last executing test programs:

7.908844358s ago: executing program 0 (id=458):
r0 = socket(0xa, 0x1, 0x100)
ioperm$auto(0x7, 0x5ad2, 0x8)
modify_ldt$auto(0x1, 0x0, 0x8001)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x210040, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
socket(0x21, 0x3, 0x9)
r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x4, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/fs/cifs/dfscache\x00', 0x0, 0x0)
r3 = ioctl$auto_TUNSETGROUP(r2, 0x400454ce, &(0x7f00000002c0)=0x401)
close_range$auto(r0, r3, 0x7)
write$auto(0x3, 0x0, 0xffd8)
unshare$auto(0x40000080)
openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
mincore$auto(0x1000, 0x8001, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0xb0903, 0x0)

7.243748508s ago: executing program 1 (id=459):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e21, @empty}, 0x70)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000)
io_uring_setup$auto(0x1, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = socket(0x2b, 0x1, 0x1)
setsockopt$auto(r1, 0x29, 0x6, 0x0, 0x50)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
write$auto(0x3, 0x0, 0xfffffdef)
unshare$auto(0x40000080)
sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3f83, 0xfffffffb)
openat$dir(0xffffffffffffff9c, 0x0, 0xc0100, 0x100)
mmap$auto(0x0, 0x402000a, 0xdf, 0x10000000000eb1, 0xffffffffffffffff, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r2 = socket(0xa, 0x2, 0x3a)
socket(0x15, 0x5, 0x0)
ioctl$auto_IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7a8, 0x0)
bind$auto(r2, 0x0, 0x66)
connect$auto(0x3, 0x0, 0x54)
inotify_init1$auto(0x3000000000000)
close_range$auto(0x2, 0x8, 0x0)

7.119855105s ago: executing program 2 (id=460):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
select$auto(0x3, 0x0, 0x0, 0x0, 0x0)
syslog$auto(0x2, 0x0, 0xcf)
mmap$auto(0x0, 0x10001, 0x80003, 0x10011, 0xffffffffffffffff, 0x8000)
write$auto(0xca, &(0x7f0000000040)='\x04>2\x0f\x00\x00\x96\x18am\xea\xf4\x1b\xf8', 0x7e)
close_range$auto(0x2, 0x8, 0x0)
shmget$auto(0x400, 0x10563, 0x568c12f2)
sendmsg$auto_NL80211_CMD_AUTHENTICATE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x24048800)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mmap$auto(0x0, 0x2020009, 0x3, 0x20000000eb1, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0x10000000000402)
ioctl$auto(0x3, 0xae41, 0x38)
clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0xfbe1)
write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, &(0x7f0000001300), 0x0)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000)
shmdt$auto(&(0x7f0000000000)=':-h!/-^@(\']@%]/\x00')
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)

6.791980117s ago: executing program 0 (id=465):
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x1, 0x100)
r0 = eventfd2$auto(0x6af3, 0x800)
socket(0x1e, 0x1, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
pipe2$auto(&(0x7f0000000040)=r0, 0x9)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x3, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7440, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x100000001f9, 0x8, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x7, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x10008000009, 0x2, 0x6]}, 0x0)
r2 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000032c0), 0x1000, 0x0)
preadv$auto(r2, &(0x7f0000003340)={&(0x7f0000003300), 0x40}, 0x9, 0x5, 0x100000001)
ioperm$auto(0x7, 0x6, 0x1)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0)
unshare$auto(0x40000080)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/clocksource/clocksource0/current_clocksource\x00', 0x8502, 0x0)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
write$auto(0x3, 0x0, 0x100082)
bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x1001, 0x0, 0xf, 0xffffffffffffffff, 0x1400000, 0x5}, 0x6f4)

5.762626362s ago: executing program 1 (id=467):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
select$auto(0x3, 0x0, 0x0, 0x0, 0x0)
syslog$auto(0x2, 0x0, 0xcf)
mmap$auto(0x0, 0x10001, 0x80003, 0x10011, 0xffffffffffffffff, 0x8000)
write$auto(0xca, &(0x7f0000000040)='\x04>2\x0f\x00\x00\x96\x18am\xea\xf4\x1b\xf8', 0x7e)
close_range$auto(0x2, 0x8, 0x0)
shmget$auto(0x400, 0x10563, 0x568c12f2)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
mmap$auto(0xffffffffffffffff, 0x400008, 0xe0, 0x9b72, 0xffffffffffffffff, 0x1)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mmap$auto(0x0, 0x2020009, 0x3, 0x20000000eb1, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0x10000000000402)
ioctl$auto(0x3, 0xae41, 0x38)
clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0xfbe1)
write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, &(0x7f0000001300), 0x0)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000)
shmdt$auto(&(0x7f0000000000)=':-h!/-^@(\']@%]/\x00')
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)

5.713638803s ago: executing program 0 (id=468):
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x101120, 0x0)
ioctl$auto_TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000040)=0x1)
poll$auto(&(0x7f00000001c0)={r0, 0xfffd, 0x1000}, 0x7, 0x4)
socket(0x1d, 0x3, 0x1)
mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0101, 0x15)
clone$auto(0x1, 0x3, 0x0, 0x0, 0x3)
sysfs$auto(0x2, 0x0, 0x0)
epoll_wait$auto(0xffffffffffffffff, 0x0, 0xe007, 0x1)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2b, 0x1, 0x1)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x48014}, 0x20040000)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000)
setsockopt$auto(0x400000000000003, 0x29, 0x6, 0x0, 0x3)
setsockopt$auto(r1, 0x29, 0x39, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000440), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'veth1_to_bond\x00'})
sendmsg$auto_NETDEV_CMD_QUEUE_GET(r2, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f00000015c0)={0x1c, r3, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@NETDEV_A_QUEUE_ID={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x810)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0xe, 0x940, 0x1ffde, 0x3, 0x100000000, 0x2, 0x5, 0x5, 0x2, 0x7, 0xb0, 0x7, 0x2, 0x3, 0x5, 0x7, 0x0, 0x6, 0x0, 0x0, 0x20000000}, 0x1fe, 0x81)
r4 = socket(0x10, 0x2, 0x0)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40400c4)
sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)

5.087668728s ago: executing program 2 (id=469):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e21, @empty}, 0x70)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000)
io_uring_setup$auto(0x1, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = socket(0x2b, 0x1, 0x1)
setsockopt$auto(r1, 0x29, 0x6, 0x0, 0x50)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
write$auto(0x3, 0x0, 0xfffffdef)
unshare$auto(0x40000080)
sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3f83, 0xfffffffb)
openat$dir(0xffffffffffffff9c, 0x0, 0xc0100, 0x100)
mmap$auto(0x0, 0x402000a, 0xdf, 0x10000000000eb1, 0xffffffffffffffff, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r2 = socket(0xa, 0x2, 0x3a)
socket(0x15, 0x5, 0x0)
ioctl$auto_IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7a8, 0x0)
bind$auto(r2, 0x0, 0x66)
connect$auto(0x3, 0x0, 0x54)
inotify_init1$auto(0x3000000000000)
close_range$auto(0x2, 0x8, 0x0)

4.276314442s ago: executing program 1 (id=473):
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x1, 0x100)
r0 = eventfd2$auto(0x6af3, 0x800)
socket(0x1e, 0x1, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
pipe2$auto(&(0x7f0000000040)=r0, 0x9)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x3, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7440, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x100000001f9, 0x8, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x7, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x10008000009, 0x2, 0x6]}, 0x0)
r2 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000032c0), 0x1000, 0x0)
preadv$auto(r2, &(0x7f0000003340)={&(0x7f0000003300), 0x40}, 0x9, 0x5, 0x100000001)
ioperm$auto(0x7, 0x6, 0x1)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0)
unshare$auto(0x40000080)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
execve$auto(0x0, 0x0, 0x0)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
write$auto(0x3, 0x0, 0x100082)
bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x1001, 0x0, 0xf, 0xffffffffffffffff, 0x1400000, 0x5}, 0x6f4)

4.183139008s ago: executing program 2 (id=474):
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x28, 0x801, 0x0)
connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2711}, 0x51)
socket(0xf, 0x3, 0x2)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = open(&(0x7f0000000100)='./bus\x00', 0x14d27e, 0x72)
socket(0x2, 0x1, 0x0)
socket(0x1e, 0x1, 0x0)
fallocate$auto(0x8000000000000003, 0x0, 0xd, 0x9)
copy_file_range$auto(r1, 0x0, r1, 0x0, 0x2, 0x0)
select$auto(0x6, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfff, 0x1, 0x5, 0x3, 0x95f4da2d, 0xc, 0x6, 0x62, 0x7, 0x7, 0x6d3f, 0xa, 0x4, 0x5]}, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x6, 0x1, 0xfffffffffffffff7, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x42, 0x80000021, 0x7, 0x6d3e, 0x7fff, 0x2, 0x6]}, 0x0)
ioctl$auto_PROCMAP_QUERY(0xffffffffffffffff, 0xc0686611, &(0x7f0000000200)={0x7ff, 0xfffffffffffffffe, 0xfffffffffffffffb, 0x0, 0x8, 0x8001, 0x3, 0x9, 0x0, 0x200, 0xe21f, 0x80000000, 0x2000009, 0x7, 0x10000001000})
close_range$auto(0x2, 0x8, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x20b42, 0x0)
write$auto(0x3, 0x0, 0x100082)
close_range$auto(0x2, 0x8, 0x0)
prctl$auto(0x4e, 0x1, 0x0, 0x1, 0x0)

3.687608096s ago: executing program 0 (id=476):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e21, @empty}, 0x70)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000)
io_uring_setup$auto(0x1, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = socket(0x2b, 0x1, 0x1)
setsockopt$auto(r1, 0x29, 0x6, 0x0, 0x50)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
write$auto(0x3, 0x0, 0xfffffdef)
unshare$auto(0x40000080)
sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3f83, 0xfffffffb)
openat$dir(0xffffffffffffff9c, 0x0, 0xc0100, 0x100)
mmap$auto(0x0, 0x402000a, 0xdf, 0x10000000000eb1, 0xffffffffffffffff, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r2 = socket(0xa, 0x2, 0x3a)
socket(0x15, 0x5, 0x0)
ioctl$auto_IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7a8, 0x0)
bind$auto(r2, 0x0, 0x66)
connect$auto(0x3, 0x0, 0x54)
inotify_init1$auto(0x3000000000000)
close_range$auto(0x2, 0x8, 0x0)

3.17231412s ago: executing program 2 (id=477):
r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2b, 0x2, 0x2)
setsockopt$auto(0x3, 0x114, 0xa, 0x0, 0x4)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r2 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x37}}, 0x6e)
sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000)
io_uring_setup$auto(0x1, 0x0)
ioctl$auto_BLKRASET(0xffffffffffffffff, 0x1262, 0x0)
socket(0x2, 0x1, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
sendmsg$auto_SEG6_CMD_DUMPHMAC(0xffffffffffffffff, 0x0, 0x2800c840)
lsm_list_modules$auto(0x0, 0x0, 0x0)
r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002bbd7000fcdbdf25040000000400100008000cf1edfba1d1e45aea61b8f7020700000002681af944a5465101930e1f4b991ef2f10f485ddf80e07251de39066555baed365ef30714"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
close_range$auto(r0, 0x8, 0x0)
r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r1)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)={0x24, r4, 0x400, 0x70bd26, 0x25dfdbfd, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x4}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x1be0}]}, 0x24}, 0x1, 0x0, 0x0, 0x20080040}, 0x24000810)
brk$auto(0xffffffffffffff66)
write$auto_tty_fops_tty_io(0xffffffffffffffff, &(0x7f0000000300)="352c8efa618c0bcf83a4ebdb278754e15f334a572cad539da201096bbbc2ce7db19c429be7137d848ef31b38b0b3c7da1c61fef8e0e24e400f96eb989b4f68220f90f3df243e352f17abbc44e0cfececd72dc611200c0fc4cb84d1fc175dc31b38e002c53627c31e0f3a31c079ae368fd33dfdfc97f40f7f", 0x78)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtd0ro\x00', 0x800, 0x0)

2.837764612s ago: executing program 3 (id=478):
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x28, 0x801, 0x0)
connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2711}, 0x51)
socket(0xf, 0x3, 0x2)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = open(&(0x7f0000000100)='./bus\x00', 0x14d27e, 0x72)
socket(0x2, 0x1, 0x0)
socket(0x1e, 0x1, 0x0)
fallocate$auto(0x8000000000000003, 0x0, 0xd, 0x9)
copy_file_range$auto(r1, 0x0, r1, 0x0, 0x2, 0x0)
select$auto(0x6, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfff, 0x1, 0x5, 0x3, 0x95f4da2d, 0xc, 0x6, 0x62, 0x7, 0x7, 0x6d3f, 0xa, 0x4, 0x5]}, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x6, 0x1, 0xfffffffffffffff7, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x42, 0x80000021, 0x7, 0x6d3e, 0x7fff, 0x2, 0x6]}, 0x0)
ioctl$auto_PROCMAP_QUERY(0xffffffffffffffff, 0xc0686611, &(0x7f0000000200)={0x7ff, 0xfffffffffffffffe, 0xfffffffffffffffb, 0x0, 0x8, 0x8001, 0x3, 0x9, 0x0, 0x200, 0xe21f, 0x80000000, 0x2000009, 0x7, 0x10000001000})
close_range$auto(0x2, 0x8, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x20b42, 0x0)
write$auto(0x3, 0x0, 0x100082)
close_range$auto(0x2, 0x8, 0x0)
prctl$auto(0x4e, 0x1, 0x0, 0x1, 0x0)

2.043953847s ago: executing program 1 (id=479):
mmap$auto(0x0, 0x2020009, 0x3, 0x4000000000000eb1, 0xfffffffffffffffa, 0x7ff)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r0, 0x0, 0x20)
write$auto(0xffffffffffffffff, 0x0, 0x45c)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(0x0, r2)
fadvise64$auto(0xffffffffffffffff, 0x7fffffffffffffff, 0x400000040000005, 0x7af)
write$auto(0xca, &(0x7f0000000000)='\x04\x1d\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa4Cn\xb2./jn>9\xd2\xdb\x88\xf4\x1aVj\x13j\xe1\x96\xf7\xc2\xd3qm\xe6q\xf9\xa6u\x8eZ\x00\xf8*C]\xfd)/\xf3\xa1\x92|\x06|\xd0\x82\x93\xa5\x9a5if\xd0\x8e%g,\xc5\xec\xef\x87\x19\x17\xb0\xe1s\xf6U\xc0\x90r\xc5\xc8H\xa3\x9d\xce\x98\xe7\xb1B:\x179\xdc8\xa8) \x15\xce\xd8\x86\xff-\x80\xf5jMj\xda\x8f\x03EO\xe6\xa4Q\x81+v\xc9\xb8\x00\xcf\x94_\xa7\xadV\xc9\x7f;1R\xa0\x7f\xbe\x1e\x83\an/w[i\th\x9c\xb8\xd1\xed\xba\\\v\xe1\v\x81\xcc\xba\x03-N@ \x14\x1e\n\xe9g\x9fF\x05\xc8\x9f\xe5[\xba\xd2V\x9b\xc1\x9f\xf1%\x9c\xba\xf9\xb4\xa8\xd4\x05G\xf6\x82\xf3m\xe6V\xba\xa0\xf9K\x15\xcc_H\xce\xfd\xe2\x88\"\xe0\xd5Ld\x7f\x1c\x90^\x8d%\xb4', 0xd)
mmap$auto(0x0, 0x8d, 0x40004000000000df, 0xeb3, 0x401, 0x7)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/ifb0/flags\x00', 0x140b02, 0x0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x10000000000002d, 0x0)
r4 = fsopen$auto(0x0, 0x1)
fsconfig$auto(r4, 0x8, 0x0, 0x0, 0x0)
sendfile$auto(r3, r3, 0x0, 0x3)
mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x5)
r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0)
sendfile$auto(r5, r5, 0x0, 0x1000200)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/net/lapb4/ifalias\x00', 0x1a1842, 0x0)
write$auto(r3, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x4)

1.791087993s ago: executing program 3 (id=480):
mmap$auto(0x0, 0x2020009, 0x3, 0x4000000000000eb1, 0xfffffffffffffffa, 0x7ff)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r0, 0x0, 0x20)
write$auto(0xffffffffffffffff, 0x0, 0x45c)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000280), r2)
fadvise64$auto(0xffffffffffffffff, 0x7fffffffffffffff, 0x400000040000005, 0x7af)
write$auto(0xca, &(0x7f0000000000)='\x04\x1d\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa4Cn\xb2./jn>9\xd2\xdb\x88\xf4\x1aVj\x13j\xe1\x96\xf7\xc2\xd3qm\xe6q\xf9\xa6u\x8eZ\x00\xf8*C]\xfd)/\xf3\xa1\x92|\x06|\xd0\x82\x93\xa5\x9a5if\xd0\x8e%g,\xc5\xec\xef\x87\x19\x17\xb0\xe1s\xf6U\xc0\x90r\xc5\xc8H\xa3\x9d\xce\x98\xe7\xb1B:\x179\xdc8\xa8) \x15\xce\xd8\x86\xff-\x80\xf5jMj\xda\x8f\x03EO\xe6\xa4Q\x81+v\xc9\xb8\x00\xcf\x94_\xa7\xadV\xc9\x7f;1R\xa0\x7f\xbe\x1e\x83\an/w[i\th\x9c\xb8\xd1\xed\xba\\\v\xe1\v\x81\xcc\xba\x03-N@ \x14\x1e\n\xe9g\x9fF\x05\xc8\x9f\xe5[\xba\xd2V\x9b\xc1\x9f\xf1%\x9c\xba\xf9\xb4\xa8\xd4\x05G\xf6\x82\xf3m\xe6V\xba\xa0\xf9K\x15\xcc_H\xce\xfd\xe2\x88\"\xe0\xd5Ld\x7f\x1c\x90^\x8d%\xb4', 0xd)
mmap$auto(0x0, 0x8d, 0x40004000000000df, 0xeb3, 0x401, 0x7)
pwrite64$auto(0x2, 0x0, 0x0, 0x5)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/ifb0/flags\x00', 0x140b02, 0x0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x10000000000002d, 0x0)
r4 = fsopen$auto(0x0, 0x1)
fsconfig$auto(r4, 0x8, 0x0, 0x0, 0x0)
sendfile$auto(r3, r3, 0x0, 0x3)
mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x5)
r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0)
sendfile$auto(r5, r5, 0x0, 0x1000200)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/net/lapb4/ifalias\x00', 0x1a1842, 0x0)
write$auto(r3, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x4)

1.752111275s ago: executing program 1 (id=481):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
select$auto(0x3, 0x0, 0x0, 0x0, 0x0)
syslog$auto(0x2, 0x0, 0xcf)
mmap$auto(0x0, 0x10001, 0x80003, 0x10011, 0xffffffffffffffff, 0x8000)
write$auto(0xca, &(0x7f0000000040)='\x04>2\x0f\x00\x00\x96\x18am\xea\xf4\x1b\xf8', 0x7e)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_NL80211_CMD_AUTHENTICATE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x24048800)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
mmap$auto(0xffffffffffffffff, 0x400008, 0xe0, 0x9b72, 0xffffffffffffffff, 0x1)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mmap$auto(0x0, 0x2020009, 0x3, 0x20000000eb1, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0x10000000000402)
ioctl$auto(0x3, 0xae41, 0x38)
clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0xfbe1)
write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, &(0x7f0000001300), 0x0)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000)
shmdt$auto(&(0x7f0000000000)=':-h!/-^@(\']@%]/\x00')
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)

1.732980853s ago: executing program 2 (id=482):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e21, @empty}, 0x70)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000)
io_uring_setup$auto(0x1, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = socket(0x2b, 0x1, 0x1)
setsockopt$auto(r1, 0x29, 0x6, 0x0, 0x50)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
write$auto(0x3, 0x0, 0xfffffdef)
unshare$auto(0x40000080)
sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3f83, 0xfffffffb)
openat$dir(0xffffffffffffff9c, 0x0, 0xc0100, 0x100)
mmap$auto(0x0, 0x402000a, 0xdf, 0x10000000000eb1, 0xffffffffffffffff, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r2 = socket(0xa, 0x2, 0x3a)
socket(0x15, 0x5, 0x0)
ioctl$auto_IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7a8, 0x0)
bind$auto(r2, 0x0, 0x66)
connect$auto(0x3, 0x0, 0x54)
inotify_init1$auto(0x3000000000000)
close_range$auto(0x2, 0x8, 0x0)

1.647235644s ago: executing program 3 (id=483):
mmap$auto(0x0, 0x2020009, 0x3, 0x4000000000000eb1, 0xfffffffffffffffa, 0x7ff)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r0, 0x0, 0x20)
write$auto(0xffffffffffffffff, 0x0, 0x45c)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, 0x0, 0x3)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000280), r2)
fadvise64$auto(0xffffffffffffffff, 0x7fffffffffffffff, 0x400000040000005, 0x7af)
write$auto(0xca, &(0x7f0000000000)='\x04\x1d\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa4Cn\xb2./jn>9\xd2\xdb\x88\xf4\x1aVj\x13j\xe1\x96\xf7\xc2\xd3qm\xe6q\xf9\xa6u\x8eZ\x00\xf8*C]\xfd)/\xf3\xa1\x92|\x06|\xd0\x82\x93\xa5\x9a5if\xd0\x8e%g,\xc5\xec\xef\x87\x19\x17\xb0\xe1s\xf6U\xc0\x90r\xc5\xc8H\xa3\x9d\xce\x98\xe7\xb1B:\x179\xdc8\xa8) \x15\xce\xd8\x86\xff-\x80\xf5jMj\xda\x8f\x03EO\xe6\xa4Q\x81+v\xc9\xb8\x00\xcf\x94_\xa7\xadV\xc9\x7f;1R\xa0\x7f\xbe\x1e\x83\an/w[i\th\x9c\xb8\xd1\xed\xba\\\v\xe1\v\x81\xcc\xba\x03-N@ \x14\x1e\n\xe9g\x9fF\x05\xc8\x9f\xe5[\xba\xd2V\x9b\xc1\x9f\xf1%\x9c\xba\xf9\xb4\xa8\xd4\x05G\xf6\x82\xf3m\xe6V\xba\xa0\xf9K\x15\xcc_H\xce\xfd\xe2\x88\"\xe0\xd5Ld\x7f\x1c\x90^\x8d%\xb4', 0xd)
mmap$auto(0x0, 0x8d, 0x40004000000000df, 0xeb3, 0x401, 0x7)
pwrite64$auto(0x2, 0x0, 0x0, 0x5)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/ifb0/flags\x00', 0x140b02, 0x0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x10000000000002d, 0x0)
r4 = fsopen$auto(0x0, 0x1)
fsconfig$auto(r4, 0x8, 0x0, 0x0, 0x0)
sendfile$auto(r3, r3, 0x0, 0x3)
mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x5)
r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0)
sendfile$auto(r5, r5, 0x0, 0x1000200)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/net/lapb4/ifalias\x00', 0x1a1842, 0x0)
write$auto(r3, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x4)

1.548452976s ago: executing program 0 (id=484):
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x1, 0x100)
r0 = eventfd2$auto(0x6af3, 0x800)
socket(0x1e, 0x1, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
pipe2$auto(&(0x7f0000000040)=r0, 0x9)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x3, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7440, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x100000001f9, 0x8, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x7, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x10008000009, 0x2, 0x6]}, 0x0)
r2 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000032c0), 0x1000, 0x0)
preadv$auto(r2, &(0x7f0000003340)={&(0x7f0000003300), 0x40}, 0x9, 0x5, 0x100000001)
ioperm$auto(0x7, 0x6, 0x1)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/clocksource/clocksource0/current_clocksource\x00', 0x8502, 0x0)
write$auto(0x3, 0x0, 0x100082)

1.402086492s ago: executing program 3 (id=485):
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x28, 0x801, 0x0)
connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2711}, 0x51)
socket(0xf, 0x3, 0x2)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = open(&(0x7f0000000100)='./bus\x00', 0x14d27e, 0x72)
socket(0x2, 0x1, 0x0)
socket(0x1e, 0x1, 0x0)
fallocate$auto(0x8000000000000003, 0x0, 0xd, 0x9)
copy_file_range$auto(r1, 0x0, r1, 0x0, 0x2, 0x0)
select$auto(0x6, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfff, 0x1, 0x5, 0x3, 0x95f4da2d, 0xc, 0x6, 0x62, 0x7, 0x7, 0x6d3f, 0xa, 0x4, 0x5]}, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x6, 0x1, 0xfffffffffffffff7, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x42, 0x80000021, 0x7, 0x6d3e, 0x7fff, 0x2, 0x6]}, 0x0)
ioctl$auto_PROCMAP_QUERY(0xffffffffffffffff, 0xc0686611, &(0x7f0000000200)={0x7ff, 0xfffffffffffffffe, 0xfffffffffffffffb, 0x0, 0x8, 0x8001, 0x3, 0x9, 0x0, 0x200, 0xe21f, 0x80000000, 0x2000009, 0x7, 0x10000001000})
close_range$auto(0x2, 0x8, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x20b42, 0x0)
write$auto(0x3, 0x0, 0x100082)
close_range$auto(0x2, 0x8, 0x0)
prctl$auto(0x4e, 0x1, 0x0, 0x1, 0x0)

331.558497ms ago: executing program 1 (id=486):
keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff)
read$auto(0xffffffffffffffff, 0x0, 0xb4d3)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400)
openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x40002, 0x0)
r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$auto_dma_heap_fops_dma_heap(r0, 0xffffffffffdffe00, &(0x7f0000000140))
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0xfffffffffffffffe, 0x4000002020009, 0x2, 0x7fff, 0xfffffffffffffffa, 0x8001)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000)
r2 = prctl$auto(0x16, 0x800000000000012, 0x0, 0x9, 0x10000)
r3 = ioctl$auto_TUNGETVNETBE2(r2, 0x800454df, &(0x7f0000000040)=0x2)
ioctl$auto_PPPIOCGFLAGS(r3, 0x8004745a, &(0x7f00000000c0)=0x2070bb26)
r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
mmap$auto(0xffffffffffffffff, 0x40005, 0x337, 0x9b72, 0x7, 0x28000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
mmap$auto(0x0, 0x2020009, 0x80000000000003, 0x10, r1, 0x5)
prctl$auto(0x2000001a, 0x1, 0x0, 0xd, 0x32)
msgget$auto(0x0, 0x5)
r5 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x2a801, 0x0)
pwrite64$auto(r5, &(0x7f0000000040)='/dev/vcsa\x00', 0x7b05, 0x5)

330.917768ms ago: executing program 2 (id=487):
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x1, 0x100)
r0 = eventfd2$auto(0x6af3, 0x800)
socket(0x1e, 0x1, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
pipe2$auto(&(0x7f0000000040)=r0, 0x9)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x3, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7440, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x100000001f9, 0x8, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x7, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x10008000009, 0x2, 0x6]}, 0x0)
r2 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000032c0), 0x1000, 0x0)
preadv$auto(r2, &(0x7f0000003340)={&(0x7f0000003300), 0x40}, 0x9, 0x5, 0x100000001)
ioperm$auto(0x7, 0x6, 0x1)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0)
unshare$auto(0x40000080)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
execve$auto(0x0, 0x0, 0x0)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
write$auto(0x3, 0x0, 0x100082)
bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x1001, 0x0, 0xf, 0xffffffffffffffff, 0x1400000, 0x5}, 0x6f4)

291.667534ms ago: executing program 0 (id=488):
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x28, 0x801, 0x0)
connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2711}, 0x51)
socket(0xf, 0x3, 0x2)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = open(&(0x7f0000000100)='./bus\x00', 0x14d27e, 0x72)
socket(0x2, 0x1, 0x0)
socket(0x1e, 0x1, 0x0)
fallocate$auto(0x8000000000000003, 0x0, 0xd, 0x9)
copy_file_range$auto(r1, 0x0, r1, 0x0, 0x2, 0x0)
select$auto(0x6, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfff, 0x1, 0x5, 0x3, 0x95f4da2d, 0xc, 0x6, 0x62, 0x7, 0x7, 0x6d3f, 0xa, 0x4, 0x5]}, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x6, 0x1, 0xfffffffffffffff7, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x42, 0x80000021, 0x7, 0x6d3e, 0x7fff, 0x2, 0x6]}, 0x0)
ioctl$auto_PROCMAP_QUERY(0xffffffffffffffff, 0xc0686611, &(0x7f0000000200)={0x7ff, 0xfffffffffffffffe, 0xfffffffffffffffb, 0x0, 0x8, 0x8001, 0x3, 0x9, 0x0, 0x200, 0xe21f, 0x80000000, 0x2000009, 0x7, 0x10000001000})
close_range$auto(0x2, 0x8, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x20b42, 0x0)
write$auto(0x3, 0x0, 0x100082)
close_range$auto(0x2, 0x8, 0x0)
prctl$auto(0x4e, 0x1, 0x0, 0x1, 0x0)

244.807132ms ago: executing program 3 (id=489):
mmap$auto(0x0, 0x2020009, 0x3, 0x4000000000000eb1, 0xfffffffffffffffa, 0x7ff)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r0, 0x0, 0x20)
write$auto(0xffffffffffffffff, 0x0, 0x45c)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(0x0, r2)
fadvise64$auto(0xffffffffffffffff, 0x7fffffffffffffff, 0x400000040000005, 0x7af)
write$auto(0xca, &(0x7f0000000000)='\x04\x1d\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa4Cn\xb2./jn>9\xd2\xdb\x88\xf4\x1aVj\x13j\xe1\x96\xf7\xc2\xd3qm\xe6q\xf9\xa6u\x8eZ\x00\xf8*C]\xfd)/\xf3\xa1\x92|\x06|\xd0\x82\x93\xa5\x9a5if\xd0\x8e%g,\xc5\xec\xef\x87\x19\x17\xb0\xe1s\xf6U\xc0\x90r\xc5\xc8H\xa3\x9d\xce\x98\xe7\xb1B:\x179\xdc8\xa8) \x15\xce\xd8\x86\xff-\x80\xf5jMj\xda\x8f\x03EO\xe6\xa4Q\x81+v\xc9\xb8\x00\xcf\x94_\xa7\xadV\xc9\x7f;1R\xa0\x7f\xbe\x1e\x83\an/w[i\th\x9c\xb8\xd1\xed\xba\\\v\xe1\v\x81\xcc\xba\x03-N@ \x14\x1e\n\xe9g\x9fF\x05\xc8\x9f\xe5[\xba\xd2V\x9b\xc1\x9f\xf1%\x9c\xba\xf9\xb4\xa8\xd4\x05G\xf6\x82\xf3m\xe6V\xba\xa0\xf9K\x15\xcc_H\xce\xfd\xe2\x88\"\xe0\xd5Ld\x7f\x1c\x90^\x8d%\xb4', 0xd)
mmap$auto(0x0, 0x8d, 0x40004000000000df, 0xeb3, 0x401, 0x7)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/ifb0/flags\x00', 0x140b02, 0x0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x10000000000002d, 0x0)
r4 = fsopen$auto(0x0, 0x1)
fsconfig$auto(r4, 0x8, 0x0, 0x0, 0x0)
sendfile$auto(r3, r3, 0x0, 0x3)
mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x5)
r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0)
sendfile$auto(r5, r5, 0x0, 0x1000200)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/net/lapb4/ifalias\x00', 0x1a1842, 0x0)
write$auto(r3, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x4)

0s ago: executing program 3 (id=490):
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x1, 0x100)
r0 = eventfd2$auto(0x6af3, 0x800)
socket(0x1e, 0x1, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
pipe2$auto(&(0x7f0000000040)=r0, 0x9)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x3, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7440, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x100000001f9, 0x8, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x7, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x10008000009, 0x2, 0x6]}, 0x0)
r2 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000032c0), 0x1000, 0x0)
preadv$auto(r2, &(0x7f0000003340)={&(0x7f0000003300), 0x40}, 0x9, 0x5, 0x100000001)
ioperm$auto(0x7, 0x6, 0x1)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0)
unshare$auto(0x40000080)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
execve$auto(0x0, 0x0, 0x0)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
write$auto(0x3, 0x0, 0x100082)
bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x1001, 0x0, 0xf, 0xffffffffffffffff, 0x1400000, 0x5}, 0x6f4)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.5' (ED25519) to the list of known hosts.
[   81.488733][ T5821] cgroup: Unknown subsys name 'net'
[   81.638122][ T5821] cgroup: Unknown subsys name 'cpuset'
[   81.647003][ T5821] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   83.120529][ T5821] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   85.097393][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   85.105782][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   85.124959][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   85.133077][ T5833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   85.145277][ T5833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   85.175475][   T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   85.185184][ T5836] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   85.192875][ T5836] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   85.201301][ T5836] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   85.209398][ T5836] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   85.287311][ T5833] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   85.295725][ T5833] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   85.304054][ T5833] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   85.312858][ T5833] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   85.321821][ T5833] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   85.330805][ T5833] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   85.348426][ T5833] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   85.356350][ T5833] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   85.377416][ T5833] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   85.388846][ T5833] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   85.729914][ T5835] chnl_net:caif_netlink_parms(): no params data found
[   85.901953][ T5830] chnl_net:caif_netlink_parms(): no params data found
[   85.993897][ T5841] chnl_net:caif_netlink_parms(): no params data found
[   86.035005][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.042224][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.053381][ T5835] bridge_slave_0: entered allmulticast mode
[   86.060964][ T5835] bridge_slave_0: entered promiscuous mode
[   86.105581][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.112770][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.120618][ T5835] bridge_slave_1: entered allmulticast mode
[   86.127849][ T5835] bridge_slave_1: entered promiscuous mode
[   86.180351][ T5839] chnl_net:caif_netlink_parms(): no params data found
[   86.208955][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.272932][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.289019][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.297165][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.305683][ T5830] bridge_slave_0: entered allmulticast mode
[   86.312727][ T5830] bridge_slave_0: entered promiscuous mode
[   86.320429][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.327648][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.335115][ T5830] bridge_slave_1: entered allmulticast mode
[   86.342135][ T5830] bridge_slave_1: entered promiscuous mode
[   86.362150][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.369380][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.377854][ T5841] bridge_slave_0: entered allmulticast mode
[   86.385449][ T5841] bridge_slave_0: entered promiscuous mode
[   86.419065][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.426286][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.433546][ T5841] bridge_slave_1: entered allmulticast mode
[   86.441808][ T5841] bridge_slave_1: entered promiscuous mode
[   86.512840][ T5835] team0: Port device team_slave_0 added
[   86.533726][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.547347][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.559306][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.571708][ T5835] team0: Port device team_slave_1 added
[   86.603098][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.639737][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.648337][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.656580][ T5839] bridge_slave_0: entered allmulticast mode
[   86.663521][ T5839] bridge_slave_0: entered promiscuous mode
[   86.712763][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.720192][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.728900][ T5839] bridge_slave_1: entered allmulticast mode
[   86.735927][ T5839] bridge_slave_1: entered promiscuous mode
[   86.755135][ T5830] team0: Port device team_slave_0 added
[   86.765905][ T5841] team0: Port device team_slave_0 added
[   86.772900][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.780736][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.809717][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   86.825147][ T5830] team0: Port device team_slave_1 added
[   86.851977][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.864704][ T5841] team0: Port device team_slave_1 added
[   86.871568][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1
[   86.879026][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.905207][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   86.936741][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.026705][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0
[   87.033687][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.061627][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   87.074539][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1
[   87.081505][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.107558][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   87.119337][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0
[   87.126608][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.153178][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   87.175340][ T5153] Bluetooth: hci0: command tx timeout
[   87.202679][ T5839] team0: Port device team_slave_0 added
[   87.214143][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1
[   87.224657][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.251081][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   87.255208][ T5153] Bluetooth: hci1: command tx timeout
[   87.291366][ T5835] hsr_slave_0: entered promiscuous mode
[   87.298437][ T5835] hsr_slave_1: entered promiscuous mode
[   87.307118][ T5839] team0: Port device team_slave_1 added
[   87.406784][ T5841] hsr_slave_0: entered promiscuous mode
[   87.413056][ T5841] hsr_slave_1: entered promiscuous mode
[   87.420472][ T5841] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   87.425048][ T5153] Bluetooth: hci3: command tx timeout
[   87.428257][ T5833] Bluetooth: hci2: command tx timeout
[   87.433968][ T5841] Cannot create hsr debugfs directory
[   87.465078][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0
[   87.472055][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.498401][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   87.517589][ T5830] hsr_slave_0: entered promiscuous mode
[   87.523781][ T5830] hsr_slave_1: entered promiscuous mode
[   87.530425][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   87.538036][ T5830] Cannot create hsr debugfs directory
[   87.552123][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1
[   87.559970][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.586366][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   87.685954][ T5839] hsr_slave_0: entered promiscuous mode
[   87.692243][ T5839] hsr_slave_1: entered promiscuous mode
[   87.698843][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   87.706491][ T5839] Cannot create hsr debugfs directory
[   88.085093][ T5835] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   88.100202][ T5835] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   88.117828][ T5835] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   88.140193][ T5835] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   88.209887][ T5841] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   88.227607][ T5841] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   88.239215][ T5841] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   88.265840][ T5841] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   88.358610][ T5830] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   88.382567][ T5830] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   88.408761][ T5830] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   88.427753][ T5830] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   88.444878][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.489010][ T5835] 8021q: adding VLAN 0 to HW filter on device team0
[   88.529735][ T1154] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.537058][ T1154] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.550364][ T5839] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   88.578340][ T1154] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.585533][ T1154] bridge0: port 2(bridge_slave_1) entered forwarding state
[   88.601615][ T5839] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   88.630311][ T5839] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   88.651615][ T5839] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   88.808456][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.848674][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.890085][ T5841] 8021q: adding VLAN 0 to HW filter on device team0
[   88.906461][ T5830] 8021q: adding VLAN 0 to HW filter on device team0
[   88.923604][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.948287][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.955505][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.973518][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.980756][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.043028][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.050234][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.061433][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.068591][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.099299][ T5839] 8021q: adding VLAN 0 to HW filter on device team0
[   89.142153][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.149346][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.188692][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.195880][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.226886][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.265843][ T5833] Bluetooth: hci0: command tx timeout
[   89.335667][ T5833] Bluetooth: hci1: command tx timeout
[   89.436551][ T5835] veth0_vlan: entered promiscuous mode
[   89.468861][ T5835] veth1_vlan: entered promiscuous mode
[   89.498029][ T5833] Bluetooth: hci3: command tx timeout
[   89.498620][ T5153] Bluetooth: hci2: command tx timeout
[   89.583174][ T5835] veth0_macvtap: entered promiscuous mode
[   89.608576][ T5835] veth1_macvtap: entered promiscuous mode
[   89.687674][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.712032][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0
[   89.762611][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1
[   89.781314][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.801522][ T5835] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   89.812564][ T5835] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   89.822848][ T5835] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   89.832435][ T5835] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   89.960463][ T5830] veth0_vlan: entered promiscuous mode
[   90.013525][ T5830] veth1_vlan: entered promiscuous mode
[   90.028832][ T5841] veth0_vlan: entered promiscuous mode
[   90.039331][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.063684][ T3479] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.072544][ T3479] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.113449][ T5841] veth1_vlan: entered promiscuous mode
[   90.161551][ T5830] veth0_macvtap: entered promiscuous mode
[   90.173746][ T3479] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.182698][ T3479] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.196793][ T5830] veth1_macvtap: entered promiscuous mode
[   90.258686][ T5839] veth0_vlan: entered promiscuous mode
[   90.279530][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0
[   90.298981][ T5835] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   90.330621][ T5841] veth0_macvtap: entered promiscuous mode
[   90.364040][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1
[   90.400325][ T5839] veth1_vlan: entered promiscuous mode
[   90.410707][ T5841] veth1_macvtap: entered promiscuous mode
[   90.422533][ T5830] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   90.432379][ T5830] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   90.441746][ T5830] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   90.451646][ T5830] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   90.517578][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0
[   90.551938][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1
[   90.598498][ T5841] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   90.617051][ T5841] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   90.626802][ T5841] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   90.635703][ T5841] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   90.661853][ T5839] veth0_macvtap: entered promiscuous mode
[   90.750234][ T5839] veth1_macvtap: entered promiscuous mode
[   90.810429][ T1035] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.844533][ T1035] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.966183][ T3479] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.974029][ T3479] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.029402][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.106703][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.128820][ T5839] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.145823][ T5839] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.179037][ T5839] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.188761][ T5839] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.233441][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.242354][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.323546][ T3028] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.341292][ T3028] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.357325][ T5153] Bluetooth: hci0: command tx timeout
[   91.414693][ T5153] Bluetooth: hci1: command tx timeout
[   91.575786][ T5153] Bluetooth: hci3: command tx timeout
[   91.575824][ T5833] Bluetooth: hci2: command tx timeout
[   91.921873][   T48] cfg80211: failed to load regulatory.db
[   91.968300][ T3028] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.016917][ T3028] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.104564][   T30] audit: type=1804 audit(1750883314.621:2): pid=5935 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1" name="/newroot/0/file0" dev="tmpfs" ino=18 res=1 errno=0
[   92.169746][   T30] audit: type=1800 audit(1750883314.621:3): pid=5935 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1" name="file0" dev="tmpfs" ino=18 res=0 errno=0
[   92.235860][ T5926] kexec: Could not allocate control_code_buffer
[   92.294650][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   92.364551][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   92.509536][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.519181][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.664772][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   93.185025][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   93.318127][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   93.329069][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   93.414562][ T5833] Bluetooth: hci0: command tx timeout
[   93.495172][ T5833] Bluetooth: hci1: command tx timeout
[   93.504897][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   93.554981][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   93.565741][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[   93.655368][ T5833] Bluetooth: hci2: command tx timeout
[   93.655734][ T5153] Bluetooth: hci3: command tx timeout
[   94.004405][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   94.747935][ T5952] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   94.754762][ T5952] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   94.863193][ T5975] Zero length message leads to an empty skb
[   94.908141][ T5952] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   95.060997][ T5952] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   95.131411][ T5952] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   95.166056][ T5952] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   95.211130][ T5952] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   95.226009][ T5952] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   95.248377][ T5952] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   95.299333][ T5952] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   95.326305][ T5952] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   95.368425][ T5952] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   95.850627][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[   96.135562][ T5153] Bluetooth: hci0: command 0x0c1a tx timeout
[   97.097405][ T5153] Bluetooth: hci1: command 0x0c1a tx timeout
[   97.254669][ T5153] Bluetooth: hci2: command 0x0c1a tx timeout
[   97.334516][ T5153] Bluetooth: hci3: command 0x0c1a tx timeout
[   97.832072][ T5153] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[   98.214727][ T5153] Bluetooth: hci0: command 0x0c1a tx timeout
[   98.709695][ T6004] kexec: Could not allocate control_code_buffer
[   99.200479][ T5153] Bluetooth: hci1: command 0x0c1a tx timeout
[   99.342428][ T5153] Bluetooth: hci2: command 0x0c1a tx timeout
[   99.414491][ T5153] Bluetooth: hci3: command 0x0c1a tx timeout
[  100.304636][ T5153] Bluetooth: hci0: command 0x0c1a tx timeout
[  101.264548][ T5153] Bluetooth: hci1: command 0x0c1a tx timeout
[  101.414454][ T5153] Bluetooth: hci2: command 0x0c1a tx timeout
[  101.497139][ T5153] Bluetooth: hci3: command 0x0c1a tx timeout
[  102.706675][ T6107] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  102.744732][ T6107] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  102.754266][ T6107] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  102.772500][ T6107] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  103.091191][ T6126] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  103.184778][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  103.197323][ T6145] =======================================================
[  103.197323][ T6145] WARNING: The mand mount option has been deprecated and
[  103.197323][ T6145]          and is ignored by this kernel. Remove the mand
[  103.197323][ T6145]          option from the mount to silence this warning.
[  103.197323][ T6145] =======================================================
[  104.454646][ T5153] Bluetooth: hci0: command 0x0c1a tx timeout
[  104.784586][ T5153] Bluetooth: hci3: command 0x0c1a tx timeout
[  104.784618][ T5833] Bluetooth: hci2: command 0x0c1a tx timeout
[  104.790730][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout
[  106.158353][ T6180] syz.3.30 (6180): attempted to duplicate a private mapping with mremap.  This is not supported.
[  106.604019][ T5836] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5
[  107.041039][ T5836] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5
[  109.859601][ T5836] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  109.954502][ T5836] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  110.184602][ T5836] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  110.232535][ T6261] ima: policy update failed
[  110.291197][   T30] audit: type=1802 audit(1750883332.811:4): pid=6261 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.49" res=0 errno=0
[  110.312414][ T6261] netlink: 25 bytes leftover after parsing attributes in process `syz.1.49'.
[  110.516538][ T6267] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5
[  110.888845][ T6268] hub 8-0:1.0: USB hub found
[  110.913164][ T6268] hub 8-0:1.0: 1 port detected
[  110.913728][ T6270] WARNING! power/level is deprecated; use power/control instead
[  111.566137][ T6269] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6
[  112.132277][ T6291] netlink: 'syz.1.53': attribute type 2 has an invalid length.
[  113.168408][ T6282] kexec: Could not allocate control_code_buffer
[  114.221013][ T5836] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  114.499423][ T5836] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  116.852286][ T6349] hub 8-0:1.0: USB hub found
[  116.877389][ T6349] hub 8-0:1.0: 1 port detected
[  117.574865][ T5836] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  117.876997][ T5836] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  118.163879][   T30] audit: type=1800 audit(1750883340.671:5): pid=6376 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.73" name="members" dev="configfs" ino=8434 res=0 errno=0
[  120.220948][ T5836] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  120.362517][ T5836] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  122.878291][ T5836] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  125.011903][ T5836] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  127.983405][ T5836] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  129.836491][   T30] audit: type=1800 audit(1750883352.361:6): pid=6588 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.116" name="members" dev="configfs" ino=9629 res=0 errno=0
[  129.909231][ T6559] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  129.933470][ T6559] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  129.951281][ T6559] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  129.974772][ T6559] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  130.291250][ T5836] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  131.414754][ T5836] Bluetooth: hci0: command 0x0c1a tx timeout
[  131.984479][ T5836] Bluetooth: hci2: command 0x0c1a tx timeout
[  131.990554][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout
[  132.054473][ T5836] Bluetooth: hci3: command 0x0c1a tx timeout
[  132.356920][ T5836] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  132.860337][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  132.874016][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  133.718463][ T6645] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  133.725427][ T6645] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  133.731469][ T6645] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  133.799409][ T6645] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  134.564616][ T6678] netlink: 28 bytes leftover after parsing attributes in process `syz.3.132'.
[  134.738028][ T6678] bond0: (slave bond_slave_0): Releasing backup interface
[  135.094619][ T5836] Bluetooth: hci0: command 0x0c1a tx timeout
[  135.227413][ T5836] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  135.734583][ T5836] Bluetooth: hci2: command 0x0c1a tx timeout
[  135.747697][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout
[  135.826113][ T5153] Bluetooth: hci3: command 0x0c1a tx timeout
[  137.371479][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  138.635699][ T6751] mmap: syz.2.145 (6751) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  139.748625][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  139.912521][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  142.392832][ T5153] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5
[  142.779593][ T5153] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  143.488695][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  144.725359][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  145.182765][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  145.837641][ T5153] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5
[  147.016384][ T5153] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  147.116794][ T5153] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  148.209772][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  148.708840][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  148.993764][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  150.792397][ T5153] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  151.070011][ T5153] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  154.166100][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  154.469803][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  156.663647][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  156.734216][ T5153] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  156.917903][ T5153] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  159.337067][ T5153] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  159.393135][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  159.532604][ T5153] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  162.267308][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  162.574498][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  162.739825][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  162.754969][   T30] audit: type=1800 audit(1750883385.271:7): pid=7152 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.249" name="members" dev="configfs" ino=11236 res=0 errno=0
[  164.166638][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  164.869651][ T5153] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5
[  166.874317][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  167.180364][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  169.382202][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  169.390412][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  169.500596][ T5153] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5
[  172.632470][ T5153] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  172.707843][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  172.867181][ T5153] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  175.421402][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  175.595179][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  175.837623][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  178.036801][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  178.101958][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  178.127309][ T5153] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5
[  180.432799][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  180.697257][ T5153] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5
[  182.660864][ T5153] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  183.167443][ T5153] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  183.668529][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  185.090873][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  185.379946][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  185.881774][   T30] audit: type=1800 audit(1750883408.401:8): pid=7585 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.342" name="members" dev="configfs" ino=13233 res=0 errno=0
[  186.609770][ T5153] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  186.696050][ T5153] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5
[  187.118263][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  187.939342][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  188.360304][ T5153] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5
[  188.630579][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  189.653854][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  189.726728][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  189.925152][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  190.480522][ T5153] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5
[  191.415927][ T5153] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5
[  191.682386][ T5153] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5
[  191.840989][ T5153] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5
[  192.332756][ T5153] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  193.602644][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  193.738958][ T5153] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5
[  193.874273][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  194.296954][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  194.306927][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  194.320379][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  195.148885][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  195.459889][ T5153] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5
[  195.517625][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  195.672459][ T5153] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5
[  195.926285][ T5153] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5
[  198.210430][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  198.645933][ T5153] bt_warn_ratelimited: 2 callbacks suppressed
[  198.646003][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  200.356109][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  200.611937][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  200.709997][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  202.211770][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  202.526502][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  204.818402][ T5153] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  205.002319][ T5153] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  207.177589][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  207.240756][ T5153] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  207.443284][ T5153] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  208.584091][ T8023] delete_channel: no stack
[  209.286029][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  209.652872][ T5153] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5
[  209.736777][ T5153] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  212.009747][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  212.081095][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  212.149055][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  214.263119][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  214.556553][ T8116] netlink: 28 bytes leftover after parsing attributes in process `syz.0.468'.
[  214.582926][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  214.726529][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  214.788771][ T8116] vcan0: entered promiscuous mode
[  215.231325][ T8154] netlink: 20 bytes leftover after parsing attributes in process `syz.3.475'.
[  215.601612][ T8154] hsr_slave_0 (unregistering): left promiscuous mode
[  217.207020][ T5153] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5
[  217.390665][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  217.529672][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  218.899216][ T5153] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5
[  219.127222][ T8214] ==================================================================
[  219.127240][ T8214] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x1a6f/0x1e60
[  219.127279][ T8214] Write of size 8 at addr ffffc90003b29000 by task syz.1.486/8214
[  219.127291][ T8214] 
[  219.127311][ T8214] CPU: 0 UID: 0 PID: 8214 Comm: syz.1.486 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  219.127331][ T8214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  219.127343][ T8214] Call Trace:
[  219.127348][ T8214]  <TASK>
[  219.127356][ T8214]  dump_stack_lvl+0x116/0x1f0
[  219.127383][ T8214]  print_report+0xcd/0x680
[  219.127397][ T8214]  ? __virt_addr_valid+0x81/0x610
[  219.127414][ T8214]  ? sys_imageblit+0x1a6f/0x1e60
[  219.127429][ T8214]  kasan_report+0xe0/0x110
[  219.127442][ T8214]  ? sys_imageblit+0x1a6f/0x1e60
[  219.127459][ T8214]  sys_imageblit+0x1a6f/0x1e60
[  219.127476][ T8214]  ? preempt_schedule_notrace_thunk+0x16/0x30
[  219.127496][ T8214]  ? __pfx_sys_imageblit+0x10/0x10
[  219.127511][ T8214]  ? find_held_lock+0x2b/0x80
[  219.127525][ T8214]  ? __queue_work+0x431/0x10f0
[  219.127547][ T8214]  ? preempt_schedule_notrace_thunk+0x16/0x30
[  219.127566][ T8214]  ? queue_work_on+0x12a/0x1f0
[  219.127585][ T8214]  ? lockdep_hardirqs_on+0x7c/0x110
[  219.127605][ T8214]  ? queue_work_on+0x8b/0x1f0
[  219.127626][ T8214]  drm_fbdev_shmem_defio_imageblit+0x20/0x130
[  219.127645][ T8214]  bit_putcs+0x90f/0xde0
[  219.127670][ T8214]  ? __pfx_bit_putcs+0x10/0x10
[  219.127693][ T8214]  ? fb_get_color_depth+0x120/0x250
[  219.127713][ T8214]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  219.127735][ T8214]  ? __pfx_bit_putcs+0x10/0x10
[  219.127755][ T8214]  fbcon_putcs+0x383/0x4a0
[  219.127775][ T8214]  do_update_region+0x2e6/0x3f0
[  219.127792][ T8214]  update_region+0xc1/0x160
[  219.127811][ T8214]  vcs_write+0x7c7/0xdb0
[  219.127831][ T8214]  ? __pfx_vcs_write+0x10/0x10
[  219.127848][ T8214]  ? apparmor_file_permission+0x251/0x400
[  219.127863][ T8214]  ? bpf_lsm_file_permission+0x9/0x10
[  219.127878][ T8214]  ? security_file_permission+0x71/0x210
[  219.127897][ T8214]  ? rw_verify_area+0xcf/0x680
[  219.127917][ T8214]  ? __pfx_vcs_write+0x10/0x10
[  219.127934][ T8214]  vfs_write+0x29d/0x1150
[  219.127955][ T8214]  ? __pfx_vfs_write+0x10/0x10
[  219.127972][ T8214]  ? find_held_lock+0x2b/0x80
[  219.127985][ T8214]  ? __fget_files+0x204/0x3c0
[  219.128005][ T8214]  ? __fget_files+0x20e/0x3c0
[  219.128025][ T8214]  __x64_sys_pwrite64+0x1eb/0x250
[  219.128046][ T8214]  ? __pfx___x64_sys_pwrite64+0x10/0x10
[  219.128068][ T8214]  do_syscall_64+0xcd/0x490
[  219.128089][ T8214]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.128104][ T8214] RIP: 0033:0x7f419dd8e929
[  219.128124][ T8214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  219.128142][ T8214] RSP: 002b:00007f419ebf5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
[  219.128164][ T8214] RAX: ffffffffffffffda RBX: 00007f419dfb6160 RCX: 00007f419dd8e929
[  219.128174][ T8214] RDX: 0000000000007b05 RSI: 0000200000000040 RDI: 0000000000000007
[  219.128183][ T8214] RBP: 00007f419de10b39 R08: 0000000000000000 R09: 0000000000000000
[  219.128192][ T8214] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000
[  219.128201][ T8214] R13: 0000000000000000 R14: 00007f419dfb6160 R15: 00007fff3616f8b8
[  219.128215][ T8214]  </TASK>
[  219.128220][ T8214] 
[  219.128228][ T8214] The buggy address belongs to the virtual mapping at
[  219.128228][ T8214]  [ffffc90003829000, ffffc90003b2a000) created by:
[  219.128228][ T8214]  drm_gem_shmem_vmap_locked+0x4bc/0x720
[  219.128251][ T8214] 
[  219.128255][ T8214] Memory state around the buggy address:
[  219.128266][ T8214]  ffffc90003b28f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  219.128275][ T8214]  ffffc90003b28f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  219.128285][ T8214] >ffffc90003b29000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  219.128292][ T8214]                    ^
[  219.128299][ T8214]  ffffc90003b29080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  219.128309][ T8214]  ffffc90003b29100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  219.128317][ T8214] ==================================================================
[  219.128364][ T8214] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  219.128379][ T8214] CPU: 0 UID: 0 PID: 8214 Comm: syz.1.486 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  219.128412][ T8214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  219.128426][ T8214] Call Trace:
[  219.128435][ T8214]  <TASK>
[  219.128445][ T8214]  dump_stack_lvl+0x3d/0x1f0
[  219.128482][ T8214]  panic+0x71c/0x800
[  219.128516][ T8214]  ? __pfx_panic+0x10/0x10
[  219.128549][ T8214]  ? preempt_schedule_thunk+0x16/0x30
[  219.128582][ T8214]  ? sys_imageblit+0x1a6f/0x1e60
[  219.128611][ T8214]  ? preempt_schedule_common+0x44/0xc0
[  219.128649][ T8214]  ? sys_imageblit+0x1a6f/0x1e60
[  219.128676][ T8214]  check_panic_on_warn+0xab/0xb0
[  219.128711][ T8214]  end_report+0x107/0x170
[  219.128747][ T8214]  kasan_report+0xee/0x110
[  219.128771][ T8214]  ? sys_imageblit+0x1a6f/0x1e60
[  219.128802][ T8214]  sys_imageblit+0x1a6f/0x1e60
[  219.128824][ T8214]  ? preempt_schedule_notrace_thunk+0x16/0x30
[  219.128842][ T8214]  ? __pfx_sys_imageblit+0x10/0x10
[  219.128857][ T8214]  ? find_held_lock+0x2b/0x80
[  219.128871][ T8214]  ? __queue_work+0x431/0x10f0
[  219.128892][ T8214]  ? preempt_schedule_notrace_thunk+0x16/0x30
[  219.128917][ T8214]  ? queue_work_on+0x12a/0x1f0
[  219.128937][ T8214]  ? lockdep_hardirqs_on+0x7c/0x110
[  219.128957][ T8214]  ? queue_work_on+0x8b/0x1f0
[  219.128978][ T8214]  drm_fbdev_shmem_defio_imageblit+0x20/0x130
[  219.128996][ T8214]  bit_putcs+0x90f/0xde0
[  219.129022][ T8214]  ? __pfx_bit_putcs+0x10/0x10
[  219.129045][ T8214]  ? fb_get_color_depth+0x120/0x250
[  219.129066][ T8214]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  219.129088][ T8214]  ? __pfx_bit_putcs+0x10/0x10
[  219.129108][ T8214]  fbcon_putcs+0x383/0x4a0
[  219.129128][ T8214]  do_update_region+0x2e6/0x3f0
[  219.129145][ T8214]  update_region+0xc1/0x160
[  219.129173][ T8214]  vcs_write+0x7c7/0xdb0
[  219.129195][ T8214]  ? __pfx_vcs_write+0x10/0x10
[  219.129212][ T8214]  ? apparmor_file_permission+0x251/0x400
[  219.129228][ T8214]  ? bpf_lsm_file_permission+0x9/0x10
[  219.129243][ T8214]  ? security_file_permission+0x71/0x210
[  219.129261][ T8214]  ? rw_verify_area+0xcf/0x680
[  219.129278][ T8214]  ? __pfx_vcs_write+0x10/0x10
[  219.129295][ T8214]  vfs_write+0x29d/0x1150
[  219.129316][ T8214]  ? __pfx_vfs_write+0x10/0x10
[  219.129335][ T8214]  ? find_held_lock+0x2b/0x80
[  219.129348][ T8214]  ? __fget_files+0x204/0x3c0
[  219.129375][ T8214]  ? __fget_files+0x20e/0x3c0
[  219.129406][ T8214]  __x64_sys_pwrite64+0x1eb/0x250
[  219.129438][ T8214]  ? __pfx___x64_sys_pwrite64+0x10/0x10
[  219.129464][ T8214]  do_syscall_64+0xcd/0x490
[  219.129486][ T8214]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.129500][ T8214] RIP: 0033:0x7f419dd8e929
[  219.129514][ T8214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  219.129527][ T8214] RSP: 002b:00007f419ebf5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
[  219.129541][ T8214] RAX: ffffffffffffffda RBX: 00007f419dfb6160 RCX: 00007f419dd8e929
[  219.129551][ T8214] RDX: 0000000000007b05 RSI: 0000200000000040 RDI: 0000000000000007
[  219.129560][ T8214] RBP: 00007f419de10b39 R08: 0000000000000000 R09: 0000000000000000
[  219.129569][ T8214] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000
[  219.129579][ T8214] R13: 0000000000000000 R14: 00007f419dfb6160 R15: 00007fff3616f8b8
[  219.129592][ T8214]  </TASK>
[  219.129973][ T8214] Kernel Offset: disabled