T14442] ubi: mtd0 is already attached to ubi0 [ 732.557260][T14451] ubi: mtd0 is already attached to ubi0 [ 732.667610][T14446] ubi: mtd0 is already attached to ubi0 [ 734.613984][T14483] ubi: mtd0 is already attached to ubi0 [ 736.443313][T14501] netlink: 11 bytes leftover after parsing attributes in process `syz.2.1601'. [ 736.717331][T14507] Invalid ELF header magic: != ELF [ 737.394164][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 737.401351][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 737.488710][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 737.496658][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 737.531540][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 737.543248][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 737.583293][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 737.589748][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 742.004497][T14556] ubi: mtd0 is already attached to ubi0 [ 744.146645][ T30] audit: type=1326 audit(4294967421.852:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14580 comm="syz.2.1615" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd59bd8ebe9 code=0x0 [ 744.505537][T14583] ubi: mtd0 is already attached to ubi0 [ 746.590550][ T30] audit: type=1326 audit(4294967424.293:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14613 comm="syz.2.1622" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd59bd8ebe9 code=0x0 [ 749.246181][T14659] ubi: mtd0 is already attached to ubi0 [ 750.781799][T14679] ubi: mtd0 is already attached to ubi0 [ 753.266082][T14716] ubi: mtd0 is already attached to ubi0 [ 753.581402][T14724] snd_aloop snd_aloop.0: control 16781581:65539:5:'x?F/zF˷fC:7 is already present [ 755.224909][T14747] ubi: mtd0 is already attached to ubi0 [ 755.330696][ T5863] Bluetooth: hci1: unexpected event 0x14 length: 16 > 6 [ 756.059147][T14761] ubi: mtd0 is already attached to ubi0 [ 757.604122][T14775] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 757.829863][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 757.836199][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 757.875185][T14777] snd_aloop snd_aloop.0: control 16781581:65539:5:'x?F/zF˷fC:7 is already present [ 759.064872][ T30] audit: type=1326 audit(4294967436.779:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14792 comm="syz.0.1657" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff90398ebe9 code=0x0 [ 759.491815][T14796] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1658'. [ 759.700445][T14799] FAULT_INJECTION: forcing a failure. [ 759.700445][T14799] name failslab, interval 1, probability 0, space 0, times 0 [ 759.767552][T14799] CPU: 0 UID: 0 PID: 14799 Comm: syz.2.1658 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 759.767589][T14799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 759.767603][T14799] Call Trace: [ 759.767610][T14799] [ 759.767620][T14799] dump_stack_lvl+0x16c/0x1f0 [ 759.767650][T14799] should_fail_ex+0x512/0x640 [ 759.767679][T14799] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 759.767710][T14799] should_failslab+0xc2/0x120 [ 759.767744][T14799] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 759.767771][T14799] ? __pfx___might_resched+0x10/0x10 [ 759.767796][T14799] ? __anon_vma_prepare+0xae/0x5e0 [ 759.767825][T14799] __anon_vma_prepare+0xae/0x5e0 [ 759.767850][T14799] ? __pfx___pte_alloc+0x10/0x10 [ 759.767886][T14799] __vmf_anon_prepare+0x11c/0x240 [ 759.767924][T14799] do_pte_missing+0x10bd/0x3ba0 [ 759.767949][T14799] ? do_raw_spin_unlock+0x172/0x230 [ 759.767995][T14799] ? __pmd_alloc+0x3fb/0x930 [ 759.768034][T14799] __handle_mm_fault+0x152a/0x2a50 [ 759.768067][T14799] ? __pfx___handle_mm_fault+0x10/0x10 [ 759.768117][T14799] handle_mm_fault+0x589/0xd10 [ 759.768147][T14799] __get_user_pages+0x551/0x34a0 [ 759.768195][T14799] ? __pfx___get_user_pages+0x10/0x10 [ 759.768242][T14799] populate_vma_page_range+0x267/0x3f0 [ 759.768282][T14799] ? __pfx_populate_vma_page_range+0x10/0x10 [ 759.768319][T14799] ? __pfx_find_vma_intersection+0x10/0x10 [ 759.768361][T14799] __mm_populate+0x1d8/0x380 [ 759.768399][T14799] ? __pfx___mm_populate+0x10/0x10 [ 759.768439][T14799] ? up_write+0x1b2/0x520 [ 759.768476][T14799] vm_mmap_pgoff+0x37f/0x470 [ 759.768514][T14799] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 759.768546][T14799] ? find_held_lock+0x2b/0x80 [ 759.768575][T14799] ? __x64_sys_futex+0x1e0/0x4c0 [ 759.768604][T14799] ? __x64_sys_futex+0x1e9/0x4c0 [ 759.768639][T14799] ksys_mmap_pgoff+0x7d/0x5c0 [ 759.768671][T14799] ? xfd_validate_state+0x61/0x180 [ 759.768711][T14799] __x64_sys_mmap+0x125/0x190 [ 759.768755][T14799] do_syscall_64+0xcd/0x490 [ 759.768785][T14799] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 759.768809][T14799] RIP: 0033:0x7fd59bd8ebe9 [ 759.768828][T14799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 759.768853][T14799] RSP: 002b:00007fd59cbb5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 759.768875][T14799] RAX: ffffffffffffffda RBX: 00007fd59bfb6090 RCX: 00007fd59bd8ebe9 [ 759.768891][T14799] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 759.768905][T14799] RBP: 00007fd59be11e19 R08: ffffffffffffffff R09: 0000000000000000 [ 759.768920][T14799] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 759.768934][T14799] R13: 00007fd59bfb6128 R14: 00007fd59bfb6090 R15: 00007ffc6e117318 [ 759.768964][T14799] [ 760.323713][T14802] busy [ 761.124433][T14815] ubi: mtd0 is already attached to ubi0 [ 762.354246][T14825] ubi: mtd0 is already attached to ubi0 [ 763.240547][T14829] FAULT_INJECTION: forcing a failure. [ 763.240547][T14829] name fail_futex, interval 1, probability 0, space 0, times 0 [ 763.363552][T14829] CPU: 0 UID: 0 PID: 14829 Comm: syz.2.1665 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 763.363601][T14829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 763.363620][T14829] Call Trace: [ 763.363631][T14829] [ 763.363643][T14829] dump_stack_lvl+0x16c/0x1f0 [ 763.363686][T14829] should_fail_ex+0x512/0x640 [ 763.363743][T14829] get_futex_key+0x1d0/0x1560 [ 763.363785][T14829] ? prepare_creds+0x56f/0x7d0 [ 763.363831][T14829] ? __do_sys_landlock_restrict_self+0x67d/0x910 [ 763.363886][T14829] ? __pfx_get_futex_key+0x10/0x10 [ 763.363941][T14829] futex_wake+0xea/0x530 [ 763.363993][T14829] ? __pfx_futex_wake+0x10/0x10 [ 763.364063][T14829] do_futex+0x1e3/0x350 [ 763.364116][T14829] ? __pfx_do_futex+0x10/0x10 [ 763.364159][T14829] ? trace_kmalloc+0x2b/0xd0 [ 763.364204][T14829] ? __kmalloc_noprof+0x242/0x510 [ 763.364248][T14829] __x64_sys_futex+0x1e0/0x4c0 [ 763.364296][T14829] ? __pfx___x64_sys_futex+0x10/0x10 [ 763.364339][T14829] ? prepare_creds+0x583/0x7d0 [ 763.364398][T14829] do_syscall_64+0xcd/0x490 [ 763.364439][T14829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 763.364471][T14829] RIP: 0033:0x7fd59bd8ebe9 [ 763.364497][T14829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 763.364530][T14829] RSP: 002b:00007fd59cbd60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 763.364562][T14829] RAX: ffffffffffffffda RBX: 00007fd59bfb5fa8 RCX: 00007fd59bd8ebe9 [ 763.364583][T14829] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd59bfb5fac [ 763.364604][T14829] RBP: 00007fd59bfb5fa0 R08: 00007fd59cbd7000 R09: 0000000000000000 [ 763.364624][T14829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 763.364643][T14829] R13: 00007fd59bfb6038 R14: 00007ffc6e117230 R15: 00007ffc6e117318 [ 763.364686][T14829] [ 763.844553][ T30] audit: type=1326 audit(4294967441.552:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14833 comm="syz.5.1667" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f225478ebe9 code=0x0 [ 764.495098][ T30] audit: type=1326 audit(4294967442.202:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14842 comm="syz.2.1669" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd59bd8ebe9 code=0x0 [ 767.192986][T14878] svc: failed to register nfsdv3 RPC service (errno 111). [ 767.222160][T14878] svc: failed to register nfsaclv3 RPC service (errno 111). [ 767.579757][T14884] svc: failed to register nfsdv3 RPC service (errno 512). [ 767.593916][T14884] svc: failed to register nfsaclv3 RPC service (errno 512). [ 769.026911][T14912] snd_aloop snd_aloop.0: control 16781581:65539:5:'x?F/zF˷fC:7 is already present [ 769.582605][ T30] audit: type=1326 audit(4294967447.275:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14909 comm="syz.4.1680" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7eff3978ebe9 code=0x0 [ 770.697238][T14934] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1685'. [ 770.706853][T14934] ipvlan0: entered allmulticast mode [ 770.786953][T14934] veth0_vlan: entered allmulticast mode [ 771.633849][T14945] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 771.845486][T14954] tipc: Can't bind to reserved service type 1 [ 772.706336][T14964] busy [ 773.404512][T14976] nbd: must specify at least one socket [ 774.500751][T14988] FAULT_INJECTION: forcing a failure. [ 774.500751][T14988] name failslab, interval 1, probability 0, space 0, times 0 [ 774.578514][T14988] CPU: 1 UID: 0 PID: 14988 Comm: syz.4.1698 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 774.578559][T14988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 774.578576][T14988] Call Trace: [ 774.578585][T14988] [ 774.578596][T14988] dump_stack_lvl+0x16c/0x1f0 [ 774.578632][T14988] should_fail_ex+0x512/0x640 [ 774.578665][T14988] ? __kmalloc_noprof+0xbf/0x510 [ 774.578700][T14988] ? net_alloc_generic+0x1e/0x70 [ 774.578731][T14988] should_failslab+0xc2/0x120 [ 774.578768][T14988] __kmalloc_noprof+0xd2/0x510 [ 774.578808][T14988] net_alloc_generic+0x1e/0x70 [ 774.578839][T14988] copy_net_ns+0xc6/0x5f0 [ 774.578872][T14988] ? copy_cgroup_ns+0x71/0x700 [ 774.578905][T14988] create_new_namespaces+0x3ea/0xa90 [ 774.578945][T14988] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 774.578980][T14988] ksys_unshare+0x45b/0xa40 [ 774.579019][T14988] ? __pfx_ksys_unshare+0x10/0x10 [ 774.579056][T14988] ? ksys_write+0x1ac/0x250 [ 774.579099][T14988] __x64_sys_unshare+0x31/0x40 [ 774.579136][T14988] do_syscall_64+0xcd/0x490 [ 774.579171][T14988] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 774.579199][T14988] RIP: 0033:0x7eff3978ebe9 [ 774.579220][T14988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 774.579247][T14988] RSP: 002b:00007eff3a674038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 774.579273][T14988] RAX: ffffffffffffffda RBX: 00007eff399b5fa0 RCX: 00007eff3978ebe9 [ 774.579290][T14988] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 774.579306][T14988] RBP: 00007eff3a674090 R08: 0000000000000000 R09: 0000000000000000 [ 774.579322][T14988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 774.579338][T14988] R13: 00007eff399b6038 R14: 00007eff399b5fa0 R15: 00007ffea33a2b08 [ 774.579380][T14988] [ 779.750257][T15054] FAULT_INJECTION: forcing a failure. [ 779.750257][T15054] name failslab, interval 1, probability 0, space 0, times 0 [ 779.786190][T15060] ubi: mtd0 is already attached to ubi0 [ 779.864346][T15054] CPU: 0 UID: 0 PID: 15054 Comm: syz.0.1714 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 779.864395][T15054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 779.864415][T15054] Call Trace: [ 779.864425][T15054] [ 779.864437][T15054] dump_stack_lvl+0x16c/0x1f0 [ 779.864481][T15054] should_fail_ex+0x512/0x640 [ 779.864521][T15054] ? fs_reclaim_acquire+0xae/0x150 [ 779.864576][T15054] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 779.864620][T15054] should_failslab+0xc2/0x120 [ 779.864667][T15054] __kmalloc_noprof+0xd2/0x510 [ 779.864716][T15054] tomoyo_realpath_from_path+0xc2/0x6e0 [ 779.864774][T15054] tomoyo_check_open_permission+0x2ab/0x3c0 [ 779.864813][T15054] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 779.864894][T15054] ? do_raw_spin_lock+0x12c/0x2b0 [ 779.864958][T15054] tomoyo_file_open+0x6b/0x90 [ 779.865009][T15054] security_file_open+0x84/0x1e0 [ 779.865051][T15054] do_dentry_open+0x596/0x1530 [ 779.865106][T15054] vfs_open+0x82/0x3f0 [ 779.865172][T15054] path_openat+0x1de4/0x2cb0 [ 779.865229][T15054] ? __pfx_path_openat+0x10/0x10 [ 779.865283][T15054] do_filp_open+0x20b/0x470 [ 779.865324][T15054] ? __pfx_do_filp_open+0x10/0x10 [ 779.865396][T15054] ? alloc_fd+0x471/0x7d0 [ 779.865444][T15054] do_sys_openat2+0x11b/0x1d0 [ 779.865496][T15054] ? __pfx_do_sys_openat2+0x10/0x10 [ 779.865549][T15054] ? find_held_lock+0x2b/0x80 [ 779.865593][T15054] __x64_sys_openat+0x174/0x210 [ 779.865645][T15054] ? __pfx___x64_sys_openat+0x10/0x10 [ 779.865717][T15054] do_syscall_64+0xcd/0x490 [ 779.865760][T15054] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 779.865793][T15054] RIP: 0033:0x7ff90398ebe9 [ 779.865819][T15054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 779.865853][T15054] RSP: 002b:00007ff901bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 779.865884][T15054] RAX: ffffffffffffffda RBX: 00007ff903bb5fa0 RCX: 00007ff90398ebe9 [ 779.865903][T15054] RDX: 0000000000040001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 779.865921][T15054] RBP: 00007ff903a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 779.865939][T15054] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 779.865959][T15054] R13: 00007ff903bb6038 R14: 00007ff903bb5fa0 R15: 00007ffddaf8c548 [ 779.866003][T15054] [ 780.200558][T15054] ERROR: Out of memory at tomoyo_realpath_from_path. [ 781.844824][T15076] ubi: mtd0 is already attached to ubi0 [ 782.487290][T15081] ubi: mtd0 is already attached to ubi0 [ 782.823648][T15093] busy [ 783.208674][T15098] ACPI: EC: Assuming SCI_EVT clearing on QR_EC writes [ 783.255862][T15098] nbd: couldn't find device at index 33904 [ 786.988767][T15151] busy [ 787.045881][T14895] Bluetooth: hci0: Unable to find connection for big 0xd2 [ 787.273278][T15159] snd_aloop snd_aloop.0: control 16781581:65539:5:'x?F/zF˷fC:7 is already present [ 788.307573][T15148] ptp ptp0: only physical clock in use now [ 788.807608][T15183] snd_aloop snd_aloop.0: control 16781581:65539:5:'x?F/zF˷fC:7 is already present [ 790.446940][T15208] snd_aloop snd_aloop.0: control 16781581:65539:5:'x?F/zF˷fC:7 is already present [ 790.750371][T15213] ubi: mtd0 is already attached to ubi0 [ 791.918837][T15229] snd_aloop snd_aloop.0: control 16781581:65539:5:'x?F/zF˷fC:7 is already present [ 792.861398][T15248] ptrace attach of "./syz-executor exec"[5865] was attempted by ""[15248] [ 793.153674][T15259] FAULT_INJECTION: forcing a failure. [ 793.153674][T15259] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 793.167499][T15259] CPU: 1 UID: 0 PID: 15259 Comm: syz.0.1757 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 793.167542][T15259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 793.167562][T15259] Call Trace: [ 793.167573][T15259] [ 793.167585][T15259] dump_stack_lvl+0x16c/0x1f0 [ 793.167626][T15259] should_fail_ex+0x512/0x640 [ 793.167680][T15259] should_fail_alloc_page+0xe7/0x130 [ 793.167727][T15259] prepare_alloc_pages+0x3c2/0x610 [ 793.167789][T15259] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 793.167830][T15259] ? __lock_acquire+0x62e/0x1ce0 [ 793.167902][T15259] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 793.167943][T15259] ? find_held_lock+0x2b/0x80 [ 793.167977][T15259] ? is_bpf_text_address+0x8a/0x1a0 [ 793.168019][T15259] ? bpf_ksym_find+0x124/0x1c0 [ 793.168053][T15259] ? is_bpf_text_address+0x94/0x1a0 [ 793.168093][T15259] ? kernel_text_address+0x8d/0x100 [ 793.168124][T15259] ? __kernel_text_address+0xd/0x40 [ 793.168153][T15259] ? unwind_get_return_address+0x59/0xa0 [ 793.168187][T15259] ? arch_stack_walk+0xa6/0x100 [ 793.168219][T15259] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 793.168271][T15259] ? policy_nodemask+0xea/0x4e0 [ 793.168319][T15259] alloc_pages_mpol+0x1fb/0x550 [ 793.168364][T15259] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 793.168411][T15259] ? _kstrtoull+0x145/0x200 [ 793.168446][T15259] ? iovec_from_user+0x108/0x140 [ 793.168490][T15259] ___kmalloc_large_node+0xed/0x160 [ 793.168545][T15259] ? iovec_from_user+0x108/0x140 [ 793.168588][T15259] __kmalloc_large_node_noprof+0x1c/0x70 [ 793.168643][T15259] __kmalloc_noprof.cold+0xc/0x61 [ 793.168690][T15259] ? register_lock_class+0x41/0x4c0 [ 793.168740][T15259] iovec_from_user+0x108/0x140 [ 793.168791][T15259] __import_iovec+0x88/0x650 [ 793.168855][T15259] import_iovec+0x86/0xb0 [ 793.168905][T15259] vfs_readv+0x19a/0x8b0 [ 793.168938][T15259] ? __pfx___might_resched+0x10/0x10 [ 793.168979][T15259] ? __pfx_vfs_readv+0x10/0x10 [ 793.169010][T15259] ? __mutex_lock+0x1c4/0x10b0 [ 793.169045][T15259] ? find_held_lock+0x2b/0x80 [ 793.169084][T15259] ? __pfx___mutex_lock+0x10/0x10 [ 793.169137][T15259] ? __fget_files+0x20e/0x3c0 [ 793.169170][T15259] ? __fget_files+0x200/0x3c0 [ 793.169215][T15259] ? do_readv+0x132/0x340 [ 793.169244][T15259] do_readv+0x132/0x340 [ 793.169275][T15259] ? __pfx_do_readv+0x10/0x10 [ 793.169322][T15259] do_syscall_64+0xcd/0x490 [ 793.169362][T15259] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 793.169394][T15259] RIP: 0033:0x7ff90398ebe9 [ 793.169419][T15259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 793.169451][T15259] RSP: 002b:00007ff901bb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 793.169481][T15259] RAX: ffffffffffffffda RBX: 00007ff903bb6180 RCX: 00007ff90398ebe9 [ 793.169502][T15259] RDX: 0000000000000400 RSI: 00002000000000c0 RDI: 0000000000000003 [ 793.169522][T15259] RBP: 00007ff901bb4090 R08: 0000000000000000 R09: 0000000000000000 [ 793.169542][T15259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 793.169589][T15259] R13: 00007ff903bb6218 R14: 00007ff903bb6180 R15: 00007ffddaf8c548 [ 793.169633][T15259] [ 793.656275][T15263] netlink: zone id is out of range [ 793.661504][T15263] netlink: zone id is out of range [ 794.020989][ T30] audit: type=1326 audit(4294967471.757:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15264 comm="syz.2.1760" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd59bd8ebe9 code=0x0 [ 794.501068][T15281] snd_aloop snd_aloop.0: control 16781581:65539:5:'x?F/zF˷fC:7 is already present [ 794.752533][T15283] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1761'. [ 794.786046][T15283] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1761'. [ 795.775416][T15291] ubi: mtd0 is already attached to ubi0 [ 796.460418][ T30] audit: type=1326 audit(4294967474.198:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15298 comm="syz.5.1767" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f225478ebe9 code=0x0 [ 796.512906][T15297] FAULT_INJECTION: forcing a failure. [ 796.512906][T15297] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 796.553412][T15297] CPU: 0 UID: 0 PID: 15297 Comm: syz.2.1765 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 796.553448][T15297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 796.553462][T15297] Call Trace: [ 796.553469][T15297] [ 796.553478][T15297] dump_stack_lvl+0x16c/0x1f0 [ 796.553508][T15297] should_fail_ex+0x512/0x640 [ 796.553540][T15297] should_fail_alloc_page+0xe7/0x130 [ 796.553609][T15297] prepare_alloc_pages+0x3c2/0x610 [ 796.553651][T15297] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 796.553681][T15297] ? kasan_quarantine_put+0x10a/0x240 [ 796.553707][T15297] ? lockdep_hardirqs_on+0x7c/0x110 [ 796.553735][T15297] ? kmem_cache_free+0x2d1/0x4d0 [ 796.553760][T15297] ? mas_alloc_nodes+0x18b/0x8b0 [ 796.553780][T15297] ? mas_destroy+0x5c6/0xa20 [ 796.553812][T15297] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 796.553846][T15297] ? perf_event_mmap+0xbb/0xd40 [ 796.553885][T15297] ? __pfx_perf_event_mmap+0x10/0x10 [ 796.553923][T15297] ? vma_wants_writenotify+0x10b/0x390 [ 796.553951][T15297] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 796.553989][T15297] ? policy_nodemask+0xea/0x4e0 [ 796.554023][T15297] alloc_pages_mpol+0x1fb/0x550 [ 796.554056][T15297] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 796.554098][T15297] alloc_pages_noprof+0x131/0x390 [ 796.554131][T15297] __pud_alloc+0x3b/0x750 [ 796.554169][T15297] __handle_mm_fault+0x13de/0x2a50 [ 796.554196][T15297] ? mt_find+0x3ef/0xa30 [ 796.554227][T15297] ? __pfx___handle_mm_fault+0x10/0x10 [ 796.554277][T15297] handle_mm_fault+0x589/0xd10 [ 796.554307][T15297] __get_user_pages+0x551/0x34a0 [ 796.554381][T15297] ? __pfx___get_user_pages+0x10/0x10 [ 796.554427][T15297] populate_vma_page_range+0x267/0x3f0 [ 796.554468][T15297] ? __pfx_populate_vma_page_range+0x10/0x10 [ 796.554506][T15297] ? __pfx_find_vma_intersection+0x10/0x10 [ 796.554544][T15297] ? do_mmap+0x69c/0x1210 [ 796.554587][T15297] __mm_populate+0x1d8/0x380 [ 796.554626][T15297] ? __pfx___mm_populate+0x10/0x10 [ 796.554666][T15297] ? up_write+0x1b2/0x520 [ 796.554704][T15297] vm_mmap_pgoff+0x37f/0x470 [ 796.554742][T15297] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 796.554783][T15297] ? __x64_sys_futex+0x1e0/0x4c0 [ 796.554812][T15297] ? __x64_sys_futex+0x1e9/0x4c0 [ 796.554846][T15297] ksys_mmap_pgoff+0x7d/0x5c0 [ 796.554879][T15297] ? xfd_validate_state+0x61/0x180 [ 796.554913][T15297] ? __pfx_do_writev+0x10/0x10 [ 796.554942][T15297] __x64_sys_mmap+0x125/0x190 [ 796.554983][T15297] do_syscall_64+0xcd/0x490 [ 796.555013][T15297] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.555037][T15297] RIP: 0033:0x7fd59bd8ebe9 [ 796.555056][T15297] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 796.555080][T15297] RSP: 002b:00007fd59cbd6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 796.555101][T15297] RAX: ffffffffffffffda RBX: 00007fd59bfb5fa0 RCX: 00007fd59bd8ebe9 [ 796.555117][T15297] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000400000000000 [ 796.555131][T15297] RBP: 00007fd59be11e19 R08: 0000000000000002 R09: 0000000000008000 [ 796.555146][T15297] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 796.555160][T15297] R13: 00007fd59bfb6038 R14: 00007fd59bfb5fa0 R15: 00007ffc6e117318 [ 796.555190][T15297] [ 797.554626][T15316] ERROR: Out of memory at tomoyo_memory_ok. [ 797.584923][T15316] FAULT_INJECTION: forcing a failure. [ 797.584923][T15316] name failslab, interval 1, probability 0, space 0, times 0 [ 797.598033][T15316] CPU: 1 UID: 0 PID: 15316 Comm: syz.0.1770 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 797.598064][T15316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 797.598078][T15316] Call Trace: [ 797.598085][T15316] [ 797.598093][T15316] dump_stack_lvl+0x16c/0x1f0 [ 797.598124][T15316] should_fail_ex+0x512/0x640 [ 797.598151][T15316] ? __kmalloc_noprof+0xbf/0x510 [ 797.598180][T15316] ? unix_create_addr+0x25/0x120 [ 797.598214][T15316] should_failslab+0xc2/0x120 [ 797.598261][T15316] __kmalloc_noprof+0xd2/0x510 [ 797.598295][T15316] unix_create_addr+0x25/0x120 [ 797.598333][T15316] unix_bind+0x41b/0x1680 [ 797.598358][T15316] ? __pfx_tomoyo_socket_bind_permission+0x10/0x10 [ 797.598389][T15316] ? __might_fault+0xe3/0x190 [ 797.598440][T15316] ? __might_fault+0xe3/0x190 [ 797.598482][T15316] ? __pfx_unix_bind+0x10/0x10 [ 797.598525][T15316] ? apparmor_socket_bind+0x12e/0x200 [ 797.598566][T15316] __sys_bind+0x1a7/0x260 [ 797.598603][T15316] ? __pfx___sys_bind+0x10/0x10 [ 797.598648][T15316] ? __pfx_ksys_write+0x10/0x10 [ 797.598681][T15316] __x64_sys_bind+0x72/0xb0 [ 797.598714][T15316] ? lockdep_hardirqs_on+0x7c/0x110 [ 797.598739][T15316] do_syscall_64+0xcd/0x490 [ 797.598767][T15316] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 797.598791][T15316] RIP: 0033:0x7ff90398ebe9 [ 797.598809][T15316] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 797.598832][T15316] RSP: 002b:00007ff901bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 797.598853][T15316] RAX: ffffffffffffffda RBX: 00007ff903bb5fa0 RCX: 00007ff90398ebe9 [ 797.598868][T15316] RDX: 000000000000006b RSI: 0000000000000000 RDI: 0000000000000003 [ 797.598881][T15316] RBP: 00007ff901bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 797.598896][T15316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 797.598909][T15316] R13: 00007ff903bb6038 R14: 00007ff903bb5fa0 R15: 00007ffddaf8c548 [ 797.598944][T15316] [ 798.101252][T14895] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 798.101283][T14895] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 798.117741][T14895] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 798.117779][T14895] Bluetooth: hci2: adv larger than maximum supported [ 798.126489][T14895] Bluetooth: hci2: Unknown advertising packet type: 0x72 [ 798.138122][T14895] Bluetooth: hci2: adv larger than maximum supported [ 798.147599][T14895] Bluetooth: hci2: Malformed LE Event: 0x0d [ 798.299623][T15315] sp0: Synchronizing with TNC [ 799.300003][T15335] ubi: mtd0 is already attached to ubi0 [ 799.319881][ T30] audit: type=1326 audit(4294967477.049:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15327 comm="syz.2.1775" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd59bd8ebe9 code=0x0 [ 800.366255][T15353] snd_aloop snd_aloop.0: control 16781581:65539:5:'x?F/zF˷fC:7 is already present [ 801.298728][T15360] ERROR: Out of memory at tomoyo_memory_ok. [ 802.367759][T15366] netlink: 'syz.4.1781': attribute type 1 has an invalid length. [ 803.322835][T15391] FAULT_INJECTION: forcing a failure. [ 803.322835][T15391] name failslab, interval 1, probability 0, space 0, times 0 [ 803.437133][T15391] CPU: 0 UID: 0 PID: 15391 Comm: syz.5.1790 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 803.437182][T15391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 803.437203][T15391] Call Trace: [ 803.437213][T15391] [ 803.437226][T15391] dump_stack_lvl+0x16c/0x1f0 [ 803.437270][T15391] should_fail_ex+0x512/0x640 [ 803.437309][T15391] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 803.437356][T15391] should_failslab+0xc2/0x120 [ 803.437401][T15391] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 803.437438][T15391] ? __asan_memcpy+0x3c/0x60 [ 803.437472][T15391] ? __kernfs_new_node+0xd2/0x8e0 [ 803.437521][T15391] __kernfs_new_node+0xd2/0x8e0 [ 803.437569][T15391] ? __pfx___kernfs_new_node+0x10/0x10 [ 803.437631][T15391] ? find_held_lock+0x2b/0x80 [ 803.437667][T15391] ? kernfs_root+0xee/0x2a0 [ 803.437719][T15391] kernfs_new_node+0x13c/0x1e0 [ 803.437775][T15391] __kernfs_create_file+0x53/0x350 [ 803.437816][T15391] cgroup_addrm_files+0x546/0xc20 [ 803.437880][T15391] ? __xa_store+0x1dc/0x2e0 [ 803.437921][T15391] ? __pfx_cgroup_addrm_files+0x10/0x10 [ 803.437971][T15391] ? __pfx___xa_store+0x10/0x10 [ 803.438026][T15391] ? do_raw_spin_unlock+0x172/0x230 [ 803.438086][T15391] css_populate_dir+0x169/0x580 [ 803.438128][T15391] cgroup_apply_control_enable+0x3f3/0xbb0 [ 803.438201][T15391] cgroup_mkdir+0x5e7/0x11f0 [ 803.438259][T15391] ? __pfx_cgroup_mkdir+0x10/0x10 [ 803.438323][T15391] kernfs_iop_mkdir+0x111/0x190 [ 803.438368][T15391] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 803.438415][T15391] vfs_mkdir+0x590/0x8c0 [ 803.438452][T15391] do_mkdirat+0x304/0x3e0 [ 803.438496][T15391] ? __pfx_do_mkdirat+0x10/0x10 [ 803.438540][T15391] ? getname_flags.part.0+0x1c5/0x550 [ 803.438596][T15391] __x64_sys_mkdir+0xef/0x140 [ 803.438644][T15391] do_syscall_64+0xcd/0x490 [ 803.438686][T15391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 803.438718][T15391] RIP: 0033:0x7f225478ebe9 [ 803.438744][T15391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 803.438777][T15391] RSP: 002b:00007f22555aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 803.438808][T15391] RAX: ffffffffffffffda RBX: 00007f22549b5fa0 RCX: 00007f225478ebe9 [ 803.438830][T15391] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000 [ 803.438852][T15391] RBP: 00007f2254811e19 R08: 0000000000000000 R09: 0000000000000000 [ 803.438873][T15391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 803.438893][T15391] R13: 00007f22549b6038 R14: 00007f22549b5fa0 R15: 00007ffe9f514258 [ 803.438944][T15391] [ 803.438984][T15391] cgroup: cgroup_addrm_files: failed to add kmem.failcnt, err=-12 [ 804.444423][T15401] usb usb8: usbfs: interface 0 claimed by hub while 'syz.5.1791' sets config #32769 [ 805.997738][T15379] ALSA: mixer_oss: invalid OSS volume '0' [ 806.024977][T15379] ALSA: mixer_oss: invalid OSS volume '' [ 806.251342][T15416] FAULT_INJECTION: forcing a failure. [ 806.251342][T15416] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 806.304411][T15416] CPU: 0 UID: 0 PID: 15416 Comm: syz.4.1796 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 806.304456][T15416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 806.304475][T15416] Call Trace: [ 806.304486][T15416] [ 806.304497][T15416] dump_stack_lvl+0x16c/0x1f0 [ 806.304539][T15416] should_fail_ex+0x512/0x640 [ 806.304582][T15416] _copy_from_user+0x2e/0xd0 [ 806.304627][T15416] copy_msghdr_from_user+0x98/0x160 [ 806.304663][T15416] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 806.304703][T15416] ? kfree+0x24f/0x4d0 [ 806.304731][T15416] ? __pfx__kstrtoull+0x10/0x10 [ 806.304771][T15416] ___sys_sendmsg+0xfe/0x1d0 [ 806.304807][T15416] ? __pfx____sys_sendmsg+0x10/0x10 [ 806.304878][T15416] ? __pfx___might_resched+0x10/0x10 [ 806.304919][T15416] __sys_sendmmsg+0x200/0x420 [ 806.304960][T15416] ? __pfx___sys_sendmmsg+0x10/0x10 [ 806.305008][T15416] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 806.305063][T15416] ? fput+0x9b/0xd0 [ 806.305108][T15416] ? ksys_write+0x1ac/0x250 [ 806.305144][T15416] ? __pfx_ksys_write+0x10/0x10 [ 806.305187][T15416] __x64_sys_sendmmsg+0x9c/0x100 [ 806.305222][T15416] ? lockdep_hardirqs_on+0x7c/0x110 [ 806.305255][T15416] do_syscall_64+0xcd/0x490 [ 806.305295][T15416] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 806.305327][T15416] RIP: 0033:0x7eff3978ebe9 [ 806.305351][T15416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 806.305397][T15416] RSP: 002b:00007eff3a674038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 806.305428][T15416] RAX: ffffffffffffffda RBX: 00007eff399b5fa0 RCX: 00007eff3978ebe9 [ 806.305449][T15416] RDX: 0000000000000004 RSI: 0000200000000200 RDI: 0000000000000003 [ 806.305469][T15416] RBP: 00007eff3a674090 R08: 0000000000000000 R09: 0000000000000000 [ 806.305489][T15416] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 806.305507][T15416] R13: 00007eff399b6038 R14: 00007eff399b5fa0 R15: 00007ffea33a2b08 [ 806.305549][T15416] [ 809.338819][T15473] ubi: mtd0 is already attached to ubi0 [ 809.434220][T15460] ERROR: Out of memory at tomoyo_memory_ok. [ 809.704981][T15460] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1805'. [ 810.253363][T15488] ubi: mtd0 is already attached to ubi0 [ 811.424593][T15503] snd_aloop snd_aloop.0: control 16781581:65539:5:'x?F/zF˷fC:7 is already present [ 812.634321][T15524] mkiss: ax0: crc mode is auto. [ 814.943571][T15558] ubi: mtd0 is already attached to ubi0 [ 816.596391][ T30] audit: type=1326 audit(4294967311.325:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15578 comm="syz.4.1833" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7eff3978ebe9 code=0x0 [ 816.618251][ C1] vkms_vblank_simulate: vblank timer overrun syzkaller syzkaller login: [ 819.257411][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 819.266452][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 819.339868][T15637] ubi: mtd0 is already attached to ubi0 [ 819.373033][T15638] ERROR: Out of memory at tomoyo_memory_ok. [ 823.230274][T15686] zswap: compressor not available [ 823.419262][T15695] WARNING! power/level is deprecated; use power/control instead [ 823.441092][T15681] bond0: option packets_per_slave: invalid value () [ 823.456180][T15681] bond0: option packets_per_slave: allowed values 0 - 65535 [ 823.488608][T15697] ICMPv6: process `syz.4.1855' is using deprecated sysctl (syscall) net.ipv6.neigh.wg1.retrans_time - use net.ipv6.neigh.wg1.retrans_time_ms instead [ 824.695009][T15713] snd_aloop snd_aloop.0: control 16781581:65539:5:'x?F/zF˷fC:7 is already present [ 825.187035][T15717] FAULT_INJECTION: forcing a failure. [ 825.187035][T15717] name failslab, interval 1, probability 0, space 0, times 0 [ 825.200094][T15717] CPU: 1 UID: 0 PID: 15717 Comm: syz.0.1859 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 825.200128][T15717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 825.200143][T15717] Call Trace: [ 825.200152][T15717] [ 825.200161][T15717] dump_stack_lvl+0x16c/0x1f0 [ 825.200192][T15717] should_fail_ex+0x512/0x640 [ 825.200221][T15717] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 825.200254][T15717] should_failslab+0xc2/0x120 [ 825.200285][T15717] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 825.200312][T15717] ? __asan_memcpy+0x3c/0x60 [ 825.200336][T15717] ? __kernfs_new_node+0xd2/0x8e0 [ 825.200371][T15717] __kernfs_new_node+0xd2/0x8e0 [ 825.200405][T15717] ? __pfx___kernfs_new_node+0x10/0x10 [ 825.200443][T15717] ? find_held_lock+0x2b/0x80 [ 825.200468][T15717] ? kernfs_root+0xee/0x2a0 [ 825.200504][T15717] kernfs_new_node+0x13c/0x1e0 [ 825.200543][T15717] __kernfs_create_file+0x53/0x350 [ 825.200571][T15717] cgroup_addrm_files+0x546/0xc20 [ 825.200625][T15717] ? __xa_store+0x1dc/0x2e0 [ 825.200655][T15717] ? __pfx_cgroup_addrm_files+0x10/0x10 [ 825.200691][T15717] ? __pfx___xa_store+0x10/0x10 [ 825.200731][T15717] ? do_raw_spin_unlock+0x172/0x230 [ 825.200775][T15717] css_populate_dir+0x169/0x580 [ 825.200805][T15717] cgroup_apply_control_enable+0x3f3/0xbb0 [ 825.200855][T15717] cgroup_mkdir+0x5e7/0x11f0 [ 825.200896][T15717] ? __pfx_cgroup_mkdir+0x10/0x10 [ 825.200934][T15717] kernfs_iop_mkdir+0x111/0x190 [ 825.200966][T15717] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 825.200999][T15717] vfs_mkdir+0x590/0x8c0 [ 825.201025][T15717] do_mkdirat+0x304/0x3e0 [ 825.201056][T15717] ? __pfx_do_mkdirat+0x10/0x10 [ 825.201088][T15717] ? getname_flags.part.0+0x1c5/0x550 [ 825.201136][T15717] __x64_sys_mkdir+0xef/0x140 [ 825.201166][T15717] do_syscall_64+0xcd/0x490 [ 825.201196][T15717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 825.201220][T15717] RIP: 0033:0x7ff90398ebe9 [ 825.201238][T15717] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 825.201262][T15717] RSP: 002b:00007ff901bd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 825.201284][T15717] RAX: ffffffffffffffda RBX: 00007ff903bb6090 RCX: 00007ff90398ebe9 [ 825.201299][T15717] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000 [ 825.201314][T15717] RBP: 00007ff903a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 825.201328][T15717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 825.201342][T15717] R13: 00007ff903bb6128 R14: 00007ff903bb6090 R15: 00007ffddaf8c548 [ 825.201372][T15717] [ 825.201401][T15717] cgroup: cgroup_addrm_files: failed to add kmem.limit_in_bytes, err=-12 [ 825.959817][T15722] FAULT_INJECTION: forcing a failure. [ 825.959817][T15722] name failslab, interval 1, probability 0, space 0, times 0 [ 826.004586][T15722] CPU: 1 UID: 0 PID: 15722 Comm: syz.2.1860 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 826.004636][T15722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 826.004655][T15722] Call Trace: [ 826.004665][T15722] [ 826.004677][T15722] dump_stack_lvl+0x16c/0x1f0 [ 826.004719][T15722] should_fail_ex+0x512/0x640 [ 826.004768][T15722] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 826.004815][T15722] should_failslab+0xc2/0x120 [ 826.004858][T15722] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 826.004900][T15722] ? __alloc_skb+0x2b2/0x380 [ 826.004939][T15722] __alloc_skb+0x2b2/0x380 [ 826.004970][T15722] ? __pfx___alloc_skb+0x10/0x10 [ 826.005001][T15722] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 826.005048][T15722] ? tcp_send_mss+0x159/0x2c0 [ 826.005099][T15722] mptcp_sendmsg_frag+0x4d7/0x2c70 [ 826.005167][T15722] ? __pfx_mptcp_sendmsg_frag+0x10/0x10 [ 826.005227][T15722] __subflow_push_pending+0x345/0xac0 [ 826.005299][T15722] __mptcp_push_pending+0x2ce/0x550 [ 826.005340][T15722] ? __pfx___mptcp_push_pending+0x10/0x10 [ 826.005389][T15722] mptcp_sendmsg+0x17a4/0x1eb0 [ 826.005445][T15722] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 826.005491][T15722] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 826.005529][T15722] inet_sendmsg+0x119/0x140 [ 826.005579][T15722] ____sys_sendmsg+0x973/0xc70 [ 826.005627][T15722] ? copy_msghdr_from_user+0x10a/0x160 [ 826.005662][T15722] ? __pfx_____sys_sendmsg+0x10/0x10 [ 826.005718][T15722] ? __pfx_futex_wake_mark+0x10/0x10 [ 826.005785][T15722] ___sys_sendmsg+0x134/0x1d0 [ 826.005825][T15722] ? __pfx____sys_sendmsg+0x10/0x10 [ 826.005917][T15722] __sys_sendmsg+0x16d/0x220 [ 826.005954][T15722] ? __pfx___sys_sendmsg+0x10/0x10 [ 826.005990][T15722] ? __x64_sys_futex+0x1e0/0x4c0 [ 826.006060][T15722] do_syscall_64+0xcd/0x490 [ 826.006103][T15722] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 826.006136][T15722] RIP: 0033:0x7fd59bd8ebe9 [ 826.006162][T15722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 826.006197][T15722] RSP: 002b:00007fd59cbd6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 826.006229][T15722] RAX: ffffffffffffffda RBX: 00007fd59bfb5fa0 RCX: 00007fd59bd8ebe9 [ 826.006250][T15722] RDX: 0000000000000010 RSI: 0000200000000140 RDI: 0000000000000003 [ 826.006270][T15722] RBP: 00007fd59be11e19 R08: 0000000000000000 R09: 0000000000000000 [ 826.006291][T15722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 826.006311][T15722] R13: 00007fd59bfb6038 R14: 00007fd59bfb5fa0 R15: 00007ffc6e117318 [ 826.006355][T15722] [ 826.651164][T15729] snd_aloop snd_aloop.0: control 16781581:65539:5:'x?F/zF˷fC:7 is already present [ 828.899329][T15751] mkiss: ax0: crc mode is auto. [ 828.943920][T15744] FAULT_INJECTION: forcing a failure. [ 828.943920][T15744] name fail_futex, interval 1, probability 0, space 0, times 0 [ 828.972818][T15744] CPU: 1 UID: 1 PID: 15744 Comm: syz.4.1865 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 828.972862][T15744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 828.972882][T15744] Call Trace: [ 828.972892][T15744] [ 828.972906][T15744] dump_stack_lvl+0x16c/0x1f0 [ 828.972945][T15744] should_fail_ex+0x512/0x640 [ 828.972978][T15744] get_futex_key+0x1d0/0x1560 [ 828.973010][T15744] ? __pfx_get_futex_key+0x10/0x10 [ 828.973049][T15744] futex_wait_setup+0x9d/0x550 [ 828.973092][T15744] __futex_wait+0x194/0x2f0 [ 828.973128][T15744] ? __pfx___futex_wait+0x10/0x10 [ 828.973167][T15744] ? __pfx_futex_wake_mark+0x10/0x10 [ 828.973206][T15744] ? futex_private_hash_put+0x176/0x300 [ 828.973246][T15744] ? futex_private_hash_put+0x18a/0x300 [ 828.973277][T15744] futex_wait+0xe8/0x380 [ 828.973312][T15744] ? __pfx_futex_wait+0x10/0x10 [ 828.973354][T15744] ? __lock_acquire+0xb97/0x1ce0 [ 828.973395][T15744] do_futex+0x229/0x350 [ 828.973425][T15744] ? __pfx_do_futex+0x10/0x10 [ 828.973463][T15744] __x64_sys_futex+0x1e0/0x4c0 [ 828.973495][T15744] ? __pfx___x64_sys_open_tree_attr+0x10/0x10 [ 828.973531][T15744] ? __pfx___x64_sys_futex+0x10/0x10 [ 828.973561][T15744] ? xfd_validate_state+0x61/0x180 [ 828.973596][T15744] ? up_write+0x1b2/0x520 [ 828.973638][T15744] do_syscall_64+0xcd/0x490 [ 828.973667][T15744] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 828.973691][T15744] RIP: 0033:0x7eff3978ebe9 [ 828.973710][T15744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 828.973733][T15744] RSP: 002b:00007eff3a6530e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 828.973755][T15744] RAX: ffffffffffffffda RBX: 00007eff399b6098 RCX: 00007eff3978ebe9 [ 828.973770][T15744] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007eff399b6098 [ 828.973784][T15744] RBP: 00007eff399b6090 R08: 0000000000000000 R09: 0000000000000000 [ 828.973798][T15744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 828.973812][T15744] R13: 00007eff399b6128 R14: 00007ffea33a2a20 R15: 00007ffea33a2b08 [ 828.973841][T15744] [ 832.112161][T15790] busy [ 832.382082][T15798] FAULT_INJECTION: forcing a failure. [ 832.382082][T15798] name failslab, interval 1, probability 0, space 0, times 0 [ 832.416516][T15798] CPU: 0 UID: 0 PID: 15798 Comm: syz.2.1875 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 832.416564][T15798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 832.416584][T15798] Call Trace: [ 832.416594][T15798] [ 832.416607][T15798] dump_stack_lvl+0x16c/0x1f0 [ 832.416649][T15798] should_fail_ex+0x512/0x640 [ 832.416687][T15798] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 832.416735][T15798] should_failslab+0xc2/0x120 [ 832.416780][T15798] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 832.416823][T15798] ? alloc_inode+0xc3/0x240 [ 832.416876][T15798] alloc_inode+0xc3/0x240 [ 832.416925][T15798] iget_locked+0x2e4/0x830 [ 832.416979][T15798] ? __pfx_iget_locked+0x10/0x10 [ 832.417033][T15798] ? find_held_lock+0x2b/0x80 [ 832.417069][T15798] ? kernfs_root+0xee/0x2a0 [ 832.417121][T15798] kernfs_get_inode+0x48/0x460 [ 832.417172][T15798] kernfs_iop_lookup+0x1a7/0x2d0 [ 832.417224][T15798] __lookup_slow+0x251/0x460 [ 832.417280][T15798] ? __pfx___lookup_slow+0x10/0x10 [ 832.417360][T15798] ? lookup_fast+0x156/0x610 [ 832.417400][T15798] walk_component+0x353/0x5b0 [ 832.417439][T15798] path_lookupat+0x142/0x6d0 [ 832.417482][T15798] path_openat+0x16f1/0x2cb0 [ 832.417519][T15798] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 832.417569][T15798] ? __pfx_path_openat+0x10/0x10 [ 832.417621][T15798] do_filp_open+0x20b/0x470 [ 832.417662][T15798] ? __pfx_do_filp_open+0x10/0x10 [ 832.417734][T15798] ? alloc_fd+0x471/0x7d0 [ 832.417783][T15798] do_sys_openat2+0x11b/0x1d0 [ 832.417833][T15798] ? __pfx_do_sys_openat2+0x10/0x10 [ 832.417904][T15798] __x64_sys_openat+0x174/0x210 [ 832.417958][T15798] ? __pfx___x64_sys_openat+0x10/0x10 [ 832.418028][T15798] do_syscall_64+0xcd/0x490 [ 832.418071][T15798] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 832.418104][T15798] RIP: 0033:0x7fd59bd8ebe9 [ 832.418130][T15798] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 832.418172][T15798] RSP: 002b:00007fd59cbd6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 832.418204][T15798] RAX: ffffffffffffffda RBX: 00007fd59bfb5fa0 RCX: 00007fd59bd8ebe9 [ 832.418225][T15798] RDX: 00000000002c0dc2 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 832.418247][T15798] RBP: 00007fd59be11e19 R08: 0000000000000000 R09: 0000000000000000 [ 832.418266][T15798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 832.418286][T15798] R13: 00007fd59bfb6038 R14: 00007fd59bfb5fa0 R15: 00007ffc6e117318 [ 832.418329][T15798] [ 832.671381][ C0] vkms_vblank_simulate: vblank timer overrun g&[ 833.453437][ T30] audit: type=1326 audit(4294967328.194:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15814 comm="syz.0.1878" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff90398ebe9 code=0x0 [ 835.304448][T15848] ubi: mtd0 is already attached to ubi0 [ 835.811686][T15856] snd_aloop snd_aloop.0: control 16781581:65539:5:'x?F/zF˷fC:7 is already present [ 837.517656][T15853] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1886'. [ 837.888815][ T30] audit: type=1326 audit(4294967332.626:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15882 comm="syz.4.1891" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7eff3978ebe9 code=0x0 [ 838.021312][T15889] ERROR: Out of memory at tomoyo_memory_ok. [ 838.252412][T15896] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0x109 pfn:0x78000 [ 838.278310][T15896] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 838.328166][T15896] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 838.358336][T15896] raw: 0000000000000109 0000000000000000 0000000400000002 0000000000000000 [ 838.367267][T15896] page dumped because: unmovable page [ 838.372923][T15896] page_owner tracks the page as allocated [ 838.379261][T15896] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 7899, tgid 7899 (syz-executor), ts 270247632889, free_ts 267827123809 [ 838.413602][T15896] post_alloc_hook+0x1c0/0x230 [ 838.420337][T15896] get_page_from_freelist+0x132b/0x38e0 [ 838.433016][T15896] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 838.453425][T15896] alloc_pages_mpol+0x1fb/0x550 [ 838.462945][T15896] alloc_pages_noprof+0x131/0x390 [ 838.468529][T15896] __vmalloc_node_range_noprof+0x72f/0x14b0 [ 838.475633][T15896] vmalloc_user_noprof+0x9e/0xe0 [ 838.482018][T15896] kcov_ioctl+0x4c/0x730 [ 838.486550][T15896] __x64_sys_ioctl+0x18e/0x210 [ 838.515543][T15903] ubi: mtd0 is already attached to ubi0 [ 838.538084][T15896] do_syscall_64+0xcd/0x490 [ 838.549101][T15896] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 838.567198][T15896] page last free pid 1230 tgid 1230 stack trace: [ 838.595862][T15896] __free_frozen_pages+0x7d5/0x10f0 [ 838.601443][T15896] __folio_put+0x329/0x450 [ 838.615454][T15896] aio_free_ring+0x2dd/0x4f0 [ 838.621376][T15896] free_ioctx+0x21/0xa0 [ 838.625720][T15896] process_one_work+0x9cc/0x1b70 [ 838.635938][T15896] worker_thread+0x6c8/0xf10 [ 838.641228][T15896] kthread+0x3c5/0x780 [ 838.646065][T15896] ret_from_fork+0x5d7/0x6f0 [ 838.652349][T15896] ret_from_fork_asm+0x1a/0x30 [ 839.585093][T15918] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 842.460702][T15947] snd_aloop snd_aloop.0: control 16781581:65539:5:'x?F/zF˷fC:7 is already present [ 843.075273][T15951] snd_aloop snd_aloop.0: control 16781581:65539:5:'x?F/zF˷fC:7 is already present [ 843.803413][T15957] FAULT_INJECTION: forcing a failure. [ 843.803413][T15957] name failslab, interval 1, probability 0, space 0, times 0 [ 843.858546][T15957] CPU: 1 UID: 0 PID: 15957 Comm: syz.2.1908 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 843.858594][T15957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 843.858614][T15957] Call Trace: [ 843.858624][T15957] [ 843.858637][T15957] dump_stack_lvl+0x16c/0x1f0 [ 843.858678][T15957] should_fail_ex+0x512/0x640 [ 843.858717][T15957] ? fs_reclaim_acquire+0xae/0x150 [ 843.858776][T15957] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 843.858817][T15957] should_failslab+0xc2/0x120 [ 843.858860][T15957] __kmalloc_noprof+0xd2/0x510 [ 843.858906][T15957] tomoyo_realpath_from_path+0xc2/0x6e0 [ 843.858960][T15957] tomoyo_check_open_permission+0x2ab/0x3c0 [ 843.858997][T15957] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 843.859080][T15957] ? do_raw_spin_lock+0x12c/0x2b0 [ 843.859146][T15957] tomoyo_file_open+0x6b/0x90 [ 843.859194][T15957] security_file_open+0x84/0x1e0 [ 843.859234][T15957] do_dentry_open+0x596/0x1530 [ 843.859289][T15957] vfs_open+0x82/0x3f0 [ 843.859344][T15957] path_openat+0x1de4/0x2cb0 [ 843.859397][T15957] ? __pfx_path_openat+0x10/0x10 [ 843.859455][T15957] do_filp_open+0x20b/0x470 [ 843.859495][T15957] ? __pfx_do_filp_open+0x10/0x10 [ 843.859564][T15957] ? alloc_fd+0x471/0x7d0 [ 843.859609][T15957] do_sys_openat2+0x11b/0x1d0 [ 843.859659][T15957] ? __pfx_do_sys_openat2+0x10/0x10 [ 843.859726][T15957] __x64_sys_openat+0x174/0x210 [ 843.859780][T15957] ? __pfx___x64_sys_openat+0x10/0x10 [ 843.859850][T15957] do_syscall_64+0xcd/0x490 [ 843.859892][T15957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 843.859927][T15957] RIP: 0033:0x7fd59bd8ebe9 [ 843.859954][T15957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 843.859987][T15957] RSP: 002b:00007fd59cbd6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 843.860019][T15957] RAX: ffffffffffffffda RBX: 00007fd59bfb5fa0 RCX: 00007fd59bd8ebe9 [ 843.860040][T15957] RDX: 0000000000060742 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 843.860062][T15957] RBP: 00007fd59be11e19 R08: 0000000000000000 R09: 0000000000000000 [ 843.860089][T15957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 843.860108][T15957] R13: 00007fd59bfb6038 R14: 00007fd59bfb5fa0 R15: 00007ffc6e117318 [ 843.860152][T15957] [ 843.860165][T15957] ERROR: Out of memory at tomoyo_realpath_from_path. [ 844.227192][T15963] ubi: mtd0 is already attached to ubi0 [ 844.519921][T15973] snd_aloop snd_aloop.0: control 16781581:65539:5:'x?F/zF˷fC:7 is already present [ 844.710353][T15971] snd_aloop snd_aloop.0: control 16781581:65539:5:'x?F/zF˷fC:7 is already present [ 845.037258][T15980] snd_aloop snd_aloop.0: control 16781581:65539:5:'x?F/zF˷fC:7 is already present [ 845.897007][T15985] snd_aloop snd_aloop.0: control 16781581:65539:5:'x?F/zF˷fC:7 is already present [ 846.477662][T15994] ubi: mtd0 is already attached to ubi0 [ 846.541936][T15998] ubi: mtd0 is already attached to ubi0 [ 846.672852][T15992] Invalid ELF header magic: != ELF [ 847.172171][T16009] snd_aloop snd_aloop.0: control 16781581:65539:5:'x?F/zF˷fC:7 is already present [ 847.226159][T16011] random: crng reseeded on system resumption [ 847.510525][T16018] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 848.984715][T16045] scsi_strcpy_devinfo: vendor string '/&c~n] | [ 848.984715][T16045] M' is too long [ 848.998039][T16045] scsi_strcpy_devinfo: model string 'Dd5 K2b [ 848.998039][T16045] W ' is too long [ 849.168564][T14895] Bluetooth: hci0: unexpected event 0x14 length: 16 > 6 [ 849.494504][T16053] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 850.545311][T16075] snd_aloop snd_aloop.0: control 16781581:65539:5:'x?F/zF˷fC:7 is already present [ 851.695385][T16082] mkiss: ax0: crc mode is auto. [ 851.972024][T14895] Bluetooth: hci4: unexpected event 0x3e length: 726 > 260 [ 851.972069][T14895] Bluetooth: hci4: unexpected subevent 0x0d length: 725 > 260 [ 851.990166][T14895] Bluetooth: hci4: Unknown advertising packet type: 0x7f [ 851.990195][T14895] Bluetooth: hci4: adv larger than maximum supported [ 851.997582][T14895] Bluetooth: hci4: Malformed LE Event: 0x0d [ 855.402290][T16113] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(5) [ 856.042729][T16129] sp0: Synchronizing with TNC [ 857.199942][T16151] FAULT_INJECTION: forcing a failure. [ 857.199942][T16151] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 857.214103][T16151] CPU: 0 UID: 0 PID: 16151 Comm: syz.5.1949 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 857.214137][T16151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 857.214151][T16151] Call Trace: [ 857.214161][T16151] [ 857.214170][T16151] dump_stack_lvl+0x16c/0x1f0 [ 857.214200][T16151] should_fail_ex+0x512/0x640 [ 857.214235][T16151] should_fail_alloc_page+0xe7/0x130 [ 857.214270][T16151] prepare_alloc_pages+0x3c2/0x610 [ 857.214311][T16151] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 857.214340][T16151] ? finish_task_switch.isra.0+0x21c/0xc10 [ 857.214367][T16151] ? rcu_is_watching+0x12/0xc0 [ 857.214390][T16151] ? finish_task_switch.isra.0+0x221/0xc10 [ 857.214414][T16151] ? lockdep_hardirqs_on+0x7c/0x110 [ 857.214439][T16151] ? finish_task_switch.isra.0+0x221/0xc10 [ 857.214465][T16151] ? rcu_is_watching+0x12/0xc0 [ 857.214489][T16151] ? trace_sched_exit_tp+0xd1/0x120 [ 857.214560][T16151] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 857.214602][T16151] ? __lock_acquire+0x62e/0x1ce0 [ 857.214638][T16151] ? __pfx___schedule+0x10/0x10 [ 857.214657][T16151] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 857.214695][T16151] ? policy_nodemask+0xea/0x4e0 [ 857.214728][T16151] alloc_pages_mpol+0x1fb/0x550 [ 857.214759][T16151] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 857.214793][T16151] ? __lock_acquire+0x62e/0x1ce0 [ 857.214827][T16151] folio_alloc_mpol_noprof+0x36/0x2f0 [ 857.214865][T16151] vma_alloc_folio_noprof+0xed/0x1e0 [ 857.214901][T16151] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 857.214947][T16151] do_pte_missing+0x2230/0x3ba0 [ 857.214972][T16151] ? find_held_lock+0x2b/0x80 [ 857.215003][T16151] __handle_mm_fault+0x152a/0x2a50 [ 857.215036][T16151] ? __pfx___handle_mm_fault+0x10/0x10 [ 857.215065][T16151] ? lock_vma_under_rcu+0x1eb/0x530 [ 857.215099][T16151] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 857.215131][T16151] handle_mm_fault+0x589/0xd10 [ 857.215157][T16151] ? __bpf_trace_exceptions+0x1/0x40 [ 857.215196][T16151] do_user_addr_fault+0x60c/0x1370 [ 857.215236][T16151] ? rcu_is_watching+0x12/0xc0 [ 857.215264][T16151] exc_page_fault+0x5c/0xb0 [ 857.215288][T16151] asm_exc_page_fault+0x26/0x30 [ 857.215311][T16151] RIP: 0033:0x7f225465a5ab [ 857.215330][T16151] Code: 00 00 00 48 8d 3d 3d 3a 19 00 48 89 c1 31 c0 e8 4b 3c ff ff eb d2 66 0f 1f 84 00 00 00 00 00 55 31 c0 53 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d 71 3a 19 00 48 89 34 24 48 8b 14 24 48 8b [ 857.215353][T16151] RSP: 002b:00007f2255545fb0 EFLAGS: 00010202 [ 857.215371][T16151] RAX: 0000000000000000 RBX: 00007f22549b6270 RCX: 0000000000000000 [ 857.215386][T16151] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000200000000240 [ 857.215401][T16151] RBP: 00007f2254811e19 R08: 0000000000000000 R09: 0000000000000000 [ 857.215415][T16151] R10: 0000200000000240 R11: 0000000000000000 R12: 0000000000000000 [ 857.215430][T16151] R13: 00007f22549b6308 R14: 00007f22549b6270 R15: 00007ffe9f514258 [ 857.215459][T16151] [ 857.215650][T16151] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 858.054127][ T30] audit: type=1326 audit(4294967352.806:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16153 comm="syz.5.1950" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f225478ebe9 code=0x0 [ 858.482474][T16147] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 859.413076][T16174] ubi: mtd0 is already attached to ubi0 [ 860.924959][T16195] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 862.050924][T16213] sp0: Synchronizing with TNC [ 862.931735][T16223] busy [ 863.425184][T16230] virtio-pci 0000:00:04.0: [Firmware Bug]: Overriding NUMA node to -1. Contact your vendor for updates. [ 863.657351][T16235] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 866.355576][T16275] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 866.597602][T16283] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1982'. [ 867.089223][T16283] team0: Port device team_slave_1 removed [ 868.279590][T16310] FAULT_INJECTION: forcing a failure. [ 868.279590][T16310] name failslab, interval 1, probability 0, space 0, times 0 [ 868.338817][T16310] CPU: 0 UID: 0 PID: 16310 Comm: syz.0.1991 Tainted: G I 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 868.338874][T16310] Tainted: [I]=FIRMWARE_WORKAROUND [ 868.338888][T16310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 868.338908][T16310] Call Trace: [ 868.338919][T16310] [ 868.338932][T16310] dump_stack_lvl+0x16c/0x1f0 [ 868.338974][T16310] should_fail_ex+0x512/0x640 [ 868.339013][T16310] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 868.339057][T16310] should_failslab+0xc2/0x120 [ 868.339111][T16310] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 868.339153][T16310] ? flock_lock_inode+0xbe5/0x1030 [ 868.339189][T16310] flock_lock_inode+0xbe5/0x1030 [ 868.339228][T16310] ? __pfx_flock_lock_inode+0x10/0x10 [ 868.339259][T16310] ? __pfx___might_resched+0x10/0x10 [ 868.339303][T16310] locks_lock_inode_wait+0x1da/0x490 [ 868.339336][T16310] ? __pfx_locks_lock_inode_wait+0x10/0x10 [ 868.339379][T16310] ? common_file_perm+0x1a9/0x340 [ 868.339421][T16310] __do_sys_flock+0x446/0x520 [ 868.339454][T16310] ? __pfx___do_sys_flock+0x10/0x10 [ 868.339523][T16310] ? xfd_validate_state+0x61/0x180 [ 868.339574][T16310] ? __pfx_ksys_write+0x10/0x10 [ 868.339626][T16310] do_syscall_64+0xcd/0x490 [ 868.339668][T16310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 868.339701][T16310] RIP: 0033:0x7ff90398ebe9 [ 868.339727][T16310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 868.339760][T16310] RSP: 002b:00007ff901bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000049 [ 868.339791][T16310] RAX: ffffffffffffffda RBX: 00007ff903bb5fa0 RCX: 00007ff90398ebe9 [ 868.339813][T16310] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 868.339832][T16310] RBP: 00007ff903a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 868.339852][T16310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 868.339871][T16310] R13: 00007ff903bb6038 R14: 00007ff903bb5fa0 R15: 00007ffddaf8c548 [ 868.339915][T16310] [ 868.590963][ T30] audit: type=1326 audit(4294967363.341:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16302 comm="syz.2.1988" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd59bd8ebe9 code=0x0 [ 868.754687][T16318] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 869.339926][T16333] FAULT_INJECTION: forcing a failure. [ 869.339926][T16333] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 869.395844][T16334] ================================================================== [ 869.398819][T16333] CPU: 0 UID: 0 PID: 16333 Comm: syz.5.1996 Tainted: G I 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 869.398881][T16333] Tainted: [I]=FIRMWARE_WORKAROUND [ 869.398894][T16333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 869.398916][T16333] Call Trace: [ 869.398928][T16333] [ 869.398941][T16333] dump_stack_lvl+0x16c/0x1f0 [ 869.398986][T16333] should_fail_ex+0x512/0x640 [ 869.399037][T16333] _copy_from_user+0x2e/0xd0 [ 869.399088][T16333] csum_and_copy_from_iter_full+0x21a/0x1f70 [ 869.399161][T16333] ? __pfx_csum_and_copy_from_iter_full+0x10/0x10 [ 869.399220][T16333] ? rcu_is_watching+0x12/0xc0 [ 869.399257][T16333] ? trace_kmem_cache_alloc+0x28/0xc0 [ 869.399311][T16333] ? kmem_cache_alloc_node_noprof+0x225/0x3b0 [ 869.399356][T16333] ? kmalloc_reserve+0x18b/0x2c0 [ 869.399403][T16333] ? trace_kmem_cache_alloc+0x28/0xc0 [ 869.399473][T16333] ip_generic_getfrag+0x170/0x270 [ 869.399515][T16333] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 869.399558][T16333] ? __alloc_skb+0x200/0x380 [ 869.399593][T16333] ? __pfx___alloc_skb+0x10/0x10 [ 869.399635][T16333] raw_getfrag+0x22d/0x2a0 [ 869.399692][T16333] __ip_append_data+0x34fb/0x41c0 [ 869.399747][T16333] ? __pfx_raw_getfrag+0x10/0x10 [ 869.399801][T16333] ? ip_dst_mtu_maybe_forward.constprop.0+0x30a/0x6e0 [ 869.399871][T16333] ? ip_dst_mtu_maybe_forward.constprop.0+0x314/0x6e0 [ 869.399926][T16333] ? __pfx___ip_append_data+0x10/0x10 [ 869.399981][T16333] ip_append_data+0x10f/0x1a0 [ 869.400031][T16333] ? __pfx_raw_getfrag+0x10/0x10 [ 869.400086][T16333] raw_sendmsg+0xeee/0x37e0 [ 869.400161][T16333] ? __pfx_raw_sendmsg+0x10/0x10 [ 869.400216][T16333] ? unwind_get_return_address+0x59/0xa0 [ 869.400256][T16333] ? arch_stack_walk+0xa6/0x100 [ 869.400300][T16333] ? __lock_acquire+0x62e/0x1ce0 [ 869.400408][T16333] ? __pfx_raw_sendmsg+0x10/0x10 [ 869.400471][T16333] inet_sendmsg+0x119/0x140 [ 869.400526][T16333] sock_write_iter+0x4aa/0x5b0 [ 869.400578][T16333] ? __pfx_sock_write_iter+0x10/0x10 [ 869.400655][T16333] ? bpf_lsm_file_permission+0x9/0x10 [ 869.400706][T16333] ? security_file_permission+0x71/0x210 [ 869.400752][T16333] ? rw_verify_area+0xcf/0x6c0 [ 869.400795][T16333] vfs_write+0x6c4/0x1150 [ 869.400839][T16333] ? __pfx_sock_write_iter+0x10/0x10 [ 869.400894][T16333] ? __pfx_vfs_write+0x10/0x10 [ 869.400933][T16333] ? find_held_lock+0x2b/0x80 [ 869.400997][T16333] ksys_write+0x1f8/0x250 [ 869.401039][T16333] ? __pfx_ksys_write+0x10/0x10 [ 869.401094][T16333] do_syscall_64+0xcd/0x490 [ 869.401140][T16333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 869.401179][T16333] RIP: 0033:0x7f225478ebe9 [ 869.401207][T16333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 869.401243][T16333] RSP: 002b:00007f22555aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 869.401275][T16333] RAX: ffffffffffffffda RBX: 00007f22549b5fa0 RCX: 00007f225478ebe9 [ 869.401299][T16333] RDX: 0000000000000578 RSI: 0000000000000000 RDI: 0000000000000003 [ 869.401320][T16333] RBP: 00007f22555aa090 R08: 0000000000000000 R09: 0000000000000000 [ 869.401343][T16333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 869.401364][T16333] R13: 00007f22549b6038 R14: 00007f22549b5fa0 R15: 00007ffe9f514258 [ 869.401410][T16333] [ 869.732240][T16334] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0 [ 869.740187][T16334] Read of size 8 at addr ffff888143e8e818 by task syz.0.1995/16334 [ 869.748103][T16334] [ 869.750452][T16334] CPU: 1 UID: 0 PID: 16334 Comm: syz.0.1995 Tainted: G I 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 869.750496][T16334] Tainted: [I]=FIRMWARE_WORKAROUND [ 869.750507][T16334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 869.750524][T16334] Call Trace: [ 869.750534][T16334] [ 869.750544][T16334] dump_stack_lvl+0x116/0x1f0 [ 869.750580][T16334] print_report+0xcd/0x630 [ 869.750622][T16334] ? __virt_addr_valid+0x81/0x610 [ 869.750658][T16334] ? __phys_addr+0xe8/0x180 [ 869.750692][T16334] ? dvb_device_open+0x36a/0x3b0 [ 869.750726][T16334] kasan_report+0xe0/0x110 [ 869.750763][T16334] ? dvb_device_open+0x36a/0x3b0 [ 869.750799][T16334] ? __pfx_dvb_device_open+0x10/0x10 [ 869.750832][T16334] dvb_device_open+0x36a/0x3b0 [ 869.750865][T16334] ? __pfx_dvb_device_open+0x10/0x10 [ 869.750899][T16334] chrdev_open+0x231/0x6a0 [ 869.750934][T16334] ? __pfx_apparmor_file_open+0x10/0x10 [ 869.750981][T16334] ? __pfx_chrdev_open+0x10/0x10 [ 869.751018][T16334] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 869.751054][T16334] do_dentry_open+0x97f/0x1530 [ 869.751088][T16334] ? __pfx_chrdev_open+0x10/0x10 [ 869.751128][T16334] vfs_open+0x82/0x3f0 [ 869.751171][T16334] path_openat+0x1de4/0x2cb0 [ 869.751209][T16334] ? __pfx_path_openat+0x10/0x10 [ 869.751246][T16334] do_filp_open+0x20b/0x470 [ 869.751278][T16334] ? __pfx_do_filp_open+0x10/0x10 [ 869.751324][T16334] ? alloc_fd+0x471/0x7d0 [ 869.751359][T16334] do_sys_openat2+0x11b/0x1d0 [ 869.751402][T16334] ? __pfx_do_sys_openat2+0x10/0x10 [ 869.751452][T16334] __x64_sys_openat+0x174/0x210 [ 869.751496][T16334] ? __pfx___x64_sys_openat+0x10/0x10 [ 869.751547][T16334] do_syscall_64+0xcd/0x490 [ 869.751581][T16334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 869.751608][T16334] RIP: 0033:0x7ff90398ebe9 [ 869.751635][T16334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 869.751662][T16334] RSP: 002b:00007ff901bd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 869.751687][T16334] RAX: ffffffffffffffda RBX: 00007ff903bb6090 RCX: 00007ff90398ebe9 [ 869.751706][T16334] RDX: 00000000000c0041 RSI: 0000200000001900 RDI: ffffffffffffff9c [ 869.751724][T16334] RBP: 00007ff903a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 869.751740][T16334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 869.751757][T16334] R13: 00007ff903bb6128 R14: 00007ff903bb6090 R15: 00007ffddaf8c548 [ 869.751784][T16334] [ 869.751792][T16334] [ 870.003347][T16334] Allocated by task 1: [ 870.007882][T16334] kasan_save_stack+0x33/0x60 [ 870.013637][T16334] kasan_save_track+0x14/0x30 [ 870.018513][T16334] __kasan_kmalloc+0xaa/0xb0 [ 870.023158][T16334] dvb_register_device+0x1e4/0x2370 [ 870.028439][T16334] dvb_register_frontend+0x5a6/0x880 [ 870.033756][T16334] vidtv_bridge_probe+0x459/0xa90 [ 870.038809][T16334] platform_probe+0x106/0x1d0 [ 870.043588][T16334] really_probe+0x23e/0xa90 [ 870.048118][T16334] __driver_probe_device+0x1de/0x440 [ 870.053430][T16334] driver_probe_device+0x4c/0x1b0 [ 870.058481][T16334] __driver_attach+0x283/0x580 [ 870.063274][T16334] bus_for_each_dev+0x13b/0x1d0 [ 870.068169][T16334] bus_add_driver+0x2e9/0x690 [ 870.073038][T16334] driver_register+0x15c/0x4b0 [ 870.077827][T16334] vidtv_bridge_init+0x45/0x80 [ 870.082613][T16334] do_one_initcall+0x120/0x6e0 [ 870.087436][T16334] kernel_init_freeable+0x5c2/0x910 [ 870.092765][T16334] kernel_init+0x1c/0x2b0 [ 870.097152][T16334] ret_from_fork+0x5d7/0x6f0 [ 870.101787][T16334] ret_from_fork_asm+0x1a/0x30 [ 870.106587][T16334] [ 870.108922][T16334] Freed by task 16318: [ 870.113006][T16334] kasan_save_stack+0x33/0x60 [ 870.117720][T16334] kasan_save_track+0x14/0x30 [ 870.122424][T16334] kasan_save_free_info+0x3b/0x60 [ 870.127464][T16334] __kasan_slab_free+0x60/0x70 [ 870.132266][T16334] kfree+0x2b4/0x4d0 [ 870.136180][T16334] dvb_device_put.part.0+0x60/0x90 [ 870.141311][T16334] dvb_device_open+0x2a4/0x3b0 [ 870.146105][T16334] chrdev_open+0x231/0x6a0 [ 870.150551][T16334] do_dentry_open+0x97f/0x1530 [ 870.155351][T16334] vfs_open+0x82/0x3f0 [ 870.159487][T16334] path_openat+0x1de4/0x2cb0 [ 870.164103][T16334] do_filp_open+0x20b/0x470 [ 870.168631][T16334] do_sys_openat2+0x11b/0x1d0 [ 870.173435][T16334] __x64_sys_openat+0x174/0x210 [ 870.178415][T16334] do_syscall_64+0xcd/0x490 [ 870.183028][T16334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 870.188951][T16334] [ 870.191280][T16334] The buggy address belongs to the object at ffff888143e8e800 [ 870.191280][T16334] which belongs to the cache kmalloc-256 of size 256 [ 870.205449][T16334] The buggy address is located 24 bytes inside of [ 870.205449][T16334] freed 256-byte region [ffff888143e8e800, ffff888143e8e900) [ 870.219279][T16334] [ 870.221625][T16334] The buggy address belongs to the physical page: [ 870.228044][T16334] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x143e8e [ 870.236915][T16334] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 870.245432][T16334] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff) [ 870.253095][T16334] page_type: f5(slab) [ 870.257104][T16334] raw: 057ff00000000040 ffff88801b841b40 dead000000000122 0000000000000000 [ 870.265796][T16334] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 870.274406][T16334] head: 057ff00000000040 ffff88801b841b40 dead000000000122 0000000000000000 [ 870.283113][T16334] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 870.291829][T16334] head: 057ff00000000001 ffffea00050fa381 00000000ffffffff 00000000ffffffff [ 870.300530][T16334] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 870.309221][T16334] page dumped because: kasan: bad access detected [ 870.315657][T16334] page_owner tracks the page as allocated [ 870.321391][T16334] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 29068444428, free_ts 0 [ 870.341132][T16334] post_alloc_hook+0x1c0/0x230 [ 870.345922][T16334] get_page_from_freelist+0x132b/0x38e0 [ 870.351491][T16334] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 870.357411][T16334] alloc_pages_mpol+0x1fb/0x550 [ 870.362498][T16334] new_slab+0x247/0x330 [ 870.366676][T16334] ___slab_alloc+0xcf2/0x1740 [ 870.371453][T16334] __slab_alloc.constprop.0+0x56/0xb0 [ 870.376865][T16334] __kmalloc_cache_noprof+0xfb/0x3e0 [ 870.382187][T16334] bus_add_driver+0x92/0x690 [ 870.386806][T16334] driver_register+0x15c/0x4b0 [ 870.391616][T16334] do_one_initcall+0x120/0x6e0 [ 870.396406][T16334] kernel_init_freeable+0x5c2/0x910 [ 870.401631][T16334] kernel_init+0x1c/0x2b0 [ 870.405994][T16334] ret_from_fork+0x5d7/0x6f0 [ 870.410664][T16334] ret_from_fork_asm+0x1a/0x30 [ 870.415554][T16334] page_owner free stack trace missing [ 870.421027][T16334] [ 870.423548][T16334] Memory state around the buggy address: [ 870.429461][T16334] ffff888143e8e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 870.438330][T16334] ffff888143e8e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 870.446411][T16334] >ffff888143e8e800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 870.454498][T16334] ^ [ 870.459387][T16334] ffff888143e8e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 870.467469][T16334] ffff888143e8e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 870.475541][T16334] ================================================================== [ 870.512479][T16334] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 870.519786][T16334] CPU: 0 UID: 0 PID: 16334 Comm: syz.0.1995 Tainted: G I 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 870.533124][T16334] Tainted: [I]=FIRMWARE_WORKAROUND [ 870.538247][T16334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 870.548329][T16334] Call Trace: [ 870.551623][T16334] [ 870.554565][T16334] dump_stack_lvl+0x3d/0x1f0 [ 870.559190][T16334] vpanic+0x6e8/0x7a0 [ 870.563209][T16334] ? __pfx_vpanic+0x10/0x10 [ 870.567789][T16334] ? __pfx_vprintk_emit+0x10/0x10 [ 870.572859][T16334] ? dvb_device_open+0x36a/0x3b0 [ 870.577824][T16334] panic+0xca/0xd0 [ 870.581589][T16334] ? __pfx_panic+0x10/0x10 [ 870.586039][T16334] ? dvb_device_open+0x36a/0x3b0 [ 870.591007][T16334] ? preempt_schedule_common+0x44/0xc0 [ 870.596490][T16334] ? preempt_schedule_thunk+0x16/0x30 [ 870.601906][T16334] check_panic_on_warn+0xab/0xb0 [ 870.606889][T16334] end_report+0x107/0x170 [ 870.611250][T16334] kasan_report+0xee/0x110 [ 870.615701][T16334] ? dvb_device_open+0x36a/0x3b0 [ 870.620670][T16334] ? __pfx_dvb_device_open+0x10/0x10 [ 870.626012][T16334] dvb_device_open+0x36a/0x3b0 [ 870.630803][T16334] ? __pfx_dvb_device_open+0x10/0x10 [ 870.636116][T16334] chrdev_open+0x231/0x6a0 [ 870.640575][T16334] ? __pfx_apparmor_file_open+0x10/0x10 [ 870.646159][T16334] ? __pfx_chrdev_open+0x10/0x10 [ 870.651135][T16334] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 870.657495][T16334] do_dentry_open+0x97f/0x1530 [ 870.662297][T16334] ? __pfx_chrdev_open+0x10/0x10 [ 870.667724][T16334] vfs_open+0x82/0x3f0 [ 870.671846][T16334] path_openat+0x1de4/0x2cb0 [ 870.676475][T16334] ? __pfx_path_openat+0x10/0x10 [ 870.681458][T16334] do_filp_open+0x20b/0x470 [ 870.686089][T16334] ? __pfx_do_filp_open+0x10/0x10 [ 870.691153][T16334] ? alloc_fd+0x471/0x7d0 [ 870.695597][T16334] do_sys_openat2+0x11b/0x1d0 [ 870.700316][T16334] ? __pfx_do_sys_openat2+0x10/0x10 [ 870.705563][T16334] __x64_sys_openat+0x174/0x210 [ 870.710451][T16334] ? __pfx___x64_sys_openat+0x10/0x10 [ 870.715872][T16334] do_syscall_64+0xcd/0x490 [ 870.720417][T16334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 870.726369][T16334] RIP: 0033:0x7ff90398ebe9 [ 870.730803][T16334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 870.750433][T16334] RSP: 002b:00007ff901bd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 870.758873][T16334] RAX: ffffffffffffffda RBX: 00007ff903bb6090 RCX: 00007ff90398ebe9 [ 870.766865][T16334] RDX: 00000000000c0041 RSI: 0000200000001900 RDI: ffffffffffffff9c [ 870.774863][T16334] RBP: 00007ff903a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 870.782860][T16334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 870.791115][T16334] R13: 00007ff903bb6128 R14: 00007ff903bb6090 R15: 00007ffddaf8c548 [ 870.799123][T16334] [ 870.802465][T16334] Kernel Offset: disabled [ 870.806796][T16334] Rebooting in 86400 seconds..