last executing test programs:

1m9.277046302s ago: executing program 3 (id=2516):
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0)
ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0)
lseek$auto(0x3, 0x7fffffffffffffff, 0x1)
ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x20800, 0x0)
writev$auto(0x3, 0x0, 0x8)
unshare$auto(0x40000080)
openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, 0x0, 0x101500, 0x0)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x900100, 0x0)
r2 = openat$auto_trace_clock_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace_clock\x00', 0x101001, 0x0)
write$auto_trace_clock_fops_trace(r2, 0x0, 0x0)
ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r1)
syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000340), r1)
openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2201, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
capget$auto(0x0, 0xfffffffffffffffe)
socket(0x28, 0x5, 0x0)
r3 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000024c0)='/dev/cec9\x00', 0x2000, 0x0)
ioctl$auto_CEC_G_MODE(r3, 0x80046108, &(0x7f0000002500)=0xff)
setsockopt$auto(0x400000000000003, 0x28, 0x6, 0x0, 0x56d)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)

1m8.59967901s ago: executing program 3 (id=2520):
syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000100), 0xffffffffffffffff)
read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) (async)
unshare$auto(0x40000080) (async)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async, rerun: 32)
unshare$auto(0x8) (rerun: 32)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) (async)
write$auto(0x4, 0x0, 0x100082)
ioctl$auto(0xffffffffffffffff, 0x5408, 0xffffffffffffffff) (async)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x48041, 0x0) (async)
r1 = ioctl$auto_dma_heap_fops_dma_heap(r0, 0x800, 0x0)
unlinkat$auto(r1, &(0x7f0000000080)='./file0\x00', 0x8) (async, rerun: 64)
mmap$auto(0x0, 0x2020009, 0x100003, 0xeb1, 0xfffffffffffffffa, 0x8000) (async, rerun: 64)
ioctl$auto(0x3, 0x80000541b, 0x38) (async)
pread64$auto(0xffffffffffffffff, 0x0, 0x8e1b, 0x7fffffff)
unshare$auto(0x40000080) (async, rerun: 64)
r2 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) (rerun: 64)
close_range$auto(0x2, r2, 0x0)

1m6.943734142s ago: executing program 3 (id=2524):
r0 = openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000000), 0x400000, 0x0)
read$auto(r0, &(0x7f0000000040)='^\x00', 0x8)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
r1 = socket(0x2a, 0x80002, 0x0)
timerfd_settime$auto(r1, 0x3, 0x0, 0x0)

1m6.706311047s ago: executing program 3 (id=2525):
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x8800, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000002b40)={0x54, r1, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@HWSIM_ATTR_RADIO_NAME={0x2d, 0x11, '/P\x13jE\f\xf9r\xf5\xa3\xd2\x84y\xf9*\x9b\"\x1c\xa4l-\x19\xfd\xa4\xf4y\x02\xc2\x96\xfa\x84L\x12\xcd\x83\xf7\x12\xd3\xc4\x1e]'}, @HWSIM_ATTR_PMSR_SUPPORT={0x10, 0x1a, 0x0, 0x1, [@NL80211_PMSR_ATTR_MAX_PEERS={0x8, 0x1, 0x387}, @NL80211_PMSR_ATTR_TYPE_CAPA={0x4}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4008040}, 0x40800)
sendmsg$auto_ETHTOOL_MSG_FEC_SET(0xffffffffffffffff, 0x0, 0x20004000) (async, rerun: 32)
unshare$auto(0x40000080) (async, rerun: 32)
r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, 0x0)
unshare$auto(0x40000080) (async)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async, rerun: 64)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (rerun: 64)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x2003f0, 0x15) (async, rerun: 64)
unshare$auto(0x7) (async, rerun: 64)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
mincore$auto(0x1000, 0x4000000, 0x0) (async)
close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async, rerun: 64)
r3 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r4 = socket(0x2, 0x1, 0x0)
listen$auto(0x3, 0x81) (async, rerun: 64)
getsockopt$auto(r4, 0x6, 0x23, 0x0, &(0x7f00000000c0)=0x28000) (rerun: 64)
syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000c00), r3)
sendmsg$auto_TCP_METRICS_CMD_DEL(r3, 0x0, 0x0)

1m5.488036225s ago: executing program 3 (id=2531):
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0)
ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0)
ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0)
r1 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB="17000000", @ANYBLOB='i\x005'], 0x1ac}, 0x1, 0x0, 0x0, 0x40814}, 0x2004c0c4)
setresgid$auto(0x81, 0x800000a0, 0x8)
setsockopt$auto_SO_SELECT_ERR_QUEUE(r0, 0x0, 0x2d, &(0x7f0000000040)='/dev/sda1\x00', 0x2)
setgroups$auto(0xc00000000, 0xfffffffffffffffc)
setresuid$auto(0x0, 0x8, 0x8000)
shmget$auto(0x8, 0x10563, 0x568d1af2)
sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)

1m5.162092613s ago: executing program 3 (id=2536):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
shmctl$auto_SHM_LOCK(0x458, 0xb, &(0x7f0000000340)={{0x4, <r0=>0xee01, 0xee01, 0xc49, 0xb2, 0x52ef, 0x40}, 0x0, 0x100, 0x0, 0x1, @raw=0x7, @raw=0x80000000, 0xf3, 0x0, &(0x7f0000000000)="f1a718", &(0x7f0000000180)="b7e140560bc12ccbd3f682466b0998a9411d60bf5d200c0ff00e9cb8c628f28ea6655d"}) (async)
r1 = getgid() (async)
r2 = gettid()
r3 = getpid()
rt_tgsigqueueinfo$auto(r3, r2, 0x1, 0x0) (async)
gettid() (async)
msgctl$auto_MSG_STAT(0x6c, 0xb, &(0x7f00000003c0)={{0xda98, r0, r1, 0x9, 0x4, 0x100, 0x1ff}, &(0x7f00000001c0)=0x8, &(0x7f0000000280)=0x80, 0x29f0, 0x9, 0xffffffffffffffff, 0x3207, 0xf, 0x4, 0x3, 0x2, @inferred=r3, @inferred=r2})
socket(0x10, 0x2, 0x0) (async)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000229bd70090000004a0003000000000008"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) (async)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x20800) (async)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) (async)
socket(0xa, 0x3, 0x3b) (async)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) (async)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x4) (async)
mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x401, 0x8000) (async)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async)
r4 = socket(0xa, 0x2, 0x0)
openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
lseek$auto(0x3, 0x7fffffffffffffff, 0x0) (async)
mmap$auto(0x0, 0x800000a00007, 0x400006, 0x40ebe, r4, 0x300000000000)
io_uring_setup$auto(0x6, 0x0)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) (async)
sendmsg$auto_ETHTOOL_MSG_PSE_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x240000c1}, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x42, 0x0) (async)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
r5 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x20401, 0x0)
write$auto_proc_mem_operations_base(r5, &(0x7f0000001680)="a7", 0x80000)

49.802938576s ago: executing program 32 (id=2536):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
shmctl$auto_SHM_LOCK(0x458, 0xb, &(0x7f0000000340)={{0x4, <r0=>0xee01, 0xee01, 0xc49, 0xb2, 0x52ef, 0x40}, 0x0, 0x100, 0x0, 0x1, @raw=0x7, @raw=0x80000000, 0xf3, 0x0, &(0x7f0000000000)="f1a718", &(0x7f0000000180)="b7e140560bc12ccbd3f682466b0998a9411d60bf5d200c0ff00e9cb8c628f28ea6655d"}) (async)
r1 = getgid() (async)
r2 = gettid()
r3 = getpid()
rt_tgsigqueueinfo$auto(r3, r2, 0x1, 0x0) (async)
gettid() (async)
msgctl$auto_MSG_STAT(0x6c, 0xb, &(0x7f00000003c0)={{0xda98, r0, r1, 0x9, 0x4, 0x100, 0x1ff}, &(0x7f00000001c0)=0x8, &(0x7f0000000280)=0x80, 0x29f0, 0x9, 0xffffffffffffffff, 0x3207, 0xf, 0x4, 0x3, 0x2, @inferred=r3, @inferred=r2})
socket(0x10, 0x2, 0x0) (async)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000229bd70090000004a0003000000000008"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) (async)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x20800) (async)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) (async)
socket(0xa, 0x3, 0x3b) (async)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) (async)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x4) (async)
mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x401, 0x8000) (async)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async)
r4 = socket(0xa, 0x2, 0x0)
openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
lseek$auto(0x3, 0x7fffffffffffffff, 0x0) (async)
mmap$auto(0x0, 0x800000a00007, 0x400006, 0x40ebe, r4, 0x300000000000)
io_uring_setup$auto(0x6, 0x0)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) (async)
sendmsg$auto_ETHTOOL_MSG_PSE_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x240000c1}, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x42, 0x0) (async)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
r5 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x20401, 0x0)
write$auto_proc_mem_operations_base(r5, &(0x7f0000001680)="a7", 0x80000)

31.695278503s ago: executing program 2 (id=2683):
socket(0x25, 0x5, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyr0\x00', 0x60540, 0x0)
io_destroy$auto(0x8)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
setsockopt$auto(0x3, 0x1, 0x35, 0x0, 0x9)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), r1)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001540)={'netdevsim0\x00', <r3=>0x0})
sendmsg$auto_NET_SHAPER_CMD_GROUP(r1, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="b8000014cfd72bd958c54ecc9c55af5795a258b1a2a234472920fe6fc6edea7925489ceb6847c2533c79d9cb5bf838c05b20e8546e8809168de7e2f83e93f452dfbcaac01631bdb3352a752a6b43b410decb0b7b0f9f87bc99fc39ba53f8684f2ea3ef7cabe022a8ab7dd6c6273d6dae3b43fa13979f4f3f2e4e87ccb16a98363f1fa479e2f85640310b310c46f4f47c7cfe2f5a4b9b73a74dbdb1ea645a0cc8e8c4ecd5", @ANYRES16=r2, @ANYBLOB="010029bd7000fedbdf25040000000c000180080001000100000010000a800c000180080001000100000008000800", @ANYRES32=<r4=>r3, @ANYBLOB], 0x38}, 0x1, 0x0, 0x0, 0x44000}, 0x14)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_netdev(&(0x7f00000013c0), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', <r8=>0x0})
sendmsg$auto_NETDEV_CMD_BIND_RX(r5, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000001480)={&(0x7f0000000280)=ANY=[@ANYBLOB="0d0000006d1cb243f46415a058e3be30128fcfd3bf9dcf05426c5ad384436dabe3ab981934daa4ca85691c9b689965e906b7d3fcde8f9e06c61886c2e35385c1c46c9d34196e48b1ef34440f3a3e0ee4571a1e69d54b15cbf38cbd30a066cfcec4ccbe80bfa211e2c6a0d87361173a7f77285e95b7b9b953b47b1010cf962a112dd0543d360da41d9153ff6fc18cd0e4ff643e07d0180f85629de9098ed7e9349cb53deedf283329a518", @ANYRES16=r6, @ANYBLOB="01002abd7000fddbdf250d00000008000300", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=r8, @ANYBLOB="1400028008000100020000000800030000000000"], 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x10)
sendmsg$auto_NET_SHAPER_CMD_CAP_GET(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f0000000380)=ANY=[@ANYRESOCT=r4, @ANYRESHEX=r5, @ANYBLOB="000427bd7000fddb0008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="08000300", @ANYRES32=r8, @ANYBLOB="0800020001000000"], 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x34048400)
r9 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0)
ioctl$auto(r9, 0xc0104d03, r9)
mmap$auto(0x4, 0x2000d, 0x4000020000df, 0xeb1, 0x404, 0x10008000)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
r10 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r11 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0)
ioctl$auto_KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$auto(0x3, 0x8010aebb, r10)
socket$nl_generic(0x10, 0x3, 0x10)
pipe2$auto(0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0)

30.779524988s ago: executing program 2 (id=2685):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21)
move_mount$auto(0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x77)
unshare$auto(0x40000080)
r0 = socket(0xf, 0x5, 0x5)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$auto(0x10, r1, 0x4, 0x7ff)
ptrace$auto_PTRACE_GET_SYSCALL_INFO(0x420e, r1, 0x400, 0x1)
msgctl$auto_IPC_RMID(0x4, 0x0, &(0x7f0000000240)={{0x0, 0xffffffffffffffff, 0xee00, 0x9, 0x5, 0x8, 0x5}, &(0x7f00000001c0)=0x6, &(0x7f0000000200)=0x1, 0x4, 0xfff, 0x0, 0x7, 0x9, 0x4, 0x9, 0xf, @inferred, @inferred=r1})
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = socket(0x10, 0x2, 0x6)
sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000"], 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004)
openat$auto_msft_opcode_fops_(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/bluetooth/hci2/msft_opcode\x00', 0x2, 0x0)
openat$auto_suspend_stats_fops_(0xffffffffffffff9c, &(0x7f00000003c0), 0x1001, 0x0)
socket(0x1f, 0x801, 0x102)
syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000040), r0)
connect$auto(0x3, &(0x7f00000000c0), 0x55)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x4, 0x0)
r3 = socket(0x1e, 0x3, 0x7fed)
get_robust_list$auto(0x0, 0x0, 0x0)
setsockopt$auto(r3, 0x10f, 0x87, 0x0, 0x14)
setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14)
recvmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x2, &(0x7f0000000140)={0x0, 0x4d7}, 0x6, 0x0, 0x8, 0x10007fe}, 0x1000}, 0xffffffff, 0x4, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)

28.102914794s ago: executing program 2 (id=2693):
statmount$auto(0x0, 0x0, 0x1fe, 0xd)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptyqe\x00', 0x0, 0x0)
listen$auto(0x3, 0x81)
mmap$auto(0x0, 0x6, 0x4000000000df, 0xeb1, 0x400, 0x8000)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, 0x0, 0x180b03, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
pread64$auto(0xffffffffffffffff, 0x0, 0x7ff, 0x400)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004)
r2 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, 0x0, 0x401, 0x0)
write$auto_proc_mem_operations_base(r2, &(0x7f0000001680), 0x0)
madvise$auto(0x0, 0x20200, 0x15)
prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0)
prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0)
openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/security/tomoyo/audit\x00', 0x40, 0x0)
r3 = epoll_create$auto(0x3e)
epoll_ctl$auto(r3, 0x1, r0, 0x0)
write$auto(0x3, 0x0, 0xfffffdef)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0xc, 0x0)
read$auto(0x3, 0x0, 0x80)
readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/031/001\x00', 0x208000, 0x0)
openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/stat\x00', 0xc0802, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0x96bc}, 0x7, 0x0, 0x7, 0xa505}, 0x9}, 0x7, 0x4008)

26.487285326s ago: executing program 2 (id=2700):
mmap$auto(0x0, 0x100000000400008, 0xdf, 0x9b72, 0x2, 0x8000)
set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21)
unshare$auto(0x40000080)
socket(0xa, 0x5, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
mmap$auto(0x100000000, 0x92, 0x2, 0x16, r0, 0x0)
ioctl$auto_KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, &(0x7f00000002c0)={0x8, 0x0, 0x0, 0x33})
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
writev$auto(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x40}, 0x8)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x109401, 0x0)
ioctl$auto(r1, 0x540a, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0x2003f0, 0x15)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x5, 0x3, 0x0)
capget$auto(0x0, 0xfffffffffffffffe)
socket(0x840000000002, 0x3, 0xff)
r3 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0)
ioctl$auto(r4, 0x401870c8, r3)
read$auto(r2, 0x0, 0xb4d3)

24.781776973s ago: executing program 2 (id=2710):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/system/machinecheck/machinecheck0/print_all\x00', 0x80302, 0x0)
sendfile$auto(r0, r0, 0x0, 0x3)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socket(0x15, 0x800, 0xd)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, 0x0, 0x24004000)
bpf$auto(0x3, &(0x7f00000001c0)=@task_fd_query={0x0, 0xffffffffffffffff, 0x8, 0x3ff, 0x80200000007, 0x22, <r1=>0x5f, 0x20000000000803}, 0x6f0)
r2 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0)
ioctl$auto_SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x0)
r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/038/001\x00', 0x40001, 0x0)
ioctl$auto_USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f0000001040)={0xa0, 0x6, 0x2953, 0x17, 0x91, 0x80000, 0x0})
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
r4 = fcntl$auto_F_RDLCK(r1, 0xc4, 0x0)
sendmmsg$auto(r4, 0x0, 0x401, 0x7)
r5 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0)
ioctl$auto_PPPIOCSMRU(r5, 0xc004743e, 0x0)
socket(0xf, 0x3, 0x2)
r6 = setfsuid$auto(0xee00)
setreuid$auto(r6, 0x0)
mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0xa, 0x0)
r7 = socket(0x2, 0x3, 0x6)
lsm_list_modules$auto(0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x401c5820, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x80000000001ff, 0x7, 0xd3d, 0x5, 0x948b, 0x3, 0x95f4da4a, 0xb, 0x3, 0x62, 0x0, 0x7, 0x6d3f, 0x6, 0x2, 0x1000000000]}, 0x0)

23.859414596s ago: executing program 2 (id=2713):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0x8, 0x2) (async)
socket(0x1e, 0x4, 0x0) (async)
socket(0x1d, 0x2, 0x7) (async)
r0 = gettid() (async)
r1 = epoll_create$auto(0x2)
epoll_pwait2$auto(r1, 0x0, 0x8, 0x0, 0x0, 0x8) (async)
kill$auto(r0, 0x11) (async)
setsockopt$auto(0x3, 0x6b, 0x3, 0x0, 0x4) (async)
madvise$auto(0x100000000002, 0x2000040080000004, 0xe)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x2003f2, 0x15) (async)
mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000)
getcwd$auto(0x0, 0xffffffffffffffff) (async)
renameat$auto(0x6, 0x0, 0x5, 0x0) (async)
syslog$auto(0x232, 0x0, 0x5)
r3 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$auto_VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000000)={0x6}) (async)
poll$auto(0x0, 0x7f, 0x9) (async)
fanotify_mark$auto(0xffffffffffffffff, 0x4d, 0x10, r1, &(0x7f0000000180)='./file0\x00')
socket(0x25, 0x5, 0x6) (async)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) (async)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x440b00, 0x0)
sendfile$auto(r4, r4, 0x0, 0x3)

8.372120766s ago: executing program 33 (id=2713):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0x8, 0x2) (async)
socket(0x1e, 0x4, 0x0) (async)
socket(0x1d, 0x2, 0x7) (async)
r0 = gettid() (async)
r1 = epoll_create$auto(0x2)
epoll_pwait2$auto(r1, 0x0, 0x8, 0x0, 0x0, 0x8) (async)
kill$auto(r0, 0x11) (async)
setsockopt$auto(0x3, 0x6b, 0x3, 0x0, 0x4) (async)
madvise$auto(0x100000000002, 0x2000040080000004, 0xe)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x2003f2, 0x15) (async)
mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000)
getcwd$auto(0x0, 0xffffffffffffffff) (async)
renameat$auto(0x6, 0x0, 0x5, 0x0) (async)
syslog$auto(0x232, 0x0, 0x5)
r3 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$auto_VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000000)={0x6}) (async)
poll$auto(0x0, 0x7f, 0x9) (async)
fanotify_mark$auto(0xffffffffffffffff, 0x4d, 0x10, r1, &(0x7f0000000180)='./file0\x00')
socket(0x25, 0x5, 0x6) (async)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) (async)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x440b00, 0x0)
sendfile$auto(r4, r4, 0x0, 0x3)

8.281128697s ago: executing program 4 (id=2773):
r0 = accept$auto(0xffffffffffffffff, &(0x7f0000000000)=@nfc={0x27, 0x0, 0x0, 0x1}, &(0x7f00000000c0)=0x10000)
mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, r0, 0xd1d)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x20009, 0x804000000000df, 0xeb1, 0xffffffffffffffff, 0x1000000008000)
close_range$auto(0x2, 0x8, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
read$auto(r1, &(0x7f00000001c0)='\\\x00', 0x8000)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r1)
sendmsg$auto_NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="1254ca199926185e6d0f67a9a89891"], 0x14}, 0x1, 0x0, 0x0, 0x8800}, 0x240008d0)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1000af"], 0x1ac}, 0x1, 0x0, 0x0, 0x22004840}, 0x4001)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x1, 0x9}, 0xfffffff7}, 0x3, 0x4000000) (async)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x1, 0x9}, 0xfffffff7}, 0x3, 0x4000000)
socket(0x2, 0x80002, 0x73) (async)
socket(0x2, 0x80002, 0x73)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
eventfd$auto(0x4) (async)
eventfd$auto(0x4)
socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0)
unshare$auto(0x40000080)
setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) (async)
setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd)
openat$auto_nsim_dev_max_vfs_fops_dev(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/netdevsim/netdevsim1/max_vfs\x00', 0x400000, 0x0) (async)
openat$auto_nsim_dev_max_vfs_fops_dev(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/netdevsim/netdevsim1/max_vfs\x00', 0x400000, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) (async)
socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0)
unshare$auto(0x40000080) (async)
unshare$auto(0x40000080)
setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd)

6.293916446s ago: executing program 4 (id=2780):
mmap$auto(0x4, 0x2, 0x10000000000df, 0xeb3, 0x401, 0x7ffc)
r0 = prctl$auto_PR_SET_MM_START_STACK(0x1, 0x5, 0x0, 0x2, 0xf)
ioctl$auto_USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)={0x4, 0xa, 0x5, 0x0, &(0x7f0000000000)="fb534031a971604c34d6c287cb8a4f2dc79fec501924dea09b39a0322ac2d899050fcdcba750687f3ae776d7bd1677e62a37b4ff116d00864e9b0efa831b904a080ef151ff03553b4c99e63a3f9ec8ea37c99b58a4187d4ee0409d1fe83b04da8390b2f4d8402ac1d2b216bb7abd8fe6852fa5ace5f88b6e72394c457e5cb1569c8c50864b86a19d36", 0x80000000, 0x8, 0x1ff, @stream_id=0x9, 0x741cf6a4, 0xe9a, &(0x7f00000000c0)="b17d0c37b33779e3dc6cf650a58af51ab7577803110369805817f540c8c94d02f7094df182c51da7cba957a8f5421343d7ac8c99b2989643570861cb2c1ec8766f54d65c8adef217992d1f244efc4ff8773faa64775fa797ce521a5450dfb759309ea9222adc247becc640107ff8c5d574ce6619aaccff979b2da1c849", [{0x7fffffff, 0x99b, 0x9}, {0x9, 0x8, 0x2}, {0x3, 0x26e, 0x54}]})
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x7, 0x3, 0x7fffffff, 0xfffffffffffffffa, 0x8000)
r1 = ioctl$auto_TUNSETGROUP(r0, 0x400454ce, &(0x7f00000001c0)=0xe3d)
close_range$auto(r0, r1, 0x18000000)
r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
write$auto_console_fops_tty_io(r2, &(0x7f00000005c0)="671f264add69b6440843b66668ef000000df2669e6f9cd237232b20ed763ac8caf4b9b4cd10196bc7b4c3cf9ee0cb9f61968f4782754e1706b1bb14a4ace080c4c96c604a2812c41ceb0540ad94892a9e1fc919c762d1b29000c4b", 0x5b)
rt_sigqueueinfo$auto(0x0, 0x8, &(0x7f0000000240)={@siginfo_0_0={0x8001, 0x7fff, 0xfffffff7, @_rt={0x0, 0xffffffffffffffff, @sival_ptr=0x0}}})
remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4)

4.367591609s ago: executing program 1 (id=2785):
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = socket(0x22, 0x2, 0x24)
getsockopt$auto(r0, 0x3, 0x2, 0x0, &(0x7f00000000c0)=0x7)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x200, 0x420005, 0xdf, 0xeb1, 0x401, 0x8000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8, 0x0)
r3 = openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000100), 0x8a001, 0x0)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001080)='/sys/devices/platform/vivid.0/cec2/uevent\x00', 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket(0x1d, 0x7, 0x2)
r6 = socket(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r7=>0x0})
bind$auto(r5, &(0x7f0000000040)=@can={0x1d, r7, 0xfd}, 0x6a)
mmap$auto(0x0, 0x9c7, 0xffffffffffffffff, 0x400eb1, 0x401, 0x8000)
openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='\xe6/\x00', &(0x7f0000000100)={0x20041, 0x9, 0x2}, 0x18)
r8 = syz_genetlink_get_family_id$auto_macsec(0x0, r5)
sendmsg$auto_MACSEC_CMD_UPD_RXSA(r5, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000003c0)={&(0x7f00000021c0)={0x10a8, r8, 0x300, 0x70bd28, 0x25dfdbfc, {}, [@MACSEC_ATTR_OFFLOAD={0x1092, 0x9, 0x0, 0x1, [@nested={0x101d, 0xa1, 0x0, 0x1, [@typed={0x8, 0xed, 0x0, 0x0, @fd=r2}, @typed={0x8, 0xb1, 0x0, 0x0, @uid}, @typed={0x8, 0x127, 0x0, 0x0, @fd=r3}, @generic, @generic="56ec02e83a94860f1e6bd3cc48381952fb29643c2e5416db9ce9644246e175", @generic="a92214244c74564705d8a73e69b85abfc023e28753d58b8858982839af8ec8a52b52e7bdba9cbfcc60547a9a2c004b6cfea7b1d7c6cc8079a267d562d8cacbcc7ad1f7176a24b8a6d296845ca260ca2a6232f204f0ea81c0fa7693125fe8521ce16ad28aa7b754350c98579b541215ff47a966722be7d0f6cf664096d4d2d544f30d05cbc0411f4649ec126b80b7402d038f8bf2c169d4e195c0b7295bcdaaf59da492c080dc8bb5278e4da2c8236c607ad68b840bf249e54e96339b87931f965b025a69cdc87b54ddb24254c6eddeb6f63035cc9276cf32d19e93d1dbeda9238ad3d2e5d0fa98fa24407b61bc6ccdadf49d84a5b562f04dad29d090c40ac4a69fb7f94720c1c27d7d336fde4e1cdcd758dd5378787117302293d4226d251d2f011fb3711d7f20eea0316a98923cd5ba8dcf27d113a0ceadc2aaeae42a43693eb870268d43397320f99e135d65cd2a000e493999b1d19700bec4facdaed23afa638145814f37c46a0aa7c72cf4545524e4c5d57d827e6cc6db8102dc4f5269595295af2710474fa32ebe3a957ce7c221bfb548131fa1874b551cc8effa1cd6e96836731524b7b3f6c117a6bc319293cbce7ce2a6a7a03b5460e4b9e3c938d30e107b97f54c98eafb7df5359233d5d033a5ac8e3717061106706cc23c8bf39d35d779e531d0212b3481625591869f35fd99183534646bf064602a8daa48c347f7cc6f9c685bc8f87337d715b6a897abd24ae9af56c7a44154c8dae52627f9f74c5ebb6e7fc6eb3fc0834a70245be4340990b59ed0882f1ebd3cb282dc8521c772603f1987490bc392b9cba1f3d7d3dbd96c48fbde1ef4e27af8113c740002ddd323226e860d07199cd9650263860991fb1e45099856dbc01c0232e176bbbcf98077cb829019424acc1b551c2fdc9abf6801036c76f391c0f20a0320125f48b33df3b7cdb338d74859e1da796b4fc446381c5b3a64ffa577ae6d542906a583ae7535a0078a5efcd648ecb87f0df6de381bb877eec2dd1c8fb962be8c0a650919c340ab784f79364c5bf283d742f3cc21a1c4636ca79ba402c1f4388bb05f3095d3a22bd9b610ef2117f2aecd55ceb423c1cd58f4a75aa4ad47096b739c4ac82e07d4a4527d1e43f91f060a2fac1305afee7d948801f5951e115f161b4c110507bedd639a6fcb202943feb7133f4852cebb0fe4e4ceea3a5970bc8a5b66fe9c797b9166901ca0e07160ad67ef8a90dcd936b0769be7f725373b2fad877089a439921ad1b6261877c9614d6ccb73b3917786509e9d9631e7f00d77053a467246d977d82791b0b066b2ba901e6186e08949c1862c507e85cfd7061ddba7283d8abfa9b961dc8a9cc30f825534811e5afaa8923a0b1e8908cac2b1c9ef94cf5f5f388bb0679efe0a2cc0be779c5309f1272ad97989be97f00082a278bb72d25ecab589d73878905e4e9bc4d99bf5bd42f3fb635085d280564b4382fcac92968ea2c2343d654d4140459f2b3c3ffda7721afcd3b463dc6a832f496a8bc947ba9fb13a876863c6582221ca9f73b4a8a1eb4703a1d71297ffdbbb858a6e8b625c02904a9a2bab4d4097e2ae9148d14004feaa6ec36440bc57c0e234393a938e1784882938f11ef561d237e5bb869fd1e355beaec948b8a23e5537340613d04950947b03d8c66926e7a2f47aa9d819f8121a4e2046c0d306b0a493e0aacbcd926189bd5d6ce3f4b35e859f6bb06b203f2e31ce85ddeec2fa32655ddf12b537ab3ddb547b205ebd9b38cc5297dd07e61e716a1fc7398f1dde9190cb1fcbc198afb352a4651e90463df76f3859637cf126c196a502d2e4129c7836d6fd081903a29a41f1683104570f307c2d94303a7cba8875c6bd7aab2b272a5ed0fe01e9c94963b08cde3c7f2cb255a0cf8b3ced630c3a86c052ffead50b61fd25e3bfd8ff6508d2811ba5ccb0c9a7eefdd377393be03110265218f21f53a7e44429b8fcbb6e8acd2db14368b7bdda9bb9013b44693fa21c3477a7cc7a1febf7f14944d2a1ebe3e85c7c8b2ce3276e5e7f7a33be271092a3633712bdab381021fc6536333480f6ae94c9b1ac50efa79016f38e12bb57233e62f40de27edcab83bdda9a5ef391c8d26b619fafa5e812a92ebe2d7f80ab5fce53dbcbbffb54cc1fbc600fe2412c91b84397a06120cd8ff74285b0e9231f8f3d9b66eb4be1c5c2c6473e773f241a634b554fbc33c19c383c4658523d9a21fc95e984a33d23e118fa3fde5e1fcf4b1ae8ae516ee2492a32571e8e769e3dd23b8bdb6557c63dc3a255227103f75f356b043c4a2a3763656ab098e9bc5acdbca7fbcde56c2a9f3120f3327fcf24cbd26fd3d35a8f7d406094ec847066f7fa62e0a5c90166a64521400ae4238d048b24df5456bbdf0a92d2410cc190bcf87a43d72aebfe549ec3e20329e309e8be21831223edfd62be0aebcff2d08dad0874387ea11d582ef269a7b089c5502e22a1d2dcab679be62bd8e0afe26878613a2fd6e6868034aa5852e33e49de35d2fdc8d040dad12ba135e5e2f6c19a653928db5347dfd889577368d07222d8ed517d7c84a84d9a0749e0fe3f4b6131f7aa977e524b32d0333e7f2df301951c580d8ae9d7fd511009e261d85bad6a921de6443e40b539b0e8e18cc1dbbafd76e9500e4df025e0f0f9f69e033532daaf86eef51d20cc10070e2e3cd4dc9c40ada002c0fc68fd9964ffe9c43acfae4d8762ba4bde544835914e06baa56abf65eb86592f415d136d83068092589ac210962110f011c6aba0a656a6b416f3cf66f08168bc5d8315584691cb04676bd100fd5b43249f5294397506f08211b2d0141b888a6976fe05ab5361c1e6b04342698a0195986243ef10220f67604bc3d7a02cad4a022512bf43030c618d80c042bdc311f3fa0d5b74a312e4e94c6df504f326d1996da8d202dca98a36a7630f61881567000cd59fc20b42a7eac8bca9c2083ccc569e284624b79470e3e368409d305449d78d3548a6502cdcc8deb5a57a69cba1ff2771cff9f8d05049025a50d3fd8326d3732edd2ec046dc45d763c5fb7a1926c5120f816c215fc342f0d80c18e29900dd9de2f9fde71e073c0ca652caee2be6828997f83cf787003150e4d7c1ddf3612596027de9eed2dbccbe56fbf0e58199196f267ccbe7ead18d0a1a80a46750acdc3678057ee33db3bc6a36875f047fcd7f0ff70e266794048330e3a69f5484828084cc57a3cfacb9070608f14e278d170520bc419846cc0219fa338dd09931e8a6c546fd3daa4157aa257083e926c7acd0147d207e61a174a2f3383ce8d480d3d90da627732034d87c9f4e149927d94489a1dfb14b2aa628d3c3a86b8c2b819d0785740ecda5ec3ec935c7a6897c652647a05e7623777ccd11aec1ac6615cf04cadb7bb8afd18227c3b2d3cc72acebd4a450f8d62ac8c890bd4317af272d71c4bd44645bb33c559d4370e3daa2353ba78ac775df4b0df00068156753bd5c0b112ac0ca4c31ecdf698cf22c9fd538c744707287275dd9e8c97ad0f389d69f6c708f3790f28cd3f6190d61e7b7c05108526cd99e769fe3e32777f639e5d4e7673a195e634044b7b59abf299ba20b8adbddb1c1e2dfc427d52d4b60a0ca01e4499e0816e767e23e9c73b72fed02f4c01b9aa404485c55843b0c5c11914283e7820ad16f67125af36892f7b4a50850045c0a3d500bacd3c682f6be2ce3917d24286edcebe5cfc16d390e891f86800cb8d8cca02c983351d1b14dcc49f50a634d8d592055fbd219355b651a7ea3c59f8ce6687272ad7e94595bb9ce27c234558813ebe179efbbe26d70b3597aedd9b764fac862e68b891247ad3881abb0810af77f1235c00f1b2f77e9b9df1ebbe2bd88fe0b399b90c345023c296be643ff9c585f9bb89e50b5e8a4b62da1dd96ee03efc531829fb8fc14ec973809e56e00995a52e6f04ed29c5dbdea1f341d4903d300cde9c4b056a037ccb7e6eba4005d80ffeb0074b43ecbce9702a2eba25b90b0837e620d2f93b24fcd10297dd2b0926a446df7d01d0ac73f9337f7769298f04603b4011ac87e8d79eef8ebc3da5a455dd486dc8f09a7af7b7f7f89fcc61d32b90b3b2e8f982d7d158e705308bcac571a3da17f92e72ad6de92285b733ccddf302bfa5d6e9e767934bba9fe5853bb8c9a1f60c0751899219fc931d8591d3b5b5c2ecc9d8dc12a3ae58995447602e67a053902014ed7f4582fff86766d48513afd701dc7b393363293ac45fb67a0ca22f88d8dc8e6b5534095c82900db3eb3b6ab872c03ebb0757b7eb0357371b88dbd1b75b38375e7fb6c39698adaa9edc01135d501dcad652e1eaa4ebe53359b710660de12f7a98ffd888d163544d81743d69547435c73fbdb9ca5b6607c72de2b31301cf30e999e21208645e61d8b658970e47297dad06f94a9aa23baafeeaf786dd7ad3ece607e09c3452e89b7145e7d66cf39b2389e71e96cd750adcbe99d911f1602a9444476ff0fbcb1012783f6bea01835d74683db437f5b1a9e846c047e51c6b236cbcdd5b0d06d9c4da1b2fe5b0b90f72a9d1081c56ce721bfef053caeb97f849da8887390eca81f971e64fc82f233de06a22de60b4629e04c52c06352b5878bc93d1cae665068ef1160790b6669aedef5ff3b9433e899f181f8289d73083fbf730e7cdb6b58e8ef638eed5e924422153d166900700eb3e6a20b85596fcb08b4e8369dbc805e9594089d71f17e2f8f5fe94c933a53428aca3fa02a1c17df2ef5e2fbfac3b1c3415be3015a08cd2e21f64e76ad529b360c1d7ef003fa6523cb36598728a30bf2669543eecc37b34b6ea596037eb61e408ffd14745b15bcfd65ba3927ecdd3cb703daf2986d452e41a29564b773d8294fdcccdb7ff9338829e5852ca7648da283139212151705f5c5557bb450944c6229be6588107b0d43b9e017d4b9a7b83140ec67aabbb6226f67c4bbb22c41b6f1a57a19729fda10549d2fd55d988a57bde9d9523cc08f8e4283e081e837dc93289a0b12ed6ab3359701890f9f6b18d4b5d2b1cacada1564f9cf370b5d01cfa71651e17d34d990d4d8977e24178bed5e59a00d3a5d0f54d6936c3b267b9bc9d4ef130ada8f703e3c1376bc1d27d001e77ae80ab3cb1bdfded2c3675bf8ceac703f307476cf54b9e7c6e9a4d579c45da9bed4a097f727dec30c9af8cc1206ec57c1b54125e8788a3e3e142a809c40927b3eac56c541ed8c9eec5244a816ac22c77ae16e6356657699765e5e96a3fe5595f8af94c3ea67e483a46c9c7c5ffc17f8364da6cd4100c58f73cd72944914ce9d0fa858481c9d6ff87313f2934f722b90240891993394584741856a6dfff7a241c5ad567b40f59599b16cd3071be074cdd7180478d6a9c40edf0936174db60d8c63953758b39f680f4128f8b4adb0ecdd419df470bacf17c41d7953d4b4e5745f93bf70789c98d613c60c7685c74472f8a483805a8c1d72a78c1bf70564984a302457021b3b097ca5a6c255b21c626435cf13da8cabf3b852e61182db6975a918c8271fd704bcb34b2ce8ffe1ebe3c4ceb772bb42a27c814d8e154fe002b0c36db5564a49c35a69096dce7313cd2f7ae5bec97696666c09a37e1b4727a41170d48bbb3d5165b16d43c89754ac0c5150f0cb05cc13b3ed6249a66fa2f503889f22eb9de2eabc0e3878dbe1720897c8cbeddd9fa56cbc77b32bf5d8ce2cba3b50674828e28432a1d98789e41acf2572cfcc90a27a32fb3a281ec2"]}, @generic="54681e1d2e059e2c70f2862ce2340501f59c65040ed8e21876a82bb0f6e1d31e519c2fe27dd5bc1a1bacb52a6d9de03d402b72cb2f69f085ee3e14a730d1f51d35371a0781dea467c157b2211e1ddfdc381dc069aaa554b194918ce3ab0c166dd8411e6ec5ac1852f65315b9ca3b"]}]}, 0x10a8}, 0x1, 0x0, 0x0, 0x14}, 0x8880)
io_uring_setup$auto(0x9f6, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/kernel/cad_pid\x00', 0x242, 0x0)
semctl$auto(0xe, 0x3, 0x4, 0xffffffffffffffff)
write$auto(r4, 0x0, 0x1000)
setresuid$auto(0xffffffffffffffff, 0xeffffffeffffffff, 0xd2)
close_range$auto(0x2, 0xffffffffffffffff, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
setsockopt$auto(r1, 0x104000000000010e, 0xa, 0x0, 0x400)
syz_genetlink_get_family_id$auto_gtp(&(0x7f0000000040), 0xffffffffffffffff)
r9 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000100), r1)
sendmsg$auto_SMC_PNETID_DEL(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000b4057f464509aa639b01cdf835545b87d4acc209d842908b09df8932ff3d9498dfbc68720f33a2c744a1637198ffee9bfd788e769d9865b7258e0273d07402a471bf7e92e5740b0d78bab62f64fe95ab5f91fa6c0eb1fac3c3bee5dd463cdeabd60c5bd5b5765eed791d29d67b6675113767cd525c8ccef661cd4d887fa0969a28e4530462594f63a7c0ea342457b4709b0532d8e806bddf3a010be13d7b4e6209796d938887bb955b43f81ab2bff47e00640827095325dca14eb7c9f6e34d939976df8a45014912eed96f000000000000", @ANYRES16=r9, @ANYBLOB="00022dbd7000fbdbdf25030000000700030024280000"], 0x1c}, 0x1, 0x0, 0x0, 0xc5}, 0x84)

3.95844897s ago: executing program 1 (id=2786):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x1, 0x0)
setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9)
close_range$auto(0x2, 0x8, 0x0)
socket(0x1d, 0x2, 0x6)
socket(0x2, 0x1, 0x0)
socket(0x15, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000)
socket(0x11, 0x2, 0x73)
pipe2$auto(0x0, 0x0)
io_uring_setup$auto(0x7e1b, 0x0)
socket(0x2, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0)
ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x8, 0xffffffffffffff49, 0x5, 0x1823, 0x800000000004, 0x1, 0x5, 0x19, 0x10, 0x5, 0x2dde, 0x8, 0xfffffffffffffffa, 0xab, 0x0, 0x1]}, &(0x7f0000000040)={0x0, 0x7})
sendfile$auto(0x1, r0, 0x0, 0x7feef003)
write$auto(r0, 0x0, 0x4000000000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f642, 0x0)
shutdown$auto(0x200000003, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)

3.058510234s ago: executing program 0 (id=2789):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/gpio/drivers_probe\x00', 0xa081, 0x0)
write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
mmap$auto(0x0, 0xe983, 0xdf, 0xfffffffffffffffd, 0x401, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x1ac}}, 0x40000)
close_range$auto(0x2, 0x8, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x4, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
get_robust_list$auto(0x0, 0x0, 0x0)
setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) (async)
setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/overlay/parameters/check_copy_up\x00', 0x129882, 0x0) (async)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/overlay/parameters/check_copy_up\x00', 0x129882, 0x0)
sendfile$auto(r2, r2, 0x0, 0x8)
setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14)
sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xac}, 0x5, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x2, 0x9)
recvmmsg$auto(0x4, &(0x7f0000000200)={{0x0, 0x4, &(0x7f0000000140)={0x0, 0x4da}, 0x4, 0x0, 0x8, 0x800}, 0x1000}, 0xffffffff, 0x0, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) (async)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)

3.038814823s ago: executing program 4 (id=2790):
syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) (async)
sysfs$auto(0x2, 0xe, 0x0) (async)
r1 = fsopen$auto(0x0, 0x1)
fsconfig$auto(r1, 0x8, 0x0, 0x0, 0x0) (async)
setrlimit$auto(0x0, &(0x7f0000000000)={0x1, 0xfb3}) (async)
sigaltstack$auto(&(0x7f0000000180)={0x0, 0x80000001, 0x40b4}, 0x0)
sigaltstack$auto(&(0x7f0000000080)={0x0, 0x2, 0x4}, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
semctl$auto(0x2, 0x9, 0x939, 0x6)
mmap$auto(0x4, 0x400009, 0x100000001, 0x9b72, r0, 0x8000) (async)
madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) (async)
r2 = io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0xfffffffe, &(0x7f0000000580)="b4fa0c693531b1b9deeda4cd26bc3f459e543d236efe06cdf054f5d6dd0d099ea7d248b843a0971d2636e7d714a2b7d1397924bf92a695da049ce6da6b670f577ae66f8a24868fe0973b44ace43face57405afbd3936db4024c2debfdb4dd983ee17cdef11f4819a4e67c1090a062b07e504e95a0001946b1c5163bbf4060178e07822fdc60edcabf3723ac699a82d186ceb018a0670da07491af7593717fb38bcfe146e5a859ee49cfa1885e9c30e309aaf04ec5f6c85e6309249aef3e303ad59e270af94d0b6613f5a81f2971e6118fa41f56efe3d12cfd6bd9a74231a00"/237, 0x3) (async)
openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) (async)
setrlimit$auto(0x1, &(0x7f00000002c0)={0x1, 0x6}) (async)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2)
close_range$auto(r2, r0, 0x7cc4) (async)
syz_clone3(&(0x7f0000000400)={0x1045100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r3 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/pagemap\x00', 0x181400, 0x0) (async)
ioctl$auto_PPPIOCSPASS(r2, 0x40107447, &(0x7f0000000140)={0x3, &(0x7f0000000100)={0x8, 0x7, 0x3, @raw=0x4}})
sendfile$auto(r3, 0xffffffffffffffff, &(0x7f00000001c0)=0x3, 0xa) (async)
socket(0x2, 0x80002, 0x73) (async)
socket(0x1d, 0x2, 0x7)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async)
openat$auto_sc_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000200), 0x22c2, 0x0) (async)
io_uring_register$auto(0xffffffffffffffff, 0x4, &(0x7f0000000300)="dde8719dd8625097416f2e1c959faadca963ba4092487a529b78ef1fe1f3a19863b929c180a4a9d2e2a53e6de2b9e139c0b8862938e4d943f2e2705d1288f5e9b597cfa38da8776b97ee4e795fea1f6ebde6d5f753f8752fa1c88000"/102, 0x3) (async)
clone$auto(0x2, 0x5feb, 0x0, 0x0, 0x2000000000003)

2.08536073s ago: executing program 1 (id=2791):
r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x4000, 0x0)
mmap$auto(0x0, 0x1, 0x2, 0x7f, r0, 0x7fff) (async)
r1 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f00000032c0)='/dev/mtd0\x00', 0x22801, 0x0)
ioctl$auto_MEMGETBADBLOCK(r1, 0x40084d0b, &(0x7f0000003300)=0xffffffffffff9810) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r2, 0x8000) (async)
madvise$auto(0x200003, 0x4, 0x10009) (async)
mmap$auto(0x0, 0x400008, 0x200, 0x9b72, 0x2, 0x8000) (async)
r3 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0)
write$auto_proc_mem_operations_base(r3, &(0x7f0000001680)="a7", 0x80000) (async)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async)
madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async)
sendmsg$auto_MAC802154_HWSIM_CMD_GET_RADIO(0xffffffffffffffff, &(0x7f00000012c0)={&(0x7f00000011c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001280)={&(0x7f0000001300)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="000428bd7000fbdbdf250100000049d7657c1b707b391451d5a5a764b30007ad4903b81fce5a5ed43346ac5cd236ef3a1adac506359378fa736d3da838ebc6e74e7ccb8a05143709e64124ddeae2b6c9fea12ded2de606777582cf821364f94272ccabf68055c6bcb48f7787ad72742852355a0798f5d316e69c64a30fc5cdfb7b40f7d3031f989f64fb78590136e4f126cb72f57d6f46090093e20dab7a5d1aac4e51bed096384061a26e37759fef804aa4ffd45be22829673ba1b66662816c9b135761b4caf21c0c46"], 0x14}}, 0x4000004) (async)
write$auto(0x3, 0x0, 0xfdf3)
io_uring_setup$auto(0x6, 0x0)
r4 = socket(0x1a, 0x3, 0x3a)
bpf$auto_BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000040)=@batch={0x6, 0x3, 0x1, 0x0, 0xffffffff, r0, 0xb7, 0x1}, 0x4) (async)
open(&(0x7f00000000c0)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) (async)
flock$auto(r4, 0x9)
r5 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) (async)
io_uring_register$auto_IORING_UNREGISTER_FILES(r0, 0x3, &(0x7f0000000100)="5753c14c3df9fafc16ede60acd6bdd79c2fe8b722bbc316a042f9ccf454c857e0eb39a6128a6a2e27103e59b9a05b9c3d814bf95dfc95f8391afb4fdf46d302e3f7c11decc270d53d0ad42608cf7f8465e83cde77532e0b8a4387ef1da3f1a385b283e041ff4bcdb4dddcea62954be7066e760ccf4c0dc13909e14427cf43f1050a01a00518e36a6879af6ca56f39dd7d22b922b2a0bb91eb37d3c7a867c50b4384d535bd56835c005731ecf40a8c6ceb728238ba5a8228df64a69dcf7569ff2fc957153791ab9b4a076f92bc7d67644df3fdfa44dadd812bfbc6485c8bd3173606fa53b19bc776728ae1c5576286ca1883bf7d63ad0568f38db7dddc8b6b1e92e4c6429b2e244273653ad182c1c4701c97f600a7a2f81c3b0cb153764dd7e8d98a4704de69a9506912af26c658e883058c2c2b7ea1ca54caf903b37a0bf34a29d08c4e0a1aca8adb0eb4a21ed027840df9c7bd1276a4e5e7a1ce33d3a7232287067bd12c326037dad22aeb00a295681d75241d99afd93eb75a4f99d5f4198dc6ddc4b0f73f69a9f389a690eb492dfd23cfd6ae0087429fe5a5aad2451e786ca1128707dda3cf0a636d2a1971adfd306417dd7694faa422455b1d570b24dc1d872de2d7a2c782f73c06255dffe16c3b19b42bb64a363eb2307ce2893663f3bceb8741f7ac3e47c939664ade30416eb26efcfd22572e3de286fecb062801622362d4499a27c78098f239de3faa16297a35e15bf92a36e7e5a12bac606716e958d16f5f206d7dd9e941b8f87b9b1d9101d4304a27835e4092829af957fa2fb6a6e68aa5f866680ee170c1a0bd518a9af04dce221aa976afa1ece9c24cb46bd11d094a0e9b8ca2266654c6026b1a918ecf526fcdae8cef59007ac49f2f3fc90a7653572b46a803ce004ee5b4093a3180571f02d712bd8d37a2c4fed975e7ce5c01e4f4edc370816c8faab9cbb391c492ee44ede0fe6afbbf594dfb4c37bd635172e2f7f81f75d0b8590012357ffc571bd28c0d3ab223a098bc012d4a4d2d33e261452b6430cf2da0972bdfd987f8603160dfa4ba049857c033011d3df335f54ca2374432aa78ea7a3e49c8ebcf00b46e5d95f50cf3f4a9e0600da8c7ada5141549438cf6938ad5d231fd00ce68edde8b374ccf6993fb3b0ef5d517f154f77e24d708de83fbc35ac4c32d745050ba70e9df3aa60809957bd1026f389f8d48bc992dd50410cd38ddb9130727cb550e88ebfda50f4ab63e84ce6173061988b8e28a68499964ac08364fb22319fb5588185c0ff27f7299e8626888f942a92e153d8baa379b50d12d781802a18990e8560f5259fbbca1f03a1567442168fdaf6ac4f719e4c0bf1d30cb239a2b78d65cea52db7ef8170591bf4f0f6fb34fac1b6415d4d2b040ce21f18d5a8c45a7be25865b2106311bc964b801cd864cd6b22ea670dce27356bc97a8675233a02b26bfa13325b0ca04cac7952d0cbf89572ff6f3ecd1f58b88ccafcb87a12c662306c78f114f3f0d6f3340c9c98802aedf99f4ccd19b76ce8eb705d24304486c2fe63196662093c3f5f0eb19f14d5bc1f87a88522ca45ca374403fd11614c33c4d6849936236cf0f310d4b0420b35a4eb398327bf7d1bd5d042fa824087e001a6b81b49659f46ea893c0f80a58d8d25d2c71e5853ecf329a9867e8f1f743d94aaa0ffab8a02dc97869b60a47dd2a04fc73c64554272c5b940a483ea2508bbc0a33d41840e9844989b26f4bfc89dbae6eba981625e4d92ec6136dad958d5f5e556748e64ce47cf3e597537bbf29201f7b1f2d95e3e25d160b1edf39f614816840188a43f3395f11c06455178357b0a03eec62e422f2a618a8b22430985d761cd1ced71c4e0fcf5df2b63af0505443a249a06033fb6182946a61a0026e6a60b3e2886792550e326b1b88835f6d92860555aa232c26e31867d7f6a079d5943f8714bdc78b4cc07a4a41a07844e9b186127c03eb1d5db8bb8a5c05c49810d652a05b0d1c7601072f1e7cc6982ae3330e53181bc08922bb20fd3d3c8f8442df1bf646bd8d2c667f1df9d892a20d64c309b311ea2748b751cdf2dd9936fed800e0213cc7c8c4ce3014d15aeeb086b360b1fec223bc9d0adb51cdd2fe5e77724c4bfeb85a10102e71e4cb9e48bd56100e0658a0fe955e13c89ea49f466880f3d73bd1991bf773a5363c58c2ad1f194f6d68b2c14db7e518ea5343e28f7185e2b6e1dc1915494d36fe61ae3fbe43e38fa7cd395c8dda3b3222e28f9eb0e83c7daae0895a07d5f68f2c77c3b023d658143bf0ad8a94b70e0331e0a5c1c8103bb6bfd626308c59c45f5ca3d27ca2ce45a6e243c8ee44a4bb681eb5f5d31e5033cc8aedec3572cb7a2eacf7b8e98f469e51a8e9017ff4f1d9579c7dfd9d23cc7a7de77b7a730e4d66ef534ef4f33e17a985802aedfeb135df491acbc17e18c27323799635f07a23cabafe10dd33dad43b2f8b5b2ed4d4fa44ccaffd71d57a96e48f3170dc6a43e842e6ff39fa51a3e658c04b1e992b2a4fa55efda47f640621af4d53e750f2b0f95e0e4192170e4540b05e2dec28455f514b9ac181d0631adbb169db1972e6955608de9d23dcf651cb7e1fbe554096a12b6f32102d27c19d6be960ef0612a0a564272faf16d816f23c9755adca6b9877adb9d8ec4272e28f6ddc7ca5a430b604e8aa375243b10a26efa39367600512a3707cb705655c94a0d366a32cff2587c560e2bb376cb8bc1e0eb088003d278ca5a6c6eba131522a8991b4f8c25ccb89e78756d78a07997620832a0cf3fcd114962a644a07bb26fba3b7fd3db5174f9bb63c72afc3651d71e65dbc34a99c0249eb87718366787cd2f862f511723bb63be15b0b4bebbe6a386da57a279d8498e83acd0b0e17fc6726e1383937ec415546a856a6146ce78d12160396725706f93b29f9a0afcc346fa0354428b14e4f28f00e242f8bbf92dcbf23919f222bc9eb96a32250d4205b06cb54c93dba5bbd1daab6c159d116dbcb607ee37be77737b711460387ffce53a62e7f83307e917f53779feb42f01535052ff1a8bd39d558757e7df9f1849a9636308bacc25a8543791a5bf0b77b28a3a50ad884630e60565ba361f09315adb6fb69944a7c5b7899972f529c25f35374e17600e1a5f0f96fd76030e58a88c83fd961866c39e9e32a2d5d6e6a89c0fdea27c9c9e95edf817e05843071a48165c9382bc22a2a371285d1851555b61e7b2f61fc2996c49dfa73bbab3dcaa2a7b9d95b9e04e81351931807973591bc5e5d1cff954e9abdc952ca40168c87afc0e02e55a5e4892710189d07636ef4a4aec0a9784a747063a40c7d23fdea42e0df79316857460820d092f8342f7ef619500e1abcaaa1ad8988c8e4d847ea5c104785864fc1922e30dfcec83a680a9401c981d561fb6f3fe15e5ac9b4b2c8eb860481e598200ba3028853484f1ad476c89ea8679c87fbf9cc70bfc5ea2a45cb22c79840653266b1f542148306f1079920422c75cdfda63ba01a25d4220ecd1c650235d65770e3dd5e4b952a25dc58db2cecdc8949f04139ffa149e84cc0cdeb218f364a7ec89d209c7bdea6f5cae5233cdbfe1e75462a72a23a744a12772bdc31675fcd59fb8dde9f86eac60d932294a22cbf535f8c112ee5174e742cadc1a9ebc4197408935d3bc862d0a25606430f277325fda04c0390cdd0ac2ad6e2fae0781b173d8c70ad6981e5efc2a91548f59edc8de369d5fcb03fce552be06efc89f4315c7531add2eae565ca2e3b809e90608d3f12a855d5389087e6c8035451bb33ce0de175a73f97e12f9d73b9c2e6f86745a76ea4cbc1aac53e523edef24d355ae8f9bf22e14139b4182dcd7090eb9f9c399353b0e425e2a97c79cb944cf49f88ee95d2a43d70d6aa3199794bb1fa101c7a474b064919911723940aa893c65a5fb78312b9c5ad038474f4c30298c175564a32db45475cf03efcd22a4a67cb8848da82e9781980a6de1ac40b79750351df94dc31435add33cf88f6b2363e88ad2d7a5c88b4d5e85b18d8317bc19b084b6ad9ae413dc28cac0b59e0e6369677f7808d3c5e1962662dd7d0668dafec38a10ee33a7939a60771f78c699b6de6dfeb9d58b5e9817ebe1011d2d65cc315f0a8e8514e4c1a703890a438300a34b8084e5140bb94b88cef0c48b914ee3b72590659f467762bea17a34bfdacc171a415d7c7e0770fc5fad3e27b6836965e5de856856903a669d49edab28d0d06155afd0be721cfe325530266b27844a4239ed0f6590ab3f7ce036d5224f4fb4e3c14ad80149e6fef6b01ec2c196a7be3157d1a9ee9082f1faab5cf6984444adefd4863e43cfe9aa81dbc095232437fd91b51f0ebca655040d71e4530c103eef61a36917864057b23a227382b7f64a31c9e9f19a58a09f39688f60fd7fc52c07e4c9f7629ca91142d19dae31927e9f0e6a11bc9a4c37eabb1a443e518684c1a78f4dbc87a085ea08464b7849708d252673e807b82084cac0565a29da327604702fa84cfec7cf1c546ef67bc00f384ea960087b73fb1874e5bd0cc1dacdcf4d3fbc12652c1117121e3f6d953a9892bb045d6ba99a4a455d3e0e5b2bb03b0c09416f55ae7ec87d1de45444ccf74408cab3886b3eb6d89163468390a8b92ee99304808855a04c466fc399f0dab5e81c278a511131d04c5cc0d14ab2cacb15a7b995ad552a26577d2c751f0ebef7381a211bb7fe8d8002dd0524b8c33aea2cebc0f14160ff179da5037f48e57f4ef625a7d3ab81456ade2bb40716ccbb84f5f136f5ba054f9796d0d1cad6c3609945ce125c3170e14dc640d7c697466db22160a044b4e7ca4027f566813cb24fac3333c5793fdf82da81ed49ff3ef41eb541fff948895b73d98fc64d550eb5dfda67b68dc189e02d02ab61b3303196c13c75ae46b112c887f47bcedd567ce46e9e57d337273e809d751b45bea5b99fe5b4b25e2b71e2cb6a626fd6a3f655f93d2ccd6872d673cf603c03dc61de8c58cdd63bc7086eff08ef23cbe34baece51806d44c03776bba519ba3f92bed2813b6b0e74c2e83fa4926fad4f54cdbc30f7f1f28298101f7a8cdb937ce8b8921369fc691f08eb827066ce4bf21fdc377ae8e9a512b036032b2e7065a849e580607fbaa19e45da8b94f55a47b4c529abb8358e7d1b9caf684d8caf3e2818c2cb7532baf8de897c0131b7af251cb0ea58a157db91d6595d31fad4f586e77df974f320065cbc7222261ca8f6091ad8a08421b277d6ab8c30c2327af5cc792e00b6e56fb25fa093bd728a8142caacbca484cde0c854ba15bcb1c3cf62d42c668af79bba35f522197bc775fb073dfa064d05f131e95542d8859e5aea838be73997fa507fd470a3d1d8a27ebfcd270c1f31cfd50718dd0e897069767a7beb3b3fc908ba902c4e3c92fff48921d22bd152b1fd40177504a030c746aa4e2cb9f3ad92db185ba72cfe8bda8074280aa4109acc0dd7df604071e9bc74edae1ca7dd556660c822a2188fa5b5b68c80cfbcab180c7f703a34a3bec6d02b9dc5c6a7a37496745e8301a324d4315dbe77b206bc548de2da3429f213ffa43300bf37b20221d5a21bdc42087c974a9f92f9eb932cebfc425a736ffc826445cea86213d534cfe0b650dc376cc7e282ebc881128b9d4bf9d6794509f72eb3f0efe26bcf090a83823bcb3b92eab45a5970988d0f8ac993e8c6aaea676828e892baa6f7d5882b43058cf910e72b553b200ef9cdc31351358fa6af305a3c2631926282acc27989c04f636696438d8b553a8332fe6ff7ba199545ed29", 0x7ff)
flock$auto(r5, 0x2) (async)
r6 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aab4)
flock$auto(r6, 0x1)
close_range$auto(0x2, 0x8, 0x0) (async)
ioctl$auto(0x3, 0x800005411, 0x38) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$auto_SO_SNDLOWAT(r7, 0x1, 0x13, 0x0, &(0x7f0000003140)=0x8)
prctl$auto(0x23, 0x1000002, 0x7fffffffefff, 0x0, 0x0)

1.895548568s ago: executing program 0 (id=2792):
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r0, 0x8000)
r1 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0)
write$auto_proc_mem_operations_base(r1, 0x0, 0x0)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0)
read$auto(r2, 0x0, 0x20)
r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3)
close_range$auto(0x2, 0x8, 0x0)
r4 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
write$auto_console_fops_tty_io(r4, &(0x7f0000000000)="4c91f2c388274610e12c861bb2bfd9800e9b3941", 0x14)
openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/ieee80211/phy1/aql_txq_limit\x00', 0x822, 0x0)
open(0x0, 0x161342, 0x130)
fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000)

1.871946866s ago: executing program 1 (id=2793):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd5\x00', 0x6e0680, 0x0)
r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
epoll_ctl$auto(r0, 0x0, r0, &(0x7f0000000000)={0x8, 0x1})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00'})
bpf$auto(0x4, &(0x7f00000001c0)=@raw_tracepoint={0x5, r1, 0x0, 0x8000000000007}, 0x9)
r2 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$auto_BATADV_CMD_GET_ROUTING_ALGOS(r1, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="000006000000fcdbdf25040000000a0018000000000000000000080023000a01010106002500efe10000050002007b000000050002005c0000000500110002000000060022002e00000008002c00ffffffff0a001d00aaaaaaaaaa40000005003c0000000000"], 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x4080)
mmap$auto(0x0, 0x40009, 0x7, 0x9b72, 0x7, 0x28000)
r3 = socket(0xa, 0x2, 0x0)
fsconfig$auto_HIDEPID_INVISIBLE(r3, 0x1, &(0x7f0000000240)='/dev/psaux\x00', &(0x7f0000000280), 0x2)
syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000080), r3)
ioctl$auto(0xc8, 0x800454d2, 0x0)
write$auto(0x3, 0x0, 0xfdef)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/firmware/memmap/5/end\x00', 0x1c1540, 0x0)
r5 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000340)='/dev/ttyt0\x00', 0x2000, 0x0)
read$auto_console_fops_tty_io(r5, &(0x7f0000000380)=""/254, 0xfe)
mmap$auto(0x0, 0x4, 0x3, 0x20eb1, 0x40000000000a5, 0x8000)
r6 = mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0)
mq_notify$auto(r6, &(0x7f0000000180)={@sival_ptr=0x0, @raw=0x1, 0x1, @_sigev_thread={0x0, 0x0}})
r7 = mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0)
mq_timedsend$auto(r7, 0x0, 0x2, 0x6, 0x0)
r8 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0)
prctl$auto(0x8, 0x1, 0x6, 0x1, 0xfff)
read$auto(r8, 0x0, 0x1)
read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000640)=""/224, 0xe0)
ioctl$auto_TIOCVHANGUP(r0, 0x5437, 0x0)
sendmmsg$auto(0xffffffffffffffff, 0x0, 0x5, 0x20000000)
readv$auto(0x3, &(0x7f00000000c0)={0x0, 0x7}, 0x10)

1.439432135s ago: executing program 0 (id=2794):
r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x48180, 0x0)
ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x1, 0x1, 0x2}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"})
ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, 0x0)

1.28129774s ago: executing program 1 (id=2795):
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'})
r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x20401, 0x0)
ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000080)=0x400)
ioctl$auto_FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000080))
mremap$auto(0x200000000000, 0x40000000004, 0x4, 0x3, 0x100000000)
syz_clone(0x20a08200, 0x0, 0x0, 0x0, 0x0, 0x0)

1.063778141s ago: executing program 4 (id=2796):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/bus/most/drivers/most_core/components\x00', 0x100, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000010c0)=""/4096, 0x1000)
mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2002, 0x0)
socket(0x29, 0x2, 0x0)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/midiC2D0\x00', 0x600882, 0x0)
r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/default/disable_ipv6\x00', 0x202, 0x0)
sendfile$auto(r2, r2, 0x0, 0x200)
r3 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000200)='/dev/mtd0\x00', 0x48000, 0x0)
ioctl$auto_MEMGETINFO(r3, 0x80204d01, &(0x7f0000000240)={0x40, 0xfffffff0, 0x4, 0x5, 0x3, 0x9})
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x0, 0xd, 0x2, 0x948b, 0x3, 0x15f4da0a, 0x1, 0x3, 0x62, 0x80000001, 0x4, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffa]}, 0x0)
write$auto(r1, &(0x7f0000000400)='\x00\x00\x00\x00', 0x100000a3d9)
select$auto(0x9, 0x0, 0x0, &(0x7f0000000200)={[0x8001ff, 0x7, 0x73b4, 0x8fd6, 0x948d, 0x3, 0x80, 0x3, 0x6, 0x8000000000000001, 0x7, 0x0, 0xd, 0x9, 0x1, 0xc000000000]}, 0x0)
write$auto_lockdown_ops_lockdown(0xffffffffffffffff, 0x0, 0x0)
open(&(0x7f0000000100)='.\x00', 0x591002, 0x408)
r4 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
getdents$auto(r4, 0x0, 0x400018)
r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
getrandom$auto(0x0, 0x6000000, 0x3)
ioctl$auto(r5, 0x400c4d02, r5)
getdents$auto(r2, &(0x7f00000020c0)={0x9, 0x8, 0x8, "1862c32e43bc92414d1fb46cc2a0a63b843eaa8e710fa03d786e8831ce250831876e7457bb6b110ecf9a11d6dc725c2e372ecece7c33645ee9025a722f9793042df14572922e0dae4e763fc7ad93ea7be21b1182f09f76226d155c58915eb785aa0d60d77e2a00106cf9b579fff0588d9f4b4a332859e63034eaecf7f5401e7c1144fcd8051b39e1ba6fdb906e331bbc7a399abc9bff2e9cb67190255aef3bbfdd2a15f5a446ce43cfad10972229fa28d54ff61fc393cf0459f64d02564bcf4ca3f8bc5d103066459a9ddc0591017b00e30006f876ae531d1c13988b104cf31f70b3e3f96bc57d61bfa814f5263dffcef5e49bf9231b9198f1816f9fd0597b224fd64b9dcf93f08ed0dcd83a9034e16c8516a54e16d8a6dae1033c1407a95714d88832d7522a812d86cf667558f3f8bec0e5148606d10e944c6b30a28d81a5078c45baceab8f05ca8653ca14c6c908db8cc3acc025cf0938df890634d77f34143e371a74e4c14c07eab14671f4e7ee50f76162d7342abe4fb899f1249af11df7a3f2f2cf08dc10ee42d94e586b41d77086e16c70725a6caf235958d53a389f7423165b0cf67db3869d628ad310468ad8c2fe8ca363210b4da4930aab594f50e99c754fed903e2a34f846791eebe51985246b4db8df8603b822fc3cc133ab539cc07c01512a41efb655a338ba69fc58f2ae3e2c9e641101140a6b1e29b2192704774bae275a6578bd103e8e4ec1b2504e23d7cc71fc34f51c9d93e051894f1e2bc246ce21024e87d7717b2a05ebc5cec11bd96cc5406359b065b041369e579b35eaa750ef11cdf82d2521394918c6b6c1ce6b7e7c18a844c379b873ac963e22203e4ff1f07db710565894f6c9d47dbbb852e9c68b8484fec57673e31597fc1976be6bb81e4345388eeaca70ce97f720542671c06e026d3bfaf19d4b7ef0ff460462cc54fe9e7f09ba256221066824b4819035994cab6d9f219bfabb1c32c8cc35e623d50acd643277465a0d0a9cb1ddf034e7a87846766f5f1fe53d6e5e0a622aca204352d31967bd27fd8dabf54e68cdd55b389c5158dda627e5c892aaa5bb361dc434d1e43254d1c11b024052ad41fc546d6b72bb2969d2b45d41e59990fff346e035dca1637a8fba799971530450022cc93f45cf566ca4eb0a073a52dee53f74ffd3d88bbdc418597aa568749e26901a86a1730ba265e9af95c109a394e906981a094d10083715a052f204e178aba837e49d08c92392f25a94a8fd722c92944185c018b605b28494dce83b0990bada5cd3f2bfef52da85fa1b6dfd4f3cfead9ae1406bfd0737c24dbbb11248f9dbd2c80e8c79cea7b8e9432c96f9859d38f3b8aaa97d0df8758ad3e26baf032118c39648fb0a348cb4eb11387ea7fcbaa980e227b6b0555665b2386e3ea9b0367ae80c3691b5ad3fc88b1780d2c7e394c38be431672f1a05de7b08b1b9d9d9347e7e34a96798f2f07ff864ccc75c90a396dd72a45bfcb1e55e62182d7c2ccab316245f94981463a41b9d8cf63acc1da6a1117e2d1b6987bf0cc14724c47136aad1947ea19d37e98dd2cf8378a458819ba39ddcc9aefbd8836076283ee383bcf3e30cde648b05820525d4a980a37b53ffa46eee0605a05650fb046e859a93c341edad6dae4a007b0fb61734d6138792a4c5a582acc3038ce88000a7336485c306fecc19185d581442cab17ac06848516a1a1922b9fe0931defe107d39f56b7640568bdc7e362e020bbdebfdb6f802ab1d97d62e4f663f4f6d1a9eb58107159e1d0fd0f2a395b81e9151564f84ec2ea8f63bddb461352f35b6faeeed38863beb981553c17d7d139db9267a75c4cdeca1a56a64a209b334fc2468c65272d7640e6d94cac51a1da27321447d48569cdb372cdde145a3e76c2eca62439b19a12f1b8674776cb7ca6cc1646633a710b66e16f2e0ee58b372816a3d5e94ea86b8f705c398f70b483b6925425614d469237d13bce72aec13412d69fd95df4d43f2f780a401d1372d4bd5f6c2f5e70e75bfec72a88062ac4086d6bd40271092da3e8725b835df2b231fcea5f1d12f95683d081aac0d96e622666e604c586a036dc449c0fc1251febfc1c72dc4d159a52537679709d498119d97ec33b49052c8e5f1019266f8f3aa210e56912af214b9227e56529dcaa9b1320f93c055539e120196352883c903eb41db03d7ee9f3e1a84310cd8248ccefe6afb8b0c1243f95ce173d10db96901ad9e14e8c1b10f79ffd11ad31eb7ee77f17bcb72f9d8d37deb86004c11b215ea17d65894acf6557ac36ee085c4df1258a8d4e7e571a0e06fe560e98fa395711497bf4b6571ea36c360b2e2489a9ba10a9c6644ed4e83a56e425096ee302ae047be8528a4d2849a21d6880f0f9d22b580ff5296d29503843c0bd3e6f696433cff034a786f639010aa893633c023c95611a8d91ef8520668fa6e79ebf9fcfeb9ebfb7228e873862001eaa7e91849656a01580460181829c83fde3fb9fba885b642465c9e12fbeaccc529db6c84a6580b7aa06e249a3e112a99481ea8425d516ae3c10f8a24d68a07cd5f7a49e79f429debbdea4b0ce2d5ff1d7810efa84c2eb0694c3498fe97c9fe41af55e41eeea590975014dd6356dc50c5fa06e7b9f02d88e01a8734e9034a2f2301d8b5a8434c8fca4b4d058e4ba6e543b34aa9cc1eda32d3d626e7849e981b5633b34d8a350dfa141e4bf4488ad9b189353816f0b62f666624b908b80e9301edc5df2cce1b0e0b25eaa5f1566f35c8353a78b82b9612992237cabf5837fb372b4dc242fde9773295b276cce2adc224fa31412d3883bcc1615ae443433aa81a3c6391f6ffb5e328a5fe3c9f91e609656e44dc9e69bd4b36a22ea4d957db0d10d7b59e2c2ca329e76382cd325b5322fb5fa06763923cdb37379dc03dca8c1041c0028527c3ef6ae85106287deb702ef50b3b23c40ae4b2949cab7fb178d0b32fa543b07886b121c6c106e320ccb2271cc626a1567685e6993ab85e6b6f8e49f00ae7785d3956bbd739132a1bf43f56e84124980ddd2c0c507a0b2750dc7debe500c7e55682f0aaa8303dd2b1f397e2927737a6845a449e0ea8b23233b5f99a52b15a4f0b35a8a4a658e2f02b0290e111ed73c52c3d8030f923fb43399e4dc5af8ca31afd7d0aa86a41f61faf31f9186a1c8c3752e5935b8bca54fedc3ecde38585ad138ac8d424c65dc89fd191c7e0175d8dfa80272a962ae62b26e17216802a3bf754ec3b8c72cb35f5c5776e5a5f4a1caa9c94c270e029ebaefa3c96ec63cd8495d328875b93ede011bcb88fd0f40bb039ee7e23c1a855e3c32e11f1719130e0b2243c0d6f4fb4eca00b97caa299f30ee4fcab200c68630d1da4f61cb77fed45a29325fdce906139a9ddf9aa81b9e3392990babb8bc19f98499e4ff17f472447bc6d7fad1fcaf80d65563333b27c085d10b68da3b1a113f565d6d048bd962442cd1bc57300d4365fbc8f968a914a5f4cb84109fc633085c1e016da2f4cc00413c5286e6f8a0ffa457000d18545320862d64de71c573d7b4168dea44dc9146e9dcfd9c287f38d6faa15484666177e6cbbbdc30441f73b8aeb17d157df25c8cddd3cb9c89b3635bb148c1c7d50a7deb665b3af7f824d259503ffb51eae6a918b98deed997e39a275db627addea58105efec6c30bac431cf547c45400f338eb316f4130ee3407e94e542063c0f7fad6ff75bd508ef959a6f1e390796372d8b370a8ac10294f4af4cce6da4f004a3eb3de8dad052662d906c7fef9e6a785bbc37ae5be5053a9257312a5c1c789bf2075525f6b81786460b466a38c17cf04e6e2214b0d883d3fc578621ad885a38370da5c4be323924a5a990fefbd27ff25d3825447c5167b5fb73a6a99ebfb0b1986340229abd3069a7cda8a066cc1dd4f702a33cf482dd0d8c7ff6eb91419d13b305b8ba64454340626023521dd49fd40006a2fc70bc8f9ade59e936ddb42d3e8c137b540a269f749cb2f59b657c6bbca15566b5a80b12d8a2bb8678b22afe617c6d5ae17cf30d32dd9c56ccada3eb8aacedd950b12518ce0d00a7abee795e5c7d34f49be69c25818ca32d0797b01d5d6782512f6c9a98c1a6c24dce7a807e8bdd223cf1b4541d3992f73df7be117e5ecae0c387460d68d81f5c6e6d8bbb275787ac673b3d43d7414527b57d6d4d2b8fb5151550483a78fe7b314a106af24e1719edaf00648b8a94aa8298580becfa25b035d1ffede082161dbbbd3b8ccb6d281deb6bb7dd780d1062057d3b4373aed8b60aa7cbf962b80266575e8ef5da0f48fcb78874486d6d08179dbf4d390e4628fd1559e58c209c834da5c61f2b174d38f8a60b7e80914c55cde6b5f7383b6721fa8c54a7b6910d88158c674cab7294b00fd1db941a867cd84c7a6facf69c6fcaf2b35727ef191b8c6ba4870821320a4d0293b9952cf1792831b5bf5918f3e740b90a02d8677325d8e4e86475c96f8517db52e8ac5a6492cda3f0127db9cc7b6534f5dbbae08dfbf0d3ca54f41f5be013efc0c0bfe386c82d19eeb0eaa2cbba5ae63ab35b5e4c3727bfea1cf773a95c9b3d250c6125412a1e88da5f831801296b9250e839c177107f43e750f5fcfbe1ae10ee2ebcd04056afa68a2bacc9e743c8d44599c79ce2a2af67a33fd947bc1fa0d00b20ae7400e8fe1dacc1874062ca5db72edc395cdc41596f9dcf5cd593368d2692ea0817c545422ceea4c1f1ab199a611dfa77dfe84747d9749044b6f8fd0f854aaeef54e6fab555ce3cce18b9479bb2a30ed016f783f948435600ee83b022d0bb7dbb7d22597dec9f06a4dcb1161a53b5902a41bc9c47822aec8d1d46326354246e1cfef6e7b29bea73c9f2351c367d421890b76d3d45893a68d4a8a82de7d28fe758adedb0c99d2a970297fae69d01c92181d50c44d53db18a9f540128378feac699e773ddb3cadce1a4a79106b41d8e44790bce12c0e0d698ca03969d069dcf42ac8ddea0b37671df0f076b5abc8ed46574ca3918760c14e7b757e14ecb653b70c70b7423f7c71d10ad16634bc4b5f55b78e8fd0f642f67bd3c898e89e43b662f40b4e760ebebf7e5cb39dfb8e6b2f892c7f8a9eb62fdea1a219d6ec32785ccd5d7efdcf8b95d46afd3b865c1a30a3d1698521cf9611ca45d3298180244433b27474d740f9b96f7908f0f34acad482a9109dc09b5a723a2be21bc29ea0ec05f3410cb9e026a3e381224c874683cefb8dc24ae0c8f0d4f03372f4c96e51c0848d63317244589bfe8d75f710873209b39b7c661b96a2c6e1432c834a247e920cb5e4e835e24868aed1aa3934b41e13192b32e1d1d4cb2ac3f42bb143cb8d217063a9eedae9bb6b0f34452968f0bc1fc697a333a79df748ddb75fe5af78f4a7d4f8458fb82663254bcff9a83124c25062886cf13329be3d1d4149446630e78e9c25680ba031b884e8eead53da2fa2c35239fe0b7d566b4c33cede2b72b7dc9d4e1a573184f4981fd2996e418d127976d1f8462ba927c606c8d1ff79fc806a1ae3aeb9aa94b0b070dde3b9da56265c9632f7474138edd6f395654762245c1c3402222b8df215bd285c874afccc5c45b2cbac703f902d5dbdece7cc92db573fd879ea8210ba8c1d4db7bc14fe88422a7cf0728fd2a9b2d9dcd05f9c5e3313b53ec08e524f8bb3756bb64b91f794acc9b9ec0f5affb1fa5a6a1777a27e9c5aea615afafa22504cfe8ad2ff944e0306326142f96e20c2ae414e129d7fd0ac466de51e3c22810eb336caf14ee1df9318491039ed16955305793e3ef5c539"}, 0x1)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80802, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0)
write$auto(0x3, 0x0, 0xfdef)

1.009859036s ago: executing program 0 (id=2797):
mmap$auto(0xb00, 0x8400008, 0x200, 0x9b71, 0x2, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
semctl$auto(0x7, 0x2, 0x13, 0x1)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
mknod$auto(0x0, 0xcb, 0xfffffffa)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
symlinkat$auto(&(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00')
ioctl$auto(r0, 0x560a, 0x7)

804.191764ms ago: executing program 0 (id=2798):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = setfsuid$auto(0xee00)
setresuid$auto(0xffffffffffffffff, r0, 0xffffffffffffffff)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2)
mmap$auto(0x0, 0x4, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000100", @ANYRES16=0x0, @ANYBLOB="000328bd7000ffdbdf25380000000400050104001e01"], 0x1c}, 0x1, 0x0, 0x0, 0x804}, 0x200040c0)
io_uring_setup$auto(0x6, 0x0)
mlockall$auto(0x7)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x11, 0x3, 0x2)
sendmsg$auto_NL80211_CMD_LEAVE_MESH(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x810}, 0x8000)
sendmsg$auto_SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="1b0f2bd5619151bba3ca01000000f786fbadfd84cceadc08eaa84fa444d6e5dcc5c0176c0f997fbaf448eb5fd7f6bf71d689a8b7e13e03890b43690a37c65d7e682d0e1e5240c3077fc3752708470bc6c09030bef9d8051e28cf4a8eb4a935425a84f80c63da10ba34a91b7b831ee7b14f88b3099e1496dea053ed1d06aa3a03585588ea0886c61ac10ef1"], 0x14}, 0x1, 0x0, 0x0, 0x44040}, 0x8040)
syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), 0xffffffffffffffff)
r1 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x80040, 0x40, 0xe}, 0x18)
mmap$auto(0xffffffffffffffff, 0x20009, 0x4000000000df, 0x11, 0x403, 0x8000)
socket(0x10, 0x2, 0x0)
openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x28000, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
socket(0xa, 0x2, 0x88)
setsockopt$auto(0xffffffffffffffff, 0x1, 0x6, 0x0, 0xc089)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, 0x0, 0x40200, 0x0)
clone$auto(0x1008000, 0x200, 0x0, 0x0, 0xf)
fremovexattr$auto(r1, &(0x7f0000000000)='system.posix_acl_access\x00')
mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x1e, 0xa, 0x80)

311.141728ms ago: executing program 1 (id=2799):
unshare$auto(0x40000080)
mmap$auto(0x0, 0x20009, 0x7, 0x12, 0xffffffffffffffff, 0xf4e)
mmap$auto(0x0, 0x2000b, 0x8, 0x90, 0x404, 0x10008000)
r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
write$auto_console_fops_tty_io(r0, &(0x7f0000001bc0)="51426572911c17e9dd66bf94ea32689283bb895dbc0a97721ed6e250c974356905898b7d48acecddf280cf6dd4ba18c1aa3928071c6585025ceab0e2f34f37ddec138ea587fc4def825608b0ab2a6ecac42062bd3c58ba606307b7471b20a40ffa168b91dde6727571c4ec94bfbde1df90ccb265ffda374c98ffb1ee22069af38a3f200532dbbe5e98f4455170e9a137517b9b7b8840359940ab00f37125c2bec0ac36606b6c69edb35967d723fb81a15faea2bd280d1581ad1ef597bb4dc09f6a5d53aaff1877b77c4e425761dc09d34498c1fce72c0ba1041a99b8748a37597b9567cda1de2cbf6962798e5ee11bf7cb2c70a9502f33c43b8e5dc54de743a2e24cb94c22d669b434888a7ce4cb16cd77b324258e07af32adc0cb38f8c622085783f6804edc3913fb9e98c55713fa0bf8101ad0f6f43407ce4be0001d1bb201bec283ade79ab23484c1076e703864629ac9a6031533dc956f705f89f0e0ef7d3109e46859d1f2ad1b8cb3cfcedf868a3be101e8b9acd75e39e6a27a541aa9fe86ad3119b7049c3fad2a901222eb948cabb4b5c3e5ba6ffc02a15bf7d550b00ab0f3dd3002924f7bd0701269ae293c4cb231b9127d1f6b38dd6fbb3429905384eed7eed9330a9c5e732bdd510169d9ca3e420ea2102be3770a0ab598c037b8f01e8910cf8b0942aafb156ac90724cf552df158a7f59c26e62f3fcf32d860c2259cb1b3118a773ff3cfbaf9c5b068dade5cd7778f1ea98700629b62534735fef3071c30afa6ea26f7e651ec140936c07d9e90f1c9faef3e05376b1e121af6a6691616c10e19fd4f16b1858b44d99e597908cda0e8fa8c21d8b700987d7723a4b5a4ff3c371f2d1cb9fb2f054abc58727239ba67a173f1431083fedc7c4304488c13c75e4995a58ac9de085377356ddc5338aeb44e7f3d06f82a5e0c846159c881a0395a3dbf32a9f2530a520721431a752b13b01a89bdf2b38387b72e8a533936623ec396f6ef94ddfcca047bf20a6fe450a03dedb36a57355e2519ff579b5c63095f48407ece8a7c6c4f5b2582616f0a6bba059810c0a28355fb08dceec9e290026452c3135f8ad93f9617f22e590122d43f6fdc1ea0f9ec12c551b5127108443bb081f7a89660034ea4f3c4305108428cc91918dbb28c2a117f09609e40903b13055e92a727afa767b1f97df335ee729686c0113e4cc18aa50f4ad82b1d403cc6c11ac3bf63415560417d7d488df01b69c925ca3fce60ca7ac767fd11df61caf62f3ab67dad043faf1cc334903e0f419c2e97553ecaad5814bf097192e76e9a16bc5c9be932718aba32cd7dbcc6bc634a463c6f709cc81963b39442e710c14c7e107b0aeb7b6a0e3f3757860d10dd741863277c43ce4dcec49f4558959b08f59182baf4f250aa045fee383ceaec280817bf222dfbeeca8c1ec8473176326c1ffd49ea072b5f3c73f36865b6052a1595c1bb76cfe37f976848fbcb408381ddeff9c318a2e6bbfe6c18ef16531fec3c47874a5391238c0d6b0e033db3fce94127cc9c98a4211e5d873f7b4810846d96be2d6cac532fce0ddee737e4d1ddb65b8b2449984a897e4090449ed4fb4006fb9d133e51396d4664a3f0c395c5b24781f8389979ccb565c6461b66db7134d15cff5ae8f935a5bcb23caace2edd2b37a726575e3cb0528de05edd9f03e30feb617767b6a557280a0a288b52af44a1607b6063867e5c9d8d56c44968fd509b5983fa06e6b1eefb2f8cee0c1cb49b8b569cf13b77adbc22ce972cd718167ac571ee41a446d13931f849d5636c729996b36ec84171fde260a4e01e9770cf687591a79833ae6473c51e12c0faab96ef093e6178d485526dbf775c94324c76bd4af2652e9036b1cc0d3df05c9232ee6eef7c4f46a6cf8ad160ad087aba6928bf156bf3ade1d135a965c4a2b283485737da67fe99227f2fbfb3baa74d75fe29122adfd82fcb9325b7ea826a52559654e76d494a374d9535facfcd4ab248e388c516bb8a0dc151b1557e418fd7c625c67ab1c50d6f05b97ba15c55631aeea44b21131aa93ead176f7bfd1418856e38782f004f272738827a64bb695f6b6a08cff8d1917be52a8851bd2bfd57d08bb0660e2ffc23792a419c2e9b006e3b0ad05044d99b97391fd2cceb86cf26acebe089a861340b04fd01e1baa70583032a30ea2e605217b80f7ee16d7e28be43d12bb2b67937dd26a8aeb84fef2f2d52f75232a400e7b279dcfc01953b0c46203477a50b5853e8f7b14b2ba31db742504bca6ed95b18846706c9fd85bf2a3a2642029b9ff2828bf0f7cbd96109a237961be8fe5c62f0fcc04c994f123f4a22f048403eac9308cfd2f2e4350c72e9ef83416ce973d3aa90d281a0275886dd3858b5869784ae58e257aa5af6d373dcc9cf520e364be748833adbb10daa6f6a334b51d27529d86ea5ce874562f9f93da45d244224b936fced3b658abbe7aa1f0d502fffce823f528ab47ea3540722f144733666229ae08cfc7e61247742ea4e3c180938ae7c7b81c1ee975c831f79672e044cefc49894c2ab73bba2580ac476cc0e56b6748b8edbb37a3f8dda7ffad4ec07abce7c4d10fc32e40d5a9db37f7b1e3a6eabedbefa9dd8eef189b92363d3391d384af26b7d47958d3d82845c9b668da5bcbd64058dc9e1c6d903ab5d2aa049d197116a11309a1abe9e5b3f9e7f1c623242b1d8089bc369d145a7070e8a9bdf543dbffe899ff9366009a3b0424a634681b530dad9ef23f136a10c7287068e57f3c2de45adf0a105c328e0035b97168f4c17aa4610b2e6e1a6ba0b71c06417b7a9497be4a009b19d7162adfd4d7b6490faf3782a920281333ad09b848ab5f4d15534b8c4e43dc9604b0630f8d349b2c80a98fde04693c31cbed7d460edfc0138dcc5d3974e682bbd555ac19625bf6e0607d8803391ec9c2dc41fc4e8bceae4f53507137324dd02914a067d52a577b812ddac4a34765c26a98839b3edb6290abff0c75991d6f8c1bd7540f38a7f25fec2f3539f894c938e1f3cf0ff1e6994d6a6ecc457a482f045ba712a85e8e31afd49c8e3480dc1c36d56ab2eceac6e5a847455d8ef4e3d45cd463c421bd1bce2ca57dd88f0e7ab3446cdfa8cb3914c240936f1738af7009e9131b240b59af55d7e38307b91fc8f00410cfdcfacaa341607a801afa63640091eb00b860700ea882878a8d9838f5597b970366be7d167ddebfe3c9253b5dbf7f30a67ee4d87dccb3c723c20200aa5fc036caf12811b19ce49c81ce328d7b24587353ecb99bafd327e33303cf447b36800d1bed8ee10df527d55c0d5f7506fb11cb1338074113579e665c6f3cffde5a8ee98a7bf3f8157986cf7c1c5dbdedaacbe3946b3d8809dec7387f006c062b93b6b481a806e5544ddeea7218fcc15c25a88164bfd0735e6290167cb2dbf4b4a317ba00b1fc27d203a6cff71ef8fe97a97d8e07af2ce1d0a0a2aa9ede7dd0572325075c83c2ecf866aa01654eff55ebe4e489e72152e6a3090e2348732704eb02997ffd23a63faabfbbbd1fb124cab606faed24a393058cea1c1286001ee5c0c1fa26b6a81ebdd4718a94cebdb45bfe812c771df398d3305da03d37ced9d0242", 0x9fc)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
mmap$auto(0x0, 0x2d6, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r2 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x0, 0x0)
pread64$auto(r2, 0x0, 0x101, 0x103)
read$auto_mon_fops_text_t_mon_text(r2, 0x0, 0x0)
ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x6)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bus/usb/022/001\x00', 0xa101, 0x0)
remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0xe, 0x0, 0x20)
ioctl$auto_IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0)
shmctl$auto(0x0, 0xd, 0x0)
mmap$auto(0x4000, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8001)
r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001680), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(r4, &(0x7f0000002300)={0x0, 0x0, &(0x7f00000022c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRESOCT=r3, @ANYBLOB="110325bd7000fedbdf2501"], 0x14}}, 0x10040)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000000), r4)
syz_genetlink_get_family_id$auto_ovs_datapath(0x0, r4)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socket(0x15, 0x5, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
recvmmsg$auto(r4, 0x0, 0x10000, 0x6, 0x0)

268.262904ms ago: executing program 4 (id=2800):
madvise$auto(0x4, 0xb, 0xa)
landlock_restrict_self$auto(0xffffffffffffffff, 0x101)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x400201, 0x0)
quotactl_fd$auto(0x0, 0x80000201, 0x0, 0xfffffffffffffffd)

97.645403ms ago: executing program 4 (id=2801):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r2)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r6=>0x0})
sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r3, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010027bd7080ffdbdf25100000000c000100", @ANYRES32=r6, @ANYBLOB="08000a00e675ee6185427bb8c0db51c309000000"], 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x80000) (async)
r7 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), r3)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000006c0)=ANY=[@ANYBLOB="68010000", @ANYRES16=r7, @ANYBLOB="1b0026bd7000fddbdf25030000004c0103804801018041012d8008002800040000000800b500", @ANYRES32=0x0, @ANYBLOB="b04e844ea904ebea1961b006b1f4786414515be8eb668dae1537305b2b85146fa0a185fbc8dc178799ba2fa6240a8d748b1a446d7a475487d45d152708908224abe9008a807897c7ca660c5e22dfb544bb1e556e2c79d947066b0502973dec091fef0790b61f07b31c3dd2ee5f0529fc8077e62f87badfe0ab4b46e9623926cd375613c4bde5cdc817bcaad729bd4888bc4133073dc8e8e4805d30b44c346689084a2acedfe7082f6c5bdd3c807df54fd34be815563254488b27ebb9b6e710fddc7600f10067ab35ede9f24221fdc80dd31a37d3c1256b43654c3a3b85edbcac47d71a14432c0662ea40898e214313ed0218f47a1f36a442d15fb111fe40341b601829dc1642c2eb2a94efbed2538400819d9b1abc52df9fb7de60d64a2bc46918afa2fde42a5dbbca34c81f55e0b0dc3837c5acde968e00000000000000000400038004000280"], 0x168}, 0x1, 0x0, 0x0, 0x4004040}, 0x4000844) (async)
ioctl$auto_VHOST_SET_VRING_KICK2(0xffffffffffffffff, 0x4008af20, &(0x7f0000000040)={0x8, <r8=>r2})
ioctl$auto_XFS_IOC_COMMIT_RANGE(0xffffffffffffffff, 0x40585883, &(0x7f0000000100)={<r9=>r8, 0x0, 0x3, 0xa070, 0x3, 0x80000000, [0xa, 0x0, 0x200, 0x6, 0x0, 0x1]})
sendmsg$auto_NL80211_CMD_GET_REG(r9, &(0x7f00000000c0)={0x0, 0xfffffdf4, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x24044815}, 0x8894)
r10 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
write$auto(r10, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) (async)
socket(0xa, 0x2, 0x88) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, 0x0, 0x44) (async)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async)
unshare$auto(0x40000080) (async)
mkdirat$auto(0xffffffffffffffff, 0x0, 0x8)
sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14010000caad4ad3d9ca615ac62db6e1bf7fd5e8b177eb6d095435ea5180bc885a680ed4335bd8fef02adf03dd559f2a1c0e2721bf2a4d5049270a37fd74622d5b60a241c3b11d052b8a1054f6ab37bab0ea06f6a970a18ffe86061e9a5da879befd6ab05c36ec6fc47316cf6fda39a47f7c437b1ca60a775af548d54d49d90895ab0c14de574e4c71ade7dc273beee12caba108f3b9f6020ad58857b96181e2856351fc43c3941eeb0e04d5d3302d164fd5e39bf4ce7d7254c11de01fd8e3f9ad143afe5a6f05cde1641729a7139d17389dd1c64617c767e22fff7a9a25a1842473a9fd047ad96b5d82", @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf2502000000e50004006e6673819bb6241016fb3ab3155990f9c0c0882e21731fe91d272648766eb188bf153ca665bca1fabe47092a5f6b575f6d1b3a2cc6a6fdbacdbebe3dc3bfd3663221c4054541ac0483f199a035fbf3f43f289c8b9ddc56c500096dde7ac9db6eb1090ae78c64cad8390d1a40e15fb15ff8f3b15dadafd9d0a83ad43c8dbc0d675b1d98b272ac83f873af68408ca7cdb32b517922e88a682cca7cd9b33f4861dba3460a475526371519eb9b9e55ab86109daf3eda2852cbe6f78cf8b1dfe474e69f81b3bbc3bf8ed95643a703724a2ef64c9462c503ea847592c0cd16fb3c0300000000000800010002000000"], 0x104}}, 0x4000)

0s ago: executing program 0 (id=2802):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
lseek$auto(0x3, 0x2, 0x4)
unshare$auto(0x40000080)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x2280, 0x0)
socket(0x1e, 0x1, 0x0)
lsm_set_self_attr$auto(0x11, 0x0, 0x7e, 0x0)
r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, 0x0, 0x101500, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/mm/transparent_hugepage/khugepaged/max_ptes_none\x00', 0x183042, 0x0)
write$auto(0x3, 0x0, 0xfdef)
ioctl$auto_SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f0000001700)={@inferred, 0xc, 0x3, 0x9, "9d4724b76f4d07faf46cb94d85033d940fdf05ecff75c12163ddeab942ed73d07dadd6f419694d591eca8162"})
r2 = fcntl$auto_F_RDLCK(r1, 0x6, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x17, r2, 0x8000)
sysfs$auto(0x2, 0x2, 0x0)
lsm_list_modules$auto(0x0, 0x0, 0x0)
write$auto(0xffffffffffffffff, &(0x7f00000000c0)='\\\xf3%\x00', 0x8)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
modify_ldt$auto(0x1, 0x0, 0x10)
modify_ldt$auto(0x0, 0x0, 0xfffffffffffffffb)
statmount$auto(0x0, &(0x7f0000000180)={0x4, 0x1, 0x9, 0x7, 0xc, 0x940, 0x1ffde, 0x7, 0x6, 0x3ff, 0x9, 0x1, 0x2, 0x4, 0x9, 0x8, 0x8, 0x1, 0x5, 0x7, 0x5d, 0x0, 0x3ff, 0x0, 0x0, 0x3, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c9, 0x0, 0x4, 0x0, 0x0, 0xe3a, 0x3]}, 0x400, 0x81)
r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x80000, 0x0)
ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, &(0x7f0000000140)={{@raw=0x80000000, 0x304, 0x218, 0x8, "3112d598004a614d19e22af9ffb683dbede3d0bf828bbfba40f035f4be6b7fe000900000000000755015e48d", @raw=0xfffff000}, 0x837, 0x3, 0x4, @inferred, @integer={0x3, 0xfffffffffffffff9, 0x8}, "7a9fc199a16a2311eacf2fc7ae1da978dc3e8090334fdd7327b386425608af790ada8dbdd70925450e24e87212f0bcab84a16f7ce8cbce0bb32777702b8d7c2d"})
r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="720100", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000)
sendfile$auto(r0, r4, 0x0, 0x1)

kernel console output (not intermixed with test programs):

461.190101][T14910] netlink: 306 bytes leftover after parsing attributes in process `syz.1.1949'.
[  461.272325][T14917] netlink: 5656 bytes leftover after parsing attributes in process `syz.0.1951'.
[  462.321437][T14938] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  464.540511][   T30] audit: type=1326 audit(4294985661.341:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15004 comm="syz.1.1969" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4e8238efc9 code=0x0
[  465.469733][T10477] Bluetooth: hci2: command 0x0c1a tx timeout
[  465.473336][ T5834] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  466.204639][T15050] FAULT_INJECTION: forcing a failure.
[  466.204639][T15050] name failslab, interval 1, probability 0, space 0, times 0
[  466.217673][T15050] CPU: 1 UID: 0 PID: 15050 Comm: syz.2.1980 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  466.217713][T15050] Tainted: [U]=USER
[  466.217722][T15050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  466.217736][T15050] Call Trace:
[  466.217743][T15050]  <TASK>
[  466.217753][T15050]  dump_stack_lvl+0x16c/0x1f0
[  466.217785][T15050]  should_fail_ex+0x512/0x640
[  466.217821][T15050]  ? __kmalloc_noprof+0xca/0x880
[  466.217861][T15050]  should_failslab+0xc2/0x120
[  466.217893][T15050]  __kmalloc_noprof+0xdd/0x880
[  466.217929][T15050]  ? sk_prot_alloc+0x1a8/0x2a0
[  466.217962][T15050]  ? sk_prot_alloc+0x1a8/0x2a0
[  466.217987][T15050]  sk_prot_alloc+0x1a8/0x2a0
[  466.218019][T15050]  sk_alloc+0x36/0xc20
[  466.218054][T15050]  mctp_pf_create+0xe8/0x360
[  466.218081][T15050]  __sock_create+0x338/0x8d0
[  466.218117][T15050]  __sys_socket+0x14d/0x260
[  466.218146][T15050]  ? __pfx___sys_socket+0x10/0x10
[  466.218176][T15050]  ? xfd_validate_state+0x61/0x180
[  466.218207][T15050]  ? __pfx_ksys_write+0x10/0x10
[  466.218241][T15050]  __x64_sys_socket+0x72/0xb0
[  466.218269][T15050]  ? lockdep_hardirqs_on+0x7c/0x110
[  466.218295][T15050]  do_syscall_64+0xcd/0xfa0
[  466.218324][T15050]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.218349][T15050] RIP: 0033:0x7f5070b8efc9
[  466.218371][T15050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  466.218396][T15050] RSP: 002b:00007f5071aae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  466.218420][T15050] RAX: ffffffffffffffda RBX: 00007f5070de5fa0 RCX: 00007f5070b8efc9
[  466.218438][T15050] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000000000000002d
[  466.218454][T15050] RBP: 00007f5070c11f91 R08: 0000000000000000 R09: 0000000000000000
[  466.218470][T15050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  466.218486][T15050] R13: 00007f5070de6038 R14: 00007f5070de5fa0 R15: 00007fffac881cf8
[  466.218521][T15050]  </TASK>
[  466.584690][   T30] audit: type=1326 audit(4294985663.400:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15056 comm="syz.3.1983" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4fb178efc9 code=0x0
[  467.204054][T15074] QAT: Device 250 not found
[  467.226277][T15074] netlink: 206 bytes leftover after parsing attributes in process `syz.0.1988'.
[  467.879518][T15077] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  468.592286][   T30] audit: type=1326 audit(4294985665.400:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15118 comm="syz.0.1999" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa51e18efc9 code=0x0
[  471.022899][T15162] binder: 15161:15162 ioctl c0306201 2000000002c0 returned -14
[  471.842002][T15189] netlink: 'syz.2.2013': attribute type 1 has an invalid length.
[  471.920339][T15196] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2015'.
[  471.933045][T15191] mkiss: ax0: crc mode is auto.
[  472.994003][T15229] FAULT_INJECTION: forcing a failure.
[  472.994003][T15229] name failslab, interval 1, probability 0, space 0, times 0
[  473.050318][T15229] CPU: 0 UID: 0 PID: 15229 Comm: syz.1.2022 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  473.050361][T15229] Tainted: [U]=USER
[  473.050368][T15229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  473.050383][T15229] Call Trace:
[  473.050391][T15229]  <TASK>
[  473.050402][T15229]  dump_stack_lvl+0x16c/0x1f0
[  473.050437][T15229]  should_fail_ex+0x512/0x640
[  473.050471][T15229]  ? __kmalloc_cache_noprof+0x5f/0x780
[  473.050511][T15229]  should_failslab+0xc2/0x120
[  473.050539][T15229]  __kmalloc_cache_noprof+0x72/0x780
[  473.050572][T15229]  ? crtc_or_fake_commit.part.0+0x7f/0x110
[  473.050602][T15229]  ? crtc_or_fake_commit.part.0+0x7f/0x110
[  473.050625][T15229]  crtc_or_fake_commit.part.0+0x7f/0x110
[  473.050659][T15229]  drm_atomic_helper_setup_commit+0x1066/0x15d0
[  473.050701][T15229]  drm_atomic_helper_commit+0xa9/0x380
[  473.050731][T15229]  ? __pfx_drm_atomic_helper_commit+0x10/0x10
[  473.050761][T15229]  drm_atomic_commit+0x234/0x300
[  473.050787][T15229]  ? __pfx_drm_atomic_commit+0x10/0x10
[  473.050812][T15229]  ? __pfx___drm_printfn_info+0x10/0x10
[  473.050837][T15229]  ? drm_client_rotation+0x4da/0x6a0
[  473.050869][T15229]  drm_client_modeset_commit_atomic+0x69d/0x7e0
[  473.050907][T15229]  ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10
[  473.050936][T15229]  ? rcu_is_watching+0x12/0xc0
[  473.050984][T15229]  drm_client_modeset_commit_locked+0x14d/0x580
[  473.051017][T15229]  drm_client_modeset_commit+0x4f/0x80
[  473.051045][T15229]  __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200
[  473.051074][T15229]  ? __pfx_drm_fbdev_client_restore+0x10/0x10
[  473.051098][T15229]  drm_fbdev_client_restore+0x2c/0x40
[  473.051120][T15229]  drm_client_dev_restore+0x1f6/0x2a0
[  473.051152][T15229]  drm_release+0x2c4/0x360
[  473.051180][T15229]  ? __pfx_drm_release+0x10/0x10
[  473.051204][T15229]  __fput+0x402/0xb70
[  473.051236][T15229]  task_work_run+0x150/0x240
[  473.051270][T15229]  ? __pfx_task_work_run+0x10/0x10
[  473.051299][T15229]  ? __pfx___do_sys_close_range+0x10/0x10
[  473.051327][T15229]  exit_to_user_mode_loop+0xec/0x130
[  473.051356][T15229]  do_syscall_64+0x426/0xfa0
[  473.051380][T15229]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  473.051401][T15229] RIP: 0033:0x7f4e8238efc9
[  473.051417][T15229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  473.051437][T15229] RSP: 002b:00007f4e8327d038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  473.051456][T15229] RAX: 0000000000000000 RBX: 00007f4e825e5fa0 RCX: 00007f4e8238efc9
[  473.051470][T15229] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002
[  473.051481][T15229] RBP: 00007f4e82411f91 R08: 0000000000000000 R09: 0000000000000000
[  473.051494][T15229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  473.051507][T15229] R13: 00007f4e825e6038 R14: 00007f4e825e5fa0 R15: 00007ffca2cef058
[  473.051537][T15229]  </TASK>
[  474.896760][T15285] netlink: 'syz.3.2035': attribute type 1 has an invalid length.
[  475.117366][T15270] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  476.345427][T15317] random: crng reseeded on system resumption
[  476.702941][   T30] audit: type=1326 audit(4294985673.558:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15325 comm="syz.3.2046" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4fb178efc9 code=0x0
[  476.760095][   T30] audit: type=1326 audit(4294985673.618:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15328 comm="syz.2.2048" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5070b8efc9 code=0x0
[  476.856911][T15333] FAULT_INJECTION: forcing a failure.
[  476.856911][T15333] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  476.885807][T15333] CPU: 1 UID: 0 PID: 15333 Comm: syz.2.2048 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  476.885845][T15333] Tainted: [U]=USER
[  476.885852][T15333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  476.885864][T15333] Call Trace:
[  476.885876][T15333]  <TASK>
[  476.885885][T15333]  dump_stack_lvl+0x16c/0x1f0
[  476.885914][T15333]  should_fail_ex+0x512/0x640
[  476.885951][T15333]  _copy_to_user+0x32/0xd0
[  476.885987][T15333]  simple_read_from_buffer+0xcb/0x170
[  476.886023][T15333]  proc_fail_nth_read+0x197/0x240
[  476.886048][T15333]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  476.886073][T15333]  ? rw_verify_area+0xcf/0x6c0
[  476.886094][T15333]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  476.886119][T15333]  vfs_read+0x1e4/0xcf0
[  476.886148][T15333]  ? __pfx___mutex_lock+0x10/0x10
[  476.886176][T15333]  ? __pfx_vfs_read+0x10/0x10
[  476.886200][T15333]  ? __fget_files+0x20e/0x3c0
[  476.886220][T15333]  ksys_read+0x12a/0x250
[  476.886235][T15333]  ? __pfx_ksys_read+0x10/0x10
[  476.886255][T15333]  do_syscall_64+0xcd/0xfa0
[  476.886275][T15333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  476.886290][T15333] RIP: 0033:0x7f5070b8d9dc
[  476.886302][T15333] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  476.886317][T15333] RSP: 002b:00007f5071a8d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  476.886331][T15333] RAX: ffffffffffffffda RBX: 00007f5070de6090 RCX: 00007f5070b8d9dc
[  476.886340][T15333] RDX: 000000000000000f RSI: 00007f5071a8d0a0 RDI: 0000000000000004
[  476.886348][T15333] RBP: 00007f5071a8d090 R08: 0000000000000000 R09: 0000000000000000
[  476.886357][T15333] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000001
[  476.886365][T15333] R13: 00007f5070de6128 R14: 00007f5070de6090 R15: 00007fffac881cf8
[  476.886385][T15333]  </TASK>
[  478.119993][T15360] netlink: 'syz.0.2056': attribute type 1 has an invalid length.
[  479.187146][   T30] audit: type=1326 audit(4294985676.049:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15382 comm="syz.3.2060" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4fb178efc9 code=0x0
[  480.273003][T10477] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  480.280586][T10477] Bluetooth: hci2: Invalid handle: 0x3a4a > 0x0eff
[  480.316131][T15419] futex_wake_op: syz.3.2067 tries to shift op by -2048; fix this program
[  483.211456][T15511] binder: BINDER_SET_CONTEXT_MGR already set
[  483.224792][T15511] binder: 15508:15511 ioctl 4018620d 9 returned -16
[  483.702875][T15531] tipc: Started in network mode
[  483.715494][T15531] tipc: Node identity 45e5412, cluster identity 4711
[  483.728609][T15531] tipc: Node number set to 73290770
[  483.746937][T15531] delete_channel: no stack
[  485.054072][T15573] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2106'.
[  485.415344][T15537] kexec: Could not allocate control_code_buffer
[  485.902176][T15598] program syz.0.2111 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  486.073672][   T30] audit: type=1326 audit(4294985682.982:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15604 comm="syz.0.2113" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa51e18efc9 code=0x0
[  486.359063][T15622] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2118'.
[  486.386440][T15622] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2118'.
[  486.407846][T15622] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2118'.
[  486.468987][T15622] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2118'.
[  487.360789][T15671] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2129'.
[  490.316447][T15739] HfR: entered promiscuous mode
[  491.671058][T15772] netlink: 194 bytes leftover after parsing attributes in process `syz.0.2150'.
[  492.943400][T15786] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  492.978097][T15786] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  493.019843][T15786] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  493.420385][T10477] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  493.956228][T15823] netlink: 146 bytes leftover after parsing attributes in process `syz.1.2162'.
[  494.603411][T10477] Bluetooth: hci0: command 0x0c1a tx timeout
[  494.864276][T15847] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2169'.
[  495.000893][T10477] Bluetooth: hci1: command 0x0c1a tx timeout
[  495.110374][T10477] Bluetooth: hci3: command 0x0c1a tx timeout
[  495.436522][T15863] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2174'.
[  497.071269][T10477] Bluetooth: hci1: command 0x0c1a tx timeout
[  497.255073][T15922] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  497.625165][T15930] zswap: compressor  not available
[  498.742680][T15985] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2198'.
[  498.768174][T15985] netlink: 17 bytes leftover after parsing attributes in process `syz.3.2198'.
[  499.492028][T15989] can: request_module (can-proto-0) failed.
@[  500.500288][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  500.507190][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  504.948043][T16134] nfs4: Unknown parameter 'nfsd'
[  505.469345][T16135] FAULT_INJECTION: forcing a failure.
[  505.469345][T16135] name failslab, interval 1, probability 0, space 0, times 0
[  505.561681][T16135] CPU: 0 UID: 0 PID: 16135 Comm: syz.2.2232 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  505.561726][T16135] Tainted: [U]=USER
[  505.561735][T16135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  505.561751][T16135] Call Trace:
[  505.561760][T16135]  <TASK>
[  505.561770][T16135]  dump_stack_lvl+0x16c/0x1f0
[  505.561805][T16135]  should_fail_ex+0x512/0x640
[  505.561842][T16135]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  505.561872][T16135]  should_failslab+0xc2/0x120
[  505.561904][T16135]  kmem_cache_alloc_noprof+0x75/0x6e0
[  505.561930][T16135]  ? mas_preallocate+0xe6a/0x11f0
[  505.561966][T16135]  ? mas_preallocate+0xe6a/0x11f0
[  505.561992][T16135]  mas_preallocate+0xe6a/0x11f0
[  505.562025][T16135]  ? __pfx_mas_preallocate+0x10/0x10
[  505.562061][T16135]  ? rcu_read_unlock+0x17/0x60
[  505.562101][T16135]  vma_link+0x12e/0x6a0
[  505.562130][T16135]  ? __pfx_vma_link+0x10/0x10
[  505.562163][T16135]  ? anon_vma_clone+0x405/0x5c0
[  505.562199][T16135]  ? anon_vma_name+0x81/0x2f0
[  505.562240][T16135]  copy_vma+0x6b7/0xa90
[  505.562271][T16135]  ? __pfx_copy_vma+0x10/0x10
[  505.562305][T16135]  ? register_lock_class+0x41/0x4c0
[  505.562357][T16135]  ? rcu_is_watching+0x12/0xc0
[  505.562382][T16135]  ? finish_task_switch.isra.0+0x221/0xc10
[  505.562409][T16135]  ? lockdep_hardirqs_on+0x7c/0x110
[  505.562441][T16135]  copy_vma_and_data+0x1cf/0x790
[  505.562469][T16135]  ? __pfx_copy_vma_and_data+0x10/0x10
[  505.562502][T16135]  ? __vma_enter_locked+0x163/0x3f0
[  505.562542][T16135]  ? find_held_lock+0x2b/0x80
[  505.562569][T16135]  ? move_vma+0x52e/0x1770
[  505.562602][T16135]  move_vma+0x540/0x1770
[  505.562641][T16135]  ? __pfx_move_vma+0x10/0x10
[  505.562672][T16135]  ? shmem_get_unmapped_area+0x170/0xa00
[  505.562712][T16135]  ? cap_mmap_addr+0x4b/0x120
[  505.562746][T16135]  ? bpf_lsm_mmap_addr+0x9/0x10
[  505.562774][T16135]  ? security_mmap_addr+0x6c/0x1e0
[  505.562800][T16135]  ? __get_unmapped_area+0x267/0x440
[  505.562835][T16135]  ? vrm_set_new_addr+0x208/0x290
[  505.562862][T16135]  mremap_to+0x1b7/0x450
[  505.562889][T16135]  do_mremap+0x13a8/0x2020
[  505.562916][T16135]  ? futex_private_hash_put+0x140/0x300
[  505.562958][T16135]  ? __pfx_do_mremap+0x10/0x10
[  505.563005][T16135]  __do_sys_mremap+0x119/0x170
[  505.563029][T16135]  ? __pfx___do_sys_mremap+0x10/0x10
[  505.563066][T16135]  ? __x64_sys_futex+0x1e0/0x4c0
[  505.563118][T16135]  do_syscall_64+0xcd/0xfa0
[  505.563148][T16135]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  505.563173][T16135] RIP: 0033:0x7f5070b8efc9
[  505.563192][T16135] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  505.563214][T16135] RSP: 002b:00007f5071aae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  505.563239][T16135] RAX: ffffffffffffffda RBX: 00007f5070de5fa0 RCX: 00007f5070b8efc9
[  505.563255][T16135] RDX: 0000000000000843 RSI: 00000000000000ff RDI: 00000000001ff000
[  505.563270][T16135] RBP: 00007f5070c11f91 R08: 00000000fffff000 R09: 0000000000000000
[  505.563286][T16135] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
[  505.563300][T16135] R13: 00007f5070de6038 R14: 00007f5070de5fa0 R15: 00007fffac881cf8
[  505.563332][T16135]  </TASK>
[  507.374326][T16168] bridge0: port 3(gretap0) entered blocking state
[  507.416604][T16168] bridge0: port 3(gretap0) entered disabled state
[  507.454067][T16168] gretap0: entered allmulticast mode
[  507.480880][T16168] gretap0: entered promiscuous mode
[  507.512938][T16168] bridge0: port 3(gretap0) entered blocking state
[  507.519546][T16168] bridge0: port 3(gretap0) entered forwarding state
[  508.985412][T16210] tipc: Started in network mode
[  508.993021][T16210] tipc: Node identity 45e5412, cluster identity 4711
[  509.040111][T16210] tipc: Node number set to 73290770
[  509.474248][T16230] FAULT_INJECTION: forcing a failure.
[  509.474248][T16230] name failslab, interval 1, probability 0, space 0, times 0
[  509.487067][T16230] CPU: 0 UID: 0 PID: 16230 Comm: syz.2.2256 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  509.487092][T16230] Tainted: [U]=USER
[  509.487097][T16230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  509.487105][T16230] Call Trace:
[  509.487110][T16230]  <TASK>
[  509.487116][T16230]  dump_stack_lvl+0x16c/0x1f0
[  509.487136][T16230]  should_fail_ex+0x512/0x640
[  509.487158][T16230]  ? __kmalloc_noprof+0xca/0x880
[  509.487190][T16230]  should_failslab+0xc2/0x120
[  509.487209][T16230]  __kmalloc_noprof+0xdd/0x880
[  509.487231][T16230]  ? lsm_blob_alloc+0x68/0x90
[  509.487252][T16230]  ? lsm_blob_alloc+0x68/0x90
[  509.487267][T16230]  lsm_blob_alloc+0x68/0x90
[  509.487284][T16230]  security_sk_alloc+0x30/0x270
[  509.487305][T16230]  sk_prot_alloc+0x1c7/0x2a0
[  509.487324][T16230]  sk_alloc+0x36/0xc20
[  509.487345][T16230]  __netlink_create+0x5e/0x2c0
[  509.487364][T16230]  ? __wake_up+0x3f/0x60
[  509.487381][T16230]  netlink_create+0x39e/0x620
[  509.487402][T16230]  ? __pfx_rtnetlink_bind+0x10/0x10
[  509.487425][T16230]  __sock_create+0x338/0x8d0
[  509.487446][T16230]  __sys_socket+0x14d/0x260
[  509.487464][T16230]  ? __pfx___sys_socket+0x10/0x10
[  509.487481][T16230]  ? xfd_validate_state+0x61/0x180
[  509.487500][T16230]  ? __pfx_do_writev+0x10/0x10
[  509.487518][T16230]  __x64_sys_socket+0x72/0xb0
[  509.487534][T16230]  ? lockdep_hardirqs_on+0x7c/0x110
[  509.487549][T16230]  do_syscall_64+0xcd/0xfa0
[  509.487566][T16230]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  509.487581][T16230] RIP: 0033:0x7f5070b8efc9
[  509.487593][T16230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  509.487607][T16230] RSP: 002b:00007f5071a8d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  509.487620][T16230] RAX: ffffffffffffffda RBX: 00007f5070de6090 RCX: 00007f5070b8efc9
[  509.487631][T16230] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000010
[  509.487639][T16230] RBP: 00007f5070c11f91 R08: 0000000000000000 R09: 0000000000000000
[  509.487647][T16230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  509.487655][T16230] R13: 00007f5070de6128 R14: 00007f5070de6090 R15: 00007fffac881cf8
[  509.487674][T16230]  </TASK>
[  511.944915][T16286] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  513.018563][T10478] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  513.034877][T10478] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  513.046712][T10478] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  513.058570][T10478] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  513.086090][T10478] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  513.248557][T10630] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  513.382140][T10630] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  513.535885][T10630] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  513.697120][T10630] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  513.701516][T16362] vivid-007: =================  START STATUS  =================
[  513.748445][T16362] vivid-007: Generate PTS: true
[  513.772659][T16362] vivid-007: Generate SCR: true
[  513.802772][T16362] tpg source WxH: 320x240 (Y'CbCr)
[  513.815044][T16362] tpg field: 1
[  513.818453][T16362] tpg crop: (0,0)/320x240
[  513.850294][T16362] tpg compose: (0,0)/320x240
[  513.881369][T16362] tpg colorspace: 8
[  513.892922][T16362] tpg transfer function: 0/0
[  513.898867][T16362] tpg Y'CbCr encoding: 0/0
[  513.922902][T16362] tpg quantization: 0/0
[  513.927277][T16362] tpg RGB range: 0/2
[  513.931184][T16362] vivid-007: ==================  END STATUS  ==================
[  514.123037][T16331] chnl_net:caif_netlink_parms(): no params data found
[  514.151014][T10630] bridge_slave_0: left allmulticast mode
[  514.157429][T10630] bridge_slave_0: left promiscuous mode
[  514.178528][T10630] bridge0: port 1(bridge_slave_0) entered disabled state
[  515.129474][T10630] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  515.149660][T10478] Bluetooth: hci2: command tx timeout
[  515.176523][T10630] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  515.200689][T10630] bond0 (unregistering): Released all slaves
[  515.443400][T10630] �: left promiscuous mode
[  515.597724][T10630] : left promiscuous mode
[  515.615350][T16331] bridge0: port 1(bridge_slave_0) entered blocking state
[  515.624119][T16331] bridge0: port 1(bridge_slave_0) entered disabled state
[  515.644021][T16331] bridge_slave_0: entered allmulticast mode
[  515.651828][T16331] bridge_slave_0: entered promiscuous mode
[  515.726380][T16331] bridge0: port 2(bridge_slave_1) entered blocking state
[  515.755247][T16331] bridge0: port 2(bridge_slave_1) entered disabled state
[  515.762523][T16331] bridge_slave_1: entered allmulticast mode
[  515.808122][T16331] bridge_slave_1: entered promiscuous mode
[  515.845328][T10630] tipc: Left network mode
[  516.060164][T16331] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  516.101922][T16331] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  516.565629][T16331] team0: Port device team_slave_0 added
[  516.601191][T16415] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2288'.
[  516.611072][T16331] team0: Port device team_slave_1 added
[  516.632218][T16415] netlink: 'syz.0.2288': attribute type 1 has an invalid length.
[  516.674720][T16415] netlink: 13 bytes leftover after parsing attributes in process `syz.0.2288'.
[  517.109625][T16331] batman_adv: batadv0: Adding interface: batadv_slave_0
[  517.127483][T16331] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  517.205007][T16331] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  517.229345][T10478] Bluetooth: hci2: command tx timeout
[  517.332517][T16331] batman_adv: batadv0: Adding interface: batadv_slave_1
[  517.358079][T16331] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  517.388057][T16331] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  517.552668][T16432] Trying to write to read-only block-device sda1
[  517.735981][T16331] hsr_slave_0: entered promiscuous mode
[  517.749745][T16331] hsr_slave_1: entered promiscuous mode
[  518.324358][T16455] netlink: 138 bytes leftover after parsing attributes in process `syz.1.2296'.
[  518.485742][T10630] hsr_slave_0: left promiscuous mode
[  518.488941][T10630] hsr_slave_1: left promiscuous mode
[  518.489853][T10630] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  518.489892][T10630] batman_adv: batadv0: Removing interface: batadv_slave_0
[  518.586665][T10630] veth1_macvtap: left promiscuous mode
[  518.598098][T10630] veth0_macvtap: left promiscuous mode
[  518.612446][T10630] veth1_vlan: left promiscuous mode
[  518.612677][T10630] veth0_vlan: left promiscuous mode
[  519.292279][T10478] Bluetooth: hci2: command tx timeout
[  519.577952][T10630] team0 (unregistering): Port device team_slave_1 removed
[  519.622487][T10630] team0 (unregistering): Port device team_slave_0 removed
[  521.357317][T10478] Bluetooth: hci2: command tx timeout
[  521.549939][T16331] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  521.736219][T16331] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  521.765083][T16331] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  521.858135][T16331] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  522.214908][T16331] 8021q: adding VLAN 0 to HW filter on device bond0
[  522.311447][T16331] 8021q: adding VLAN 0 to HW filter on device team0
[  522.342599][T10294] bridge0: port 1(bridge_slave_0) entered blocking state
[  522.349826][T10294] bridge0: port 1(bridge_slave_0) entered forwarding state
[  522.397038][   T30] audit: type=1326 audit(4294985719.462:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16569 comm="syz.0.2313" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa51e18efc9 code=0x0
[  522.435314][T10630] bridge0: port 2(bridge_slave_1) entered blocking state
[  522.442535][T10630] bridge0: port 2(bridge_slave_1) entered forwarding state
[  522.818159][T16581] svc: failed to register nfsdv3 RPC service (errno 111).
[  522.841423][T16581] svc: failed to register nfsaclv3 RPC service (errno 111).
[  523.078597][T16331] 8021q: adding VLAN 0 to HW filter on device batadv0
[  523.195529][T16331] veth0_vlan: entered promiscuous mode
[  523.240645][T16331] veth1_vlan: entered promiscuous mode
[  523.304814][T16596] vhci_hcd: invalid port number 16
[  523.317864][T16596] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub
[  523.321893][T16331] veth0_macvtap: entered promiscuous mode
[  523.355741][T16331] veth1_macvtap: entered promiscuous mode
[  523.456050][T16331] batman_adv: batadv0: Interface activated: batadv_slave_0
[  523.489639][T16331] batman_adv: batadv0: Interface activated: batadv_slave_1
[  523.532078][T11500] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  523.543729][T11500] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  523.595789][T11500] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  523.604687][T11500] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  524.283840][T10616] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  524.291680][T10616] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  524.698084][T11500] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  524.741459][T11500] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  525.404851][T16664] netlink: 'syz.1.2323': attribute type 15 has an invalid length.
[  525.418090][T16664] netlink: 186 bytes leftover after parsing attributes in process `syz.1.2323'.
[  525.707137][T16676] random: crng reseeded on system resumption
[  526.743504][T16701] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2327'.
[  526.891173][T16712] FAULT_INJECTION: forcing a failure.
[  526.891173][T16712] name fail_futex, interval 1, probability 0, space 0, times 0
[  526.923911][T16712] CPU: 0 UID: 0 PID: 16712 Comm: syz.2.2329 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  526.923955][T16712] Tainted: [U]=USER
[  526.923964][T16712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  526.923979][T16712] Call Trace:
[  526.923988][T16712]  <TASK>
[  526.923997][T16712]  dump_stack_lvl+0x16c/0x1f0
[  526.924032][T16712]  should_fail_ex+0x512/0x640
[  526.924074][T16712]  get_futex_key+0x1d0/0x1560
[  526.924114][T16712]  ? __pfx_get_futex_key+0x10/0x10
[  526.924158][T16712]  futex_wake+0xea/0x530
[  526.924195][T16712]  ? rcu_is_watching+0x12/0xc0
[  526.924223][T16712]  ? __pfx_futex_wake+0x10/0x10
[  526.924264][T16712]  ? kmem_cache_free+0x2d4/0x6c0
[  526.924290][T16712]  ? putname+0x154/0x1a0
[  526.924330][T16712]  do_futex+0x1e3/0x350
[  526.924363][T16712]  ? __pfx_do_futex+0x10/0x10
[  526.924406][T16712]  __x64_sys_futex+0x1e0/0x4c0
[  526.924441][T16712]  ? __x64_sys_openat+0x174/0x210
[  526.924478][T16712]  ? __pfx___x64_sys_futex+0x10/0x10
[  526.924525][T16712]  do_syscall_64+0xcd/0xfa0
[  526.924556][T16712]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  526.924582][T16712] RIP: 0033:0x7f5070b8efc9
[  526.924613][T16712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  526.924639][T16712] RSP: 002b:00007f5071a8d0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  526.924663][T16712] RAX: ffffffffffffffda RBX: 00007f5070de6098 RCX: 00007f5070b8efc9
[  526.924682][T16712] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5070de609c
[  526.924698][T16712] RBP: 00007f5070de6090 R08: 00007f5071aaf000 R09: 0000000000000000
[  526.924716][T16712] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000000
[  526.924732][T16712] R13: 00007f5070de6128 R14: 00007fffac881c10 R15: 00007fffac881cf8
[  526.924768][T16712]  </TASK>
[  529.834737][T16784] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  530.270155][T16792] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  530.962255][T16814] futex_wake_op: syz.3.2350 tries to shift op by -2048; fix this program
[  530.970968][T16814] futex_wake_op: syz.3.2350 tries to shift op by -2048; fix this program
[  531.145458][T16818] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  532.064686][T16827] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2354'.
[  532.096566][T16832] FAULT_INJECTION: forcing a failure.
[  532.096566][T16832] name failslab, interval 1, probability 0, space 0, times 0
[  532.280100][T16832] CPU: 1 UID: 0 PID: 16832 Comm: syz.3.2355 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  532.280146][T16832] Tainted: [U]=USER
[  532.280155][T16832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  532.280170][T16832] Call Trace:
[  532.280179][T16832]  <TASK>
[  532.280189][T16832]  dump_stack_lvl+0x16c/0x1f0
[  532.280224][T16832]  should_fail_ex+0x512/0x640
[  532.280258][T16832]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  532.280288][T16832]  should_failslab+0xc2/0x120
[  532.280321][T16832]  kmem_cache_alloc_noprof+0x75/0x6e0
[  532.280345][T16832]  ? find_held_lock+0x2b/0x80
[  532.280370][T16832]  ? alloc_empty_file+0x55/0x1e0
[  532.280410][T16832]  ? alloc_empty_file+0x55/0x1e0
[  532.280440][T16832]  alloc_empty_file+0x55/0x1e0
[  532.280471][T16832]  path_openat+0xda/0x2cb0
[  532.280509][T16832]  ? __pfx_path_openat+0x10/0x10
[  532.280546][T16832]  do_filp_open+0x20b/0x470
[  532.280572][T16832]  ? __pfx_do_filp_open+0x10/0x10
[  532.280623][T16832]  ? _raw_spin_unlock+0x28/0x50
[  532.280644][T16832]  ? alloc_fd+0x471/0x7d0
[  532.280679][T16832]  do_sys_openat2+0x11b/0x1d0
[  532.280713][T16832]  ? __pfx_do_sys_openat2+0x10/0x10
[  532.280762][T16832]  __x64_sys_open+0x153/0x1e0
[  532.280796][T16832]  ? __pfx___x64_sys_open+0x10/0x10
[  532.280839][T16832]  ? rcu_is_watching+0x12/0xc0
[  532.280869][T16832]  do_syscall_64+0xcd/0xfa0
[  532.280899][T16832]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.280925][T16832] RIP: 0033:0x7f70ec18efc9
[  532.280946][T16832] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  532.280970][T16832] RSP: 002b:00007f70ed0f8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  532.280996][T16832] RAX: ffffffffffffffda RBX: 00007f70ec3e5fa0 RCX: 00007f70ec18efc9
[  532.281014][T16832] RDX: 0000000000000055 RSI: 0000000000022240 RDI: 0000000000000000
[  532.281031][T16832] RBP: 00007f70ec211f91 R08: 0000000000000000 R09: 0000000000000000
[  532.281047][T16832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  532.281063][T16832] R13: 00007f70ec3e6038 R14: 00007f70ec3e5fa0 R15: 00007ffff90a5bf8
[  532.281107][T16832]  </TASK>
[  532.545597][T16834] delete_channel: no stack
[  533.254222][   T30] audit: type=1326 audit(4294986753.382:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16850 comm="syz.0.2360" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa51e18efc9 code=0x0
[  533.399588][T16853] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[  534.835319][T16888] FAULT_INJECTION: forcing a failure.
[  534.835319][T16888] name failslab, interval 1, probability 0, space 0, times 0
[  534.984965][T16888] CPU: 0 UID: 0 PID: 16888 Comm: syz.2.2367 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  534.985006][T16888] Tainted: [U]=USER
[  534.985014][T16888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  534.985030][T16888] Call Trace:
[  534.985036][T16888]  <TASK>
[  534.985043][T16888]  dump_stack_lvl+0x16c/0x1f0
[  534.985063][T16888]  should_fail_ex+0x512/0x640
[  534.985086][T16888]  ? __kmalloc_noprof+0xca/0x880
[  534.985110][T16888]  should_failslab+0xc2/0x120
[  534.985129][T16888]  __kmalloc_noprof+0xdd/0x880
[  534.985150][T16888]  ? __register_sysctl_table+0xb3/0x1900
[  534.985175][T16888]  ? __register_sysctl_table+0xb3/0x1900
[  534.985194][T16888]  __register_sysctl_table+0xb3/0x1900
[  534.985215][T16888]  ? is_module_address+0x5f/0xf0
[  534.985238][T16888]  ? __pfx___register_sysctl_table+0x10/0x10
[  534.985257][T16888]  ? is_module_address+0x69/0xf0
[  534.985275][T16888]  ? register_net_sysctl_sz+0x228/0x3e0
[  534.985295][T16888]  ? __asan_memcpy+0x3c/0x60
[  534.985311][T16888]  xfrm_sysctl_init+0x1f5/0x2d0
[  534.985335][T16888]  xfrm_net_init+0x842/0xcc0
[  534.985359][T16888]  ? __pfx_xfrm_net_init+0x10/0x10
[  534.985378][T16888]  ops_init+0x1e2/0x5f0
[  534.985396][T16888]  setup_net+0x100/0x390
[  534.985410][T16888]  ? __pfx_setup_net+0x10/0x10
[  534.985425][T16888]  ? debug_mutex_init+0x37/0x70
[  534.985442][T16888]  copy_net_ns+0x2f8/0x690
[  534.985460][T16888]  create_new_namespaces+0x3ea/0xa90
[  534.985486][T16888]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  534.985504][T16888]  ksys_unshare+0x45b/0xa40
[  534.985524][T16888]  ? __pfx_ksys_unshare+0x10/0x10
[  534.985544][T16888]  ? xfd_validate_state+0x61/0x180
[  534.985569][T16888]  __x64_sys_unshare+0x31/0x40
[  534.985587][T16888]  do_syscall_64+0xcd/0xfa0
[  534.985604][T16888]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  534.985618][T16888] RIP: 0033:0x7f5070b8efc9
[  534.985631][T16888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  534.985644][T16888] RSP: 002b:00007f5071aae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  534.985659][T16888] RAX: ffffffffffffffda RBX: 00007f5070de5fa0 RCX: 00007f5070b8efc9
[  534.985669][T16888] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  534.985677][T16888] RBP: 00007f5070c11f91 R08: 0000000000000000 R09: 0000000000000000
[  534.985686][T16888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  534.985694][T16888] R13: 00007f5070de6038 R14: 00007f5070de5fa0 R15: 00007fffac881cf8
[  534.985717][T16888]  </TASK>
[  535.243489][    C0] vkms_vblank_simulate: vblank timer overrun
[  535.980365][T16903] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2371'.
[  536.080834][T16896] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[  537.361069][T16914] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  537.382261][T16914] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  537.388422][T16914] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  537.520685][T16914] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  537.534037][T16914] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  537.549706][T16914] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  537.570289][T16914] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  537.623060][T10477] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  537.634708][T10477] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  537.643592][T10477] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  537.652531][T10477] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  537.662778][T10477] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  538.464489][T16941] FAULT_INJECTION: forcing a failure.
[  538.464489][T16941] name failslab, interval 1, probability 0, space 0, times 0
[  538.506482][T16941] CPU: 0 UID: 0 PID: 16941 Comm: syz.2.2379 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  538.506524][T16941] Tainted: [U]=USER
[  538.506534][T16941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  538.506549][T16941] Call Trace:
[  538.506557][T16941]  <TASK>
[  538.506567][T16941]  dump_stack_lvl+0x16c/0x1f0
[  538.506599][T16941]  should_fail_ex+0x512/0x640
[  538.506635][T16941]  ? __kmalloc_cache_noprof+0x5f/0x780
[  538.506675][T16941]  should_failslab+0xc2/0x120
[  538.506708][T16941]  __kmalloc_cache_noprof+0x72/0x780
[  538.506748][T16941]  ? vhost_vsock_dev_open+0x71/0x390
[  538.506779][T16941]  ? __pfx_vhost_vsock_dev_open+0x10/0x10
[  538.506803][T16941]  ? vhost_vsock_dev_open+0x71/0x390
[  538.506825][T16941]  ? __pfx_vhost_vsock_dev_open+0x10/0x10
[  538.506850][T16941]  vhost_vsock_dev_open+0x71/0x390
[  538.506875][T16941]  ? __pfx_vhost_vsock_dev_open+0x10/0x10
[  538.506901][T16941]  misc_open+0x26d/0x450
[  538.506938][T16941]  ? __pfx_misc_open+0x10/0x10
[  538.506972][T16941]  chrdev_open+0x234/0x6a0
[  538.507000][T16941]  ? __pfx_apparmor_file_open+0x10/0x10
[  538.507036][T16941]  ? __pfx_chrdev_open+0x10/0x10
[  538.507067][T16941]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  538.507103][T16941]  do_dentry_open+0x982/0x1530
[  538.507132][T16941]  ? __pfx_chrdev_open+0x10/0x10
[  538.507169][T16941]  vfs_open+0x82/0x3f0
[  538.507207][T16941]  path_openat+0x1de4/0x2cb0
[  538.507247][T16941]  ? __pfx_path_openat+0x10/0x10
[  538.507278][T16941]  ? __lock_acquire+0xb8a/0x1c90
[  538.507315][T16941]  do_filp_open+0x20b/0x470
[  538.507345][T16941]  ? __pfx_do_filp_open+0x10/0x10
[  538.507400][T16941]  ? alloc_fd+0x471/0x7d0
[  538.507445][T16941]  do_sys_openat2+0x11b/0x1d0
[  538.507483][T16941]  ? __pfx_do_sys_openat2+0x10/0x10
[  538.507534][T16941]  __x64_sys_openat+0x174/0x210
[  538.507568][T16941]  ? __pfx___x64_sys_openat+0x10/0x10
[  538.507614][T16941]  do_syscall_64+0xcd/0xfa0
[  538.507644][T16941]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  538.507669][T16941] RIP: 0033:0x7f5070b8efc9
[  538.507691][T16941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  538.507714][T16941] RSP: 002b:00007f5071a8d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  538.507739][T16941] RAX: ffffffffffffffda RBX: 00007f5070de6090 RCX: 00007f5070b8efc9
[  538.507757][T16941] RDX: 0000000000002900 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  538.507773][T16941] RBP: 00007f5070c11f91 R08: 0000000000000000 R09: 0000000000000000
[  538.507786][T16941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  538.507800][T16941] R13: 00007f5070de6128 R14: 00007f5070de6090 R15: 00007fffac881cf8
[  538.507834][T16941]  </TASK>
[  538.784424][    C0] vkms_vblank_simulate: vblank timer overrun
[  539.055004][T16948] FAULT_INJECTION: forcing a failure.
[  539.055004][T16948] name failslab, interval 1, probability 0, space 0, times 0
[  539.071100][T16948] CPU: 0 UID: 0 PID: 16948 Comm: syz.3.2381 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  539.071143][T16948] Tainted: [U]=USER
[  539.071152][T16948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  539.071168][T16948] Call Trace:
[  539.071177][T16948]  <TASK>
[  539.071187][T16948]  dump_stack_lvl+0x16c/0x1f0
[  539.071218][T16948]  should_fail_ex+0x512/0x640
[  539.071256][T16948]  ? fs_reclaim_acquire+0xae/0x150
[  539.071292][T16948]  should_failslab+0xc2/0x120
[  539.071323][T16948]  __kmalloc_noprof+0xdd/0x880
[  539.071360][T16948]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  539.071394][T16948]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  539.071421][T16948]  tomoyo_realpath_from_path+0xc2/0x6e0
[  539.071464][T16948]  ? tomoyo_profile+0x47/0x60
[  539.071501][T16948]  tomoyo_path_perm+0x274/0x460
[  539.071534][T16948]  ? tomoyo_path_perm+0x260/0x460
[  539.071574][T16948]  ? __pfx_tomoyo_path_perm+0x10/0x10
[  539.071649][T16948]  ? __pfx_ima_file_check+0x10/0x10
[  539.071681][T16948]  ? hook_file_truncate+0xc7/0x250
[  539.071714][T16948]  security_file_truncate+0x84/0x1e0
[  539.071742][T16948]  path_openat+0xc10/0x2cb0
[  539.071779][T16948]  ? __pfx_path_openat+0x10/0x10
[  539.071809][T16948]  ? __lock_acquire+0xb8a/0x1c90
[  539.071847][T16948]  do_filp_open+0x20b/0x470
[  539.071875][T16948]  ? __pfx_do_filp_open+0x10/0x10
[  539.071928][T16948]  ? alloc_fd+0x471/0x7d0
[  539.071960][T16948]  do_sys_openat2+0x11b/0x1d0
[  539.071994][T16948]  ? __pfx_do_sys_openat2+0x10/0x10
[  539.072044][T16948]  __x64_sys_openat+0x174/0x210
[  539.072078][T16948]  ? __pfx___x64_sys_openat+0x10/0x10
[  539.072127][T16948]  do_syscall_64+0xcd/0xfa0
[  539.072157][T16948]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  539.072181][T16948] RIP: 0033:0x7f70ec18efc9
[  539.072202][T16948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  539.072226][T16948] RSP: 002b:00007f70ed0f8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  539.072252][T16948] RAX: ffffffffffffffda RBX: 00007f70ec3e5fa0 RCX: 00007f70ec18efc9
[  539.072270][T16948] RDX: 0000000000000600 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  539.072287][T16948] RBP: 00007f70ec211f91 R08: 0000000000000000 R09: 0000000000000000
[  539.072304][T16948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  539.072318][T16948] R13: 00007f70ec3e6038 R14: 00007f70ec3e5fa0 R15: 00007ffff90a5bf8
[  539.072352][T16948]  </TASK>
[  539.072362][T16948] ERROR: Out of memory at tomoyo_realpath_from_path.
[  539.329426][T10478] Bluetooth: hci0: command 0x0c1a tx timeout
[  539.433034][T10478] Bluetooth: hci1: command 0x0c1a tx timeout
[  539.559361][T16933] chnl_net:caif_netlink_parms(): no params data found
[  539.591293][T10478] Bluetooth: hci2: command 0x0c1a tx timeout
[  539.739863][T16933] bridge0: port 1(bridge_slave_0) entered blocking state
[  539.754958][T10478] Bluetooth: hci4: command tx timeout
[  539.778019][T16933] bridge0: port 1(bridge_slave_0) entered disabled state
[  539.786371][T16933] bridge_slave_0: entered allmulticast mode
[  539.799208][T16933] bridge_slave_0: entered promiscuous mode
[  539.818722][T16933] bridge0: port 2(bridge_slave_1) entered blocking state
[  539.826505][T16933] bridge0: port 2(bridge_slave_1) entered disabled state
[  539.840288][T16933] bridge_slave_1: entered allmulticast mode
[  539.848311][T16933] bridge_slave_1: entered promiscuous mode
[  539.964802][T16933] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  540.046850][T16933] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  540.243812][T16933] team0: Port device team_slave_0 added
[  540.280179][T16933] team0: Port device team_slave_1 added
[  540.407894][T16933] batman_adv: batadv0: Adding interface: batadv_slave_0
[  540.430377][T16933] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  540.466665][T16933] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  540.562952][T16933] batman_adv: batadv0: Adding interface: batadv_slave_1
[  540.596689][T16933] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  540.679085][T16933] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  541.089040][T17029] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input27
[  541.370402][T16933] hsr_slave_0: entered promiscuous mode
[  541.384470][T17030] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input28
[  541.414122][T17029] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  541.438036][T16933] hsr_slave_1: entered promiscuous mode
[  541.453067][T16933] debugfs: 'hsr0' already exists in 'hsr'
[  541.465440][T16933] Cannot create hsr debugfs directory
[  541.503631][T10478] Bluetooth: hci1: command 0x0c1a tx timeout
[  541.665521][T10478] Bluetooth: hci2: command 0x0c1a tx timeout
[  541.820957][T10478] Bluetooth: hci4: command tx timeout
[  542.792128][T16933] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  542.909174][T17055] FAULT_INJECTION: forcing a failure.
[  542.909174][T17055] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  543.070286][T17055] CPU: 1 UID: 0 PID: 17055 Comm: syz.2.2393 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  543.070331][T17055] Tainted: [U]=USER
[  543.070341][T17055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  543.070356][T17055] Call Trace:
[  543.070365][T17055]  <TASK>
[  543.070376][T17055]  dump_stack_lvl+0x16c/0x1f0
[  543.070410][T17055]  should_fail_ex+0x512/0x640
[  543.070454][T17055]  should_fail_alloc_page+0xe7/0x130
[  543.070491][T17055]  prepare_alloc_pages+0x3c2/0x610
[  543.070523][T17055]  ? rcu_is_watching+0x12/0xc0
[  543.070554][T17055]  __alloc_frozen_pages_noprof+0x18b/0x2470
[  543.070587][T17055]  ? rcu_is_watching+0x12/0xc0
[  543.070614][T17055]  ? trace_mm_page_alloc+0x11f/0x1a0
[  543.070648][T17055]  ? __alloc_frozen_pages_noprof+0x292/0x2470
[  543.070677][T17055]  ? lock_acquire+0x179/0x350
[  543.070710][T17055]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  543.070739][T17055]  ? finish_task_switch.isra.0+0x21c/0xc10
[  543.070769][T17055]  ? rcu_is_watching+0x12/0xc0
[  543.070799][T17055]  ? finish_task_switch.isra.0+0x221/0xc10
[  543.070828][T17055]  ? rcu_is_watching+0x12/0xc0
[  543.070855][T17055]  ? trace_sched_exit_tp+0xd1/0x120
[  543.070905][T17055]  alloc_pages_bulk_noprof+0x71c/0x1410
[  543.070932][T17055]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  543.070978][T17055]  ? policy_nodemask+0xea/0x4e0
[  543.071015][T17055]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[  543.071044][T17055]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  543.071092][T17055]  kasan_populate_vmalloc+0x112/0x2d0
[  543.071130][T17055]  alloc_vmap_area+0x960/0x29e0
[  543.071177][T17055]  ? __pfx_alloc_vmap_area+0x10/0x10
[  543.071218][T17055]  __get_vm_area_node+0x1ca/0x330
[  543.071266][T17055]  __vmalloc_node_range_noprof+0x271/0x1480
[  543.071305][T17055]  ? kernel_clone+0xfc/0x930
[  543.071347][T17055]  ? kernel_clone+0xfc/0x930
[  543.071387][T17055]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  543.071432][T17055]  ? rcu_is_watching+0x12/0xc0
[  543.071461][T17055]  ? kernel_clone+0xfc/0x930
[  543.071490][T17055]  __vmalloc_node_noprof+0xad/0xf0
[  543.071524][T17055]  ? kernel_clone+0xfc/0x930
[  543.071557][T17055]  copy_process+0x2c77/0x76a0
[  543.071587][T17055]  ? __pfx___futex_wait+0x10/0x10
[  543.071624][T17055]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  543.071650][T17055]  ? lockdep_hardirqs_on+0x7c/0x110
[  543.071688][T17055]  ? __pfx_copy_process+0x10/0x10
[  543.071717][T17055]  ? futex_private_hash_put+0x176/0x300
[  543.071808][T17055]  ? futex_private_hash_put+0x18a/0x300
[  543.071847][T17055]  kernel_clone+0xfc/0x930
[  543.071882][T17055]  ? __pfx_kernel_clone+0x10/0x10
[  543.071934][T17055]  __do_sys_clone+0xce/0x120
[  543.071967][T17055]  ? __pfx___do_sys_clone+0x10/0x10
[  543.072013][T17055]  ? xfd_validate_state+0x61/0x180
[  543.072046][T17055]  ? __pfx_ksys_write+0x10/0x10
[  543.072084][T17055]  do_syscall_64+0xcd/0xfa0
[  543.072115][T17055]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  543.072141][T17055] RIP: 0033:0x7f5070b8efc9
[  543.072164][T17055] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  543.072188][T17055] RSP: 002b:00007f5071a6bfe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  543.072213][T17055] RAX: ffffffffffffffda RBX: 00007f5070de6180 RCX: 00007f5070b8efc9
[  543.072231][T17055] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011
[  543.072253][T17055] RBP: 00007f5070c11f91 R08: 0000000000000000 R09: 0000000000000000
[  543.072270][T17055] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  543.072286][T17055] R13: 00007f5070de6218 R14: 00007f5070de6180 R15: 00007fffac881cf8
[  543.072323][T17055]  </TASK>
[  543.161997][T17055] syz.2.2393: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
[  543.504009][T16933] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  543.593853][T17055] ,cpuset=/,mems_allowed=0-1
[  543.599091][T17055] CPU: 0 UID: 0 PID: 17055 Comm: syz.2.2393 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  543.599131][T17055] Tainted: [U]=USER
[  543.599139][T17055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  543.599153][T17055] Call Trace:
[  543.599161][T17055]  <TASK>
[  543.599171][T17055]  dump_stack_lvl+0x16c/0x1f0
[  543.599208][T17055]  warn_alloc+0x248/0x3a0
[  543.599236][T17055]  ? __pfx_warn_alloc+0x10/0x10
[  543.599263][T17055]  ? kfree+0x2b8/0x6d0
[  543.599281][T17055]  ? __get_vm_area_node+0x2cd/0x330
[  543.599319][T17055]  ? __get_vm_area_node+0x2cd/0x330
[  543.599347][T17055]  ? __get_vm_area_node+0x208/0x330
[  543.599384][T17055]  __vmalloc_node_range_noprof+0xaf5/0x1480
[  543.599428][T17055]  ? kernel_clone+0xfc/0x930
[  543.599466][T17055]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  543.599507][T17055]  ? rcu_is_watching+0x12/0xc0
[  543.599536][T17055]  ? kernel_clone+0xfc/0x930
[  543.599562][T17055]  __vmalloc_node_noprof+0xad/0xf0
[  543.599593][T17055]  ? kernel_clone+0xfc/0x930
[  543.599624][T17055]  copy_process+0x2c77/0x76a0
[  543.599652][T17055]  ? __pfx___futex_wait+0x10/0x10
[  543.599686][T17055]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  543.599711][T17055]  ? lockdep_hardirqs_on+0x7c/0x110
[  543.599747][T17055]  ? __pfx_copy_process+0x10/0x10
[  543.599775][T17055]  ? futex_private_hash_put+0x176/0x300
[  543.599810][T17055]  ? futex_private_hash_put+0x18a/0x300
[  543.599845][T17055]  kernel_clone+0xfc/0x930
[  543.599875][T17055]  ? __pfx_kernel_clone+0x10/0x10
[  543.599930][T17055]  __do_sys_clone+0xce/0x120
[  543.599958][T17055]  ? __pfx___do_sys_clone+0x10/0x10
[  543.600003][T17055]  ? xfd_validate_state+0x61/0x180
[  543.600033][T17055]  ? __pfx_ksys_write+0x10/0x10
[  543.600070][T17055]  do_syscall_64+0xcd/0xfa0
[  543.600099][T17055]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  543.600123][T17055] RIP: 0033:0x7f5070b8efc9
[  543.600143][T17055] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  543.600166][T17055] RSP: 002b:00007f5071a6bfe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  543.600189][T17055] RAX: ffffffffffffffda RBX: 00007f5070de6180 RCX: 00007f5070b8efc9
[  543.600206][T17055] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011
[  543.600221][T17055] RBP: 00007f5070c11f91 R08: 0000000000000000 R09: 0000000000000000
[  543.600235][T17055] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  543.600248][T17055] R13: 00007f5070de6218 R14: 00007f5070de6180 R15: 00007fffac881cf8
[  543.600281][T17055]  </TASK>
[  543.600289][T17055] Mem-Info:
[  543.869249][T10478] Bluetooth: hci2: command 0x0c1a tx timeout
[  543.875785][T17055] active_anon:45700 inactive_anon:1591 isolated_anon:0
[  543.875785][T17055]  active_file:11378 inactive_file:47682 isolated_file:0
[  543.875785][T17055]  unevictable:768 dirty:486 writeback:0
[  543.875785][T17055]  slab_reclaimable:12560 slab_unreclaimable:97050
[  543.875785][T17055]  mapped:44823 shmem:31576 pagetables:1480
[  543.875785][T17055]  sec_pagetables:0 bounce:0
[  543.875785][T17055]  kernel_misc_reclaimable:0
[  543.875785][T17055]  free:1268580 free_pcp:16804 free_cma:0
[  543.922745][T10478] Bluetooth: hci4: command tx timeout
[  543.929261][T17055] Node 0 active_anon:185188kB inactive_anon:6364kB active_file:45512kB inactive_file:190592kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:179292kB dirty:1940kB writeback:0kB shmem:125068kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:26624kB kernel_stack:12972kB pagetables:5848kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  543.962748][T17055] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:172kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  543.996422][T17055] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  544.246030][T17055] lowmem_reserve[]: 0 2485 2487 2487 2487
[  544.282586][T17055] Node 0 DMA32 free:1149472kB boost:0kB min:34364kB low:42952kB high:51540kB reserved_highatomic:0KB free_highatomic:0KB active_anon:192056kB inactive_anon:6364kB active_file:45512kB inactive_file:190592kB unevictable:1536kB writepending:2040kB zspages:0kB present:3129332kB managed:2545108kB mlocked:0kB bounce:0kB free_pcp:58636kB local_pcp:9992kB free_cma:0kB
[  544.347482][T16933] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  544.458431][T17055] lowmem_reserve[]: 0 0 1 1 1
[  544.464125][T17055] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  544.641733][T16933] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  544.667975][T17055] lowmem_reserve[]: 0 0 0 0 0
[  544.674098][T17055] Node 1 Normal free:3904468kB boost:0kB min:55512kB low:69388kB high:83264kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:4304kB local_pcp:4288kB free_cma:0kB
[  544.776997][T17055] lowmem_reserve[]: 0 0 0 0 0
[  544.781776][T17055] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  544.800382][T17055] Node 0 DMA32: 45*4kB (UME) 72*8kB (UME) 69*16kB (UME) 1135*32kB (M) 564*64kB (ME) 616*128kB (UME) 466*256kB (UME) 356*512kB (UM) 189*1024kB (UME) 5*2048kB (UE) 118*4096kB (M) = 1141796kB
[  544.826262][T17055] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  544.866507][T17055] Node 1 Normal: 131*4kB (UME) 37*8kB (UME) 45*16kB (UME) 209*32kB (UME) 94*64kB (UME) 34*128kB (UME) 10*256kB (UM) 3*512kB (ME) 3*1024kB (UME) 3*2048kB (UME) 946*4096kB (M) = 3906724kB
[  544.887595][T17071] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2398'.
[  545.036167][T17055] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  545.070960][T17055] Node 0 hugepages_total=3 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  545.103322][T17055] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  545.114475][T17055] Node 1 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  545.124354][T17055] 94578 total pagecache pages
[  545.129465][T17055] 25 pages in swap cache
[  545.133718][T17055] Free swap  = 124880kB
[  545.138301][T17055] Total swap = 124996kB
[  545.142575][T17055] 2097051 pages RAM
[  545.146964][T17055] 0 pages HighMem/MovableOnly
[  545.152659][T17055] 428684 pages reserved
[  545.157389][T17055] 0 pages cma reserved
[  545.369172][T17071] team0 (unregistering): Port device team_slave_0 removed
[  545.383234][T17071] team0 (unregistering): Port device team_slave_1 removed
[  545.440618][T17079] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2400'.
[  545.728100][T16933] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  545.902148][T16933] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  545.925795][T16933] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  545.951238][T16933] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  545.962906][T10478] Bluetooth: hci4: command tx timeout
[  546.229178][T16933] 8021q: adding VLAN 0 to HW filter on device bond0
[  546.277814][T16933] 8021q: adding VLAN 0 to HW filter on device team0
[  546.315257][T10630] bridge0: port 1(bridge_slave_0) entered blocking state
[  546.322482][T10630] bridge0: port 1(bridge_slave_0) entered forwarding state
[  546.357886][ T9856] bridge0: port 2(bridge_slave_1) entered blocking state
[  546.365135][ T9856] bridge0: port 2(bridge_slave_1) entered forwarding state
[  546.526829][T16933] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  546.906744][T16933] 8021q: adding VLAN 0 to HW filter on device batadv0
[  547.067814][T16933] veth0_vlan: entered promiscuous mode
[  547.130130][T16933] veth1_vlan: entered promiscuous mode
[  547.222908][T16933] veth0_macvtap: entered promiscuous mode
[  547.241684][T16933] veth1_macvtap: entered promiscuous mode
[  547.297073][T16933] batman_adv: batadv0: Interface activated: batadv_slave_0
[  547.332625][T16933] batman_adv: batadv0: Interface activated: batadv_slave_1
[  547.649744][T10630] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  547.707036][T10630] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  547.789460][T10630] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  547.810327][T10630] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  548.131593][ T9856] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  548.140428][ T9856] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  548.314106][   T30] audit: type=1800 audit(4294986768.502:45): pid=17145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="" name="lu_gp_id" dev="configfs" ino=69693 res=0 errno=0
[  548.515923][T10630] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  548.534003][T10630] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  549.567592][T17168] random: crng reseeded on system resumption
[  549.621598][T17168] Restarting kernel threads ...
[  549.662379][T17168] Done restarting kernel threads.
[  549.762963][T10477] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  549.783237][T10477] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  549.816010][T10477] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  549.825611][T10477] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  549.833984][T10477] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  550.434400][ T9856] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  551.040563][ T9856] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  551.201473][ T9856] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  551.412646][T17169] chnl_net:caif_netlink_parms(): no params data found
[  551.891547][T17191] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2420'.
[  551.933991][T10477] Bluetooth: hci3: command tx timeout
[  552.063105][ T9856] bridge_slave_0: left allmulticast mode
[  552.068814][ T9856] bridge_slave_0: left promiscuous mode
[  552.075571][ T9856] bridge0: port 1(bridge_slave_0) entered disabled state
[  552.430635][ T9856] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  552.441582][ T9856] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  552.452128][ T9856] bond0 (unregistering): Released all slaves
[  552.507524][T17169] bridge0: port 1(bridge_slave_0) entered blocking state
[  552.518391][T17169] bridge0: port 1(bridge_slave_0) entered disabled state
[  552.525878][T17169] bridge_slave_0: entered allmulticast mode
[  552.534070][T17169] bridge_slave_0: entered promiscuous mode
[  552.565740][ T9856] HfR: left promiscuous mode
[  552.577082][T17169] bridge0: port 2(bridge_slave_1) entered blocking state
[  552.584916][T17169] bridge0: port 2(bridge_slave_1) entered disabled state
[  552.592698][T17169] bridge_slave_1: entered allmulticast mode
[  552.600612][T17169] bridge_slave_1: entered promiscuous mode
[  552.694697][T17169] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  552.737906][T17169] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  552.873976][T17169] team0: Port device team_slave_0 added
[  552.904324][T17197] FAULT_INJECTION: forcing a failure.
[  552.904324][T17197] name fail_futex, interval 1, probability 0, space 0, times 0
[  552.904848][T17169] team0: Port device team_slave_1 added
[  552.921061][T17197] CPU: 0 UID: 0 PID: 17197 Comm: syz.3.2421 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  552.921103][T17197] Tainted: [U]=USER
[  552.921112][T17197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  552.921126][T17197] Call Trace:
[  552.921135][T17197]  <TASK>
[  552.921144][T17197]  dump_stack_lvl+0x16c/0x1f0
[  552.921177][T17197]  should_fail_ex+0x512/0x640
[  552.921220][T17197]  get_futex_key+0x1d0/0x1560
[  552.921257][T17197]  ? __pfx_get_futex_key+0x10/0x10
[  552.921288][T17197]  ? trace_pid_list_is_set+0xfb/0x150
[  552.921324][T17197]  ? do_raw_spin_unlock+0x172/0x230
[  552.921371][T17197]  futex_wait_setup+0x9d/0x550
[  552.921418][T17197]  __futex_wait+0x193/0x2f0
[  552.921457][T17197]  ? __pfx___futex_wait+0x10/0x10
[  552.921491][T17197]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  552.921516][T17197]  ? lockdep_hardirqs_on+0x7c/0x110
[  552.921547][T17197]  ? __pfx_futex_wake_mark+0x10/0x10
[  552.921590][T17197]  ? futex_private_hash_put+0x176/0x300
[  552.921623][T17197]  ? futex_private_hash_put+0x18a/0x300
[  552.921657][T17197]  futex_wait+0xe8/0x380
[  552.921679][T17197]  ? __pfx_futex_wait+0x10/0x10
[  552.921734][T17197]  do_futex+0x229/0x350
[  552.921766][T17197]  ? __pfx_do_futex+0x10/0x10
[  552.921798][T17197]  ? __pfx_get_nodes+0x10/0x10
[  552.921832][T17197]  __x64_sys_futex+0x1e0/0x4c0
[  552.921866][T17197]  ? kernel_mbind+0x155/0x1f0
[  552.921900][T17197]  ? __pfx___x64_sys_futex+0x10/0x10
[  552.921932][T17197]  ? xfd_validate_state+0x61/0x180
[  552.921964][T17197]  ? __pfx_kernel_mbind+0x10/0x10
[  552.922009][T17197]  do_syscall_64+0xcd/0xfa0
[  552.922038][T17197]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  552.922063][T17197] RIP: 0033:0x7f70ec18efc9
[  552.922083][T17197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  552.922107][T17197] RSP: 002b:00007f70ed0f80e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  552.922132][T17197] RAX: ffffffffffffffda RBX: 00007f70ec3e5fa8 RCX: 00007f70ec18efc9
[  552.922150][T17197] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f70ec3e5fa8
[  552.922167][T17197] RBP: 00007f70ec3e5fa0 R08: 0000000000000000 R09: 0000000000000000
[  552.922182][T17197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  552.922197][T17197] R13: 00007f70ec3e6038 R14: 00007ffff90a5b10 R15: 00007ffff90a5bf8
[  552.922232][T17197]  </TASK>
[  553.189223][   T30] audit: type=1326 audit(4294986773.405:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17206 comm="syz.3.2424" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f70ec18efc9 code=0x0
[  553.295194][T17169] batman_adv: batadv0: Adding interface: batadv_slave_0
[  553.311231][T17169] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  553.344348][T17169] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  553.359749][T17169] batman_adv: batadv0: Adding interface: batadv_slave_1
[  553.372965][T17169] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  553.402358][T17169] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  553.706975][T17169] hsr_slave_0: entered promiscuous mode
[  553.715967][T17169] hsr_slave_1: entered promiscuous mode
[  553.722498][T17169] debugfs: 'hsr0' already exists in 'hsr'
[  553.731088][T17169] Cannot create hsr debugfs directory
[  553.888208][ T9856] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  553.902173][ T9856] batman_adv: batadv0: Removing interface: batadv_slave_0
[  553.916681][ T9856] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  553.946476][ T9856] batman_adv: batadv0: Removing interface: batadv_slave_1
[  554.006013][T10477] Bluetooth: hci3: command tx timeout
[  554.049888][ T9856] veth1_macvtap: left promiscuous mode
[  554.066468][ T9856] veth0_macvtap: left promiscuous mode
[  554.072233][ T9856] veth1_vlan: left promiscuous mode
[  554.124462][ T9856] veth0_vlan: left promiscuous mode
[  554.381974][T10477] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  554.656794][T17245] sd 0:0:1:0: PR command failed: 1026
[  554.662625][T17245] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  554.669519][T17245] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  554.835851][ T9856] team0 (unregistering): Port device team_slave_1 removed
[  554.900415][ T9856] team0 (unregistering): Port device team_slave_0 removed
[  555.368712][T17237] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2427'.
[  555.438945][T17241] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  555.455958][T17241] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  555.489773][T17241] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  555.499836][T17241] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  555.538412][T17241] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  555.544753][T17252] ima: policy update failed
[  555.546709][   T30] audit: type=1802 audit(4294986775.766:47): pid=17252 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.2430" res=0 errno=0
[  555.567107][T17252] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2430'.
[  555.593400][T17241] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  555.618823][T17241] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  555.654202][T17241] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  555.814231][   T30] audit: type=1326 audit(4294986776.038:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17256 comm="syz.3.2431" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f70ec18efc9 code=0x0
[  556.272447][T17277] random: crng reseeded on system resumption
[  556.315991][T10478] Bluetooth: hci4: unexpected event 0x3d length: 726 > 14
[  556.726906][T17289] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[  556.740484][T17169] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  556.764541][T17169] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  556.812672][T17169] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  556.883721][T17293] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  556.940475][T17169] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  556.979067][T17282] FAULT_INJECTION: forcing a failure.
[  556.979067][T17282] name failslab, interval 1, probability 0, space 0, times 0
[  557.088276][T17282] CPU: 1 UID: 0 PID: 17282 Comm: syz.1.2436 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  557.088318][T17282] Tainted: [U]=USER
[  557.088326][T17282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  557.088339][T17282] Call Trace:
[  557.088347][T17282]  <TASK>
[  557.088359][T17282]  dump_stack_lvl+0x16c/0x1f0
[  557.088395][T17282]  should_fail_ex+0x512/0x640
[  557.088432][T17282]  ? __kmalloc_noprof+0xca/0x880
[  557.088477][T17282]  should_failslab+0xc2/0x120
[  557.088510][T17282]  __kmalloc_noprof+0xdd/0x880
[  557.088544][T17282]  ? __register_sysctl_table+0xb3/0x1900
[  557.088584][T17282]  ? __register_sysctl_table+0xb3/0x1900
[  557.088617][T17282]  __register_sysctl_table+0xb3/0x1900
[  557.088651][T17282]  ? is_module_address+0x5f/0xf0
[  557.088688][T17282]  ? __pfx___register_sysctl_table+0x10/0x10
[  557.088730][T17282]  ? is_module_address+0x69/0xf0
[  557.088764][T17282]  ? register_net_sysctl_sz+0x228/0x3e0
[  557.088800][T17282]  ? __asan_memcpy+0x3c/0x60
[  557.088829][T17282]  xfrm4_net_init+0xf0/0x1c0
[  557.088859][T17282]  ? __pfx_xfrm4_net_init+0x10/0x10
[  557.088888][T17282]  ops_init+0x1e2/0x5f0
[  557.088914][T17282]  setup_net+0x100/0x390
[  557.088938][T17282]  ? __pfx_setup_net+0x10/0x10
[  557.088963][T17282]  ? debug_mutex_init+0x37/0x70
[  557.088991][T17282]  copy_net_ns+0x2f8/0x690
[  557.089019][T17282]  create_new_namespaces+0x3ea/0xa90
[  557.089054][T17282]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  557.089086][T17282]  ksys_unshare+0x45b/0xa40
[  557.089120][T17282]  ? __pfx_ksys_unshare+0x10/0x10
[  557.089153][T17282]  ? xfd_validate_state+0x61/0x180
[  557.089197][T17282]  __x64_sys_unshare+0x31/0x40
[  557.089233][T17282]  do_syscall_64+0xcd/0xfa0
[  557.089266][T17282]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  557.089290][T17282] RIP: 0033:0x7fb56198efc9
[  557.089310][T17282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  557.089333][T17282] RSP: 002b:00007fb5627bc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  557.089359][T17282] RAX: ffffffffffffffda RBX: 00007fb561be5fa0 RCX: 00007fb56198efc9
[  557.089377][T17282] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  557.089392][T17282] RBP: 00007fb561a11f91 R08: 0000000000000000 R09: 0000000000000000
[  557.089408][T17282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  557.089423][T17282] R13: 00007fb561be6038 R14: 00007fb561be5fa0 R15: 00007fffd963a168
[  557.089461][T17282]  </TASK>
[  557.507174][T10478] Bluetooth: hci4: command 0x0c1a tx timeout
[  557.513262][T10478] Bluetooth: hci2: command 0x0c1a tx timeout
[  557.596747][T10477] Bluetooth: hci1: command 0x0c1a tx timeout
[  557.602861][T10477] Bluetooth: hci3: command 0x0419 tx timeout
[  557.913931][T17169] 8021q: adding VLAN 0 to HW filter on device bond0
[  557.996127][T17169] 8021q: adding VLAN 0 to HW filter on device team0
[  558.249001][T10616] bridge0: port 1(bridge_slave_0) entered blocking state
[  558.256218][T10616] bridge0: port 1(bridge_slave_0) entered forwarding state
[  558.336478][T10294] bridge0: port 2(bridge_slave_1) entered blocking state
[  558.343736][T10294] bridge0: port 2(bridge_slave_1) entered forwarding state
[  558.418623][T17330] netlink: zone id is out of range
[  558.446059][T17330] netlink: zone id is out of range
[  558.788392][T17347] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2444'.
[  558.831392][T17347] openvswitch: netlink: Tunnel attr 12 has unexpected len 4 expected 16
[  558.838074][T17169] 8021q: adding VLAN 0 to HW filter on device batadv0
[  558.862897][T17344] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(1986356271.1836477231.0), cmd(5)
[  559.042849][T17356] �: entered promiscuous mode
[  559.064489][T17169] veth0_vlan: entered promiscuous mode
[  559.126429][T17169] veth1_vlan: entered promiscuous mode
[  559.312613][T17169] veth0_macvtap: entered promiscuous mode
[  559.326406][T17169] veth1_macvtap: entered promiscuous mode
[  559.464124][T17169] batman_adv: batadv0: Interface activated: batadv_slave_0
[  559.504369][T17169] batman_adv: batadv0: Interface activated: batadv_slave_1
[  559.550360][T10294] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  559.606712][T10294] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  559.621977][T17374] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2448'.
[  559.657360][T10477] Bluetooth: hci3: command 0x0419 tx timeout
[  559.663538][T10477] Bluetooth: hci4: command 0x0c1a tx timeout
[  559.692710][T10294] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  559.714315][T10294] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  559.921186][ T9856] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  559.950581][ T9856] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  560.024747][T10608] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  560.050293][T10608] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  560.578235][T17401] syz.3.2451 (17401) used obsolete PPPIOCDETACH ioctl
[  560.655795][T17400] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  561.660809][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  561.667138][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  561.691995][T17438] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  561.727857][T10477] Bluetooth: hci4: command 0x0c1a tx timeout
[  561.733915][T10478] Bluetooth: hci3: command 0x0419 tx timeout
[  562.194467][T17442] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2460'.
[  562.630713][T17456] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  563.798312][T10477] Bluetooth: hci3: command 0x0419 tx timeout
[  564.049679][T17493] random: crng reseeded on system resumption
[  564.437692][T17496] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2474'.
[  564.825932][T17511] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[  566.395247][T17541] futex_wake_op: syz.3.2482 tries to shift op by -2048; fix this program
[  566.415576][T17541] 0x000000000001-0x000000020000 : ""
[  566.520535][T17541] ftl_cs: FTL header corrupt!
[  566.783024][T10478] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  566.795032][T10478] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  566.809594][T10478] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  566.820698][T10478] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  566.835748][T10478] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  566.867912][T17546] zswap: compressor  not available
[  566.927370][T17542] binder: 17540:17542 ioctl 6 7 returned -22
[  568.313604][T17575] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2487'.
[  568.326509][T17578] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2487'.
[  568.595450][T10294] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  568.714388][T17581] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2487'.
[  568.894833][T10478] Bluetooth: hci5: command tx timeout
[  568.984801][T10294] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  569.032723][T17559] chnl_net:caif_netlink_parms(): no params data found
[  569.263034][T10294] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  569.802843][T10294] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  570.049963][T10294] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  570.128861][T17606] can: request_module (can-proto-0) failed.
[  570.840872][T17559] bridge0: port 1(bridge_slave_0) entered blocking state
[  570.882678][T17559] bridge0: port 1(bridge_slave_0) entered disabled state
[  570.897365][T17559] bridge_slave_0: entered allmulticast mode
[  570.925148][T17559] bridge_slave_0: entered promiscuous mode
[  570.956409][T17559] bridge0: port 2(bridge_slave_1) entered blocking state
[  570.964063][T10478] Bluetooth: hci5: command tx timeout
[  570.979475][T17559] bridge0: port 2(bridge_slave_1) entered disabled state
[  571.007154][T17559] bridge_slave_1: entered allmulticast mode
[  571.029075][T17559] bridge_slave_1: entered promiscuous mode
[  571.232702][T17615] [U] 
[  571.235504][T17615] [U] 
[  571.238177][T17615] [U] 
[  571.240850][T17615] [U] 
[  571.332366][T17615] [U] 
[  571.335122][T17615] [U] 
[  571.337836][T17615] [U] 
[  571.340554][T17615] [U] 
[  571.521543][T17615] [U] 
[  571.524273][T17615] [U] 01j��"Rw"�
[  571.574035][T17559] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  571.577026][T17615] [U] }!�A�#�,�V&q�̶���X��\Փ�ح���؏�ũ��l��c�^i��}I��:�?�E�poC��XQ*��+=l��8�b������m�Ԫ��
[  571.594568][T17615] [U] ���j���:�;��~���B����m;�Q,��o�c�����l�[�9���x�2�8�z���8�!�4���T�#�T(�['�� đ�<*&#Hn���W���j��V#(�bGw-���Tq'�"��tt��Er>~d0�
[  571.657450][T17559] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  571.730640][T17615] [U] e.��/>"�����TZ@���zc���88٫]5�s�G�ܪ�D|B�K	�g71�a�T3�g�x��s�̼#����Cٔm����(��z|���B���D��/�'D��T�:���ǰ���pT�A�
[  571.744054][T17615] [U] X��q�LR/�JRJSB�lyPmD���bѼ$�ܵ�ۤM�ni)�y��"�]ҕ�V�P
[  571.785152][T17615] [U] mN�m_��t�	3��^Q����M�J,KsD�����|��x�#��'z��;���=w���BM�}�9�hF����o�fl�2�|��
[  571.795173][T17615] [U] �lqI�}/
[  571.798815][T17615] [U] �б�
[  571.801945][T17615] [U] ��$a
[  571.853896][T17615] [U] ���4T�X}ky�6��zY���'�1��$�6�BY,�<�
g��cdhs������C�2C�m;D���
ܝ�R&Y/p�r�J�����Z��2E;7Tq���$�w�0{27x���dA�
ˮ����$<�����%��`d�d�MW�ť��� '`&Uf�.-��+��l����+C7}��J��a����?�
[  571.887456][T17615] [U] (��z�-�Vn�\�;г�������哏��8�[_lf��T$`X�Q2*�Q�Vw�~]�K�@�qHq"��S�%ѷ�p H���c�� "�Qv��F��Fa'����ָ�CQ8�@�����ai�� M�� �RR+�<��
[  571.907299][T17615] [U] �Aw��*0�ݥ��;ʜՒ��� 	ʺ�;Y����w��U����܈N�,X�Fn��PL�J�o�B,��G��#�Y�_�׏���xM�ե�'̕�m+��<ŷ��gJ|��T�^��0N��Kp�B �t�z6���ڜطt��+�EBz��b��:#w�
[  571.937157][T17615] [U] iyo��N���bXU;O�v��K
[  571.941875][T17615] [U] W�M�0�O�?����u�dzG�$`�`���'E�l�\}���%-ޤ]�`��1t�;jW�J9p������CH�����Q|o�yN.�
[  571.981168][T17559] team0: Port device team_slave_0 added
[  572.012414][T10294] gretap0: left allmulticast mode
[  572.017491][T10294] gretap0: left promiscuous mode
[  572.023122][T10294] bridge0: port 3(gretap0) entered disabled state
[  572.062296][T10294] bridge_slave_1: left allmulticast mode
[  572.072601][T17615] [U] [�^C
[  572.075823][T10294] bridge_slave_1: left promiscuous mode
[  572.084200][T17615] [U] �����'4�,��5~7|J�GZ"�u�OS!<��r�H��Q�R��Ju�*z�C29ٲ��8���!
�u.����L�\�`�
[Y!�F.7y2=D
[  572.107766][T10294] bridge0: port 2(bridge_slave_1) entered disabled state
[  572.141045][T10294] bridge_slave_0: left allmulticast mode
[  572.149699][T10294] bridge_slave_0: left promiscuous mode
[  572.156144][T10294] bridge0: port 1(bridge_slave_0) entered disabled state
[  572.173730][T17615] [U] g���|a�4��Wù'Q���V�&nQi3��
[  573.046716][T10478] Bluetooth: hci5: command tx timeout
[  573.794778][T10294] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  573.804795][T10294] bond0 (unregistering): Released all slaves
[  573.817743][T17559] team0: Port device team_slave_1 added
[  573.870854][T17559] batman_adv: batadv0: Adding interface: batadv_slave_0
[  573.877833][T17559] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  573.914913][T17559] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  573.937744][T17559] batman_adv: batadv0: Adding interface: batadv_slave_1
[  573.949659][T17559] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  573.976051][T17559] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  573.988273][T10294] HfR: left promiscuous mode
[  574.125377][T10294] �: left promiscuous mode
[  574.175206][T17559] hsr_slave_0: entered promiscuous mode
[  574.197494][T17559] hsr_slave_1: entered promiscuous mode
[  574.214779][T17559] debugfs: 'hsr0' already exists in 'hsr'
[  574.234237][T17559] Cannot create hsr debugfs directory
[  574.500784][T17668] device-mapper: ioctl: Invalid ioctl structure: name ��������, dev 4
[  574.848076][T17670] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2503'.
[  575.069068][T17667] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2503'.
[  575.105830][T10478] Bluetooth: hci5: command tx timeout
[  575.674203][T10294] hsr_slave_0: left promiscuous mode
[  575.681367][T10294] hsr_slave_1: left promiscuous mode
[  575.688752][T10294] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  575.696386][T10294] batman_adv: batadv0: Removing interface: batadv_slave_0
[  575.712404][T10294] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  575.719836][T10294] batman_adv: batadv0: Removing interface: batadv_slave_1
[  575.739135][T10294] veth1_macvtap: left promiscuous mode
[  575.745506][T10294] veth0_macvtap: left promiscuous mode
[  575.752576][T10294] veth1_vlan: left promiscuous mode
[  575.757886][T10294] veth0_vlan: left promiscuous mode
[  576.247983][T10294] team0 (unregistering): Port device team_slave_1 removed
[  576.293213][T10294] team0 (unregistering): Port device team_slave_0 removed
[  576.866692][T17698] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  577.115659][T17707] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2507'.
[  577.663593][T17559] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  577.687738][T17559] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  577.718673][T17559] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  577.763578][T17559] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  578.280039][T17559] 8021q: adding VLAN 0 to HW filter on device bond0
[  578.325943][T17559] 8021q: adding VLAN 0 to HW filter on device team0
[  578.354896][T10630] bridge0: port 1(bridge_slave_0) entered blocking state
[  578.362031][T10630] bridge0: port 1(bridge_slave_0) entered forwarding state
[  578.446536][T10630] bridge0: port 2(bridge_slave_1) entered blocking state
[  578.453778][T10630] bridge0: port 2(bridge_slave_1) entered forwarding state
[  578.873783][T17559] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  578.887005][T17559] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  579.447731][T17559] 8021q: adding VLAN 0 to HW filter on device batadv0
[  579.610749][T17559] veth0_vlan: entered promiscuous mode
[  579.676442][T17559] veth1_vlan: entered promiscuous mode
[  579.800722][T17559] veth0_macvtap: entered promiscuous mode
[  579.848555][T17559] veth1_macvtap: entered promiscuous mode
[  580.026581][T17559] batman_adv: batadv0: Interface activated: batadv_slave_0
[  580.273292][T17559] batman_adv: batadv0: Interface activated: batadv_slave_1
[  580.313521][T17802] random: crng reseeded on system resumption
[  580.548262][T10294] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  580.577492][T10294] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  580.597898][T10294] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  580.622062][T10294] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  581.527349][T10630] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  581.574919][T10630] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  581.698010][T10623] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  581.723913][T10623] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  581.878531][T17838] ptrace attach of "./syz-executor exec"[17169] was attempted by "./syz-executor exec"[17838]
[  582.577844][T17837] kexec: Could not allocate control_code_buffer
[  583.527583][T17895] hugetlbfs: syz.3.2531 (17895): Using mlock ulimits for SHM_HUGETLB is obsolete
[  584.499553][T17905] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  584.528845][T17905] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  584.550615][T17905] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  584.550800][T17905] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  584.551483][T17905] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  584.619097][T17905] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  585.854579][T10477] Bluetooth: hci2: command 0x0c1a tx timeout
[  585.974409][T17931] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  586.221221][T17935] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2542'.
[  586.573274][T10478] Bluetooth: hci5: command 0x0c1a tx timeout
[  586.579354][T10478] Bluetooth: hci3: command 0x0419 tx timeout
[  586.585713][T10477] Bluetooth: hci4: command 0x0c1a tx timeout
[  588.685365][T10478] Bluetooth: hci5: command 0x0c1a tx timeout
[  589.476917][T17999] netlink: 504 bytes leftover after parsing attributes in process `syz.1.2557'.
[  589.818560][T18005] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  589.948112][T18009] tipc: Started in network mode
[  589.977852][T18009] tipc: Node identity ffffffff, cluster identity 4711
[  590.093778][T18009] tipc: Node number set to 4294967295
[  590.711632][T10478] Bluetooth: hci5: command 0x0c1a tx timeout
[  591.286024][T18041] Loading of unsigned module is rejected
[  591.711148][   T30] audit: type=1400 audit(4294986812.106:49): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=18043 comm="syz.0.2568"
[  591.870333][T18046] zswap: compressor  not available
[  593.419327][T18061] FAULT_INJECTION: forcing a failure.
[  593.419327][T18061] name fail_futex, interval 1, probability 0, space 0, times 0
[  593.527773][T18061] CPU: 1 UID: 0 PID: 18061 Comm: syz.0.2571 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  593.527819][T18061] Tainted: [U]=USER
[  593.527828][T18061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  593.527847][T18061] Call Trace:
[  593.527856][T18061]  <TASK>
[  593.527866][T18061]  dump_stack_lvl+0x16c/0x1f0
[  593.527902][T18061]  should_fail_ex+0x512/0x640
[  593.527939][T18061]  ? aa_get_newest_label+0xd2/0x250
[  593.527978][T18061]  get_futex_key+0x1d0/0x1560
[  593.528015][T18061]  ? __pfx_get_futex_key+0x10/0x10
[  593.528043][T18061]  ? ns_capable+0xd7/0x110
[  593.528075][T18061]  ? __sys_bpf+0x175/0x4980
[  593.528105][T18061]  futex_wake+0xea/0x530
[  593.528138][T18061]  ? __pfx___sys_bpf+0x10/0x10
[  593.528167][T18061]  ? __pfx_futex_wake+0x10/0x10
[  593.528217][T18061]  do_futex+0x1e3/0x350
[  593.528252][T18061]  ? __pfx_do_futex+0x10/0x10
[  593.528294][T18061]  __x64_sys_futex+0x1e0/0x4c0
[  593.528329][T18061]  ? fput+0x9b/0xd0
[  593.528361][T18061]  ? __pfx___x64_sys_futex+0x10/0x10
[  593.528394][T18061]  ? xfd_validate_state+0x61/0x180
[  593.528426][T18061]  ? __pfx_ksys_write+0x10/0x10
[  593.528473][T18061]  do_syscall_64+0xcd/0xfa0
[  593.528505][T18061]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  593.528531][T18061] RIP: 0033:0x7fd61998efc9
[  593.528553][T18061] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  593.528578][T18061] RSP: 002b:00007fd61a8020e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  593.528603][T18061] RAX: ffffffffffffffda RBX: 00007fd619be5fa8 RCX: 00007fd61998efc9
[  593.528621][T18061] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd619be5fac
[  593.528638][T18061] RBP: 00007fd619be5fa0 R08: 00007fd61a803000 R09: 0000000000000000
[  593.528655][T18061] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[  593.528671][T18061] R13: 00007fd619be6038 R14: 00007ffed7e42d90 R15: 00007ffed7e42e78
[  593.528709][T18061]  </TASK>
[  594.488585][T10478] Bluetooth: hci4: unexpected event 0x07 length: 435 > 255
[  595.811638][T18092] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2580'.
[  596.404169][T10478] Bluetooth: hci3: unexpected event 0x1d length: 6 > 5
[  596.431210][T18096] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  597.555693][T18111] __vm_enough_memory: pid: 18111, comm: syz.0.2583, bytes: 4398046511104 not enough memory for the allocation
[  598.026958][T18116] binder: 18115:18116 ioctl c0306201 2000000000c0 returned -14
[  599.611844][T10477] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  599.625530][T10477] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  599.634673][T10477] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  599.650086][T10477] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  599.659847][T10477] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  599.930654][T18137] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(5)
[  600.073809][T18134] chnl_net:caif_netlink_parms(): no params data found
[  600.616213][T18134] bridge0: port 1(bridge_slave_0) entered blocking state
[  600.623369][T18134] bridge0: port 1(bridge_slave_0) entered disabled state
[  600.644438][T18134] bridge_slave_0: entered allmulticast mode
[  600.652285][T18134] bridge_slave_0: entered promiscuous mode
[  600.689550][T18134] bridge0: port 2(bridge_slave_1) entered blocking state
[  600.704081][T18134] bridge0: port 2(bridge_slave_1) entered disabled state
[  600.734880][T18134] bridge_slave_1: entered allmulticast mode
[  600.742294][T18166] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  600.743391][T18134] bridge_slave_1: entered promiscuous mode
[  600.953738][T18134] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  601.011773][T18134] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  601.100145][T18134] team0: Port device team_slave_0 added
[  601.153596][T18134] team0: Port device team_slave_1 added
[  601.546934][T18182] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2598'.
[  601.630651][T18134] batman_adv: batadv0: Adding interface: batadv_slave_0
[  601.668606][T18134] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  601.705586][T10477] Bluetooth: hci1: command tx timeout
[  601.780319][T18134] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  601.805819][T18134] batman_adv: batadv0: Adding interface: batadv_slave_1
[  601.823435][T18134] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  601.941075][T18134] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  601.999027][T18182] mac80211_hwsim hwsim36 �: renamed from wlan0 (while UP)
[  602.081355][T18194] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[  602.151246][T10477] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  602.243164][T10477] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  602.552366][T18134] hsr_slave_0: entered promiscuous mode
[  602.586457][T18134] hsr_slave_1: entered promiscuous mode
[  602.592896][T18134] debugfs: 'hsr0' already exists in 'hsr'
[  602.619584][T18134] Cannot create hsr debugfs directory
[  603.399365][   T30] audit: type=1800 audit(4294986823.851:50): pid=18234 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2606" name="version" dev="configfs" ino=76657 res=0 errno=0
[  603.414301][T18134] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  603.471261][T18134] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  603.499873][T18134] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  603.531569][T18134] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  603.689013][T18249] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2609'.
[  603.774467][T10477] Bluetooth: hci1: command tx timeout
[  604.190238][T18249] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  604.224954][T18249] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  604.259536][T18249] bond0 (unregistering): Released all slaves
[  604.337540][T18261] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2612'.
[  604.534975][T18134] 8021q: adding VLAN 0 to HW filter on device bond0
[  604.599486][T18134] 8021q: adding VLAN 0 to HW filter on device team0
[  604.632085][T10630] bridge0: port 1(bridge_slave_0) entered blocking state
[  604.639344][T10630] bridge0: port 1(bridge_slave_0) entered forwarding state
[  604.681368][ T9833] bridge0: port 2(bridge_slave_1) entered blocking state
[  604.688622][ T9833] bridge0: port 2(bridge_slave_1) entered forwarding state
[  604.861941][T18134] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  605.543409][T18134] 8021q: adding VLAN 0 to HW filter on device batadv0
[  605.840177][T10477] Bluetooth: hci1: command tx timeout
[  605.932375][T18301] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  606.192830][T18134] veth0_vlan: entered promiscuous mode
[  606.224013][T18134] veth1_vlan: entered promiscuous mode
[  606.285674][T18134] veth0_macvtap: entered promiscuous mode
[  606.292366][T18134] veth1_macvtap: entered promiscuous mode
[  606.329737][T18134] batman_adv: batadv0: Interface activated: batadv_slave_0
[  606.342342][T18134] batman_adv: batadv0: Interface activated: batadv_slave_1
[  606.369483][T10623] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  606.369580][T10623] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  606.369625][T10623] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  606.369668][T10623] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  606.550679][ T9833] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  606.561533][ T9833] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  606.656522][ T9833] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  606.681034][ T9833] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  606.749086][T18314] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  607.726221][T18350] openvswitch: netlink: Flow actions attr not present in new flow.
[  607.912044][T10477] Bluetooth: hci1: command tx timeout
[  608.040823][T18359] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  608.309890][T18375] Format for deleting device is "id" (uint).
[  608.638908][T18373] zswap: compressor  not available
[  609.113323][T18390] netlink: 'syz.0.2639': attribute type 1 has an invalid length.
[  610.578178][T18430] FAULT_INJECTION: forcing a failure.
[  610.578178][T18430] name failslab, interval 1, probability 0, space 0, times 0
[  610.626044][T18430] CPU: 1 UID: 0 PID: 18430 Comm: syz.0.2650 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  610.626082][T18430] Tainted: [U]=USER
[  610.626090][T18430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  610.626106][T18430] Call Trace:
[  610.626114][T18430]  <TASK>
[  610.626124][T18430]  dump_stack_lvl+0x16c/0x1f0
[  610.626158][T18430]  should_fail_ex+0x512/0x640
[  610.626194][T18430]  ? __kmalloc_cache_noprof+0x5f/0x780
[  610.626236][T18430]  should_failslab+0xc2/0x120
[  610.626268][T18430]  __kmalloc_cache_noprof+0x72/0x780
[  610.626302][T18430]  ? __thp_vma_allowable_orders+0x1c8/0xcd0
[  610.626336][T18430]  ? madvise_collapse+0x1a9/0xab0
[  610.626375][T18430]  ? madvise_collapse+0x1a9/0xab0
[  610.626406][T18430]  madvise_collapse+0x1a9/0xab0
[  610.626440][T18430]  ? rcu_is_watching+0x12/0xc0
[  610.626466][T18430]  ? finish_task_switch.isra.0+0x221/0xc10
[  610.626490][T18430]  ? lockdep_hardirqs_on+0x7c/0x110
[  610.626514][T18430]  ? finish_task_switch.isra.0+0x221/0xc10
[  610.626538][T18430]  ? __pfx_madvise_collapse+0x10/0x10
[  610.626569][T18430]  ? rcu_is_watching+0x12/0xc0
[  610.626594][T18430]  ? trace_sched_exit_tp+0xd1/0x120
[  610.626654][T18430]  madvise_vma_behavior+0x1096/0x2d50
[  610.626697][T18430]  ? mas_prev_setup.constprop.0+0xb6/0x9d0
[  610.626728][T18430]  ? __pfx_madvise_vma_behavior+0x10/0x10
[  610.626762][T18430]  ? mas_prev+0x9b/0xf0
[  610.626787][T18430]  ? __pfx_mas_prev+0x10/0x10
[  610.626823][T18430]  ? find_vma_prev+0xd3/0x150
[  610.626852][T18430]  ? find_held_lock+0x2b/0x80
[  610.626877][T18430]  ? __pfx_find_vma_prev+0x10/0x10
[  610.626918][T18430]  ? __futex_wait+0x24b/0x2f0
[  610.626959][T18430]  madvise_walk_vmas+0x31f/0x9c0
[  610.626995][T18430]  ? __pfx_madvise_walk_vmas+0x10/0x10
[  610.627038][T18430]  madvise_do_behavior+0x1e2/0x530
[  610.627070][T18430]  ? futex_private_hash_put+0x18a/0x300
[  610.627103][T18430]  ? __pfx_madvise_do_behavior+0x10/0x10
[  610.627137][T18430]  ? down_read+0x13d/0x480
[  610.627179][T18430]  do_madvise+0x176/0x240
[  610.627215][T18430]  ? __pfx_do_madvise+0x10/0x10
[  610.627244][T18430]  ? do_futex+0x122/0x350
[  610.627298][T18430]  ? syscall_user_dispatch+0x78/0x140
[  610.627338][T18430]  __x64_sys_madvise+0xa9/0x110
[  610.627368][T18430]  do_syscall_64+0xcd/0xfa0
[  610.627395][T18430]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  610.627419][T18430] RIP: 0033:0x7fd61998efc9
[  610.627439][T18430] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  610.627464][T18430] RSP: 002b:00007fd61a802038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[  610.627490][T18430] RAX: ffffffffffffffda RBX: 00007fd619be5fa0 RCX: 00007fd61998efc9
[  610.627508][T18430] RDX: 0000000000000019 RSI: ffffffffffff0005 RDI: 0000000000000000
[  610.627525][T18430] RBP: 00007fd619a11f91 R08: 0000000000000000 R09: 0000000000000000
[  610.627541][T18430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  610.627556][T18430] R13: 00007fd619be6038 R14: 00007fd619be5fa0 R15: 00007ffed7e42e78
[  610.627594][T18430]  </TASK>
[  611.525134][   T30] audit: type=1800 audit(4294986832.019:51): pid=18460 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2654" name="version" dev="configfs" ino=77644 res=0 errno=0
[  612.108946][T18465] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[  612.186907][T18468] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2657'.
[  612.354321][T18471] FAULT_INJECTION: forcing a failure.
[  612.354321][T18471] name failslab, interval 1, probability 0, space 0, times 0
[  612.420414][T18471] CPU: 1 UID: 0 PID: 18471 Comm: syz.2.2658 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  612.420458][T18471] Tainted: [U]=USER
[  612.420467][T18471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  612.420483][T18471] Call Trace:
[  612.420491][T18471]  <TASK>
[  612.420502][T18471]  dump_stack_lvl+0x16c/0x1f0
[  612.420535][T18471]  should_fail_ex+0x512/0x640
[  612.420571][T18471]  ? kmem_cache_alloc_lru_noprof+0x66/0x6e0
[  612.420603][T18471]  should_failslab+0xc2/0x120
[  612.420636][T18471]  kmem_cache_alloc_lru_noprof+0x79/0x6e0
[  612.420662][T18471]  ? __dquot_initialize+0x299/0xd50
[  612.420691][T18471]  ? __d_alloc+0x32/0xae0
[  612.420727][T18471]  ? __d_alloc+0x32/0xae0
[  612.420759][T18471]  __d_alloc+0x32/0xae0
[  612.420793][T18471]  d_alloc_pseudo+0x1c/0xc0
[  612.420830][T18471]  alloc_file_pseudo+0xcf/0x230
[  612.420878][T18471]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  612.420927][T18471]  __shmem_file_setup+0x1a3/0x330
[  612.420981][T18471]  shmem_zero_setup+0x93/0x1a0
[  612.421011][T18471]  __mmap_region+0x2076/0x27a0
[  612.421042][T18471]  ? __pfx___mmap_region+0x10/0x10
[  612.421067][T18471]  ? finish_task_switch.isra.0+0x21c/0xc10
[  612.421097][T18471]  ? rcu_is_watching+0x12/0xc0
[  612.421123][T18471]  ? finish_task_switch.isra.0+0x221/0xc10
[  612.421149][T18471]  ? lockdep_hardirqs_on+0x7c/0x110
[  612.421177][T18471]  ? finish_task_switch.isra.0+0x221/0xc10
[  612.421237][T18471]  ? __pfx___schedule+0x10/0x10
[  612.421307][T18471]  ? trace_cap_capable+0x18d/0x200
[  612.421355][T18471]  mmap_region+0x1ab/0x3f0
[  612.421381][T18471]  ? __get_unmapped_area+0x267/0x440
[  612.421418][T18471]  do_mmap+0xa3e/0x1210
[  612.421456][T18471]  ? __pfx_do_mmap+0x10/0x10
[  612.421488][T18471]  ? __pfx_down_write_killable+0x10/0x10
[  612.421528][T18471]  vm_mmap_pgoff+0x29e/0x470
[  612.421566][T18471]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  612.421598][T18471]  ? find_held_lock+0x2b/0x80
[  612.421629][T18471]  ? __x64_sys_futex+0x1e0/0x4c0
[  612.421661][T18471]  ? __x64_sys_futex+0x1e9/0x4c0
[  612.421699][T18471]  ksys_mmap_pgoff+0x7d/0x5c0
[  612.421729][T18471]  ? xfd_validate_state+0x61/0x180
[  612.421777][T18471]  __x64_sys_mmap+0x125/0x190
[  612.421819][T18471]  do_syscall_64+0xcd/0xfa0
[  612.421851][T18471]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  612.421877][T18471] RIP: 0033:0x7fbba898efc9
[  612.421897][T18471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  612.421921][T18471] RSP: 002b:00007fbba975b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  612.421946][T18471] RAX: ffffffffffffffda RBX: 00007fbba8be5fa0 RCX: 00007fbba898efc9
[  612.421964][T18471] RDX: 00000000000000e3 RSI: 0000000000020009 RDI: 0000000000000000
[  612.421980][T18471] RBP: 00007fbba8a11f91 R08: 00040000000000a1 R09: 0000000000008000
[  612.421997][T18471] R10: 0000000100000eb1 R11: 0000000000000246 R12: 0000000000000000
[  612.422014][T18471] R13: 00007fbba8be6038 R14: 00007fbba8be5fa0 R15: 00007ffc4c9ab9a8
[  612.422052][T18471]  </TASK>
[  612.919078][T10477] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12
[  613.391958][T18484] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  613.735863][T18494] bond0: option fail_over_mac: invalid value ()
[  614.475147][T18511] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  614.996918][T10477] Bluetooth: hci1: command tx timeout
[  615.401756][T18523] netlink: 334 bytes leftover after parsing attributes in process `syz.4.2670'.
[  616.319024][T18548] ovs_: entered promiscuous mode
[  617.308801][T18572] nbd: socks must be embedded in a SOCK_ITEM attr
[  617.743232][T18578] ima: policy update failed
[  617.748188][   T30] audit: type=1802 audit(4294986838.269:52): pid=18578 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.2682" res=0 errno=0
[  618.513630][T18597] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2688'.
[  618.647339][T18597] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  618.930927][T18597] batman_adv: batadv0: Removing interface: batadv_slave_0
[  619.333027][T18597] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  619.346514][T18597] batman_adv: batadv0: Removing interface: batadv_slave_1
[  620.869358][T18641] FAULT_INJECTION: forcing a failure.
[  620.869358][T18641] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  621.106494][T18647] FAULT_INJECTION: forcing a failure.
[  621.106494][T18647] name failslab, interval 1, probability 0, space 0, times 0
[  621.130027][T18641] CPU: 0 UID: 0 PID: 18641 Comm: syz.4.2694 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  621.130067][T18641] Tainted: [U]=USER
[  621.130074][T18641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  621.130088][T18641] Call Trace:
[  621.130096][T18641]  <TASK>
[  621.130105][T18641]  dump_stack_lvl+0x16c/0x1f0
[  621.130134][T18641]  should_fail_ex+0x512/0x640
[  621.130171][T18641]  strncpy_from_user+0x3b/0x2e0
[  621.130204][T18641]  getname_flags.part.0+0x8f/0x550
[  621.130240][T18641]  getname_flags+0x93/0xf0
[  621.130263][T18641]  do_sys_openat2+0xb8/0x1d0
[  621.130293][T18641]  ? __pfx_do_sys_openat2+0x10/0x10
[  621.130326][T18641]  ? __pfx___might_resched+0x10/0x10
[  621.130357][T18641]  __x64_sys_openat+0x174/0x210
[  621.130388][T18641]  ? __pfx___x64_sys_openat+0x10/0x10
[  621.130430][T18641]  do_syscall_64+0xcd/0xfa0
[  621.130456][T18641]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  621.130477][T18641] RIP: 0033:0x7f5c85b8efc9
[  621.130495][T18641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  621.130516][T18641] RSP: 002b:00007f5c86ab8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  621.130539][T18641] RAX: ffffffffffffffda RBX: 00007f5c85de6180 RCX: 00007f5c85b8efc9
[  621.130553][T18641] RDX: 0000000000101840 RSI: 0000200000000180 RDI: ffffffffffffff9c
[  621.130568][T18641] RBP: 00007f5c85c11f91 R08: 0000000000000000 R09: 0000000000000000
[  621.130582][T18641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  621.130593][T18641] R13: 00007f5c85de6218 R14: 00007f5c85de6180 R15: 00007fff8550fea8
[  621.130624][T18641]  </TASK>
[  621.313047][T18647] CPU: 0 UID: 0 PID: 18647 Comm: syz.0.2695 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  621.313093][T18647] Tainted: [U]=USER
[  621.313102][T18647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  621.313117][T18647] Call Trace:
[  621.313126][T18647]  <TASK>
[  621.313138][T18647]  dump_stack_lvl+0x16c/0x1f0
[  621.313172][T18647]  should_fail_ex+0x512/0x640
[  621.313208][T18647]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  621.313238][T18647]  should_failslab+0xc2/0x120
[  621.313272][T18647]  kmem_cache_alloc_noprof+0x75/0x6e0
[  621.313297][T18647]  ? security_file_alloc+0x34/0x2b0
[  621.313330][T18647]  ? security_file_alloc+0x34/0x2b0
[  621.313354][T18647]  security_file_alloc+0x34/0x2b0
[  621.313381][T18647]  init_file+0x93/0x4c0
[  621.313413][T18647]  alloc_empty_file+0x73/0x1e0
[  621.313447][T18647]  path_openat+0xda/0x2cb0
[  621.313484][T18647]  ? __pfx_path_openat+0x10/0x10
[  621.313513][T18647]  ? __lock_acquire+0xb8a/0x1c90
[  621.313549][T18647]  do_filp_open+0x20b/0x470
[  621.313576][T18647]  ? __pfx_do_filp_open+0x10/0x10
[  621.313628][T18647]  ? alloc_fd+0x471/0x7d0
[  621.313662][T18647]  do_sys_openat2+0x11b/0x1d0
[  621.313696][T18647]  ? __pfx_do_sys_openat2+0x10/0x10
[  621.313743][T18647]  __x64_sys_openat+0x174/0x210
[  621.313778][T18647]  ? __pfx___x64_sys_openat+0x10/0x10
[  621.313826][T18647]  do_syscall_64+0xcd/0xfa0
[  621.313856][T18647]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  621.313887][T18647] RIP: 0033:0x7fd61998efc9
[  621.313908][T18647] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  621.313934][T18647] RSP: 002b:00007fd61a802038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  621.313958][T18647] RAX: ffffffffffffffda RBX: 00007fd619be5fa0 RCX: 00007fd61998efc9
[  621.313976][T18647] RDX: 0000000000000802 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  621.313993][T18647] RBP: 00007fd619a11f91 R08: 0000000000000000 R09: 0000000000000000
[  621.314009][T18647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  621.314025][T18647] R13: 00007fd619be6038 R14: 00007fd619be5fa0 R15: 00007ffed7e42e78
[  621.314060][T18647]  </TASK>
[  621.658011][T18652] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  621.824889][T18652] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  622.136063][T18657] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2697'.
[  622.804996][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  622.811381][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  623.427283][T18696] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2706'.
[  623.455576][T18664] sd 0:0:1:0: PR command failed: 1026
[  623.462523][T18664] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  623.546775][T18664] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  624.528621][T18720] vhci_hcd: invalid port number 23
[  624.541879][T18720] vhci_hcd: Wrong hub descriptor type for USB 3.0 roothub.
[  624.649696][T18724] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2712'.
[  626.165621][T18747] netlink: 'syz.1.2717': attribute type 28 has an invalid length.
[  626.204151][T18747] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2717'.
[  626.324525][T18751] FAULT_INJECTION: forcing a failure.
[  626.324525][T18751] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  626.373620][T18751] CPU: 0 UID: 0 PID: 18751 Comm: syz.4.2718 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  626.373660][T18751] Tainted: [U]=USER
[  626.373668][T18751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  626.373681][T18751] Call Trace:
[  626.373689][T18751]  <TASK>
[  626.373699][T18751]  dump_stack_lvl+0x16c/0x1f0
[  626.373731][T18751]  should_fail_ex+0x512/0x640
[  626.373769][T18751]  _copy_to_user+0x32/0xd0
[  626.373807][T18751]  simple_read_from_buffer+0xcb/0x170
[  626.373846][T18751]  proc_fail_nth_read+0x197/0x240
[  626.373873][T18751]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  626.373902][T18751]  ? rw_verify_area+0xcf/0x6c0
[  626.373923][T18751]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  626.373950][T18751]  vfs_read+0x1e4/0xcf0
[  626.373980][T18751]  ? __pfx___mutex_lock+0x10/0x10
[  626.374007][T18751]  ? __pfx_vfs_read+0x10/0x10
[  626.374041][T18751]  ? __fget_files+0x20e/0x3c0
[  626.374097][T18751]  ksys_read+0x12a/0x250
[  626.374121][T18751]  ? __pfx_ksys_read+0x10/0x10
[  626.374146][T18751]  ? __x64_sys_quotactl_fd+0x378/0x540
[  626.374169][T18751]  ? 0xffffffff81000000
[  626.374194][T18751]  do_syscall_64+0xcd/0xfa0
[  626.374224][T18751]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  626.374248][T18751] RIP: 0033:0x7f5c85b8d9dc
[  626.374267][T18751] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  626.374289][T18751] RSP: 002b:00007f5c86afa030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  626.374312][T18751] RAX: ffffffffffffffda RBX: 00007f5c85de5fa0 RCX: 00007f5c85b8d9dc
[  626.374328][T18751] RDX: 000000000000000f RSI: 00007f5c86afa0a0 RDI: 0000000000000003
[  626.374343][T18751] RBP: 00007f5c86afa090 R08: 0000000000000000 R09: 0000000000000000
[  626.374357][T18751] R10: ffffffff81000000 R11: 0000000000000246 R12: 0000000000000001
[  626.374372][T18751] R13: 00007f5c85de6038 R14: 00007f5c85de5fa0 R15: 00007fff8550fea8
[  626.374394][T18751]  ? 0xffffffff81000000
[  626.374429][T18751]  </TASK>
[  629.507354][T18801] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2732'.
[  629.661857][T18801] hsr_slave_0 (unregistering): left promiscuous mode
[  631.689543][T18848] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2743'.
[  634.234841][T18901] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  634.256103][T18901] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  636.454601][T18936] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  636.540587][T18936] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  638.478482][T18966] FAULT_INJECTION: forcing a failure.
[  638.478482][T18966] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  638.532293][T18966] CPU: 1 UID: 0 PID: 18966 Comm: syz.0.2768 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  638.532338][T18966] Tainted: [U]=USER
[  638.532347][T18966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  638.532363][T18966] Call Trace:
[  638.532371][T18966]  <TASK>
[  638.532381][T18966]  dump_stack_lvl+0x16c/0x1f0
[  638.532416][T18966]  should_fail_ex+0x512/0x640
[  638.532458][T18966]  should_fail_alloc_page+0xe7/0x130
[  638.532493][T18966]  prepare_alloc_pages+0x3c2/0x610
[  638.532533][T18966]  __alloc_frozen_pages_noprof+0x18b/0x2470
[  638.532564][T18966]  ? __pfx_stack_trace_save+0x10/0x10
[  638.532594][T18966]  ? stack_depot_save_flags+0x29/0x9c0
[  638.532638][T18966]  ? kasan_save_stack+0x42/0x60
[  638.532663][T18966]  ? kasan_save_stack+0x33/0x60
[  638.532691][T18966]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  638.532716][T18966]  ? create_new_namespaces+0x48a/0xa90
[  638.532743][T18966]  ? ksys_unshare+0x45b/0xa40
[  638.532774][T18966]  ? do_syscall_64+0xcd/0xfa0
[  638.532799][T18966]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  638.532844][T18966]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  638.532885][T18966]  ? policy_nodemask+0xea/0x4e0
[  638.532939][T18966]  alloc_pages_mpol+0x1fb/0x550
[  638.532975][T18966]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  638.533018][T18966]  alloc_pages_noprof+0x131/0x390
[  638.533052][T18966]  copy_time_ns+0x113/0x510
[  638.533078][T18966]  ? copy_net_ns+0x31f/0x690
[  638.533104][T18966]  ? copy_cgroup_ns+0x71/0x6b0
[  638.533136][T18966]  create_new_namespaces+0x48a/0xa90
[  638.533172][T18966]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  638.533204][T18966]  ksys_unshare+0x45b/0xa40
[  638.533235][T18966]  ? __pfx_ksys_unshare+0x10/0x10
[  638.533273][T18966]  ? xfd_validate_state+0x61/0x180
[  638.533321][T18966]  __x64_sys_unshare+0x31/0x40
[  638.533351][T18966]  do_syscall_64+0xcd/0xfa0
[  638.533381][T18966]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  638.533405][T18966] RIP: 0033:0x7fd61998efc9
[  638.533427][T18966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  638.533452][T18966] RSP: 002b:00007fd61a802038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  638.533476][T18966] RAX: ffffffffffffffda RBX: 00007fd619be5fa0 RCX: 00007fd61998efc9
[  638.533494][T18966] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080
[  638.533509][T18966] RBP: 00007fd619a11f91 R08: 0000000000000000 R09: 0000000000000000
[  638.533524][T18966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  638.533539][T18966] R13: 00007fd619be6038 R14: 00007fd619be5fa0 R15: 00007ffed7e42e78
[  638.533573][T18966]  </TASK>
[  639.331782][T18973] FAULT_INJECTION: forcing a failure.
[  639.331782][T18973] name fail_futex, interval 1, probability 0, space 0, times 0
[  639.362387][T18973] CPU: 1 UID: 0 PID: 18973 Comm: syz.1.2769 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  639.362427][T18973] Tainted: [U]=USER
[  639.362435][T18973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  639.362449][T18973] Call Trace:
[  639.362457][T18973]  <TASK>
[  639.362466][T18973]  dump_stack_lvl+0x16c/0x1f0
[  639.362498][T18973]  should_fail_ex+0x512/0x640
[  639.362535][T18973]  get_futex_key+0x1d0/0x1560
[  639.362568][T18973]  ? __pfx_get_futex_key+0x10/0x10
[  639.362596][T18973]  ? __mutex_trylock_common+0xe9/0x250
[  639.362636][T18973]  futex_wake+0xea/0x530
[  639.362673][T18973]  ? __pfx_futex_wake+0x10/0x10
[  639.362712][T18973]  ? __lock_acquire+0xb8a/0x1c90
[  639.362758][T18973]  do_futex+0x1e3/0x350
[  639.362789][T18973]  ? __pfx_do_futex+0x10/0x10
[  639.362817][T18973]  ? __might_fault+0xe3/0x190
[  639.362855][T18973]  mm_release+0x24e/0x300
[  639.362881][T18973]  do_exit+0x68e/0x2bf0
[  639.362919][T18973]  ? __pfx_do_exit+0x10/0x10
[  639.362949][T18973]  ? do_raw_spin_lock+0x12c/0x2b0
[  639.362981][T18973]  ? find_held_lock+0x2b/0x80
[  639.363010][T18973]  do_group_exit+0xd3/0x2a0
[  639.363043][T18973]  get_signal+0x2671/0x26d0
[  639.363082][T18973]  ? __pfx_get_signal+0x10/0x10
[  639.363107][T18973]  ? do_futex+0x122/0x350
[  639.363149][T18973]  ? __pfx_do_futex+0x10/0x10
[  639.363183][T18973]  arch_do_signal_or_restart+0x8f/0x790
[  639.363214][T18973]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  639.363251][T18973]  ? xfd_validate_state+0x61/0x180
[  639.363291][T18973]  exit_to_user_mode_loop+0x85/0x130
[  639.363327][T18973]  do_syscall_64+0x426/0xfa0
[  639.363352][T18973]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  639.363374][T18973] RIP: 0033:0x7fb56198efc9
[  639.363393][T18973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  639.363416][T18973] RSP: 002b:00007fb5627590e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  639.363438][T18973] RAX: fffffffffffffe00 RBX: 00007fb561be6278 RCX: 00007fb56198efc9
[  639.363454][T18973] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb561be6278
[  639.363469][T18973] RBP: 00007fb561be6270 R08: 0000000000000000 R09: 0000000000000000
[  639.363488][T18973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  639.363504][T18973] R13: 00007fb561be6308 R14: 00007fffd963a080 R15: 00007fffd963a168
[  639.363539][T18973]  </TASK>
[  640.730360][T18994] netlink: 338 bytes leftover after parsing attributes in process `syz.4.2773'.
[  640.753538][T18996] netlink: 338 bytes leftover after parsing attributes in process `syz.4.2773'.
[  641.096373][T19003] FAULT_INJECTION: forcing a failure.
[  641.096373][T19003] name failslab, interval 1, probability 0, space 0, times 0
[  641.135088][T19003] CPU: 0 UID: 0 PID: 19003 Comm: syz.0.2774 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  641.135130][T19003] Tainted: [U]=USER
[  641.135137][T19003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  641.135146][T19003] Call Trace:
[  641.135151][T19003]  <TASK>
[  641.135157][T19003]  dump_stack_lvl+0x16c/0x1f0
[  641.135179][T19003]  should_fail_ex+0x512/0x640
[  641.135200][T19003]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  641.135219][T19003]  should_failslab+0xc2/0x120
[  641.135238][T19003]  kmem_cache_alloc_noprof+0x75/0x6e0
[  641.135252][T19003]  ? __proc_create+0x2ce/0x8e0
[  641.135276][T19003]  ? __proc_create+0x2ce/0x8e0
[  641.135296][T19003]  __proc_create+0x2ce/0x8e0
[  641.135316][T19003]  ? __pfx___proc_create+0x10/0x10
[  641.135343][T19003]  _proc_mkdir+0xb9/0x210
[  641.135363][T19003]  ? __pfx__proc_mkdir+0x10/0x10
[  641.135387][T19003]  ? __pfx_netfilter_net_init+0x10/0x10
[  641.135410][T19003]  netfilter_net_init+0x37b/0x4b0
[  641.135431][T19003]  ? sysctl_net_init+0x27/0x30
[  641.135448][T19003]  ops_init+0x1e2/0x5f0
[  641.135465][T19003]  setup_net+0x100/0x390
[  641.135479][T19003]  ? __pfx_setup_net+0x10/0x10
[  641.135494][T19003]  ? debug_mutex_init+0x37/0x70
[  641.135512][T19003]  copy_net_ns+0x2f8/0x690
[  641.135529][T19003]  create_new_namespaces+0x3ea/0xa90
[  641.135549][T19003]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  641.135567][T19003]  ksys_unshare+0x45b/0xa40
[  641.135585][T19003]  ? __pfx_ksys_unshare+0x10/0x10
[  641.135604][T19003]  ? xfd_validate_state+0x61/0x180
[  641.135629][T19003]  __x64_sys_unshare+0x31/0x40
[  641.135648][T19003]  do_syscall_64+0xcd/0xfa0
[  641.135665][T19003]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  641.135679][T19003] RIP: 0033:0x7fd61998efc9
[  641.135691][T19003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  641.135706][T19003] RSP: 002b:00007fd61a7e1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  641.135720][T19003] RAX: ffffffffffffffda RBX: 00007fd619be6090 RCX: 00007fd61998efc9
[  641.135729][T19003] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  641.135738][T19003] RBP: 00007fd619a11f91 R08: 0000000000000000 R09: 0000000000000000
[  641.135747][T19003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  641.135757][T19003] R13: 00007fd619be6128 R14: 00007fd619be6090 R15: 00007ffed7e42e78
[  641.135777][T19003]  </TASK>
[  641.135783][T19003] cannot create netfilter proc entry
[  641.760490][T10478] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  641.780883][T10478] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  641.792002][T10478] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  641.812697][T10478] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  641.827503][T10478] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  642.173137][ T9938] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  642.207716][T19013] mkiss: ax0: crc mode is auto.
[  642.324939][ T9938] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  642.516907][ T9938] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  642.673070][ T9938] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  643.040621][T19007] chnl_net:caif_netlink_parms(): no params data found
[  643.423205][ T9938] bridge_slave_1: left allmulticast mode
[  643.440641][ T9938] bridge_slave_1: left promiscuous mode
[  643.477503][ T9938] bridge0: port 2(bridge_slave_1) entered disabled state
[  643.574397][ T9938] bridge_slave_0: left allmulticast mode
[  643.598193][ T9938] bridge_slave_0: left promiscuous mode
[  643.605011][ T9938] bridge0: port 1(bridge_slave_0) entered disabled state
[  643.896838][T10478] Bluetooth: hci5: command tx timeout
[  644.358445][T19049] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  644.373129][T19049] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  644.429407][T19053] delete_channel: no stack
[  645.736548][ T9938] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  645.774601][ T9938] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  645.820963][ T9938] bond0 (unregistering): Released all slaves
[  645.864131][T19007] bridge0: port 1(bridge_slave_0) entered blocking state
[  645.882656][T19007] bridge0: port 1(bridge_slave_0) entered disabled state
[  645.930941][T19007] bridge_slave_0: entered allmulticast mode
[  645.955257][T19007] bridge_slave_0: entered promiscuous mode
[  645.966101][T10478] Bluetooth: hci5: command tx timeout
[  645.981468][T19007] bridge0: port 2(bridge_slave_1) entered blocking state
[  645.989186][T19007] bridge0: port 2(bridge_slave_1) entered disabled state
[  645.997362][T19007] bridge_slave_1: entered allmulticast mode
[  646.005337][T19007] bridge_slave_1: entered promiscuous mode
[  646.035463][ T9938] tipc: Left network mode
[  646.057129][T19071] overlayfs: "check_copy_up" module option is obsolete
[  646.934918][T19007] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  646.999557][T19007] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  647.235449][T19090] sg_read: process 486 (syz.1.2793) changed security contexts after opening file descriptor, this is not allowed.
[  647.505680][T19007] team0: Port device team_slave_0 added
[  647.615717][T19007] team0: Port device team_slave_1 added
[  647.776059][T19098] __vm_enough_memory: pid: 19098, comm: syz.1.2795, bytes: 4398046511104 not enough memory for the allocation
[  647.997664][T19108] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  648.035128][T10478] Bluetooth: hci5: command tx timeout
[  648.079627][T19007] batman_adv: batadv0: Adding interface: batadv_slave_0
[  648.116074][T19007] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  648.225315][T19007] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  648.353988][T19007] batman_adv: batadv0: Adding interface: batadv_slave_1
[  648.400996][T19007] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  648.522500][T19007] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  648.788167][T19126] ==================================================================
[  648.788185][T19126] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x1a6f/0x1e60
[  648.788223][T19126] Write of size 8 at addr ffffc90003ae10c0 by task syz.1.2799/19126
[  648.788246][T19126] 
[  648.788274][T19126] CPU: 1 UID: 0 PID: 19126 Comm: syz.1.2799 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  648.788311][T19126] Tainted: [U]=USER
[  648.788321][T19126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  648.788337][T19126] Call Trace:
[  648.788346][T19126]  <TASK>
[  648.788357][T19126]  dump_stack_lvl+0x116/0x1f0
[  648.788386][T19126]  print_report+0xcd/0x630
[  648.788420][T19126]  ? __virt_addr_valid+0x81/0x610
[  648.788454][T19126]  ? sys_imageblit+0x1a6f/0x1e60
[  648.788481][T19126]  kasan_report+0xe0/0x110
[  648.788512][T19126]  ? sys_imageblit+0x1a6f/0x1e60
[  648.788542][T19126]  sys_imageblit+0x1a6f/0x1e60
[  648.788574][T19126]  ? __pfx_sys_imageblit+0x10/0x10
[  648.788602][T19126]  ? __pfx__prb_read_valid+0x10/0x10
[  648.788635][T19126]  ? find_held_lock+0x2b/0x80
[  648.788660][T19126]  ? up+0xcb/0x140
[  648.788688][T19126]  ? do_raw_spin_unlock+0x172/0x230
[  648.788727][T19126]  ? prb_read_valid+0x78/0xa0
[  648.788761][T19126]  drm_fbdev_shmem_defio_imageblit+0x20/0x130
[  648.788789][T19126]  soft_cursor+0x524/0xa10
[  648.788827][T19126]  ? fb_get_color_depth+0x120/0x250
[  648.788863][T19126]  bit_cursor+0xe8c/0x17e0
[  648.788903][T19126]  ? __pfx_bit_cursor+0x10/0x10
[  648.788943][T19126]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  648.788982][T19126]  ? get_color+0x1da/0x450
[  648.789011][T19126]  ? __pfx_bit_cursor+0x10/0x10
[  648.789045][T19126]  fbcon_cursor+0x40c/0x5a0
[  648.789076][T19126]  ? add_softcursor+0x1/0x290
[  648.789112][T19126]  set_cursor+0x1db/0x250
[  648.789134][T19126]  con_write+0x89/0xb0
[  648.789157][T19126]  n_tty_write+0x41e/0x11e0
[  648.789192][T19126]  ? __pfx_n_tty_write+0x10/0x10
[  648.789220][T19126]  ? trace_kmalloc+0x2b/0xd0
[  648.789245][T19126]  ? __pfx_woken_wake_function+0x10/0x10
[  648.789288][T19126]  ? kfree+0x252/0x6d0
[  648.789309][T19126]  ? __pfx_n_tty_write+0x10/0x10
[  648.789340][T19126]  file_tty_write.constprop.0+0x503/0x9b0
[  648.789368][T19126]  redirected_tty_write+0xd4/0x150
[  648.789394][T19126]  vfs_write+0x7d3/0x11d0
[  648.789420][T19126]  ? __pfx_redirected_tty_write+0x10/0x10
[  648.789449][T19126]  ? __pfx_vfs_write+0x10/0x10
[  648.789473][T19126]  ? find_held_lock+0x2b/0x80
[  648.789508][T19126]  ksys_write+0x12a/0x250
[  648.789534][T19126]  ? __pfx_ksys_write+0x10/0x10
[  648.789565][T19126]  do_syscall_64+0xcd/0xfa0
[  648.789593][T19126]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.789619][T19126] RIP: 0033:0x7fb56198efc9
[  648.789640][T19126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  648.789665][T19126] RSP: 002b:00007fb56279b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  648.789691][T19126] RAX: ffffffffffffffda RBX: 00007fb561be6090 RCX: 00007fb56198efc9
[  648.789710][T19126] RDX: 00000000000009fc RSI: 0000200000001bc0 RDI: 0000000000000003
[  648.789727][T19126] RBP: 00007fb561a11f91 R08: 0000000000000000 R09: 0000000000000000
[  648.789745][T19126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  648.789761][T19126] R13: 00007fb561be6128 R14: 00007fb561be6090 R15: 00007fffd963a168
[  648.789788][T19126]  </TASK>
[  648.789796][T19126] 
[  648.789804][T19126] The buggy address belongs to a vmalloc virtual mapping
[  648.789824][T19126] Memory state around the buggy address:
[  648.789838][T19126]  ffffc90003ae0f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  648.789857][T19126]  ffffc90003ae1000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  648.789876][T19126] >ffffc90003ae1080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  648.789889][T19126]                                            ^
[  648.789904][T19126]  ffffc90003ae1100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  648.789922][T19126]  ffffc90003ae1180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  648.789937][T19126] ==================================================================
[  648.789951][T19126] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  648.789971][T19126] CPU: 1 UID: 0 PID: 19126 Comm: syz.1.2799 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  648.790008][T19126] Tainted: [U]=USER
[  648.790018][T19126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  648.790034][T19126] Call Trace:
[  648.790042][T19126]  <TASK>
[  648.790053][T19126]  dump_stack_lvl+0x3d/0x1f0
[  648.790080][T19126]  vpanic+0x640/0x6f0
[  648.790114][T19126]  panic+0xca/0xd0
[  648.790146][T19126]  ? __pfx_panic+0x10/0x10
[  648.790186][T19126]  check_panic_on_warn+0xab/0xb0
[  648.790221][T19126]  end_report+0x107/0x170
[  648.790252][T19126]  kasan_report+0xee/0x110
[  648.790291][T19126]  ? sys_imageblit+0x1a6f/0x1e60
[  648.790324][T19126]  sys_imageblit+0x1a6f/0x1e60
[  648.790359][T19126]  ? __pfx_sys_imageblit+0x10/0x10
[  648.790386][T19126]  ? __pfx__prb_read_valid+0x10/0x10
[  648.790421][T19126]  ? find_held_lock+0x2b/0x80
[  648.790447][T19126]  ? up+0xcb/0x140
[  648.790474][T19126]  ? do_raw_spin_unlock+0x172/0x230
[  648.790516][T19126]  ? prb_read_valid+0x78/0xa0
[  648.790551][T19126]  drm_fbdev_shmem_defio_imageblit+0x20/0x130
[  648.790581][T19126]  soft_cursor+0x524/0xa10
[  648.790620][T19126]  ? fb_get_color_depth+0x120/0x250
[  648.790657][T19126]  bit_cursor+0xe8c/0x17e0
[  648.790697][T19126]  ? __pfx_bit_cursor+0x10/0x10
[  648.790737][T19126]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  648.790778][T19126]  ? get_color+0x1da/0x450
[  648.790809][T19126]  ? __pfx_bit_cursor+0x10/0x10
[  648.790843][T19126]  fbcon_cursor+0x40c/0x5a0
[  648.790876][T19126]  ? add_softcursor+0x1/0x290
[  648.790914][T19126]  set_cursor+0x1db/0x250
[  648.790937][T19126]  con_write+0x89/0xb0
[  648.790962][T19126]  n_tty_write+0x41e/0x11e0
[  648.790994][T19126]  ? __pfx_n_tty_write+0x10/0x10
[  648.791028][T19126]  ? trace_kmalloc+0x2b/0xd0
[  648.791057][T19126]  ? __pfx_woken_wake_function+0x10/0x10
[  648.791091][T19126]  ? kfree+0x252/0x6d0
[  648.791111][T19126]  ? __pfx_n_tty_write+0x10/0x10
[  648.791139][T19126]  file_tty_write.constprop.0+0x503/0x9b0
[  648.791169][T19126]  redirected_tty_write+0xd4/0x150
[  648.791195][T19126]  vfs_write+0x7d3/0x11d0
[  648.791222][T19126]  ? __pfx_redirected_tty_write+0x10/0x10
[  648.791249][T19126]  ? __pfx_vfs_write+0x10/0x10
[  648.791281][T19126]  ? find_held_lock+0x2b/0x80
[  648.791316][T19126]  ksys_write+0x12a/0x250
[  648.791342][T19126]  ? __pfx_ksys_write+0x10/0x10
[  648.791374][T19126]  do_syscall_64+0xcd/0xfa0
[  648.791402][T19126]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.791428][T19126] RIP: 0033:0x7fb56198efc9
[  648.791449][T19126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  648.791473][T19126] RSP: 002b:00007fb56279b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  648.791500][T19126] RAX: ffffffffffffffda RBX: 00007fb561be6090 RCX: 00007fb56198efc9
[  648.791518][T19126] RDX: 00000000000009fc RSI: 0000200000001bc0 RDI: 0000000000000003
[  648.791535][T19126] RBP: 00007fb561a11f91 R08: 0000000000000000 R09: 0000000000000000
[  648.791552][T19126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  648.791569][T19126] R13: 00007fb561be6128 R14: 00007fb561be6090 R15: 00007fffd963a168
[  648.791595][T19126]  </TASK>
[  648.791860][T19126] Kernel Offset: disabled