last executing test programs:

8.297510367s ago: executing program 3 (id=2718):
clone3$auto(0x0, 0xfffffffffffffffb)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0x2, 0x801, 0x100)
mmap$auto(0x0, 0xdb33, 0xe2, 0xeb1, 0x405, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff)
mmap$auto(0x0, 0x1ff, 0xdf, 0x200000810, 0xffffffffffffffff, 0x8000)
madvise$auto(0x0, 0x200007, 0x19)
madvise$auto(0x0, 0x2003f0, 0x15)
write$auto(0x3, 0x0, 0x100082)
io_uring_setup$auto(0x6, 0x0)
madvise$auto(0x0, 0x200007, 0x19)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x29a02, 0x0)
socket(0xa, 0x3, 0x3a)
r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000001080)='/dev/v4l-touch5\x00', 0x2040, 0x0)
read$auto_v4l2_fops_v4l2_dev(r0, &(0x7f00000010c0)=""/22, 0x16)
r1 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read$auto_proc_single_file_operations_base(r1, 0x0, 0x0)
sendmsg$auto_TIPC_NL_PUBL_GET(0xffffffffffffffff, 0x0, 0x40001)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r2 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
r3 = mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0)
ppoll$auto(&(0x7f0000000000)={r3, 0x81, 0x9}, 0x9, &(0x7f0000000040)={0x1}, &(0x7f00000000c0), 0x8)
mq_timedsend$auto(r3, 0x0, 0x2000, 0x2, 0x0)
ioctl$auto_SNDRV_TIMER_IOCTL_GPARAMS(r3, 0x40485404, &(0x7f0000000100)={{0x521, 0x9, 0x7, 0x9, 0xffffffff}, 0x6, 0x3, "c5a22f1570cdb0fe850e4cfaaf82a9c429d59c884998450cc5a6b0e78c6fd6e0"})
msync$auto(0x1ffff002, 0x180000000000000, 0x0)
getsockopt$auto_SO_PASSCRED(r2, 0x40, 0x10, &(0x7f0000000000)='#!@\\$\x00', &(0x7f0000000040)=0x6)
msgsnd$auto(0x0, &(0x7f0000000080)={0x1, 0x6}, 0x8, 0x7)
mremap$auto(0x8000, 0x7, 0x1, 0x3, 0x20000000)

6.659854613s ago: executing program 3 (id=2726):
mmap$auto(0x8000, 0x20009, 0xe1, 0xeb1, 0x40000000000a5, 0x8003)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000180)={{0x0, 0x14, &(0x7f0000000000)={0x0, 0x80d6c6}, 0x2, 0x0, 0xe, 0x4}, 0x3}, 0x40, 0xb07e)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x155)
r0 = socket(0x2, 0x80802, 0x0)
close_range$auto(0x2, 0xa, 0x0)
socket(0x2, 0xa, 0x1)
socket(0xa, 0x2, 0x0)
openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, 0x0, 0x20100, 0x0)
r1 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r1, &(0x7f0000000340)=""/231, 0xe7)
ppoll$auto(&(0x7f0000000040)={r1, 0x3460, 0x7}, 0x2, &(0x7f00000000c0)={0x4, 0x7}, &(0x7f0000000140)={0x101}, 0x8)
connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55)
setsockopt$auto(r0, 0x11, 0x67, 0x0, 0x8)
socket(0x10, 0x2, 0x0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
mmap$auto(0xfffffffffffffffc, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
open(&(0x7f0000000100)='./file0\x00', 0x149443, 0x0)
socket(0x22, 0x2, 0x3)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xa083, 0x0)
ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r3)
ioctl$auto_KVM_CREATE_VM(r2, 0x4040aea0, 0x1f)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1000000000001, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x6)

6.374177672s ago: executing program 3 (id=2728):
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) (async)
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
r0 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
socket(0x10, 0x2, 0x0)
statmount$auto(0x0, &(0x7f0000000040)={0x0, 0x0, 0x38, 0xffffff01, 0x9, 0x9, 0x80000001, 0x7, 0x8, 0x5, 0x5, 0x9, 0x2, 0x8, 0x5, 0xf, 0xffffffffffffffff, 0x9, 0x1, 0x5}, 0x800, 0x0) (async)
statmount$auto(0x0, &(0x7f0000000040)={0x0, 0x0, 0x38, 0xffffff01, 0x9, 0x9, 0x80000001, 0x7, 0x8, 0x5, 0x5, 0x9, 0x2, 0x8, 0x5, 0xf, 0xffffffffffffffff, 0x9, 0x1, 0x5}, 0x800, 0x0)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYRES16=r0, @ANYRES16=0x0, @ANYBLOB="000326bd7000fedbdf2502000000080027000e0000000a0010"], 0x28}, 0x1, 0x0, 0x0, 0x4c894}, 0x24008000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) (async)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x44)
socket(0x2, 0x3, 0xa)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8)
connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) (async)
connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000)
clone$auto(0x8, 0xfffffffffffffff7, 0xffffffffffffffff, 0xfffffffffffffffc, 0x9)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x10000, 0x2003f0, 0x12)

5.309201908s ago: executing program 3 (id=2731):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
write$auto(0x3, 0x0, 0x7fffffff)
write$auto(r0, 0x0, 0x80000000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/memory/memory0/state\x00', 0x1e1842, 0x0)
read$auto(0x3, 0x0, 0x80)
write$auto(0x3, 0x0, 0xfffffdef)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
listmount$auto(0x0, 0x0, 0x0, 0x1)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb2, 0x403, 0x8000)
socket(0x11, 0x3, 0x100)
r1 = socket(0x23, 0x80805, 0x0)
poll$auto(&(0x7f0000000040)={<r2=>r1, 0x7, 0x8}, 0x80, 0x400400)
setsockopt$auto(r2, 0x113, 0x1, 0x0, 0x81)
socket(0x10, 0x2, 0x0)
r3 = bpf$auto(0x5, 0x0, 0x1000)
readv$auto(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x5}, 0x3)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB='=J\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030000020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a000500ffffffffffff000006000700070000000800040073090000"], 0x60}, 0x1, 0x0, 0x0, 0x18a64d47ddeca1f0}, 0x4040090)
r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0x10000000000402)
ioctl$auto(0x3, 0xae41, 0x38)
ioctl$auto_SNDRV_RAWMIDI_IOCTL_PARAMS(r3, 0xc0305710, &(0x7f0000000100)={0x6, 0x100000001, 0xffffffff, 0x1, 0x7, "0abff8092ae4e5ba5fcc5213"})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), r5)
sendmsg$auto_NFSD_CMD_THREADS_SET(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)=ANY=[@ANYBLOB="65afb759", @ANYRES16=r6, @ANYBLOB="01002cbd7000fddbdf2502000000080001000a000000450004002f7379732f646576696365732f706c6174666f726d2f64756d6d795f6863642e362f757362372f706f7765722f77616b6575705f6163746976655f636f756e740000000008000200a3000000"], 0x6c}, 0x1, 0x0, 0x0, 0x4004891}, 0x4000)

5.289405463s ago: executing program 1 (id=2732):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = userfaultfd$auto(0x1)
statx$auto(r0, 0x0, 0x1000, 0x8, 0x0)
r1 = socket(0x1d, 0x2, 0x6)
r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/can/rcvlist_sff\x00', 0x0, 0x0)
read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000140)=""/103, 0x67)
setsockopt$auto(r1, 0x6a, 0x1, 0x0, 0xc)

4.777108332s ago: executing program 1 (id=2734):
name_to_handle_at$auto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x202) (async, rerun: 32)
getsockopt$auto_SO_PRIORITY(0xffffffffffffffff, 0x5, 0xc, &(0x7f0000000080)='\"\x81=\x00\xfdhhZ\xa0\x16\xda`\x00\x00\x00\x00\x00\x00\x00\xe0\x18\x98\x99\x00\x00\xbf\x04\xd7', 0x0) (async, rerun: 32)
socket(0x15, 0x5, 0x0) (async)
fchmodat$auto(0xffffffffffffffff, 0x0, 0x111f)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) (async, rerun: 32)
mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) (async, rerun: 32)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) (async)
sysfs$auto(0x2, 0x2, 0x0) (async, rerun: 64)
mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) (async, rerun: 64)
mmap$auto(0x1000, 0x8000000000000000, 0xdf, 0x1000000009b79, 0x2, 0x10004) (async)
openat$auto_generic(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci8/force_suspend\x00', 0x105000, 0x0) (async)
socket(0xa, 0x2, 0x3a)
read$auto(0x3, 0x0, 0x80) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5) (async, rerun: 32)
socketpair$auto(0x7ff, 0x58, 0x0, 0x0) (rerun: 32)
ioctl$auto(r1, 0x4008af03, 0xffffffffffffffff)
close_range$auto(0x2, 0xffffffffffffffff, 0x80000001) (async)
close_range$auto(0x2, 0xffffffffffffffff, 0x3)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/bus/usb/drivers/cdc_ncm/remove_id\x00', 0x88b02, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000080)=""/28, 0x1c) (async)
socketpair$auto(0x3, 0x5, 0x7, 0x0)
r3 = socket(0x0, 0x800, 0x0)
connect$auto(r3, &(0x7f0000000000)=@rc={0x1f, @none, 0x6}, 0x7)
socket(0x2, 0x1, 0x84) (async, rerun: 32)
connect$auto(0x3, 0x0, 0x55) (async, rerun: 32)
listen$auto(0x3, 0x81)

4.196613981s ago: executing program 0 (id=2736):
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x200, 0x0)
setsockopt$auto(0xffffffffffffffff, 0x29, 0x4, 0xffffffffffffffff, 0x79)
mmap$auto(0x0, 0x2000a, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
setsockopt$auto(0x3, 0x1, 0x4c, 0x0, 0x9)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0)
sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, 0x0, 0x40840)
mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0x7, 0x28000)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
r0 = epoll_create$auto(0x4)
openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, 0x0, 0x101002, 0x0)
sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20044850}, 0x40000)
sendmsg$auto_GTP_CMD_GETPDP(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x4044800}, 0x4)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/trace_options\x00', 0x40000, 0x0)
poll$auto(0x0, 0x2007, 0x20000008)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
open(0x0, 0x7ffd, 0x12)
pwrite64$auto(0xffffffffffffffff, 0x0, 0x6, 0x8)
madvise$auto(0x0, 0x200007, 0x19)
syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000b80), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
read$auto(0x3, 0x0, 0x80)
io_uring_setup$auto(0x406, 0x0)

4.180112718s ago: executing program 1 (id=2737):
fsconfig$auto_SHMEM_HUGE_NEVER(0xffffffffffffffff, 0x1, &(0x7f0000000140)='*\x00', &(0x7f0000000180)="d34897db20f9700989f34b0a38ea1ae7637d48611140ddeb8f0f35c91f4d465418689aa096aad1f68c1c5cf344596153a842f033ff3d415b658aa7d1c93321", 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
semctl$auto(0x80001ff, 0x804, 0x13, 0x4)
keyctl$auto(0x1, 0x7, 0x100, 0x8, 0x4)
keyctl$auto(0x8, 0x7, 0x100, 0x0, 0x4)
socket(0x1e, 0x1, 0x0)
socket(0x10, 0x2, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x426dc2, 0x84)
fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d)
fcntl$auto(0x8000000000000001, 0xbe6a, 0x8)
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
unlink$auto(&(0x7f0000000380)='./file0\x00')
memfd_create$auto(&(0x7f0000000000)='\xc4--:\xdd:,./-${\x00', 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x3, 0x100)
socket(0x2c, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x3c, r1, 0x1b, 0x74bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0xc, 0x3, 0x0, 0x1, [@nested={0x8, 0x19, 0x0, 0x1, [@nested={0x4, 0x1}]}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "8987714800"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800)
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x2, 0x3a)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
eventfd$auto(0x3)
r2 = openat$auto_proc_auxv_operations_base(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/auxv\x00', 0x40, 0x0)
readv$auto(r2, &(0x7f0000000900)={&(0x7f0000000800), 0x3ff}, 0x2)

3.839078267s ago: executing program 1 (id=2739):
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/netdevsim2/new_port\x00', 0x183841, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x141042, 0x0)
mmap$auto(0x0, 0xd, 0xdb, 0x9b72, 0x5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
io_uring_setup$auto(0x406, 0x0)
socket(0x2, 0x5, 0x0)
setsockopt$auto(0x3, 0x0, 0xd, 0x0, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
pipe$auto(0x0)
pipe$auto(0x0)
tee$auto(0x2000000000000, 0x3, 0x402, 0xd)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0)
mmap$auto(0x0, 0x9, 0x2, 0x40eb2, 0x401, 0x300000000000)
close_range$auto(0x0, 0xffffeffe, 0x2)
shmctl$auto_IPC_STAT(0x80, 0x2, &(0x7f0000000000)={{0x2, <r0=>0xffffffffffffffff, 0x0, 0x0, 0xffffffff, 0x1, 0x4}, 0x8, 0x8000, 0x400, 0x37, @raw=0x6, @raw=0x4, 0x5, 0x0, &(0x7f0000000100)="9415b1846d1ca56a2a5e14294e1edbd27561098667b7b5614a99480990f08c01af38e391f583df0e65887e83ea4a94f5017c3922090ee4c5c8988a071b5327f5f3c6ce295c47aeee39d04dc4d4215bf973011401fb60293c8d8951fac88af9fcdd1d245b19bc4978fcb55c14bfd8fa62e448c335cc4d5c02e078b420ea642b2831d55883f6759c13acfa1e25baf78266c937841fbc286486a952366f8f30a1c8ea45894a587557a68d6612a7", &(0x7f0000000280)="7526e2c84b59b5fd3920482451609fa8ced2bc58e9626e004057aae1c1b204cec0c3c9f2de8f7a96eb9e23980a198e368c066cd1114cfb4e1080b080efe19a415b0070f25708b7eb8529146b03fa3f73ac0d96b4cee6903e944dd3413f86c540d2b43da1380670b8d7b2e287ad194a2be083a843ed9afdd99bb4b6d4cdbe527606d9a206c711c7d05ea92874ed35e6cbebefd0c5a7b6af81a941df9513"})
r1 = socket(0x10, 0x2, 0x0)
r2 = setfsgid$auto(0xee01)
fchown$auto(r1, 0x0, r2)
ioctl$auto_BLKTRACESETUP32(0xffffffffffffffff, 0xc0401273, &(0x7f0000000340)={"f91f5e3f15b441add1a668d3b0cb763a41befd34e7396db9baac1e1340ab16a7", 0x2, 0x9, 0x8, 0x6, 0x2, <r3=>0xffffffffffffffff})
r4 = gettid()
tkill$auto(r4, 0x7)
shmctl$auto_IPC_STAT(0xff800000, 0x2, &(0x7f0000000480)={{0x7fffffff, r0, r2, 0xfffffff7, 0x7, 0x4, 0x5}, 0x2, 0x401, 0x46, 0xd, @inferred=r3, @inferred=r4, 0x3, 0x0, &(0x7f00000003c0)="062c16b29c029e582842eb18474fbe9d942e1b9127e7fb714caa43e088f8ba2e16270b9769c8164385bba03c864f1259f83054fb17c769228e328aebcf82d2ee396740142d1f101bb2a59180f85eafa23a2409c755736b29b34045793ce2afaba42fe125b9e28ee9f553808cbc7e4d7173cd4f824d5624c9cd0692a3e5e007f521eb9f0498eb92e665b071f8220ca9427d211a7a1a33e53a8f06e516671779f5635ca7d01958ec12ec89683b9ae25dad", &(0x7f00000001c0)="9ac3cf4b9ce1057a0c56"})
r5 = pipe$auto(0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0xffffffffffffffff, r6, 0x0)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2000, 0x0)
pwrite64$auto(r5, 0x0, 0xdf, 0x7)
select$auto(0x5, &(0x7f0000000200)={[0xeb, 0x3, 0x4, 0xd1, 0xb, 0x1001ff, 0x500000, 0x10001, 0x7fffffffffffffff, 0x3, 0x105, 0x10001, 0x0, 0x800, 0x2, 0x7]}, 0x0, 0x0, 0x0)

3.462889181s ago: executing program 3 (id=2741):
r0 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/block/nbd9/sched/dispatch0\x00', 0x119000, 0x0)
read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(r0, &(0x7f0000000040)=""/124, 0x7c)

3.259927249s ago: executing program 2 (id=2742):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
setreuid$auto(0xffffffffffffffff, 0x8)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff)
r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
r3 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon1\x00', 0x4ad03, 0x0)
ioctl$auto_MON_IOCG_STATS(r3, 0x80089203, &(0x7f0000000080)={0xafa, 0x7})
r4 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
r5 = socket(0x1d, 0x2, 0x6)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'sit0\x00', <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000340), r8)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000001580)={'wlan1\x00'})
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r7, &(0x7f0000000240)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f0000000840)={0x5ec, r9, 0x300, 0x70bd2d, 0x25dfdbfb, {}, [@NL80211_ATTR_UNSOL_BCAST_PROBE_RESP={0x540, 0x127, 0x0, 0x1, [@NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL={0x26, 0x2, "6df26e09f3c719c6d1148477f390fc8b81adbab3d042fdb04bc296fd8c11d080db54"}, @NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL={0x512, 0x2, "36e527d46a0499bd8b7cb152df6adb974635aaa28d35c7566af5bf8251d6bd1a41b49f2e7847a930dcde0298eee5ae00d1ee599e95a80a7f04ac6ae309833bb7ba0e42142a0c880fec412c34020e1f99c20f219635ed0da1993acfa88b29678c3c955f990c4730208ea267701dc3c27789c35c1cb3dff9509ea72b4c94f2777480013ca23ac43060ee19cf6cf70da5e7c78027d96e12556d83ca99a6b9cde876899adb1f265d6747109cdd077a734d0ffa3dfa33884fc729570aff4bc01fcd9ae39317ed3ea606fbf7a4111d95006ceb14361f8e04191d5ac09474089a96a76449e848b606eebac6010a9f5af8fe905bb4d8e548ae6180d44cb21b58ac607ea9d0e9cbd994c5a84c33754038baa9f156f14ea9bf6cadf527d1aa06774cb059fba9ee039b04a32e104dcd01de42a667b0f8ea65519480f9841e7a1d7231ccc62f5c26148a84ac145818bd185536f89969b739c33c9fa027adb3f4f1f2f455dc82417b62fcff558430acdbcf98229ad890f458ec607430c6f102ee55db5c7a6b69ef2df3c35b5955c8e44051354fa7ee8cc448a8e4e86fca1114a45109729caafb2bd664c31ae74469a287e026f2e2973f77d2f2ce291613683f4da6859240a2c3ccc20af6dcb13ceb3895aab398470ce83fd0cbfe9a0bdc404f2efdb19cee2a4f3bdb214f8dde63155e09cc90d178b8f17ad55b2ac072fb1193f8691a753a196c04849586c3eb207fb8021a6f152c0da4e68e7aaea6b5552be4fa45d77cfcf31f4528f651eabdc43e848d13e1ac1e9bb1c0b2da795aa211217f56c0c9f709777b346fdef54e2002a73fd24b5f6fe11788c55ab3265a0487683cfdc4c8b54eb8d04ede0e2d40395db22a6447d15dd0ec22b7eb1eef32c7acef256c5e216fe0b41944948764a71e60a2cf048643c00b7b3d5749cb886c65d85a744f235ab98a5ea99b075cd3f1717eb65341d8541891366c0a4d6c99b12788dda471306c4f5a6ed3d5d76bff155936a10aa7bdc44955b72b8728dfbed6d602da9263e23fa60fbb8de97c7306c3cb6bca591e9bf4be42d5f2d063b48f62e34be7e0f7b0865db9ee428b55f5828827ba0bae7100e48dc24a14aaffb81dd68a147889b74ddb8fe2c7f138fe7bb854adb04ccff618dbd8e9e8085565b6fb6a071785d3f995ae785483e5990969e1681568122b1eb1b8c788642c531ab88c57cef54e595a2af8c0ee8be872913448eb0350bbde7d357f71a6a4a91ef89e7ada36602f5d30dc9382b6cb9511ba87229361d7f9bc274ba1c7d690ac04aae61ce5a1a27f1dec76b710873bd8646cd4503480bef1178ca45a5352f415e25e43fc73181e31ab4533cca9f41377e86d496cef365735b9730a530628ea632cc137e02fdc4b388f5f821a3eb4bea7597aec3a172b9ee71be49931e6959b80d592615c758ddd806fab280d91683d00c83427cf77a64cee6fc01ea368f5f866157e241f989b8ffa5855f693242f8617d6b4f595cf12764d0d346be5229bcb06c104fd16c431edff7acda7b4c9023924e377b543d9ce1c768ea08966273145febaf53429536427fc0b953827f3e1f468b0e9a07b78784dad5174ca4024cd927277ed40dbfe402f35b52455b27c65c6ead1154988379e74e4bd711288b21d688c48ec34e2c4a48356507cf043aa3e51c51ce2a0343ce748e151684ce699270f003218922f55bce9fbefdc555aa80c2243f4f08b8335d1cb4896f216909c9617cb63065c7c339c257da118957933bb412ff7b326defe907e1b3c15a34325baf116f02403599ff08613363e3f52bc453e3787316552cdf34430c147ff409fc8"}]}, @NL80211_ATTR_MAC_MASK={0x84, 0xd7, "f0609f2d6efed7c9ce3d807d3a79ce3c9aa116193fe8db5b0d3fb573cc6bd1ed08b0ef7312f5dd28b582350ac0e12ffc471d16c266f69ff409879806182625b5fc6e3f26e6201574d153b077bc500d70d56d0b79c6ea3ef59f67690777058df0d7659e4f5923ebbecb70f3a59588ae8dff2cceff2d9b656e1b508710b48f4e23"}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}, @NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5, 0x1d, 0xff}, @NL80211_ATTR_MEASUREMENT_DURATION={0x6, 0xeb, 0x7ff}]}, 0x5ec}, 0x1, 0x0, 0x0, 0x40000}, 0x40)
bpf$auto(0x1f2, &(0x7f00000000c0)=@bpf_attr_3={0x10001, 0x101, 0x6, 0x100000000, 0xc, 0x6, 0x0, 0x7, 0x5, "61ce19ded0e37900c127908237cfbc40", r6, 0x5, r4, 0x40000000, 0x7fff, 0x8, 0xff, 0x2, 0xe, 0x5, @attach_btf_obj_fd=r3, 0x6, 0x5, 0x9a, 0x4, 0xff, r2, r3}, 0x1)
getsockname$auto(0x3, &(0x7f00000002c0), &(0x7f0000000180)=0x4)
ioctl$auto(r4, 0xc0104d08, r4)
write$auto_console_fops_tty_io(r2, &(0x7f0000000000)="1f91f2c388274610e18d5fc5e5bfd9800e9b58", 0x13)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)={0x5c, r1, 0x1, 0x70bd2b, 0x25dfdbf9, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x58}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_IP6_SADDR={0x14}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @remote}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r10 = socket(0x2, 0x80000, 0x84)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f000000a500), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_REQ_SET_REG(r11, &(0x7f000000a5c0)={0x0, 0x0, &(0x7f000000a580)={&(0x7f0000000080)={0x1c, r12, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000040}, 0x24008080)
getsockopt$auto(r10, 0x0, 0x53, 0x0, 0x0)
io_setup$auto(0x7ffe, &(0x7f0000000000))
r13 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/hugetlb.2MB.numa_stat\x00', 0x0, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r13, &(0x7f00000000c0)=""/17, 0x11)
io_setup$auto(0x7ffe, &(0x7f0000000000))

3.015053548s ago: executing program 3 (id=2743):
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff)
stat$auto(0x0, &(0x7f00000001c0)={0x101, 0x7, 0x7, 0xffffffff, 0x0, 0x0, 0x0, 0x3, 0x800000000000, 0x9, 0x3, 0x9, 0x6, 0x5, 0x60, 0x4, 0x3})
sendmsg$auto_SMC_NETLINK_DISABLE_SEID(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="013b"], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x810)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
r3 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$auto(0x3, 0xae78, 0x38)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001d80)='/sys/devices/virtual/sound/ctl-led/speaker/card0/attach\x00', 0x1, 0x0)
mmap$auto(0xffffffff, 0x100000001, 0x4000000000bf, 0x10020000040eb1, r0, 0x8000)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/bdi/43:384/max_bytes\x00', 0x181482, 0x0)
read$auto(r4, 0x0, 0x9)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000000080), r5)
sendmsg$auto_WG_CMD_GET_DEVICE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="0700000092f75c0c9e6c03", @ANYRES16=r6, @ANYBLOB="030727bd7000fcd9df250000000008000100", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x880}, 0x4)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x5)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x12d000, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r3, 0x400000000000)
write$auto(0x3, 0x0, 0xfffffdef)
write$auto(0x3, 0x0, 0xfffffdef)
r7 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
r8 = socket(0x15, 0x5, 0x0)
getsockopt$auto(r8, 0x114, 0x271f, 0xfffffffffffffffc, 0x0)
writev$auto(r7, &(0x7f0000000200)={0x0, 0x7}, 0x3)
io_uring_setup$auto(0x6, 0x0)
write$auto(0x3, 0x0, 0xfdef)
syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff)

2.895054796s ago: executing program 0 (id=2744):
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4840)
sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x20008810)
sendmmsg$auto(0x3, 0x0, 0x3, 0x0)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x20009, 0x7, 0xeb1, 0x405, 0x3)
write$auto(0xca, 0x0, 0x1ff)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000340), 0x108800, 0x0)
r3 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
fanotify_mark$auto(r1, 0xd, 0x8, r3, &(0x7f0000000000)='./file0\x00')
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x60800, 0x0)
ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc4c85513, &(0x7f0000000840)={{@raw=0x2, 0x3a8b, 0xba28, 0x0, "708c58271a7985a7f5ed0dd58af8d1d4a7553c2ff48b48a8a57689adcc1ca6d2cbfa93b50590c900", @raw=0x8001}, 0x0, @enumerated=@item_ptr=0x0, "fa491e08108961dd5708680f1134935851612a52d629535f54f3832490fc4e7f79daef312b3d05317044713a4801d409aefe3f932f78fc311771094e769c0095f94ee6d74f2517f34a0bbbf502bf3392ac4d93bd0500000000000000312cf035bc44117db9b683eedc5e02a703fc82750d8d6ebac0c3019ef8e6c1eecea33a59"})
r5 = socket(0x2a, 0x1, 0x0)
getsockopt$auto(r5, 0x6, 0x23, 0x0, &(0x7f0000000100)=0x3b)
madvise$auto(0x0, 0x200007, 0x8)
pread64$auto(r0, &(0x7f0000000080)='-#i)}\xc5{\x00', 0x3, 0x9)
move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x48041, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
socket(0x28, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x3, 0x100)
socket(0x1d, 0x2, 0x7)
socket(0x2, 0x1, 0x0)
socketpair$auto(0x3, 0x6, 0x7, 0x0)
ioctl$auto(0x1, 0x8983, 0x4)

2.872244968s ago: executing program 2 (id=2745):
mlockall$auto(0x7)
mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000)
mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x404, 0x8000)
close_range$auto(0x2, 0x8000, 0x0)
socket(0x2, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0)
ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r1)
ioctl$auto_KVM_CREATE_VM(r0, 0x4048aecb, 0x0)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0)
mmap$auto(0x0, 0x2000d, 0x4080000200df, 0xeb1, 0x404, 0x8000)
read$auto(r2, 0x0, 0x20)
sysfs$auto(0x2, 0x23, 0x0)
openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0)
ioctl$auto_BLKTRACESETUP(r3, 0xc0481273, 0x0)
ioctl$auto_BLKTRACETEARDOWN(r3, 0x1276, 0x0)
r4 = io_uring_setup$auto(0x6, 0x0)
read$auto_tun_fops_tun(r4, &(0x7f0000001900)=""/4096, 0x1000)
ioctl$auto_NS_GET_PARENT(r4, 0xb702, 0x0)
madvise$auto(0x0, 0x2000040080000004, 0xe)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$auto_HWSIM_CMD_DEL_RADIO(r5, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)={0x268, r6, 0x200, 0x70bd2c, 0x25dfdbfd, {}, [@HWSIM_ATTR_REG_HINT_ALPHA2={0x2c, 0xb, '/sys/devices/virtual/block/ram9/diskseq\x00'}, @HWSIM_ATTR_FREQ={0x8, 0x13, 0xffff8f7d}, @HWSIM_ATTR_ADDR_RECEIVER={0xf3, 0x1, "bfa1dea732259a487281acfd86eb955addf6b1e77dab3b6764b0db72f3fb193aeb8d773babee1fb73e9efd61d5544d051221e887fcd9c1e3dfff080371eef914ecc3a2a85e53bea13d14cf23dd1dbb231ac71ba80913819a5317ce4dffc122937983cb1ee725e951665107d64e780261c4f8dae8c3baab0b4904e615f0ecac6cd21ac9a808c18e4e9debda4ebbf7113a4a69e85ee0260537ab25390bc9ee2e30f0dec7009c177ee691651c8550ee245f6bf6a05c07f663c70d3c7559c582a91b8b137e9cef620eeccc637dd9de362a2f58e546820861b59c34e525b35f5f000746b6db01bd409dc1f1e332e1571e4b"}, @HWSIM_ATTR_ADDR_TRANSMITTER={0x103, 0x2, "a3476eb90b07763912a9a3d0e4952c31a2c715d725f1e2c277fe87afab1d337fe1d83089f54fece6341f50ab7eb6cb53ad4a1e5244a9855fae99585fff2140c42322e59ffa70105f44364dc2dcfffc75dfda78acfb113bddc90ba78941795f559ce4e499b896d3cf109ad356b07521c57a38b0e3b6ab619acd8c4ea0a8fab1ea4885393749e5c1ab3242f67abbfcf4e7f54077f2fa0126eceb44bb5b2dbf8ec354acfad4a8b0462776f50e8b8e8722bfc47b22a2a5b4a69a52872e1f172c63a61689eb2813d69138dcdf0eb4d1bd945cdf88ae96553ce745970254e3b67b7957327d4de4d2b1617cfd6eb2380980bd4d99d3e8b78d2aa2ee565217e386d162"}, @HWSIM_ATTR_CIPHER_SUPPORT={0x27, 0x18, "5ed5dd4fc028cbe37d70dda43d66e7cb1c39d5b20b5588769f7d5040f75a5b42f81d8f"}]}, 0x268}, 0x1, 0x0, 0x0, 0x10}, 0x44050)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)

2.749456626s ago: executing program 1 (id=2746):
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_ftrace_event_format_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/format\x00', 0x42, 0x0)
r0 = openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer1\x00', 0x180, 0x0)
ioctl$auto_OSS_ALSAEMULVER(r0, 0x80044df9, &(0x7f0000000100))
r1 = socketcall$auto_SYS_SOCKET(0x1, &(0x7f0000000040)=0x200)
mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0x10000000000402)
ioctl$auto(0x3, 0xae41, 0x38)
ioctl$auto_KVM_CREATE_VM(r2, 0x4138ae84, 0x0)
close_range$auto(0x2, 0x8, 0x0)
ioctl$auto_TIOCSETD2(r1, 0x5423, &(0x7f0000000080)="14d65edabbf7eb3aa416cb3c1e7ff47607ec2996a7abf8dba5509ee949643a759b11d4a108")
mbind$auto(0x5, 0xfffffffffffffffc, 0x9, &(0x7f00000000c0)=0x4d5c, 0x10, 0x9)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000)
madvise$auto(0x0, 0x2003f0, 0x15)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0)
ioctl$auto_EVIOCGMASK(r4, 0x80104592, &(0x7f0000000000)={0x2000, 0x800004, 0x105})
ioctl$auto(0x3, 0x80004509, 0x10000000000402)
ioctl$auto(0x3, 0x800005411, 0x38)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
clone3$auto(&(0x7f0000000100)={0x3, 0x5, 0x4, 0x8001, 0x2, 0x2, 0xac, 0x1, 0x80000001, 0x8, 0x7fffffffffffffff}, 0x2)

2.449751515s ago: executing program 2 (id=2747):
socket(0xa, 0x1, 0x100)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) (async)
socket(0x1e, 0x1, 0x0)
openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) (async)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
open(&(0x7f0000000040)='./file0\x00', 0x4242, 0x40)
r0 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
socketpair$auto(0xc6, 0x3, 0xfff, &(0x7f0000000000)=0xfffffffd)
close_range$auto(0x2, 0x8, 0x0) (async)
r1 = socket(0x11, 0x3, 0x9)
close_range$auto(0x2, r1, 0x0) (async)
ioctl$auto_SNDCTL_TMR_START(r0, 0x5402, &(0x7f0000000140)="2c8a147fe715bee8cea7ca8c8d71df3424cf872f0fb01d0e7d403daa6ec03f3166ac9693bdb633143e66d2701d3885d64e9ca146c43fc245e59c768b838249bb99f6f1db03e0c7662f56c7336974cba57207965718bfeaaefc23d03741ccfadfee217f3287eff8ffe7b9743f24b10dd3d68ad16cf09aa60b24b954e1d165f43ba5029d5debc28f3436c160")
r2 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r2, 0x107, 0x14, 0x0, 0x4) (async)
ioperm$auto(0x7fb, 0x1, 0x4000007) (async)
splice$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x7fffffff)
sendmmsg$auto(r1, &(0x7f0000000400)={{&(0x7f0000000000), 0x205aa, &(0x7f0000000100)={0x0, 0x4b}, 0x1, 0x0, 0x5, 0x1000}, 0x5}, 0x2, 0x100)

2.321406348s ago: executing program 0 (id=2748):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) (async)
r1 = socket(0x22, 0x2, 0x1) (async)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) (async)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xa083, 0x0)
ioctl$auto(0x3, 0xae41, r3) (async)
fstat$auto(r1, 0x0) (async)
ioctl$auto_KVM_CREATE_VM(r2, 0x4048aecb, 0x0) (async)
ioctl$auto_SIOCSIFHWADDR2(r0, 0x8924, &(0x7f0000000080)="b1c4bdbdc633ad777a402e10fd8eab04d13201793ee4e887bfb54e7d448831b13c952965ebceedf9389937b77c44627edac1f0d3b3a89decc6d66b9c92d5e1cd2abb6acb2dd3c434d5f416982cc7af73e0de001108f11e792459138ca3aefe8be856da2f412ee5548a73ddc583b35d9095abf94245e15d8727dbb671daac2b560e5561275f2bd4e31a33b790f4") (async)
close_range$auto(r2, r3, 0xfffffffd)

2.196582593s ago: executing program 0 (id=2749):
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00/\x00\x00\x00\xfd\xfdX\xd3\x1d\xf8\xbebZ\xddL\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x88\v\xae\xa9i8W\xe5\x00W\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfded, 0x3)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/bus/pci/resource_alignment\x00', 0x8ea182, 0x0)
write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000000)="42bf46", 0x3)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/mm/transparent_hugepage/hugepages-512kB/enabled\x00', 0x129302, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
init_module$auto(0x0, 0xfffff, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x8000000000000000, 0x15)
madvise$auto(0x0, 0x2000000080000001, 0x3)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
capget$auto(0x0, 0xfffffffffffffffe)
capset$auto(0x0, 0x0)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000)
mremap$auto(0x4000, 0xfee0, 0x3fd6, 0x3, 0xfffff000)
mmap$auto(0x200000000000000, 0x400006, 0xdf, 0x12, 0x2, 0x8001)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2)
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x80800, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000)
r1 = socket(0x29, 0x5, 0x0)
write$auto(0x3, 0x0, 0xfffffdef)
openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$auto(0x3, 0x80000541b, 0xffffffffffffffff)
sendmmsg$auto(r1, 0x0, 0x9a6, 0x3ec0)
syz_genetlink_get_family_id$auto_nl80211(0x0, r1)

2.193109999s ago: executing program 2 (id=2750):
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r0 = openat$auto_generic(0xffffffffffffff9c, 0x0, 0x1, 0x0)
r1 = io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, r0, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
mincore$auto(0x1000, 0x8001, 0x0)
r2 = io_uring_setup$auto(0x86, 0x0)
r3 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000001280)='/dev/v4l-subdev0\x00', 0x101000, 0x0)
ioctl$auto(r3, 0xc0205647, r2)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f0000000100), r1)
sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(r4, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r5, 0x400, 0x70bd28, 0x25dfdbfe, {}, ["", "", "", "", "", "", ""]}, 0x14}}, 0x4000004)
pwritev$auto(0x1, 0x0, 0x0, 0x9, 0x2)
adjtimex$auto(&(0x7f00000004c0)={0xa7b, 0x0, 0x0, 0x5, 0x7fffffff, 0x403, 0x3ff, 0x0, 0x10000, 0x41, 0x2, {0x2100000000, 0x2}, 0x3, 0x6, 0xffffffffffffffdd, 0xd, 0x0, 0x80000004, 0x83, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x2})
madvise$auto(0x0, 0x2003f0, 0x15)
timerfd_create$auto(0x3, 0x107)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x1, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/cpuid/cpu1/power/autosuspend_delay_ms\x00', 0x400000, 0x0)

2.011091418s ago: executing program 2 (id=2751):
mmap$auto(0x0, 0xa020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/workqueue/nvmet-wq/power/autosuspend_delay_ms\x00', 0x200, 0x0)
write$auto_ocfs2_control_fops_stack_user(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001b80)='/dev/input/event2\x00', 0x40800, 0x0)
ioctl$auto_EVIOCSKEYCODE(r0, 0x40084504, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0)
write$auto(r1, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
write$auto(r1, 0x0, 0x98c7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
socket(0x10, 0x2, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vkms/graphics/fb0/rotate\x00', 0xb02, 0x0)
sendfile$auto(r3, r3, 0x0, 0x3)
r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x0, 0x0)
ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r4, 0xc0045516, &(0x7f0000000040)=0x5)
r5 = socket(0xa, 0x5, 0x84)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00'})
read$auto(0x3, 0x0, 0x80)
r6 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0)
ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r6, 0xc1105517, &(0x7f00000002c0)={{@inferred, 0x5, 0x9, 0x1, "4941aa833e2fc65b6b3cf7cec76d6778ad8eac3cda35ba9c2b2d43eeb0dc59c8dd3500f11581916caa0d3053"}, 0x4, 0xfffffff9, 0x1, @inferred, @enumerated={0xffff, 0xffe, "4bd04167d52dbe3758dcb7641f58661870525adcaedaa5deaa336a58b7382f979a0ff0b3d9583c08610104000049d9f994ef5578e78507d4f25cd03a4c4b5700", 0x9, 0x3fd}, "6cc1888a6393f1b4285854c5368de438f8cc142ef6df1259b05ba1183bedbd31b642b4051bc7955610c61c329794e5311121c760cb8211c78e6947a99807bcc1"})
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x20000, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xd, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x2, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0)
write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
setsockopt$auto(0x3, 0x6d, 0x7, 0xffffffffffffffff, 0x3)
mmap$auto(0xfffffffffffffffc, 0x400005, 0xe3, 0x18, 0x2, 0x1)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
unshare$auto(0x40000080)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
io_uring_setup$auto(0x6, 0x0)

802.602789ms ago: executing program 0 (id=2752):
mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x300000000000)
io_submit$auto(0x9c, 0x1, &(0x7f0000000080)=&(0x7f0000000040)={0x5, 0xd4e, 0x8, 0x8000, 0x8, <r0=>0xffffffffffffffff, 0x5, 0x9, 0x0, 0x0, 0x7})
close_range$auto(0x2, 0xa, 0x0)
socket(0xf, 0x3, 0x2)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="000229bd0000fbdbdf35020000000800fbffffffffff07370100"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
r1 = socket(0x10, 0x2, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0xb, 0x5, 0x1ffde, 0x3, 0x6, 0x2, 0x9, 0x5, 0x20000000003, 0x5, 0xb0, 0x7, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x2}, 0x1fe, 0x81)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0xc20f0000, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x8)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000380), 0xffffffffffffffff)
syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = socket(0x10, 0x3, 0x0)
r3 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$auto_NETDEV_CMD_QUEUE_GET(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010025bd7000fbdbdf0002"], 0x1c}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0)
r4 = fcntl$auto_F_DUPFD(r0, 0x0, r1)
r5 = syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000440), r0)
sendmsg$auto_NFC_CMD_GET_SE(r4, &(0x7f0000001540)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x10800}, 0xc, &(0x7f0000001500)={&(0x7f0000000480)={0x1044, r5, 0x400, 0x70bd2b, 0x25dfdbfe, {}, [@NFC_ATTR_SE_APDU={0x1004, 0x19, "41aa6525ac06dbdca88d1581074e14905b279edac74f730b0239963dd5026c68d708e1befae39647f385e31e591bc0a0949274f496d0c761a8a8f6422eb610cd4efba5b81dac78abe02142c50ba6e5468bf03c9f40e7377d63407fe703b168f629e27293ccd856cc572fa58c7b63d984875265d6b4730f4ba4063f7e8a2fb0870866d2db917aa9a92d75574d046c6437196f9db0eb6520dff65c4ef23757212bdff88de32b06258516471daa5b570fd44499d0ad7415375d3fdee9272952ad03eb79b403a626333b8d97f082b2f64e5bc77f19b788de37578a449670b227be09d7c7786d403c0bfa82bcd5c6b804ab83bf99258ca3bda032913084593edabd5e5a01bb11f9cbb6764d6f3d5400ac0ca22fd80862503f023cb4ee2162a9e4ea940f2706d74b8c54df76055fb7e8aea10da6be0e77ab020b664a01279281268a2ba307cf4d01603a2ff3545adffaf69075ad73091299e3dff5f5869209c97997458f4cecfaf21b5162e8879ea186be26463318e88cce71a1d7a775a41b67c8fcf31b004cc8532fc19820455b400250ad1644bf5a72d610a1138e5146ce71b741a9ae85d460323bdacc8906f21bea004fd9468d63b984e9ae0feb078f581cc731fdae609fa28b73678040afbf471e0a38f5df4219e9ffb630ff70116c4320d44e3cd5ce8357ec4269464f86b1c96e17afca3edbd843ddf1680b4f58f394f0031ed30097ccc9ff0011f28f7d7985bcffb37395d9c1d8f2f79884a17cbb2c5784357b6ed0b562bb1bec0cbd00b6a5ebd94c6cd5999b20b66026f5b329fda939779097dd692bc9d05dd320c89920eb8a8e2feb79ff5ac68f30ac1f2aec8f4e1a19d3d1201298b51974c088830b089a58dd0af36d2e27b3496626539b7ec474a4f327fe4f15d7e26f64b9955c8b94fd37276890858ff4e3991a91694016888af7121dfb11e977781e4fbc8235d017527456fdcc99ea25154769b83e0d08edf6cd53f678bbb9203092dbb5053e91930abcf64bb950133754159bbe0c877f2e4976cf92415bb11eaa64a9605d75c75e71af850b67ac727f6fbc0d2160a39e79e92090438ec3cbbf044a03767f526c024feb00d8636dd14541de375e50d078a4a2d869029fec4add67ff2533251b92ff6d23a5dffdfa88883d40f2737751547068cda9e324334d07db5dc25ba8b289efb6aee5fa4f3002f6cf87718f65514cf35ec547ec89ec3411549145a6fa8f674190fa26bb03aa2875e8f51bb07477a46db17f42711a1b730572409d459d58fb36ad224501cdbc5e8c82e47acb0396831d1523c1530c9854dcf544d34a84bd9af682808788ca6e1afc105bfe45b208c8dae0cc0c9c8d1985e5183098cca1c5abaa74b4f49a2a91a445eea133b25d7ae2acfad3b8e967b99ddc8b83d633de51e2c0309923e5d600b623f4bb05bceeafbc96d028f02eb9ed80d2b2aa97d9aa6695ba64e97069891b268544edf8126286e2c51f161dfe86c40d74d1b446b79e008fc0c2ad105ee1e10534dd1e3025a33788d51f4271e2b4cc7edf7480a938c3fd031ddf7f7c7421000c91e4cdc6cdaa00a51ee0b9cdb9fbe7fdccf6cf98631fe2cad2b05e79bb8263ae0d034c2ac947764b94991430a229d35f8a3004e2286e752d4a598bcbae47b4b693bcd36693f9c656a56f24b2dcde36e8275de0b89b949db66fa8a453accc0cf31b6c25f1f274714de9119b5459a8dd06d015851c87c8bd116232bed7ff09bc40382e7e57eb671f8a1f4e68dbf2e9406887b5535ac80fe80fdfe3223c496ff7ad8075a6143f74f5da6cb742b71ef6c0782e42437788f1bfc60e0a2626bdc7a41395191c63d5e7b3548c87b7e0e825433c56171fa3fe51f31aec811562d74e9afc61896d73523f1e2ed936913f52ba9300af98867f8e9a6b95f984a54dd98e264ced9c82a10adc6177ec3d70c20a37edc010dce84445201603f40ae1913027cd2d3faa2e2ee93398876cab1a6018a7cc40160d297f4fe5da75b8b73ff42e9db25b9dcb2277597ac2e59617026ff0e295bb92f07e2e0f4583b60c53551f020ce12db7aecf701eece1911535ef91dc99011d47acb1cceb82dcb2dde337575703d152efc6313690fe6c2bc2e17530f21a7cc2b379ccc3f44463553742936aa8ae47cceb6c2f1f5e5f93062403a57549e1c4d3a2c448f098fd0eec5ded3eca818d11bc898a41882a90b99aa6da17c2b4d64d892bc6b1e8049b925dc9407b520a7ac9892bf84bd20078349f15c03affc990eb7687e560a051a421de5e735977155271b7f46a9e436d3d5601652174d306c70ff9fe98345c4c70721cdbd5add94c265e7204fed5fba6cb02dc230b27e018f53442fef3f0e5cce9c3584a19bc7942faad011d343d4e23866daf95fa2821a8fa1b92d01d745b3a577de0c515947691f0ee27a060b74cd90feba197c6200e1be90aad248747329001b6b44173aeaa1340470f2093d67b1461cd704cf214da812b635c82f3a95aa5052cb6844ead2477a6d10f7e87df5fbdba9b08c55cf47048df976f2acc25cab4fb1502aec956524256d4df40c8b63b64094af8fdf84298735e94e2d20fa6c950e8a11ccd64b216cc701786b8a91d9d502425b2ac321b6e3b4ae3503e7f5214e1e988148337fd836ec03d6ceb2df9a014477e8e95a12a786dd5cb9ffa38e226352d03650c8c48319babdaa4121bfb0a43ffc5fea493b696fe9062b58924a1d34d99e6ef5d386dfe2eb2f196cb6b664325eb179c8edc580e33d6fa5d99a4b3cbe98f1c66333a4802afcf47092e52bf7f379cce691d35d89fae7eb0ff0489a4fc6cf013e0ab78575135e917495852b630662888235f5bd4c752e0815d1c49132660eed786278be6427733870127a46b02d468ebc2ce87be9e060d616300fdb6efa54071a75b1a7cf67d290d4f1ef93c43b7968d2b379e5a33eb43731c8bf295a1bd40bc28db354f9a9b45b083a9044637c8bd1464fe4294a4314833cbff846d12e2b37a5df4409cc41d8317cfbd6d9eb17375efac1728ad46653294e031341d929d2333db7bd46cab067f9255293cc00db7efc7a940234ffc08e834056bc40300a5d65d8e3e20e5c011c8198eadd5f6a24b8139fbaf9738378f1a28787b2c0cb8e746c9760fe8536e61a58defc737e721083f918288a80e4fc9bec846a163ae0bf0a9b9a93fcb0f25c60df0b5fdd9844bc86fcc36ebd35970466a2b153d483883192981d33d1bd416c2ffe19f925a9837adce9d6c8150ac8f3d92c5581e9c00a5595148b1d863fe4f8ef53502c3b8498ffe90e2086d7b2998e087d731d7652bcc446e4ace9fe6496e73335394af626da9038ab1081af00fd0c5ffa13277525eec3df57499b3ab670c4a0358b152dfe42acd7dbb3fb9e9b0e4a4b4f3419be23853ad89779e766e7aef9c3a11d4a9e76f829ce81b30d4be6de00a9a616564d00611f6590b940ef23a1b6d1f6eedae88625424ca8809c15a8e210bf519570d00e9d88cd395bd33ad1ba6f8cd8614a675cd21ff66d55f183961c1442c448827aa5d1c4e0ca59e0ed1d9a9faa363db619d6df20bb5a75d3cf5620eb529c27ad99eacd1e5ae5e2a6f59d287223800f781a48b5d6e31c610af962908ecbd5c7b43462581c6ca35d1a7c9535b5e849cf3aade1b384227bb66e7b003accd3ff4398b68b4b67f12708e81c5cd5e81f7d12f848d9592f5cd91aa2a73ae9b4ff4916fdec289ce97da10d993013286034d00c8d7e254335429b74220714a6e1aac6659af08ce896b3e24175a36df2d0eb104123ad826f0e93ab4af3cd0a1663310569dc63e882cc35810f76624580925bb1e0a69ab07cecf0abe09d7a3966c63a0ea6e711c9a44079e277d495d1eaba423c4d6c4acb15d4d7b80ace5e1f380d98cadb748c4076a453342513484e56740d6826ec4e8b8150b16b6e5c25dcee2912fa9ce9f659d12c86944e67d22b674d6ceb76f50cf41f8521faa0ec1a79062a24bb17c238d5c73a437a7d5f803048aad7aac24b22a672ec1584cbe79b5181c1a27cb3d5759ea0be2fbd1fa32f6d6c9b9bef4f1120fb37d254c495b61da3513c9ac0d0e78bc10afbc76a1cfc5ff8a709b319323c976f9379c3547922940907018c9a51f64d888ae859dda90a61fc1d8634fae2a11f998cd194e46929383cec0b5e5e3dc7866a46b5e34085496853f159987a4050034e78cb774612be875f51e08c6ed955cc89745c343a471b53eb0e16fbc523d4d554768c1c3dee166fa42c36098655fb9fdff5ee7c51af71a60d190baeb61579eb747a3536164170fa164ef01a23be73ecafaae6e17aac4d8fc793c01001c585701b9c2dd517205400b43c169ef25c4703aa8cdcce8dcddbbdd4e882f285f57f1f0af5cd97997c00f5ac449b7f202d4cf1047b63a66f75a8f525f12c07d022cdbc44bf6c189590eef95048bf27c39cd90bee1992c8476b8b53461584bc9a38eb203197fe082865065ef08762df8acd769eff8c001d206ef5b7d9ceff5b4bc50fe8010cbd64004c241a9cc8e1858893993c6af18df89dcc75760e24fb8861567690df99a38f0de33c744218e0a2bf683c88a037f67c84df52c1bfbf96b098fc578b1fbec6e7b86c5e2ffacca8dd61502461bdeb2a6e6da38174627507564aa9f37dfede9999c7456c8bcc705a01089289527e40afc6459ca3b67aa89aa1fada5924699c9b92c2082686f68ddddec6e8e74f246c16005cebc625fb7e8e52dc6ea702197f5494d94c2bfaf5d2815dde0a81cf85bf48f1ccbcb44f5c105203960c6bd882553ccf14cb9b85d34f142694ca29179d7135f0570d630a509db59aaeb899dd1b734b8d6933860459604a3fc45c71c0f77beb688587f546a7ab5f1da1d5f02d01eb9194d9080a47399b617c0f214a9e88bf2c7a73a37b91772864d0d4a9c494743d56428e53ea18d73abfcc5948d237abdb510dabfa43251b4bdc09e4ec0fac1c1a0b5af5a7736bd8b14c21128f39d005f8089490b2ce4a3d8101a3c0027fbdee9f800ed786dbce607dd3658402306dc4a4c1da1f00adc07d1618c45168a5d7db49b7f5e8f413f3186b35098b50a6d2a8c5c0c5d9dd6c01850d8992f2abce3bb5a08843ee735b6a42217804a8d7fe770807ebb6344af23903f181476347f60639caf55f333da6da9e5c3a75c219f91b736936a76b524b5319936f15ec1a3a44b3bb464d10ab0e2746772ca7f6e5cc3459f831c94b44f15afcec52d035436b8cb6b51384e4868d919b331a8f3afec6f4986582010a71fd304865a3419ecced8f5de4d7c20b62accbda2650286dada5a2ae06f5adae19a7203e5bf75a05447913df99d38972b24933ac8e2b56c75b8b0f282c272bc9eb5f4d2ad81c97f612674aecb35c08e0b4cd6b032f068a47594edabf7c981ddb4d0cd9e36bf634bc0aa30ff77833cfcd4b74efe96db8c83c8de1460fd1b64cd53bc5c3b2af1bcdf5e2dbb6816fad8932280d56de3deaeaf3270d8c26e00ee5e77ff7cdef5977c2beac55fd559191a2fba0c6bea95df299d9fcaa7446e9913afbe6f4218328fe35401b3e62a80f0c08af91e941e0e762360ec3695ea0c9cba338e6d109a5c4da0916adf7d5a3be8d0b15673fe73d7e3a30dac702f14c0fb6d031a8d5d9a1ed36b08ba6c75959c53496cc9607d08f5c8c481bc7e47af083e52ecf7e7cfd699fc0fee0f78ac125f9945ed1342e0090789bcba68705608fcb02691177f8f0ef0b9bcd2cb7788ceac9b10023c43298e89c441bc930b0f00a092ddfbc5c463493680fdb240bedb30805bf1671b565d41493285f8"}, @NFC_ATTR_IM_PROTOCOLS={0x8, 0xd, 0x8}, @NFC_ATTR_TM_PROTOCOLS={0x8, 0xe, 0xfff}, @NFC_ATTR_VENDOR_ID={0x8, 0x1d, 0x2}, @NFC_ATTR_DEVICE_NAME={0xc, 0x2, '#,&)):o/'}, @NFC_ATTR_LLC_PARAM_RW={0x5, 0x10, 0x4}]}, 0x1044}, 0x1, 0x0, 0x0, 0x4000040}, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0)
close_range$auto(0x2, 0x8, 0x0)

585.27802ms ago: executing program 2 (id=2753):
mmap$auto(0x2, 0x20009, 0x4004000000df, 0x7fffffff, 0x401, 0x8000)
r0 = socket(0xa, 0x801, 0x106) (async)
mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async)
mmap$auto(0x9, 0x20009, 0x4000000000df, 0x40000000000eb1, r0, 0x8000) (async, rerun: 32)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async, rerun: 32)
socket(0xa, 0x1, 0x84) (async)
r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC2\x00', 0x0, 0x0)
ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, &(0x7f00000001c0)=0x6) (async)
unshare$auto(0x40000080)
socket(0x1e, 0x1, 0x0) (async)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x1, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) (async)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async, rerun: 32)
write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (rerun: 32)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000005800), 0xffffffffffffffff) (async)
sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(r4, &(0x7f0000006940)={0x0, 0x0, &(0x7f0000006900)={&(0x7f00000014c0)=ANY=[@ANYBLOB="180a000084d9ba58cab569961491d0e98828c20804b8926fa9b95708cd6cdc9f04b11fa4f57c2025e5b22412834b77a506539473a6bb329b8c85b63dd67bb31ffbc803bb3fbc4aa791c4d6c7e8f58681be51ced00776b0cc", @ANYRESOCT=r1, @ANYBLOB="010029bd7000ffdbdf25030000003c111c8084100580801000802400048008000200070000000c00030005000000000000000400050004000500040005004700010015498343c724307734086992dc1e25a2a9103e4bf48686438120218fc18eb8d92081607cef938d982b98b2ffabb3d4697d0e992a1ea9d3b471e918ae07e413f97503f800040004800800048004000500041001001fb5becd41368ab779a0b29218e67556fc4604877ebfcbd398c11fb77c35a8bf6e74ddc9b04a9138098aecf779ea7e3d541edf3023425cada97c0dc587c6fa47716dd359907f0a162a0b886614c1a7e9546da002cc83e2ed566b0379129f985c460fbbf435e700a4b5580b8a56632571928f8f21f4d11364a0ef75b476ff3956f1c7da142f79c10a4876ffcc63f2d86a0e69b888fc4f296dee02ad8557cdbfb9f0235a183eca304867b40759629cbc72b1502c43b99766ba6d68b0c0ab3c3f028eac0d0571801e5df2a1d739c243a58bf16cfb3859743e905b7ba869f46438f8ae3034bf72d5e80c5484943de2b70c62ef38e5219cc8006f282faca545419374470f9a70397a1f81bc4623e08269594bbebf9b08b81b87ccaebf876dcaf1fa4562e3163b353cb8ff91dba36cfd929ec300388d9224fe45abcc42e157398da0642301b14d590dd9a490eeb4555c64ae48caedffd84b246834f69dfa63f173ce93ba2775a6f4aba2492fe9d62fcae89dab6719935a28c2d614d93e984df4b3a292e0e5d6754a30e52d52b951092a4df3b6abb5c8b74740d551a77c41d02f0ea667e8acb61eac844c20151dac7c08ae95aed291d11cd81365501d3fb0120e11566f94afe38fb008e05536f93364d00a43b8f486bd9aeed50d5a38947982f5f700f06aa7d6783f30abda22a3c9948a274bfae36f6a66c3229520089d65cbddde93a28dd2a72e93bc6c0d9b98f49c9d771f73b1d4dcb6c06829b15422f0c596401ba563a88ded070e2a05a79c8070085502fb3ca34fc767ff2d3b490bb9a6abc3019eefaa4bd9f345f6b94d597166754c5f95140dc5fa9ce51a7cc3257885d074c7cdfd88bb400fd6dbe2d4a830134967cacad9beaff366bf7e3b0a4fa0526473a70c1f44e343a5b9fadf9fc536113772f0f7b0bf16f9b7a7dd8eaa5f7fd9cf259565247f0e58375156005c30e25691d7f8fbd489af83a18f71a38b1996be1ca10bdcbe8d850603d9b81ba828c907753483e9ff23d1d861c36d8045acadaa640a61357fcf9aed13afdf56d13861dd74ce620e592230d3c8699e9adccf2920614ae13c1e3e88a830f36bfcd40ff7c767995044f2ba1661c5f977d9754c58a0d9dd7aad1fbfd94d36dfc61c532c5cb3093ccc0c125ee0e762469f8680500675d4404db12b7062c19c4f0c81c0de489b5eb725f1d7d4cbe7a1f4b51fe8faffb6a709c0a7a4ae7efe75bc66d6c2e705fbee29c0858d9891735c97a28aa15c16fa0444ac2caeeffae42f1fbf0f17adbc9ee40236a844add60741eb64c722811c6f9fd7d614f9620d6f07914b6e7d5eb5dc3d7d6d5f5323575a7c9f864d9d5793d4ca606ab3234930a32e44d8a08d624861a6b94c72f551e7adc8daee91594175bdba18c663ced5991c0846f1c03a9673b413baa3dc401186e12ee90186d2130891eb1b354abb1040dd571589b4b7884b31cff7f8b3cdef5a61bc9644883c852106d9be09e5f4d649c669a64fadd3a9b129ab1c956e33dd5ac7224439feb0ccae51aa092c36b4e8d720170d20c22a49e5919d203b312096d625e4316f141f26a9257af159b3c47e025fa40d0150b7dd969d2ec67c727b81653f679f6ebbf8b3ad9c3b0acf232d1b869982879c4a2722cc1e4f0740e9d0feb661e45c5b081ad0546761e6a025529086ca4d38a4b22193e792bbfe6ceb22be5ca954210d0f93f5e38550054b6ae80e64673158815af6cd6adc3b942b4371d33d9662ac80e3ef2eb4acd44ec66cb6d8948d67c3ba8e578f52ac30ab107723e5ce51c4e6d59b20ba7085fd8dbde58cf9a0bd3385e95db6b56a9a68e3160ad36a93e26dc8b915cd4e4767d3dbd3b74052f55e3a74b1edb1068c973a5ca70809c6aeab8ad627955a815315330c51153dcdcb6e77029b0a3712a9231f0c188659e5bb9f89b6a8fd91536a47db7e5d596fa93f0719502e442417ee11bfcb364c6ddadfc8581ce7779d107d6f7aa8739c3254ce9b1e2dbbc1e75566b6d80817e1820e02e8df220e1c9b2d98a15e9db86c5a32bf52b0f1de1be7636cb21e87d177fa1e7828be02578cac204a8e9c7ca6119aa0bdd165bbf7d0f799f0d2ae118bd9037982c1fed3e223b60cc86f21e8c1d9336cb76cb521bc9791abcd99af0bf70a198de0d678cc8bdc0f74fef28407bf09d93054d5e20f5452fad596ae036bec1109e4541d5cb9d287b5498934fad3963a53030dc2264668467716afee211f4dc8082800be3829050b2e26c447b001c076dda2e2b7f17c96612b0f594b6ef5193c5dc3affa5778896e1e40a3953e5557d39799c312b4126a6086dd85393ed3322a48ca0afb9e5dd96ac9461dc7cfc8b02a23b7a1486ea8c9bb204e39298b1017a67a8c1cf1e0582c6b8d95a611c0053eccc9592e1af600e4386680be35c29acfd9033058a4842006fe429188e6a4783a9bf5fd7d1c36c0530f6a42be785419ef2192ffe02470d376f084a4352cdc7e34b9f4891304499b1e0946832b187762d191d7e9cd9cc9112ad768e5132f804f304a9ba0572d0e1c7eac6ff606baf0f0f2e1c836d9a9f7f01fe748dd5ae7b34ed6d51f6e4c8575de14c8552026c4c82516080d919a706fa62958742cc2843ce88c04a19cb66781f2b75d9a81d3f4f2c078e35bacf3a69dc717b61c9c9557d82bdaa636fe80e37f41d63f2388da0b79555f2b3d2b7b30db6d2837aecd455814118a737d3d2845704f4b8a7156dd582477d0b9f0d2622b1f963d243c73646d35dd25547446fa94f47b63637e37b9c61ed88c97b185f9b8d09ffd768cd1c79ab31ff33e82423872f4b2642a1530a248b1dac5a776d5c5d6381e38f01fe8b23921c7b52175619bfe522c945e45ea5a0d35f35fb7c7f772f32657b8b936de258ab52fcf2bc4973c7d8da82d113bd59831b658c62b6913c9162f66a92bcdba85a33796028c8285083f65eec0168039af09f83e27d94fa22f4a595702cbd51d8f48ad8aff4a74c5fd50922b3eba0341c6718f34f3a59181722e330ccfc7d1997357fbb1c95213b082d6b6f119118bb24a98c2c53de48b8b1bdd9c51c88c89acbcd4de108fb32f4beda27743b4a04e5ebc677862da939c7dfc616e765b79b1359d8e5ae4eeae5cd38954a7b6f8693496bfd2624f1a83182440510d7de981a321ccf81b75ab23317598adcb3bff8454110a056ee64a3b088c3ed6d0cd1d2e7033f872106205e95f171e347f02d9583f59113e49386e30ad92537b577e9822f3ecfc1b1374bf2911f61168f30b8f1e3af513e8248409d25c1d3bc09e93a66fa2c4bb3caaf1f4bc28e730ffd78375136e8c32d9bc26b8958c62aa7912dcdf44bbb6668c872df81c6362a679e57860484f003506ab7e1bd7344261c761bc03a7a0167047c1c07e8e46e9af814ab2b93fbdd8536448ee939188ed5a79c6d5d962efe69afde6999a5d52d71090bcb11a1eacb07185f9f5199d44c9bb5c48a09b28cc10e3f84f04677c3052e57d5426d3f5fa852a8f4ed3c8495a4f79261bbf6d1405c9ee97fe3df651819907bf93e4bd0c0a7d2d454e7ba0e84eada5731bf373ae529a6a1f17f959c77931d2ae261b588e844e8c1deae11cf6bbc1433ecabd2715cca3c7471b6f8de376a7263fa3064bda2754f75af047f7bbe11659adb21af39f0b71ae0aaee207f1811cef018fc70717c38b14948f307302bebca0450c6d1670996a92eebe691e0f7395fc20c554a171472df72761fca5a73a242f15c39b7fe6e4c013d655cdd09e319727758beb367aaadf6e70bfef6f8fce3e7c3848279f88ebe8a10f00dfe8f4dd87f9437b8bfa4b7b1517902cc06887ec5a9b9eef923c0e72e9ff82226ae8bf7cef3b3cf91e0ff8408e62421a4d88875b9f6a9382722d42aaf8fea280198a23eda48f6ddc26411825dbfadd25301735d1f9c74f61b15d3b2181dc9d77a4115c7047b9c6520b55dd2fcf343c4f1cb7cf93c10c0e01e282f28cf54575924024819409c322dce701d88f78c94416ebf4c2275bac8c75299636f3a507b7f933c5e13d853725a5ce8f9ec33de647b87a1d0775d62dfa07fead5253cc18526b5ffd90312ff098b81dd01c59f882b0223e6cf768b2ee0d5e0e8d10a2f5c04aa3b97a3dc92e102b30d60f3f0ff5b6253e49d960bc6b8d3a5daf6f3f4c06fcaa315e8315fe71023875f318934414cfd10fd7625e084b132b1c37b1b3e10777c10a3f9c47cca710012a77bf342bd64ba5fb08e24908cbf07143a49c2acf74d0c4097b0a8c2efcb6dbda4433acd0f1e2ad24cbcb4462aa7ce3d12514d4aaaec95457ec06f197c0df614d484af7987458ed2e33552b7a1cf72a4c4b016e7a7399ef9998bd52f860d2ef0751e7e96ebc472af3e666f7778f8eedb12bbac921eac8436b31ab61d72c259a2473678d88743f0f768c1782ee4702646bf349308712ea8cbad36d90b5c770971a1ff70719cdfdeb01927a561fb67d7cb6a2feec1215bac6eeedfb930d3556b5547a7e1af3199de6929a745c5323dbc34624761bb1beff6508463a5b7cac6d1d0265c733cb609b8cdaa56042d29fb70fa58c64b1fed6028d3a2ee7d6f3046cd980bea9f9e1d82fd9beafe7d66cfcbdd49caa5ea4f43faca173cba614e02f407b5c791e460a3ee590b3780ad8cbab34ff0379cc1f947201e28d0cbfa9cc5beef86ecc7090eac13ff614bf73f24b335fcff38a57bce197f67a5816f3d11bb558f0485b4441fcddb6b33c211f19f263f35462349492e26d5fc8437e09539c06fd6b14f243e0a51cc7ed7482677c5a9e7c864b81ae890e6412b6b387e887c9a70e5470c0d17800bb4e39a971a30151c2d5717a9c1183fc5e43902b25130f5fe2d85a64b77a8e64dc59d0b1e3b022efb9c1cbdfebb071c0fbd09619577bb1e18b488091d5c239589805b8df254db031aaa7751bb0b71bffe4b307ebd8359271c2376f2c75a8bea9808725cca6254f89e211cae70dce4cefa123d29238ecb0057d28eeaaabea6e99ab64ebea4c2c62806e6a9e2bccb96a4d07e816ee378e094acee3a9f31b0d1033634310baef6bc7f5e0870a2f1f7f519861834935b1073f9a5c348a46b3be82932d3cf1823a60fb9d0b269b94e58614b5cca1bf2f47ad4e15a93fce9995e06583c41b84930fc26cfe19e9ce9028c7ed8f6f701ed97a74ff3d3affcacf957946fd675240ea08b362a4c1d15aa0722f4cec99aae7d167c49c6123b1ddc36285804044883676921d8b9feed089851e819b782c1fc4025c44874f1454e53e477838e6ff0a472331da69f8e4efb474db064a4b4325c08b4db60377a142c19512b7d1e9fdcfb599662e5448ef3fed112a62bad364467613c73a3385df9766446627c2658c87b56c069440d4e0406e1220c79c2c99116c3224a7a90fee8b6c04f3ff85cbe993c3bb4f7961a801dd893557cd0be736f17e3fa2c65ecc61b907c9d919612ac73a41f91d88733b5830d135a457b3c13fceb0bd294f412bde878315b32c91529b5d55383a1f79f949a8424865b474d784a7a89153b88fc7ec11589b01b9b1aece6585de4d6dbf329c09f35426525addf3e1aa57dddace18fdb219b5e4b32c29a24de709f180b6ff5578141158f467ee9f0cccb580e5b9929c59e47cc8ff27b8401a934769d99f26cc9a9f66ecd0879df8b5becf0cb9a41006396075455306059a7dce312f4e08c54d13bd5da696b32f2c8efbdaad768e372049a3a58bb8c6972d34f859c4ea29ec46aa7752f5d7e8bd3523a10de8b876cb1d61d143d55a1f343252f0927fd5d853b663a71dbb0fff6a7ff07f9cf1e1eb23e07009ffde16778c6fb40005806c00008066000100ff2b438530c09d6d6c4dcf2c2a23485c29e6709135af4a5f9cd208aca225763fd7f0f412614dcbd5b241fa693da760a65c7e949236399aae670277028d93880ab5d5b57c9a52d87bbe4e8bb65d05e11c6ce8206fef72e1e35edee70185e39ef115a60000440000801a00010027f301605c12b1694f61508b0a6bbc34aa17fad23cb6000024000480040005000c0004000200000000000000080002000900"], 0x1150}, 0x1, 0x0, 0x0, 0x20000041}, 0x800) (async)
mmap$auto(0x0, 0x2020009, 0x8000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) (async, rerun: 32)
syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e</\xfd\x9b\xe4\x99G\xeaS\x9a\xadu(:\x94:\xaf\x06c=3>1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) (rerun: 32)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async)
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x1, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/net\x00') (async)
tgkill$auto(0x0, 0x1, 0x1) (async)
madvise$auto(0x0, 0x7ffffffffffffffe, 0x8000000a) (async)
clone$auto(0x100000000021, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x0) (async)
mmap$auto(0x0, 0x5, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/memory/memory15/online\x00', 0xa001, 0x0)
write$auto(r5, &(0x7f0000000140)='0[.[\x00', 0xcd04) (async)
sendmsg$auto_NLBL_MGMT_C_REMOVE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000", @ANYRES16=0x0, @ANYBLOB="01002bbddbb0000000000000d311"], 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x400000c)

232.607573ms ago: executing program 1 (id=2754):
unshare$auto(0x40000080)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
read$auto(0xffffffffffffffff, 0x0, 0x1f40)
stat$auto(0x0, &(0x7f0000000380)={0x3, 0x3, 0x6, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0xa, 0xff, 0x100, 0x401, 0x5f57, 0x80000000, 0xaa})
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x0, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
getsockopt$auto_SO_PASSCRED(0xffffffffffffffff, 0x1, 0x10, 0x0, 0x0)
mmap$auto(0x0, 0x400005, 0x800000000000df, 0x9b72, 0x2, 0x8000)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x20048801)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x1000, 0x400005, 0x4, 0x9b72, 0xffffffffffffffff, 0x8000)
mseal$auto(0x0, 0x7dda, 0x0)
ioperm$auto(0x400000ffff, 0xe, 0x1)
syz_genetlink_get_family_id$auto_taskstats(0x0, 0xffffffffffffffff)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
pread64$auto(0xffffffffffffffff, 0x0, 0xe, 0x100000000007)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bond0\x00'})
statmount$auto(0x0, 0x0, 0xfffff7fffffffffa, 0x81)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r2, 0x0, 0x20)
r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0)
writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3)
io_setup$auto(0xffff, &(0x7f0000000580))
write$auto(0x3, 0x0, 0xfffffdef)
r4 = socket$nl_generic(0x11, 0x3, 0x10)
bind$auto(r4, &(0x7f0000000200)=@generic={0x11, "0000100000000000929e006300"}, 0x80)

0s ago: executing program 0 (id=2755):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'veth0\x00', <r1=>0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_MACSEC_CMD_ADD_RXSC(r2, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="f51b26bd7000fedbdf2517"], 0x14}, 0x1, 0x0, 0x0, 0x8090}, 0x4000)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0)
r3 = prctl$auto_PR_SET_MM_END_DATA(0x2, 0x4, 0x0, 0x2, 0x20000000008001)
ioctl$auto_SNDCTL_DSP_NONBLOCK(r3, 0x500e, &(0x7f0000000080)="431f1eb6e698f028950e5af5dc554b53446a730ab43f103ca6fca015c870096655b49b2adf9a535a032fd97089d5c67b6cba35ce5c651044a67275ad72a2eb84d811f1f42bfb8a6f27b7ea84")
write$auto(0xffffffffffffffff, 0x0, 0x7)
r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
futex$auto(&(0x7f0000000000)=0xf0fb, 0x5, 0x4, 0x0, &(0x7f0000000080)=0x60, 0x3000000)
mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/compaction_proactiveness\x00', 0x40001, 0x0)
close_range$auto(0x2, 0x8, 0x0)
prctl$auto(0xb, 0x1, 0xffffffffffffffff, 0x4, 0x7fffffff)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
write$auto(r5, 0x0, 0x5)

kernel console output (not intermixed with test programs):

r after parsing attributes in process `syz.0.1947'.
[  593.186760][T14699] netlink: 'syz.1.1958': attribute type 22 has an invalid length.
[  593.323267][T14699] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1958'.
[  596.013577][T14725] netlink: 266 bytes leftover after parsing attributes in process `syz.2.1965'.
[  596.052028][T14725] IPv6: NLM_F_CREATE should be specified when creating new route
[  596.479351][T14735] FAULT_INJECTION: forcing a failure.
[  596.479351][T14735] name failslab, interval 1, probability 0, space 0, times 0
[  596.522112][T14735] CPU: 0 UID: 0 PID: 14735 Comm: syz.2.1968 Tainted: G     U              6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  596.522156][T14735] Tainted: [U]=USER
[  596.522165][T14735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  596.522179][T14735] Call Trace:
[  596.522188][T14735]  <TASK>
[  596.522198][T14735]  dump_stack_lvl+0x16c/0x1f0
[  596.522240][T14735]  should_fail_ex+0x512/0x640
[  596.522277][T14735]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  596.522311][T14735]  should_failslab+0xc2/0x120
[  596.522344][T14735]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  596.522371][T14735]  ? __asan_memcpy+0x3c/0x60
[  596.522395][T14735]  ? __kernfs_new_node+0xd2/0x8a0
[  596.522427][T14735]  __kernfs_new_node+0xd2/0x8a0
[  596.522456][T14735]  ? __pfx___kernfs_new_node+0x10/0x10
[  596.522491][T14735]  ? find_held_lock+0x2b/0x80
[  596.522518][T14735]  ? kernfs_root+0xee/0x2a0
[  596.522558][T14735]  kernfs_new_node+0x13c/0x1e0
[  596.522588][T14735]  ? __mutex_trylock_common+0xe9/0x250
[  596.522626][T14735]  kernfs_create_dir_ns+0x4c/0x1a0
[  596.522661][T14735]  sysfs_create_dir_ns+0x13a/0x2b0
[  596.522701][T14735]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  596.522738][T14735]  ? find_held_lock+0x2b/0x80
[  596.522771][T14735]  ? class_dir_child_ns_type+0xd/0x60
[  596.522809][T14735]  kobject_add_internal+0x2c4/0x9b0
[  596.522842][T14735]  kobject_add+0x16e/0x240
[  596.522866][T14735]  ? __pfx_kobject_add+0x10/0x10
[  596.522893][T14735]  ? get_device_parent+0x1c5/0x4e0
[  596.522928][T14735]  ? kobject_put+0xab/0x5a0
[  596.522954][T14735]  ? device_add+0xbff/0x1a70
[  596.522994][T14735]  device_add+0x288/0x1a70
[  596.523034][T14735]  ? __pfx_device_add+0x10/0x10
[  596.523067][T14735]  ? kfree+0x252/0x4d0
[  596.523104][T14735]  device_create_groups_vargs+0x1f8/0x270
[  596.523148][T14735]  device_create+0xed/0x130
[  596.523186][T14735]  ? __pfx_device_create+0x10/0x10
[  596.523226][T14735]  ? do_init_timer+0xc9/0x110
[  596.523257][T14735]  ? ieee80211_roc_setup+0x136/0x270
[  596.523293][T14735]  ? ieee80211_alloc_hw_nm+0x231/0x2260
[  596.523327][T14735]  mac80211_hwsim_new_radio+0x369/0x54d0
[  596.523386][T14735]  ? __asan_memset+0x23/0x50
[  596.523412][T14735]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  596.523465][T14735]  hwsim_new_radio_nl+0xb51/0x12c0
[  596.523509][T14735]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  596.523567][T14735]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  596.523608][T14735]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  596.523657][T14735]  genl_family_rcv_msg_doit+0x206/0x2f0
[  596.523699][T14735]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  596.523738][T14735]  ? trace_cap_capable+0x18d/0x200
[  596.523776][T14735]  ? bpf_lsm_capable+0x9/0x10
[  596.523802][T14735]  ? security_capable+0x7e/0x260
[  596.523831][T14735]  ? ns_capable+0xd7/0x110
[  596.523862][T14735]  genl_rcv_msg+0x55c/0x800
[  596.523905][T14735]  ? __pfx_genl_rcv_msg+0x10/0x10
[  596.523942][T14735]  ? __pfx___dev_queue_xmit+0x10/0x10
[  596.523970][T14735]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  596.524013][T14735]  ? __lock_acquire+0xaa4/0x1ba0
[  596.524054][T14735]  netlink_rcv_skb+0x16d/0x440
[  596.524088][T14735]  ? __pfx_genl_rcv_msg+0x10/0x10
[  596.524129][T14735]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  596.524183][T14735]  ? __pfx_down_read+0x10/0x10
[  596.524210][T14735]  ? netlink_deliver_tap+0x1ae/0xd30
[  596.524249][T14735]  genl_rcv+0x28/0x40
[  596.524283][T14735]  netlink_unicast+0x53a/0x7f0
[  596.524322][T14735]  ? __pfx_netlink_unicast+0x10/0x10
[  596.524353][T14735]  ? __lock_acquire+0xaa4/0x1ba0
[  596.524396][T14735]  netlink_sendmsg+0x8d1/0xdd0
[  596.524438][T14735]  ? __pfx_netlink_sendmsg+0x10/0x10
[  596.524488][T14735]  ____sys_sendmsg+0xa95/0xc70
[  596.524527][T14735]  ? copy_msghdr_from_user+0x10a/0x160
[  596.524565][T14735]  ? __pfx_____sys_sendmsg+0x10/0x10
[  596.524609][T14735]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  596.524655][T14735]  ___sys_sendmsg+0x134/0x1d0
[  596.524690][T14735]  ? __pfx____sys_sendmsg+0x10/0x10
[  596.524771][T14735]  __sys_sendmsg+0x16d/0x220
[  596.524803][T14735]  ? __pfx___sys_sendmsg+0x10/0x10
[  596.524834][T14735]  ? __x64_sys_futex+0x1e0/0x4c0
[  596.524873][T14735]  ? rcu_is_watching+0x12/0xc0
[  596.524909][T14735]  do_syscall_64+0xcd/0x230
[  596.524950][T14735]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  596.524976][T14735] RIP: 0033:0x7ff1af98e969
[  596.524997][T14735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  596.525021][T14735] RSP: 002b:00007ff1b084b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  596.525045][T14735] RAX: ffffffffffffffda RBX: 00007ff1afbb5fa0 RCX: 00007ff1af98e969
[  596.525062][T14735] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 000000000000000a
[  596.525078][T14735] RBP: 00007ff1afa10ab1 R08: 0000000000000000 R09: 0000000000000000
[  596.525094][T14735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  596.525109][T14735] R13: 0000000000000000 R14: 00007ff1afbb5fa0 R15: 00007ffcf7e34bf8
[  596.525145][T14735]  </TASK>
[  596.525183][T14735] kobject: kobject_add_internal failed for hwsim16 (error: -12 parent: mac80211_hwsim)
[  598.506806][T14755] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  598.525560][T14755] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  598.531618][T14755] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  598.643431][T14755] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  598.654378][T14755] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  598.758246][T14755] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  598.876238][T14775] netlink: 146 bytes leftover after parsing attributes in process `syz.2.1976'.
[  599.245025][T14782] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1977'.
[  599.752387][T13209] Bluetooth: hci0: command 0x0c1a tx timeout
[  600.544538][T13209] Bluetooth: hci1: command 0x0c1a tx timeout
[  600.547261][T14810] __vm_enough_memory: pid: 14810, comm: syz.1.1983, bytes: 4398046511104 not enough memory for the allocation
[  600.703751][T13209] Bluetooth: hci2: command 0x0c1a tx timeout
[  600.783465][T13209] Bluetooth: hci3: command 0x0c1a tx timeout
[  601.581483][T13209] Bluetooth: hci0: Unable to find connection for big 0xd2
[  602.616696][T13209] Bluetooth: hci1: command 0x0c1a tx timeout
[  602.773184][T13209] Bluetooth: hci2: command 0x0c1a tx timeout
[  603.018483][T14866] Invalid ELF header magic: != ELF
[  603.259081][T14892] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1999'.
[  603.813972][T13209] Bluetooth: hci3: Unable to find connection for big 0xd2
[  605.474570][   T30] audit: type=1804 audit(4294969608.598:71): pid=14945 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2010" name="/newroot/529/file0" dev="tmpfs" ino=2779 res=1 errno=0
[  605.548478][   T30] audit: type=1800 audit(4294969608.598:72): pid=14945 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2010" name="file0" dev="tmpfs" ino=2779 res=0 errno=0
[  608.725210][T15013] random: crng reseeded on system resumption
[  608.889362][T15008] FAULT_INJECTION: forcing a failure.
[  608.889362][T15008] name failslab, interval 1, probability 0, space 0, times 0
[  608.911221][T15008] CPU: 0 UID: 0 PID: 15008 Comm: syz.1.2021 Tainted: G     U              6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  608.911266][T15008] Tainted: [U]=USER
[  608.911276][T15008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  608.911291][T15008] Call Trace:
[  608.911301][T15008]  <TASK>
[  608.911311][T15008]  dump_stack_lvl+0x16c/0x1f0
[  608.911356][T15008]  should_fail_ex+0x512/0x640
[  608.911395][T15008]  ? __kmalloc_noprof+0xbf/0x510
[  608.911429][T15008]  ? __register_sysctl_table+0xb3/0x1900
[  608.911460][T15008]  should_failslab+0xc2/0x120
[  608.911493][T15008]  __kmalloc_noprof+0xd2/0x510
[  608.911534][T15008]  __register_sysctl_table+0xb3/0x1900
[  608.911567][T15008]  ? is_module_address+0x5f/0xf0
[  608.911609][T15008]  ? __pfx___register_sysctl_table+0x10/0x10
[  608.911639][T15008]  ? is_module_address+0x69/0xf0
[  608.911682][T15008]  ? register_net_sysctl_sz+0x228/0x3e0
[  608.911711][T15008]  ? __asan_memcpy+0x3c/0x60
[  608.911742][T15008]  devinet_init_net+0x378/0x910
[  608.911782][T15008]  ? __pfx_devinet_init_net+0x10/0x10
[  608.911817][T15008]  ops_init+0x1e2/0x5f0
[  608.911857][T15008]  setup_net+0x21e/0x850
[  608.911895][T15008]  ? __pfx_setup_net+0x10/0x10
[  608.911927][T15008]  ? lockdep_init_map_type+0x5c/0x280
[  608.911963][T15008]  ? __pfx_down_read_killable+0x10/0x10
[  608.911995][T15008]  ? debug_mutex_init+0x37/0x70
[  608.912025][T15008]  copy_net_ns+0x2a6/0x5f0
[  608.912067][T15008]  create_new_namespaces+0x3ea/0xad0
[  608.912107][T15008]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  608.912141][T15008]  ksys_unshare+0x45b/0xa40
[  608.912178][T15008]  ? __pfx_ksys_unshare+0x10/0x10
[  608.912212][T15008]  ? xfd_validate_state+0x5d/0x180
[  608.912240][T15008]  ? rcu_is_watching+0x12/0xc0
[  608.912275][T15008]  __x64_sys_unshare+0x31/0x40
[  608.912310][T15008]  do_syscall_64+0xcd/0x230
[  608.912354][T15008]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  608.912381][T15008] RIP: 0033:0x7fa42738e969
[  608.912402][T15008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  608.912427][T15008] RSP: 002b:00007fa4251f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  608.912453][T15008] RAX: ffffffffffffffda RBX: 00007fa4275b5fa0 RCX: 00007fa42738e969
[  608.912472][T15008] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  608.912488][T15008] RBP: 00007fa427410ab1 R08: 0000000000000000 R09: 0000000000000000
[  608.912504][T15008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  608.912521][T15008] R13: 0000000000000000 R14: 00007fa4275b5fa0 R15: 00007ffe07c5c168
[  608.912558][T15008]  </TASK>
[  609.226132][T15019] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes.
[  610.131451][T15039] netlink: 'syz.3.2032': attribute type 1 has an invalid length.
[  610.140300][T15039] netlink: 306 bytes leftover after parsing attributes in process `syz.3.2032'.
[  611.137820][T15055] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  611.216133][T15055] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  611.247720][T15055] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  611.269019][T15055] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  611.939379][T15090] program syz.3.2040 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  612.107401][T15088] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2040'.
[  612.880478][T13209] Bluetooth: hci0: command 0x0c1a tx timeout
[  613.278434][T13209] Bluetooth: hci3: command 0x0c1a tx timeout
[  613.286333][T13209] Bluetooth: hci2: command 0x0c1a tx timeout
[  613.295522][T12788] Bluetooth: hci1: command 0x0c1a tx timeout
[  614.205053][T15115] can: request_module (can-proto-0) failed.
[  614.211204][T15125] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2046'.
[  615.914798][T15156] mkiss: ax0: crc mode is auto.
[  617.347638][T15194] raw_sendmsg: syz.2.2062 forgot to set AF_INET. Fix it!
[  618.978418][T15223] FAULT_INJECTION: forcing a failure.
[  618.978418][T15223] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  619.018673][T15223] CPU: 1 UID: 0 PID: 15223 Comm: syz.2.2069 Tainted: G     U              6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  619.018713][T15223] Tainted: [U]=USER
[  619.018721][T15223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  619.018734][T15223] Call Trace:
[  619.018743][T15223]  <TASK>
[  619.018752][T15223]  dump_stack_lvl+0x16c/0x1f0
[  619.018794][T15223]  should_fail_ex+0x512/0x640
[  619.018836][T15223]  should_fail_alloc_page+0xe7/0x130
[  619.018871][T15223]  prepare_alloc_pages+0x3c2/0x610
[  619.018909][T15223]  ? unwind_get_return_address+0x59/0xa0
[  619.018942][T15223]  __alloc_frozen_pages_noprof+0x18f/0x23a0
[  619.018976][T15223]  ? __lock_acquire+0x5ca/0x1ba0
[  619.019015][T15223]  ? __lock_acquire+0xaa4/0x1ba0
[  619.019045][T15223]  ? _parse_integer_limit+0x17f/0x1d0
[  619.019083][T15223]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  619.019118][T15223]  ? find_held_lock+0x2b/0x80
[  619.019143][T15223]  ? aa_file_perm+0x4c7/0xfb0
[  619.019194][T15223]  ? aa_file_perm+0x4d6/0xfb0
[  619.019233][T15223]  ? register_lock_class+0x41/0x4c0
[  619.019266][T15223]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  619.019304][T15223]  ? policy_nodemask+0xea/0x4e0
[  619.019339][T15223]  alloc_pages_mpol+0x1fb/0x550
[  619.019373][T15223]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  619.019405][T15223]  ? get_pid_task+0xfc/0x250
[  619.019449][T15223]  alloc_pages_noprof+0x131/0x390
[  619.019483][T15223]  get_free_pages_noprof+0xc/0x40
[  619.019516][T15223]  mem_rw+0x95/0x680
[  619.019556][T15223]  vfs_write+0x25c/0x1180
[  619.019579][T15223]  ? __pfx_mem_write+0x10/0x10
[  619.019616][T15223]  ? __pfx___mutex_lock+0x10/0x10
[  619.019654][T15223]  ? __pfx_vfs_write+0x10/0x10
[  619.019695][T15223]  ? __fget_files+0x20e/0x3c0
[  619.019730][T15223]  ksys_write+0x12a/0x240
[  619.019756][T15223]  ? __pfx_ksys_write+0x10/0x10
[  619.019780][T15223]  ? rcu_is_watching+0x12/0xc0
[  619.019816][T15223]  do_syscall_64+0xcd/0x230
[  619.019857][T15223]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  619.019884][T15223] RIP: 0033:0x7ff1af98e969
[  619.019904][T15223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  619.019928][T15223] RSP: 002b:00007ff1b0809038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  619.019952][T15223] RAX: ffffffffffffffda RBX: 00007ff1afbb6160 RCX: 00007ff1af98e969
[  619.019970][T15223] RDX: 0000000000080000 RSI: 0000200000001680 RDI: 0000000000000009
[  619.019985][T15223] RBP: 00007ff1b0809090 R08: 0000000000000000 R09: 0000000000000000
[  619.020001][T15223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  619.020017][T15223] R13: 0000000000000000 R14: 00007ff1afbb6160 R15: 00007ffcf7e34bf8
[  619.020053][T15223]  </TASK>
[  620.139968][T15231] random: crng reseeded on system resumption
[  622.316870][T15269] FAULT_INJECTION: forcing a failure.
[  622.316870][T15269] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  622.331294][T15269] CPU: 1 UID: 0 PID: 15269 Comm: syz.3.2079 Tainted: G     U              6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  622.331332][T15269] Tainted: [U]=USER
[  622.331341][T15269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  622.331355][T15269] Call Trace:
[  622.331364][T15269]  <TASK>
[  622.331373][T15269]  dump_stack_lvl+0x16c/0x1f0
[  622.331416][T15269]  should_fail_ex+0x512/0x640
[  622.331459][T15269]  _copy_from_user+0x2e/0xd0
[  622.331485][T15269]  mem_rw+0x1e2/0x680
[  622.331525][T15269]  vfs_write+0x25c/0x1180
[  622.331549][T15269]  ? __pfx_mem_write+0x10/0x10
[  622.331585][T15269]  ? __pfx___mutex_lock+0x10/0x10
[  622.331619][T15269]  ? __pfx_vfs_write+0x10/0x10
[  622.331655][T15269]  ? __fget_files+0x20e/0x3c0
[  622.331690][T15269]  ksys_write+0x12a/0x240
[  622.331724][T15269]  ? __pfx_ksys_write+0x10/0x10
[  622.331748][T15269]  ? rcu_is_watching+0x12/0xc0
[  622.331783][T15269]  do_syscall_64+0xcd/0x230
[  622.331818][T15269]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  622.331843][T15269] RIP: 0033:0x7fdf6d98e969
[  622.331861][T15269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  622.331884][T15269] RSP: 002b:00007fdf6e81d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  622.331907][T15269] RAX: ffffffffffffffda RBX: 00007fdf6dbb6160 RCX: 00007fdf6d98e969
[  622.331923][T15269] RDX: 0000000000080000 RSI: 0000200000001680 RDI: 0000000000000009
[  622.331939][T15269] RBP: 00007fdf6e81d090 R08: 0000000000000000 R09: 0000000000000000
[  622.331954][T15269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  622.331969][T15269] R13: 0000000000000000 R14: 00007fdf6dbb6160 R15: 00007fff7da55b88
[  622.332003][T15269]  </TASK>
[  622.765494][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  622.782745][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  625.334739][T15331] FAULT_INJECTION: forcing a failure.
[  625.334739][T15331] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  625.349375][T15331] CPU: 1 UID: 0 PID: 15331 Comm: syz.1.2093 Tainted: G     U              6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  625.349415][T15331] Tainted: [U]=USER
[  625.349424][T15331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  625.349445][T15331] Call Trace:
[  625.349453][T15331]  <TASK>
[  625.349463][T15331]  dump_stack_lvl+0x16c/0x1f0
[  625.349505][T15331]  should_fail_ex+0x512/0x640
[  625.349546][T15331]  _copy_from_user+0x2e/0xd0
[  625.349572][T15331]  mem_rw+0x1e2/0x680
[  625.349611][T15331]  vfs_write+0x25c/0x1180
[  625.349635][T15331]  ? __pfx_mem_write+0x10/0x10
[  625.349670][T15331]  ? __pfx___mutex_lock+0x10/0x10
[  625.349706][T15331]  ? __pfx_vfs_write+0x10/0x10
[  625.349742][T15331]  ? __fget_files+0x20e/0x3c0
[  625.349776][T15331]  ksys_write+0x12a/0x240
[  625.349801][T15331]  ? __pfx_ksys_write+0x10/0x10
[  625.349825][T15331]  ? rcu_is_watching+0x12/0xc0
[  625.349861][T15331]  do_syscall_64+0xcd/0x230
[  625.349901][T15331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  625.349926][T15331] RIP: 0033:0x7fa42738e969
[  625.349947][T15331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  625.349970][T15331] RSP: 002b:00007fa4251b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  625.349994][T15331] RAX: ffffffffffffffda RBX: 00007fa4275b6160 RCX: 00007fa42738e969
[  625.350012][T15331] RDX: 0000000000080000 RSI: 0000200000001680 RDI: 0000000000000009
[  625.350027][T15331] RBP: 00007fa4251b4090 R08: 0000000000000000 R09: 0000000000000000
[  625.350043][T15331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  625.350057][T15331] R13: 0000000000000000 R14: 00007fa4275b6160 R15: 00007ffe07c5c168
[  625.350092][T15331]  </TASK>
[  627.444597][T15371] can: request_module (can-proto-0) failed.
[  628.882255][T15398] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input66
[  629.606007][T15400] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input67
[  630.298896][T13209] Bluetooth: hci1: unexpected subevent 0x01 length: 4 < 18
[  630.363351][   T30] audit: type=1800 audit(4294969641.604:73): pid=15429 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2112" name="dbroot" dev="configfs" ino=57455 res=0 errno=0
[  631.611449][T15449] openvswitch: netlink: Key type 11280 is out of range max 32
[  632.285977][T15454] FAULT_INJECTION: forcing a failure.
[  632.285977][T15454] name failslab, interval 1, probability 0, space 0, times 0
[  632.316010][T15467] Process accounting resumed
[  632.325064][T15454] CPU: 1 UID: 0 PID: 15454 Comm: syz.1.2118 Tainted: G     U              6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  632.325111][T15454] Tainted: [U]=USER
[  632.325120][T15454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  632.325136][T15454] Call Trace:
[  632.325145][T15454]  <TASK>
[  632.325156][T15454]  dump_stack_lvl+0x16c/0x1f0
[  632.325210][T15454]  should_fail_ex+0x512/0x640
[  632.325250][T15454]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  632.325280][T15454]  should_failslab+0xc2/0x120
[  632.325314][T15454]  __kmalloc_cache_noprof+0x6a/0x3e0
[  632.325341][T15454]  ? skbmod_init_net+0x56/0x270
[  632.325373][T15454]  ? __pfx_skbmod_init_net+0x10/0x10
[  632.325402][T15454]  skbmod_init_net+0x56/0x270
[  632.325432][T15454]  ops_init+0x1e2/0x5f0
[  632.325469][T15454]  setup_net+0x21e/0x850
[  632.325507][T15454]  ? __pfx_setup_net+0x10/0x10
[  632.325541][T15454]  ? lockdep_init_map_type+0x5c/0x280
[  632.325577][T15454]  ? __pfx_down_read_killable+0x10/0x10
[  632.325608][T15454]  ? debug_mutex_init+0x37/0x70
[  632.325637][T15454]  copy_net_ns+0x2a6/0x5f0
[  632.325679][T15454]  create_new_namespaces+0x3ea/0xad0
[  632.325719][T15454]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  632.325752][T15454]  ksys_unshare+0x45b/0xa40
[  632.325788][T15454]  ? __pfx_ksys_unshare+0x10/0x10
[  632.325821][T15454]  ? xfd_validate_state+0x5d/0x180
[  632.325848][T15454]  ? rcu_is_watching+0x12/0xc0
[  632.325882][T15454]  __x64_sys_unshare+0x31/0x40
[  632.325915][T15454]  do_syscall_64+0xcd/0x230
[  632.325955][T15454]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  632.325983][T15454] RIP: 0033:0x7fa42738e969
[  632.326003][T15454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  632.326028][T15454] RSP: 002b:00007fa4251f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  632.326055][T15454] RAX: ffffffffffffffda RBX: 00007fa4275b5fa0 RCX: 00007fa42738e969
[  632.326072][T15454] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  632.326088][T15454] RBP: 00007fa427410ab1 R08: 0000000000000000 R09: 0000000000000000
[  632.326104][T15454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  632.326121][T15454] R13: 0000000000000000 R14: 00007fa4275b5fa0 R15: 00007ffe07c5c168
[  632.326157][T15454]  </TASK>
[  638.418710][T13209] Bluetooth: hci3: Unable to find connection for big 0xd2
[  639.542534][T15652] Invalid ELF header magic: != ELF
[  640.547226][T15672] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2172'.
[  640.660842][T15674] FAULT_INJECTION: forcing a failure.
[  640.660842][T15674] name failslab, interval 1, probability 0, space 0, times 0
[  640.706956][T15674] CPU: 0 UID: 0 PID: 15674 Comm: syz.1.2173 Tainted: G     U              6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  640.706982][T15674] Tainted: [U]=USER
[  640.706987][T15674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  640.706996][T15674] Call Trace:
[  640.707001][T15674]  <TASK>
[  640.707007][T15674]  dump_stack_lvl+0x16c/0x1f0
[  640.707031][T15674]  should_fail_ex+0x512/0x640
[  640.707052][T15674]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  640.707071][T15674]  should_failslab+0xc2/0x120
[  640.707089][T15674]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  640.707106][T15674]  ? __d_alloc+0x31/0xaa0
[  640.707123][T15674]  __d_alloc+0x31/0xaa0
[  640.707139][T15674]  d_alloc+0x4a/0x1e0
[  640.707155][T15674]  d_alloc_parallel+0xe3/0x12e0
[  640.707181][T15674]  ? __pfx_d_alloc_parallel+0x10/0x10
[  640.707198][T15674]  ? __lock_acquire+0xaa4/0x1ba0
[  640.707218][T15674]  ? lockdep_init_map_type+0x5c/0x280
[  640.707237][T15674]  ? lockdep_init_map_type+0x5c/0x280
[  640.707258][T15674]  __lookup_slow+0x193/0x460
[  640.707277][T15674]  ? __pfx___lookup_slow+0x10/0x10
[  640.707307][T15674]  ? lookup_fast+0x156/0x610
[  640.707324][T15674]  ? __pfx_kernfs_iop_permission+0x10/0x10
[  640.707351][T15674]  walk_component+0x353/0x5b0
[  640.707372][T15674]  link_path_walk.part.0.constprop.0+0x685/0xd60
[  640.707415][T15674]  path_openat+0x227/0x2d40
[  640.707437][T15674]  ? __x64_sys_openat+0x174/0x210
[  640.707489][T15674]  ? __pfx_path_openat+0x10/0x10
[  640.707528][T15674]  do_filp_open+0x20b/0x470
[  640.707556][T15674]  ? __pfx_do_filp_open+0x10/0x10
[  640.707621][T15674]  ? alloc_fd+0x471/0x7d0
[  640.707674][T15674]  do_sys_openat2+0x11b/0x1d0
[  640.707711][T15674]  ? __pfx_do_sys_openat2+0x10/0x10
[  640.707748][T15674]  ? find_held_lock+0x2b/0x80
[  640.707772][T15674]  __x64_sys_openat+0x174/0x210
[  640.707791][T15674]  ? __pfx___x64_sys_openat+0x10/0x10
[  640.707811][T15674]  ? rcu_is_watching+0x12/0xc0
[  640.707830][T15674]  do_syscall_64+0xcd/0x230
[  640.707853][T15674]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  640.707868][T15674] RIP: 0033:0x7fa42738e969
[  640.707880][T15674] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  640.707893][T15674] RSP: 002b:00007fa4251f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  640.707906][T15674] RAX: ffffffffffffffda RBX: 00007fa4275b5fa0 RCX: 00007fa42738e969
[  640.707916][T15674] RDX: 0000000000101501 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  640.707925][T15674] RBP: 00007fa427410ab1 R08: 0000000000000000 R09: 0000000000000000
[  640.707933][T15674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  640.707941][T15674] R13: 0000000000000000 R14: 00007fa4275b5fa0 R15: 00007ffe07c5c168
[  640.707959][T15674]  </TASK>
[  640.986641][    C0] vkms_vblank_simulate: vblank timer overrun
[  641.110492][T15678] can: request_module (can-proto-0) failed.
[  646.200396][T13209] Bluetooth: hci0: Unable to find connection for big 0xd2
[  646.213721][T15772] Invalid ELF header magic: != ELF
[  647.493605][T15805] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2207'.
[  647.614683][T15818] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2210'.
[  648.104916][T15816] zswap: compressor  not available
[  649.841568][T15876] synth uevent: /devices/platform/vivid.0/cec15: unknown uevent action string
[  649.886651][T15876] cec cec15: uevent: failed to send synthetic uevent: -22
[  650.104328][T15872] zswap: compressor  not available
[  650.833471][T15894] syz.2.2227: vmalloc error: size 1859584, failed to allocate pages, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1
[  650.885969][T15894] CPU: 1 UID: 0 PID: 15894 Comm: syz.2.2227 Tainted: G     U              6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  650.886016][T15894] Tainted: [U]=USER
[  650.886025][T15894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  650.886041][T15894] Call Trace:
[  650.886049][T15894]  <TASK>
[  650.886060][T15894]  dump_stack_lvl+0x16c/0x1f0
[  650.886105][T15894]  warn_alloc+0x248/0x3a0
[  650.886140][T15894]  ? __pfx_warn_alloc+0x10/0x10
[  650.886175][T15894]  ? alloc_pages_mpol+0x25a/0x550
[  650.886214][T15894]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  650.886251][T15894]  ? trace_kmalloc+0x2b/0xd0
[  650.886291][T15894]  __vmalloc_node_range_noprof+0x12d2/0x1540
[  650.886342][T15894]  ? __snd_dma_alloc_pages+0x50/0x90
[  650.886374][T15894]  ? do_alloc_pages+0xd7/0x280
[  650.886402][T15894]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  650.886448][T15894]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  650.886496][T15894]  ? __snd_dma_alloc_pages+0x50/0x90
[  650.886528][T15894]  vmalloc_noprof+0x6b/0x90
[  650.886552][T15894]  ? __snd_dma_alloc_pages+0x50/0x90
[  650.886576][T15894]  ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10
[  650.886605][T15894]  __snd_dma_alloc_pages+0x50/0x90
[  650.886634][T15894]  snd_dma_alloc_dir_pages+0x151/0x240
[  650.886668][T15894]  do_alloc_pages+0x115/0x280
[  650.886701][T15894]  snd_pcm_lib_malloc_pages+0x3df/0x980
[  650.886738][T15894]  snd_pcm_hw_params+0x15e1/0x1b40
[  650.886774][T15894]  ? __pfx_snd_pcm_hw_params+0x10/0x10
[  650.886801][T15894]  ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0
[  650.886848][T15894]  ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10
[  650.886899][T15894]  ? __asan_memset+0x23/0x50
[  650.886928][T15894]  snd_pcm_kernel_ioctl+0x147/0x2e0
[  650.886959][T15894]  snd_pcm_oss_change_params_locked+0x1432/0x3a30
[  650.887024][T15894]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  650.887071][T15894]  ? snd_pcm_oss_sync+0x30c/0x840
[  650.887136][T15894]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[  650.887181][T15894]  snd_pcm_oss_sync+0x32e/0x840
[  650.887225][T15894]  ? __pfx_snd_pcm_oss_release+0x10/0x10
[  650.887267][T15894]  snd_pcm_oss_release+0x28b/0x310
[  650.887311][T15894]  ? __pfx_snd_pcm_oss_release+0x10/0x10
[  650.887349][T15894]  __fput+0x3ff/0xb70
[  650.887389][T15894]  task_work_run+0x150/0x240
[  650.887430][T15894]  ? __pfx_task_work_run+0x10/0x10
[  650.887471][T15894]  ? __pfx___do_sys_close_range+0x10/0x10
[  650.887496][T15894]  ? rcu_is_watching+0x12/0xc0
[  650.887526][T15894]  syscall_exit_to_user_mode+0x27b/0x2a0
[  650.887564][T15894]  do_syscall_64+0xda/0x230
[  650.887604][T15894]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  650.887629][T15894] RIP: 0033:0x7ff1af98e969
[  650.887651][T15894] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  650.887677][T15894] RSP: 002b:00007ff1b084b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  650.887702][T15894] RAX: 0000000000000000 RBX: 00007ff1afbb5fa0 RCX: 00007ff1af98e969
[  650.887720][T15894] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002
[  650.887736][T15894] RBP: 00007ff1afa10ab1 R08: 0000000000000000 R09: 0000000000000000
[  650.887753][T15894] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  650.887769][T15894] R13: 0000000000000000 R14: 00007ff1afbb5fa0 R15: 00007ffcf7e34bf8
[  650.887806][T15894]  </TASK>
[  651.256126][T15894] Mem-Info:
[  651.264905][T15894] active_anon:23696 inactive_anon:18045 isolated_anon:0
[  651.264905][T15894]  active_file:22065 inactive_file:37319 isolated_file:0
[  651.264905][T15894]  unevictable:768 dirty:827 writeback:0
[  651.264905][T15894]  slab_reclaimable:11686 slab_unreclaimable:96034
[  651.264905][T15894]  mapped:34860 shmem:21388 pagetables:1344
[  651.264905][T15894]  sec_pagetables:0 bounce:0
[  651.264905][T15894]  kernel_misc_reclaimable:0
[  651.264905][T15894]  free:1294122 free_pcp:2386 free_cma:0
[  651.363336][T15894] Node 0 active_anon:94784kB inactive_anon:74280kB active_file:88256kB inactive_file:149144kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:140340kB dirty:3304kB writeback:0kB shmem:86096kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12124kB pagetables:5376kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  651.436720][T15894] Node 1 active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1556kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  651.502784][T15894] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  651.502887][T15894] lowmem_reserve[]: 0 2484 2486 2486 2486
[  651.502943][T15894] Node 0 DMA32 free:1248224kB boost:0kB min:34356kB low:42944kB high:51532kB reserved_highatomic:0KB active_anon:94736kB inactive_anon:85380kB active_file:86556kB inactive_file:149036kB unevictable:1536kB writepending:3304kB present:3129332kB managed:2544136kB mlocked:0kB bounce:0kB free_pcp:2396kB local_pcp:1664kB free_cma:0kB
[  651.503023][T15894] lowmem_reserve[]: 0 0 1 1 1
[  651.503075][T15894] Node 0 Normal free:28kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:1700kB inactive_file:108kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:12kB free_cma:0kB
[  651.503149][T15894] lowmem_reserve[]: 0 0 0 0 0
[  651.503202][T15894] Node 1 Normal free:3905084kB boost:0kB min:55520kB low:69400kB high:83280kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:132kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:4584kB local_pcp:3576kB free_cma:0kB
[  651.503276][T15894] lowmem_reserve[]: 0 0 0 0 0
[  651.503328][T15894] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  651.503532][T15894] Node 0 DMA32: 83*4kB (UE) 187*8kB (U) 190*16kB (UME) 911*32kB (UME) 794*64kB (UME) 470*128kB (UME) 261*256kB (UME) 130*512kB (UME) 51*1024kB (UME) 20*2048kB (UME) 214*4096kB (UM) = 1248100kB
[  651.503786][T15894] Node 0 Normal: 1*4kB (M) 3*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28kB
[  651.503949][T15894] Node 1 Normal: 230*4kB (UME) 61*8kB (UME) 39*16kB (UME) 200*32kB (UME) 90*64kB (UME) 38*128kB (UME) 22*256kB (UME) 11*512kB (UME) 4*1024kB (UME) 4*2048kB (UME) 943*4096kB (M) = 3905136kB
[  651.504190][T15894] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  651.504213][T15894] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  651.504235][T15894] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  651.504257][T15894] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  651.504278][T15894] 84094 total pagecache pages
[  651.504289][T15894] 1 pages in swap cache
[  651.504299][T15894] Free swap  = 124992kB
[  651.504309][T15894] Total swap = 124996kB
[  651.504320][T15894] 2097051 pages RAM
[  651.504329][T15894] 0 pages HighMem/MovableOnly
[  651.504339][T15894] 428911 pages reserved
[  651.504349][T15894] 0 pages cma reserved
[  651.515803][T15911] Console: switching to colour VGA+ 80x25
[  652.895097][T15941] netlink: 'syz.2.2237': attribute type 16 has an invalid length.
[  652.903185][T15941] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2237'.
[  652.922859][T15941] veth1_macvtap: left allmulticast mode
[  652.942765][T15941] veth1_macvtap: left promiscuous mode
[  657.390036][T16026] Console: switching to colour frame buffer device 128x48
[  658.311912][T16051] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input68
[  658.432787][T16051] input: failed to attach handler evdev to device input68, error: -4
[  658.946904][T16071] random: crng reseeded on system resumption
[  660.291585][T16091] Console: switching to colour VGA+ 80x25
[  660.510244][T16104] FAULT_INJECTION: forcing a failure.
[  660.510244][T16104] name fail_futex, interval 1, probability 0, space 0, times 0
[  660.523655][T16104] CPU: 1 UID: 0 PID: 16104 Comm: syz.2.2267 Tainted: G     U              6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  660.523679][T16104] Tainted: [U]=USER
[  660.523684][T16104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  660.523691][T16104] Call Trace:
[  660.523696][T16104]  <TASK>
[  660.523701][T16104]  dump_stack_lvl+0x16c/0x1f0
[  660.523726][T16104]  should_fail_ex+0x512/0x640
[  660.523748][T16104]  get_futex_key+0x49e/0x1000
[  660.523767][T16104]  ? __pfx_get_futex_key+0x10/0x10
[  660.523788][T16104]  futex_wake+0xe7/0x4e0
[  660.523807][T16104]  ? __pfx_futex_wake+0x10/0x10
[  660.523826][T16104]  ? percpu_counter_add_batch+0xb8/0x1f0
[  660.523844][T16104]  ? errseq_sample+0x53/0x70
[  660.523857][T16104]  ? file_init_path+0x4fe/0x760
[  660.523877][T16104]  do_futex+0x1e3/0x350
[  660.523902][T16104]  ? __pfx_do_futex+0x10/0x10
[  660.523918][T16104]  ? fd_install+0x225/0x750
[  660.523935][T16104]  __x64_sys_futex+0x1e0/0x4c0
[  660.523952][T16104]  ? __sys_socket+0xac/0x260
[  660.523966][T16104]  ? __pfx___x64_sys_futex+0x10/0x10
[  660.523983][T16104]  ? rcu_is_watching+0x12/0xc0
[  660.524001][T16104]  do_syscall_64+0xcd/0x230
[  660.524023][T16104]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  660.524037][T16104] RIP: 0033:0x7ff1af98e969
[  660.524048][T16104] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  660.524062][T16104] RSP: 002b:00007ff1b084b0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  660.524075][T16104] RAX: ffffffffffffffda RBX: 00007ff1afbb5fa8 RCX: 00007ff1af98e969
[  660.524084][T16104] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff1afbb5fac
[  660.524092][T16104] RBP: 00007ff1afbb5fa0 R08: 00007ff1b084c000 R09: 0000000000000000
[  660.524101][T16104] R10: 0000000000000009 R11: 0000000000000246 R12: 00007ff1afbb5fac
[  660.524109][T16104] R13: 0000000000000000 R14: 00007ffcf7e34b10 R15: 00007ffcf7e34bf8
[  660.524126][T16104]  </TASK>
[  660.727022][    C1] vkms_vblank_simulate: vblank timer overrun
[  661.331279][T16137] HfR: entered promiscuous mode
[  661.384512][T16132] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2273'.
[  661.416069][T16119] ptrace attach of "./syz-executor exec"[5826] was attempted by "./syz-executor exec"[16119]
[  661.432601][T16142] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2274'.
[  661.452588][T16138] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2274'.
[  661.524570][T16138] HfR: left promiscuous mode
[  662.244937][T12799] Bluetooth: hci0: unexpected event 0x1d length: 6 > 5
[  662.268423][T16166] ptrace attach of "./syz-executor exec"[5826] was attempted by ""[16166]
[  662.463414][T16147] Process accounting paused
[  662.926110][T16181] block2mtd: illegal erase size
[  664.163855][T12799] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  664.556879][T16217] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137
[  664.643692][T16221] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2295'.
[  664.645994][T16217] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138
[  664.770101][T16217] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum
[  664.784773][T16226] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2295'.
[  664.875371][T16228] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 1: bad block bitmap checksum
[  664.903233][T16221] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2295'.
[  665.818413][T13209] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  665.828571][T13209] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  665.837201][T13209] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  665.847253][T13209] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  665.855609][T13209] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  666.331480][T14696] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  666.459234][T14696] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  666.583154][T14696] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  666.697141][T14696] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  666.837753][T16238] chnl_net:caif_netlink_parms(): no params data found
[  667.157504][T16238] bridge0: port 1(bridge_slave_0) entered blocking state
[  667.189844][T16238] bridge0: port 1(bridge_slave_0) entered disabled state
[  667.199830][T16272] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2306'.
[  667.212702][T16238] bridge_slave_0: entered allmulticast mode
[  667.233905][T16238] bridge_slave_0: entered promiscuous mode
[  667.313496][T16238] bridge0: port 2(bridge_slave_1) entered blocking state
[  667.331694][T16238] bridge0: port 2(bridge_slave_1) entered disabled state
[  667.355006][T16238] bridge_slave_1: entered allmulticast mode
[  667.364938][T16238] bridge_slave_1: entered promiscuous mode
[  667.485081][T16238] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  667.518839][T16238] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  667.573422][T14696] bridge_slave_0: left allmulticast mode
[  667.596051][T14696] bridge_slave_0: left promiscuous mode
[  667.603975][T14696] bridge0: port 1(bridge_slave_0) entered disabled state
[  667.606437][T16281] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2310'.
[  667.875379][T13209] Bluetooth: hci3: command tx timeout
[  668.547934][T14696] bond0 (unregistering): Released all slaves
[  668.771732][T16238] team0: Port device team_slave_0 added
[  668.793584][T14696] HfR: left promiscuous mode
[  668.830191][T16238] team0: Port device team_slave_1 added
[  668.914617][T16238] batman_adv: batadv0: Adding interface: batadv_slave_0
[  668.924882][T16238] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  668.952420][T16238] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  668.965916][T16238] batman_adv: batadv0: Adding interface: batadv_slave_1
[  668.974227][T16238] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  669.010432][T16238] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  669.339043][T16238] hsr_slave_0: entered promiscuous mode
[  669.353039][T16238] hsr_slave_1: entered promiscuous mode
[  669.367733][T16238] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  669.386626][T16238] Cannot create hsr debugfs directory
[  669.580835][T16322] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2320'.
[  669.616553][T16324] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2320'.
[  669.946518][T13209] Bluetooth: hci3: command tx timeout
[  670.032062][T16322] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  670.064786][T16322] bond0 (unregistering): Released all slaves
[  670.268724][T14696] hsr_slave_0: left promiscuous mode
[  670.304583][T14696] hsr_slave_1: left promiscuous mode
[  670.318593][T14696] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  670.340681][T14696] batman_adv: batadv0: Removing interface: batadv_slave_0
[  670.366351][T14696] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  670.383163][T14696] batman_adv: batadv0: Removing interface: batadv_slave_1
[  670.434132][T14696] veth0_macvtap: left promiscuous mode
[  670.443593][T14696] veth1_vlan: left promiscuous mode
[  670.459049][T14696] veth0_vlan: left promiscuous mode
[  671.142443][T16358] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2325'.
[  671.227043][T14696] team0 (unregistering): Port device team_slave_1 removed
[  671.283866][T14696] team0 (unregistering): Port device team_slave_0 removed
[  672.013264][T13209] Bluetooth: hci3: command tx timeout
[  672.630464][T16371] bcache: register_bcache() error : failed to open device
[  673.081889][T16238] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  673.168883][T16238] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  673.242212][T16238] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  673.402843][T16238] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  673.806406][T16238] 8021q: adding VLAN 0 to HW filter on device bond0
[  673.880862][T16238] 8021q: adding VLAN 0 to HW filter on device team0
[  673.908470][T14671] bridge0: port 1(bridge_slave_0) entered blocking state
[  673.915675][T14671] bridge0: port 1(bridge_slave_0) entered forwarding state
[  673.972370][T14689] bridge0: port 2(bridge_slave_1) entered blocking state
[  673.979580][T14689] bridge0: port 2(bridge_slave_1) entered forwarding state
[  674.069214][T16238] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  674.082961][T13209] Bluetooth: hci3: command tx timeout
[  674.564223][T16238] 8021q: adding VLAN 0 to HW filter on device batadv0
[  674.723525][T16238] veth0_vlan: entered promiscuous mode
[  674.757091][T16238] veth1_vlan: entered promiscuous mode
[  674.841167][T16238] veth0_macvtap: entered promiscuous mode
[  674.867696][T16238] veth1_macvtap: entered promiscuous mode
[  674.926638][T16238] batman_adv: batadv0: Interface activated: batadv_slave_0
[  674.972205][T16238] batman_adv: batadv0: Interface activated: batadv_slave_1
[  675.014232][T16238] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  675.063329][T16238] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  675.093733][T16238] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  675.128783][T16238] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  675.544964][T16400] delete_channel: no stack
[  675.808700][T14671] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  675.827702][T14671] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  675.919177][T14671] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  675.940489][T14671] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  678.180234][T13209] Bluetooth: hci3: unexpected subevent 0x01 length: 122 > 18
[  678.706340][T16509] random: crng reseeded on system resumption
[  678.746117][T16497] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2346'.
[  682.900226][T16590] FAULT_INJECTION: forcing a failure.
[  682.900226][T16590] name failslab, interval 1, probability 0, space 0, times 0
[  682.902015][T16590] CPU: 0 UID: 0 PID: 16590 Comm: syz.1.2361 Tainted: G     U              6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  682.902057][T16590] Tainted: [U]=USER
[  682.902066][T16590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  682.902081][T16590] Call Trace:
[  682.902090][T16590]  <TASK>
[  682.902100][T16590]  dump_stack_lvl+0x16c/0x1f0
[  682.902143][T16590]  should_fail_ex+0x512/0x640
[  682.902183][T16590]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  682.902222][T16590]  should_failslab+0xc2/0x120
[  682.902254][T16590]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  682.902289][T16590]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  682.902322][T16590]  ? fib_notifier_ops_register+0x32/0x270
[  682.902362][T16590]  kmemdup_noprof+0x29/0x60
[  682.902398][T16590]  fib_notifier_ops_register+0x32/0x270
[  682.902437][T16590]  fib4_notifier_init+0x4f/0xd0
[  682.902470][T16590]  fib_net_init+0xbf/0x3f0
[  682.902507][T16590]  ? __pfx___register_sysctl_table+0x10/0x10
[  682.902541][T16590]  ? __pfx_fib_net_init+0x10/0x10
[  682.902580][T16590]  ? lockdep_init_map_type+0x5c/0x280
[  682.902618][T16590]  ? do_init_timer+0xc9/0x110
[  682.902649][T16590]  ? devinet_init_net+0x5c2/0x910
[  682.902686][T16590]  ? __pfx_fib_net_init+0x10/0x10
[  682.902717][T16590]  ops_init+0x1e2/0x5f0
[  682.902756][T16590]  setup_net+0x21e/0x850
[  682.902795][T16590]  ? __pfx_setup_net+0x10/0x10
[  682.902828][T16590]  ? lockdep_init_map_type+0x5c/0x280
[  682.902864][T16590]  ? __pfx_down_read_killable+0x10/0x10
[  682.902896][T16590]  ? debug_mutex_init+0x37/0x70
[  682.902926][T16590]  copy_net_ns+0x2a6/0x5f0
[  682.902969][T16590]  create_new_namespaces+0x3ea/0xad0
[  682.903010][T16590]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  682.903045][T16590]  ksys_unshare+0x45b/0xa40
[  682.903082][T16590]  ? __pfx_ksys_unshare+0x10/0x10
[  682.903116][T16590]  ? xfd_validate_state+0x5d/0x180
[  682.903160][T16590]  ? rcu_is_watching+0x12/0xc0
[  682.903196][T16590]  __x64_sys_unshare+0x31/0x40
[  682.903233][T16590]  do_syscall_64+0xcd/0x230
[  682.903275][T16590]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  682.903301][T16590] RIP: 0033:0x7fa42738e969
[  682.903322][T16590] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  682.903356][T16590] RSP: 002b:00007fa4251f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  682.903381][T16590] RAX: ffffffffffffffda RBX: 00007fa4275b5fa0 RCX: 00007fa42738e969
[  682.903400][T16590] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  682.903417][T16590] RBP: 00007fa427410ab1 R08: 0000000000000000 R09: 0000000000000000
[  682.903433][T16590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  682.903449][T16590] R13: 0000000000000000 R14: 00007fa4275b5fa0 R15: 00007ffe07c5c168
[  682.903485][T16590]  </TASK>
[  683.876665][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  683.877653][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  684.938246][T16637] CIFS: VFS: Invalid SecurityFlags: 
[  684.954334][T16642] CIFS: VFS: Invalid SecurityFlags: 
[  685.597289][T16650] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2376'.
[  685.776567][T16658] netlink: 'syz.0.2377': attribute type 1 has an invalid length.
[  685.777690][T16658] netlink: 322 bytes leftover after parsing attributes in process `syz.0.2377'.
[  686.985029][T16682] sd 0:0:1:0: PR command failed: 1026
[  686.985925][T16682] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  686.986921][T16682] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  687.174244][T16691] netlink: 186 bytes leftover after parsing attributes in process `syz.0.2384'.
[  687.176068][T16690] netlink: 186 bytes leftover after parsing attributes in process `syz.0.2384'.
[  687.177999][T16693] netlink: 186 bytes leftover after parsing attributes in process `syz.0.2384'.
[  687.502263][T16698] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2385'.
[  689.549525][T13209] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  689.562864][T13209] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  689.574911][T13209] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  689.583459][T13209] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  689.585709][T13209] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  690.589306][T14689] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  691.073910][T14689] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  691.307309][T14689] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  691.542229][T14689] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  691.566570][T16739] chnl_net:caif_netlink_parms(): no params data found
[  691.591415][T12799] Bluetooth: hci4: command tx timeout
[  692.024914][T14689] bridge_slave_0: left allmulticast mode
[  692.025774][T14689] bridge_slave_0: left promiscuous mode
[  692.026775][T14689] bridge0: port 1(bridge_slave_0) entered disabled state
[  692.847609][T14689] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  692.894783][T14689] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  692.900850][T14689] bond0 (unregistering): Released all slaves
[  693.187680][T14689] HfR: left promiscuous mode
[  693.370711][T16739] bridge0: port 1(bridge_slave_0) entered blocking state
[  693.372129][T16739] bridge0: port 1(bridge_slave_0) entered disabled state
[  693.373322][T16739] bridge_slave_0: entered allmulticast mode
[  693.375949][T16739] bridge_slave_0: entered promiscuous mode
[  693.379296][T16739] bridge0: port 2(bridge_slave_1) entered blocking state
[  693.380421][T16739] bridge0: port 2(bridge_slave_1) entered disabled state
[  693.393089][T16739] bridge_slave_1: entered allmulticast mode
[  693.412607][T16739] bridge_slave_1: entered promiscuous mode
[  693.661654][T12799] Bluetooth: hci4: command tx timeout
[  693.801377][T16739] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  693.807756][T16739] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  693.978370][T16739] team0: Port device team_slave_0 added
[  693.992697][T16739] team0: Port device team_slave_1 added
[  694.146989][T16739] batman_adv: batadv0: Adding interface: batadv_slave_0
[  694.148193][T16739] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  694.151639][T16739] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  694.164524][T16739] batman_adv: batadv0: Adding interface: batadv_slave_1
[  694.165497][T16739] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  694.184611][T16739] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  694.742869][T16739] hsr_slave_0: entered promiscuous mode
[  694.748120][T16739] hsr_slave_1: entered promiscuous mode
[  694.753029][T16739] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  694.758032][T16739] Cannot create hsr debugfs directory
[  695.316339][T14689] hsr_slave_0: left promiscuous mode
[  695.343774][T14689] hsr_slave_1: left promiscuous mode
[  695.350292][T14689] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  695.372287][T14689] batman_adv: batadv0: Removing interface: batadv_slave_0
[  695.390668][T14689] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  695.417290][T14689] batman_adv: batadv0: Removing interface: batadv_slave_1
[  695.489970][T14689] veth1_vlan: left promiscuous mode
[  695.504869][T14689] veth0_vlan: left promiscuous mode
[  695.731465][T12799] Bluetooth: hci4: command tx timeout
[  696.143668][T14689] team0 (unregistering): Port device team_slave_1 removed
[  696.192780][T14689] team0 (unregistering): Port device team_slave_0 removed
[  697.759972][T16901] input: jJǸ���;9�%v����l��Q�	J86�� as /devices/virtual/input/input70
[  697.802531][T12799] Bluetooth: hci4: command tx timeout
[  698.157327][T16739] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  698.164558][T16911] random: crng reseeded on system resumption
[  698.190979][T16739] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  698.280915][T16739] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  698.579748][T16739] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  699.359655][T16739] 8021q: adding VLAN 0 to HW filter on device bond0
[  699.421693][T16929] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2429'.
[  699.596792][T16937] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2429'.
[  699.719470][T16739] 8021q: adding VLAN 0 to HW filter on device team0
[  699.730008][T16929] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2429'.
[  700.014810][T12792] bridge0: port 1(bridge_slave_0) entered blocking state
[  700.022080][T12792] bridge0: port 1(bridge_slave_0) entered forwarding state
[  700.143908][T12792] bridge0: port 2(bridge_slave_1) entered blocking state
[  700.151124][T12792] bridge0: port 2(bridge_slave_1) entered forwarding state
[  700.703697][T16739] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  701.308927][T16739] 8021q: adding VLAN 0 to HW filter on device batadv0
[  701.553162][T16739] veth0_vlan: entered promiscuous mode
[  701.734620][T16739] veth1_vlan: entered promiscuous mode
[  702.001346][T16739] veth0_macvtap: entered promiscuous mode
[  702.059703][T16739] veth1_macvtap: entered promiscuous mode
[  702.093549][T16739] batman_adv: batadv0: Interface activated: batadv_slave_0
[  702.133348][T16739] batman_adv: batadv0: Interface activated: batadv_slave_1
[  702.155316][T16739] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  702.180474][T16739] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  702.210421][T16739] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  702.235645][T16739] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  702.506548][T14680] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  702.552185][T14680] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  702.614503][T14673] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  702.627520][T14673] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  702.700453][T12799] Bluetooth: hci1: unexpected event for opcode 0x7c89
[  702.962354][T12799] Bluetooth: hci4: unexpected event 0x23 length: 127 > 13
[  702.962462][T12799] Bluetooth: hci4: unexpected event 0x23 length: 127 > 13
[  702.969724][T12799] Bluetooth: hci4: unexpected event 0x23 length: 127 > 13
[  703.001816][T12799] Bluetooth: hci4: unexpected event 0x23 length: 127 > 13
[  703.009077][T12799] Bluetooth: hci4: unexpected event 0x23 length: 127 > 13
[  703.031730][T12799] Bluetooth: hci4: unexpected event 0x23 length: 127 > 13
[  703.038986][T12799] Bluetooth: hci4: unexpected event 0x23 length: 127 > 13
[  703.061467][T12799] Bluetooth: hci4: unexpected event 0x23 length: 127 > 13
[  703.071415][T12799] Bluetooth: hci4: unexpected event 0x23 length: 127 > 13
[  703.078655][T12799] Bluetooth: hci4: unexpected event 0x23 length: 127 > 13
[  704.468288][T13209] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  704.496415][T13209] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  704.506920][T13209] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  704.517928][T13209] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  704.532823][T13209] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  705.054276][T17054] chnl_net:caif_netlink_parms(): no params data found
[  705.462689][T14673] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  706.166895][T14673] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  706.298393][T17054] bridge0: port 1(bridge_slave_0) entered blocking state
[  706.312974][T17054] bridge0: port 1(bridge_slave_0) entered disabled state
[  706.326096][T17054] bridge_slave_0: entered allmulticast mode
[  706.333916][T17054] bridge_slave_0: entered promiscuous mode
[  706.402848][T14673] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  706.438281][T17054] bridge0: port 2(bridge_slave_1) entered blocking state
[  706.456258][T17054] bridge0: port 2(bridge_slave_1) entered disabled state
[  706.475151][T17054] bridge_slave_1: entered allmulticast mode
[  706.482939][T17054] bridge_slave_1: entered promiscuous mode
[  706.568181][T13209] Bluetooth: hci2: command tx timeout
[  706.629022][T14673] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  706.737071][T17054] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  706.825774][T17054] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  707.038875][T17054] team0: Port device team_slave_0 added
[  707.073548][T17054] team0: Port device team_slave_1 added
[  707.308835][T14673] bridge_slave_0: left allmulticast mode
[  707.316604][T14673] bridge_slave_0: left promiscuous mode
[  707.329838][T14673] bridge0: port 1(bridge_slave_0) entered disabled state
[  708.316093][T14673] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  708.331598][T14673] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  708.343286][T14673] bond0 (unregistering): Released all slaves
[  708.413177][T17054] batman_adv: batadv0: Adding interface: batadv_slave_0
[  708.438357][T17054] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  708.464277][    C0] vkms_vblank_simulate: vblank timer overrun
[  708.479508][T17054] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  708.573473][T17054] batman_adv: batadv0: Adding interface: batadv_slave_1
[  708.580985][T17054] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  708.607425][T17054] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  708.634321][T13209] Bluetooth: hci2: command tx timeout
[  708.900221][T17054] hsr_slave_0: entered promiscuous mode
[  708.907927][T17054] hsr_slave_1: entered promiscuous mode
[  708.995956][T14673] hsr_slave_0: left promiscuous mode
[  709.032723][T14673] hsr_slave_1: left promiscuous mode
[  709.058789][T14673] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  709.076682][T14673] batman_adv: batadv0: Removing interface: batadv_slave_0
[  709.115795][T14673] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  709.131989][T14673] batman_adv: batadv0: Removing interface: batadv_slave_1
[  709.206850][T14673] veth1_macvtap: left promiscuous mode
[  709.225397][T14673] veth0_macvtap: left promiscuous mode
[  709.239681][T14673] veth1_vlan: left promiscuous mode
[  709.245050][T14673] veth0_vlan: left promiscuous mode
[  709.266216][T17161] random: crng reseeded on system resumption
[  710.217851][T14673] team0 (unregistering): Port device team_slave_1 removed
[  710.693494][T13209] Bluetooth: hci2: command tx timeout
[  712.412314][T17054] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  712.434510][T17054] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  712.506234][T17054] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  712.529260][T17054] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  712.761198][T13209] Bluetooth: hci2: command tx timeout
[  712.789224][T17230] tipc: Can't bind to reserved service type 1
[  712.954838][T17234] ubi0: attaching mtd0
[  712.991433][T17234] ubi0: scanning is finished
[  712.996087][T17234] ubi0: empty MTD device detected
[  713.541350][T17234] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  713.607205][T17234] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  713.614460][T17234] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  713.695850][T17054] 8021q: adding VLAN 0 to HW filter on device bond0
[  713.738177][T17234] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  713.856771][T17234] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  713.863604][T17234] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  713.918556][T17234] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1765013092
[  714.004127][T17234] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  714.053118][T17261] ubi0: background thread "ubi_bgt0d" started, PID 17261
[  714.167254][T17255] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  714.195471][T17255] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  714.202065][T17255] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  714.229476][T17255] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  714.255600][T17054] 8021q: adding VLAN 0 to HW filter on device team0
[  714.270577][T17255] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  714.290788][T17255] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  714.311317][T17255] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  714.331883][T17255] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  714.349118][T12792] bridge0: port 1(bridge_slave_0) entered blocking state
[  714.356341][T12792] bridge0: port 1(bridge_slave_0) entered forwarding state
[  714.369832][T17255] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  714.388819][T12792] bridge0: port 2(bridge_slave_1) entered blocking state
[  714.395974][T12792] bridge0: port 2(bridge_slave_1) entered forwarding state
[  714.408628][T17255] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  714.441655][T17255] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  714.505242][T17054] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  715.420568][T17054] 8021q: adding VLAN 0 to HW filter on device batadv0
[  716.025532][T13209] Bluetooth: hci0: command 0x0c1a tx timeout
[  716.262978][T13209] Bluetooth: hci3: command 0x0c1a tx timeout
[  716.294549][T17054] veth0_vlan: entered promiscuous mode
[  716.345602][T17054] veth1_vlan: entered promiscuous mode
[  716.348903][T13209] Bluetooth: hci4: command 0x0c1a tx timeout
[  716.423415][T13209] Bluetooth: hci2: command 0x0c1a tx timeout
[  716.476639][T17054] veth0_macvtap: entered promiscuous mode
[  716.528803][T17054] veth1_macvtap: entered promiscuous mode
[  716.714870][T17054] batman_adv: batadv0: Interface activated: batadv_slave_0
[  716.797217][T17054] batman_adv: batadv0: Interface activated: batadv_slave_1
[  716.947159][T17054] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  716.999330][T17054] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  717.018290][T17054] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  717.075884][T17054] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  717.840151][T12792] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  717.861371][T12792] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  718.062542][T14670] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  718.091291][T14670] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  718.333282][T13209] Bluetooth: hci3: command 0x0c1a tx timeout
[  718.412528][T13209] Bluetooth: hci4: command 0x0c1a tx timeout
[  718.491636][T13209] Bluetooth: hci2: command 0x0c1a tx timeout
[  718.673707][T17374] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2482'.
[  718.797188][T17386] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2482'.
[  719.233151][   T30] audit: type=1326 audit(4294969730.946:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17398 comm="syz.3.2488" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5a7118e969 code=0x0
[  720.232101][   T30] audit: type=1807 audit(4294969731.942:75): UNKNOWN=� res=0
[  720.262084][   T30] audit: type=1802 audit(4294969731.962:76): pid=17417 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.3.2492" res=0 errno=0
[  720.401952][T13209] Bluetooth: hci3: command 0x0c1a tx timeout
[  720.480837][T13209] Bluetooth: hci4: command 0x0c1a tx timeout
[  720.571153][T13209] Bluetooth: hci2: command 0x0c1a tx timeout
[  720.681295][T17411] ima: policy update failed
[  720.687618][   T30] audit: type=1802 audit(4294969732.404:77): pid=17411 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.2492" res=0 errno=0
[  720.949623][T12799] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  720.960871][T12799] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  720.973198][T12799] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  720.997732][T12799] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  721.007764][T12799] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  721.132782][T14670] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  721.332298][T14670] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  721.540451][T14670] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  721.759213][T14670] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  722.340478][T14670] bridge_slave_0: left allmulticast mode
[  722.346603][T14670] bridge_slave_0: left promiscuous mode
[  722.355675][T14670] bridge0: port 1(bridge_slave_0) entered disabled state
[  722.471414][T12799] Bluetooth: hci3: command 0x0c1a tx timeout
[  723.109712][T12799] Bluetooth: hci1: command tx timeout
[  723.225492][T14670] .SR: left promiscuous mode
[  723.420697][T17485] netlink: 'syz.2.2508': attribute type 22 has an invalid length.
[  723.539261][T17425] chnl_net:caif_netlink_parms(): no params data found
[  724.277644][T17500] FAULT_INJECTION: forcing a failure.
[  724.277644][T17500] name failslab, interval 1, probability 0, space 0, times 0
[  724.299213][T17500] CPU: 0 UID: 0 PID: 17500 Comm: syz.0.2511 Tainted: G     U              6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  724.299262][T17500] Tainted: [U]=USER
[  724.299272][T17500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  724.299289][T17500] Call Trace:
[  724.299298][T17500]  <TASK>
[  724.299309][T17500]  dump_stack_lvl+0x16c/0x1f0
[  724.299354][T17500]  should_fail_ex+0x512/0x640
[  724.299393][T17500]  ? __kmalloc_noprof+0xbf/0x510
[  724.299426][T17500]  ? ops_init+0x77/0x5f0
[  724.299458][T17500]  should_failslab+0xc2/0x120
[  724.299493][T17500]  __kmalloc_noprof+0xd2/0x510
[  724.299530][T17500]  ? lockdep_init_map_type+0x5c/0x280
[  724.299578][T17500]  ops_init+0x77/0x5f0
[  724.299617][T17500]  setup_net+0x21e/0x850
[  724.299656][T17500]  ? __pfx_setup_net+0x10/0x10
[  724.299687][T17500]  ? lockdep_init_map_type+0x5c/0x280
[  724.299720][T17500]  ? __pfx_down_read_killable+0x10/0x10
[  724.299751][T17500]  ? debug_mutex_init+0x37/0x70
[  724.299779][T17500]  copy_net_ns+0x2a6/0x5f0
[  724.299818][T17500]  create_new_namespaces+0x3ea/0xad0
[  724.299857][T17500]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  724.299889][T17500]  ksys_unshare+0x45b/0xa40
[  724.299926][T17500]  ? __pfx_ksys_unshare+0x10/0x10
[  724.299958][T17500]  ? xfd_validate_state+0x5d/0x180
[  724.299987][T17500]  ? rcu_is_watching+0x12/0xc0
[  724.300022][T17500]  __x64_sys_unshare+0x31/0x40
[  724.300057][T17500]  do_syscall_64+0xcd/0x230
[  724.300100][T17500]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  724.300153][T17500] RIP: 0033:0x7f534038e969
[  724.300174][T17500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  724.300200][T17500] RSP: 002b:00007f5341142038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  724.300225][T17500] RAX: ffffffffffffffda RBX: 00007f53405b5fa0 RCX: 00007f534038e969
[  724.300245][T17500] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  724.300261][T17500] RBP: 00007f5340410ab1 R08: 0000000000000000 R09: 0000000000000000
[  724.300277][T17500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  724.300293][T17500] R13: 0000000000000000 R14: 00007f53405b5fa0 R15: 00007ffd3e629de8
[  724.300330][T17500]  </TASK>
[  724.670752][T17425] bridge0: port 1(bridge_slave_0) entered blocking state
[  724.678086][T17425] bridge0: port 1(bridge_slave_0) entered disabled state
[  724.689747][T17425] bridge_slave_0: entered allmulticast mode
[  724.696893][T17425] bridge_slave_0: entered promiscuous mode
[  724.761324][T17425] bridge0: port 2(bridge_slave_1) entered blocking state
[  724.769796][T17425] bridge0: port 2(bridge_slave_1) entered disabled state
[  724.777012][T17425] bridge_slave_1: entered allmulticast mode
[  724.786195][T17425] bridge_slave_1: entered promiscuous mode
[  724.972511][T17425] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  725.045768][T17425] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  725.134431][T17425] team0: Port device team_slave_0 added
[  725.175243][T14670] hsr_slave_0: left promiscuous mode
[  725.180899][T12799] Bluetooth: hci1: command tx timeout
[  725.201760][T14670] hsr_slave_1: left promiscuous mode
[  725.211144][T14670] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  725.218674][T14670] batman_adv: batadv0: Removing interface: batadv_slave_0
[  725.243202][T14670] veth0_macvtap: left promiscuous mode
[  725.661547][T14670] team0 (unregistering): Port device team_slave_1 removed
[  725.700675][T14670] team0 (unregistering): Port device team_slave_0 removed
[  726.008515][T17425] team0: Port device team_slave_1 added
[  726.115696][T17425] batman_adv: batadv0: Adding interface: batadv_slave_0
[  726.124118][T17425] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  726.150692][T17425] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  726.166952][T17425] batman_adv: batadv0: Adding interface: batadv_slave_1
[  726.176259][T17425] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  726.202926][T17425] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  726.396501][T17425] hsr_slave_0: entered promiscuous mode
[  726.414913][T17425] hsr_slave_1: entered promiscuous mode
[  726.430639][T17425] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  726.460315][T17425] Cannot create hsr debugfs directory
[  726.576248][T17542] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2512'.
[  727.230230][T17553] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2515'.
[  727.245683][T12799] Bluetooth: hci1: command tx timeout
[  727.381852][T17564] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2515'.
[  727.534716][T17553] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2515'.
[  729.186561][T17590] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  729.192756][T17590] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  729.219391][T17590] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  729.237862][T17590] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  729.244098][T17590] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  729.296972][T17590] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  729.377293][T17425] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  729.432610][T17425] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  729.459947][T17425] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  729.494897][T17425] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  729.790043][T17425] 8021q: adding VLAN 0 to HW filter on device bond0
[  729.865899][T17425] 8021q: adding VLAN 0 to HW filter on device team0
[  729.919794][T14691] bridge0: port 1(bridge_slave_0) entered blocking state
[  729.927029][T14691] bridge0: port 1(bridge_slave_0) entered forwarding state
[  729.930613][T17605] input: jJǸ���;9�%v����l��Q�	J86�� as /devices/virtual/input/input72
[  729.986564][T12792] bridge0: port 2(bridge_slave_1) entered blocking state
[  729.993799][T12792] bridge0: port 2(bridge_slave_1) entered forwarding state
[  730.167475][T17425] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  730.208431][T17425] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  731.124526][T17425] 8021q: adding VLAN 0 to HW filter on device batadv0
[  731.226257][T12799] Bluetooth: hci2: command 0x0c1a tx timeout
[  731.233449][T13209] Bluetooth: hci4: command 0x0c1a tx timeout
[  731.240987][T13209] Bluetooth: hci3: command 0x0c1a tx timeout
[  731.305194][T17643] Bluetooth: hci1: command 0x0c1a tx timeout
[  731.810747][T17425] veth0_vlan: entered promiscuous mode
[  731.939970][T17425] veth1_vlan: entered promiscuous mode
[  732.059535][T17425] veth0_macvtap: entered promiscuous mode
[  732.124103][T17425] veth1_macvtap: entered promiscuous mode
[  732.203836][T17425] batman_adv: batadv0: Interface activated: batadv_slave_0
[  732.215852][T17425] batman_adv: batadv0: Interface activated: batadv_slave_1
[  732.292563][T17425] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  732.328078][T17660] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2526'.
[  732.329190][T17425] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  732.385504][T17425] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  732.398897][T17425] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  732.437243][T17660] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  732.462043][T17660] batman_adv: batadv0: Removing interface: batadv_slave_0
[  732.564469][T17660] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  732.572649][T17660] batman_adv: batadv0: Removing interface: batadv_slave_1
[  733.052057][T14818] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  733.117344][T14818] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  733.167383][T12792] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  733.186652][T12792] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  733.380294][T17643] Bluetooth: hci1: command 0x0c1a tx timeout
[  733.906821][T17686] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2529'.
[  734.007108][   T30] audit: type=1804 audit(4294969745.783:78): pid=17691 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2530" name="/newroot/1/file0" dev="tmpfs" ino=23 res=1 errno=0
[  734.143878][   T30] audit: type=1800 audit(4294969745.783:79): pid=17691 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2530" name="file0" dev="tmpfs" ino=23 res=0 errno=0
[  734.731809][T17709] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2529'.
[  734.934432][T17721] FAULT_INJECTION: forcing a failure.
[  734.934432][T17721] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  735.072118][T17721] CPU: 1 UID: 0 PID: 17721 Comm: syz.1.2532 Tainted: G     U              6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  735.072165][T17721] Tainted: [U]=USER
[  735.072174][T17721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  735.072189][T17721] Call Trace:
[  735.072197][T17721]  <TASK>
[  735.072207][T17721]  dump_stack_lvl+0x16c/0x1f0
[  735.072250][T17721]  should_fail_ex+0x512/0x640
[  735.072295][T17721]  _copy_from_user+0x2e/0xd0
[  735.072321][T17721]  btf_new_fd+0x70a/0x53a0
[  735.072354][T17721]  ? __lock_acquire+0xaa4/0x1ba0
[  735.072392][T17721]  ? aa_get_newest_label+0x375/0x680
[  735.072421][T17721]  ? __pfx___futex_wait+0x10/0x10
[  735.072470][T17721]  ? __pfx_btf_new_fd+0x10/0x10
[  735.072497][T17721]  ? trace_cap_capable+0x18d/0x200
[  735.072530][T17721]  ? apparmor_capable+0x114/0x1d0
[  735.072561][T17721]  ? bpf_lsm_capable+0x9/0x10
[  735.072589][T17721]  ? security_capable+0x7e/0x260
[  735.072618][T17721]  ? ns_capable+0xd7/0x110
[  735.072652][T17721]  __sys_bpf+0x1adb/0x4d80
[  735.072698][T17721]  ? __pfx___sys_bpf+0x10/0x10
[  735.072746][T17721]  ? do_futex+0x122/0x350
[  735.072775][T17721]  ? __pfx_do_futex+0x10/0x10
[  735.072822][T17721]  ? xfd_validate_state+0x5d/0x180
[  735.072850][T17721]  ? rcu_is_watching+0x12/0xc0
[  735.072882][T17721]  __x64_sys_bpf+0x78/0xc0
[  735.072919][T17721]  ? lockdep_hardirqs_on+0x7c/0x110
[  735.072957][T17721]  do_syscall_64+0xcd/0x230
[  735.072999][T17721]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.073026][T17721] RIP: 0033:0x7fda5138e969
[  735.073047][T17721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  735.073073][T17721] RSP: 002b:00007fda5225d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  735.073099][T17721] RAX: ffffffffffffffda RBX: 00007fda515b6160 RCX: 00007fda5138e969
[  735.073118][T17721] RDX: 0000000000000026 RSI: 0000000000000000 RDI: 0000000000000012
[  735.073134][T17721] RBP: 00007fda51410ab1 R08: 0000000000000000 R09: 0000000000000000
[  735.073151][T17721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  735.073167][T17721] R13: 0000000000000000 R14: 00007fda515b6160 R15: 00007ffe81715698
[  735.073202][T17721]  </TASK>
[  735.294361][    C1] vkms_vblank_simulate: vblank timer overrun
[  735.446672][T17643] Bluetooth: hci1: command 0x0c1a tx timeout
[  735.641670][T17730] can: request_module (can-proto-0) failed.
[  737.758550][T17770] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2542'.
[  738.295623][T17780] FAULT_INJECTION: forcing a failure.
[  738.295623][T17780] name failslab, interval 1, probability 0, space 0, times 0
[  738.316536][T17780] CPU: 1 UID: 0 PID: 17780 Comm: syz.3.2545 Tainted: G     U              6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  738.316582][T17780] Tainted: [U]=USER
[  738.316590][T17780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  738.316607][T17780] Call Trace:
[  738.316616][T17780]  <TASK>
[  738.316626][T17780]  dump_stack_lvl+0x16c/0x1f0
[  738.316670][T17780]  should_fail_ex+0x512/0x640
[  738.316710][T17780]  ? fs_reclaim_acquire+0xae/0x150
[  738.316755][T17780]  should_failslab+0xc2/0x120
[  738.316795][T17780]  __kmalloc_cache_noprof+0x6a/0x3e0
[  738.316825][T17780]  ? tomoyo_open_control+0x415/0xa30
[  738.316859][T17780]  tomoyo_open_control+0x415/0xa30
[  738.316891][T17780]  do_dentry_open+0x741/0x1c10
[  738.316921][T17780]  ? __pfx_tomoyo_open+0x10/0x10
[  738.316967][T17780]  vfs_open+0x82/0x3f0
[  738.317006][T17780]  path_openat+0x1e5e/0x2d40
[  738.317047][T17780]  ? __pfx_path_openat+0x10/0x10
[  738.317084][T17780]  do_filp_open+0x20b/0x470
[  738.317111][T17780]  ? __pfx_do_filp_open+0x10/0x10
[  738.317165][T17780]  ? alloc_fd+0x471/0x7d0
[  738.317217][T17780]  do_sys_openat2+0x11b/0x1d0
[  738.317258][T17780]  ? __pfx_do_sys_openat2+0x10/0x10
[  738.317309][T17780]  __x64_sys_openat+0x174/0x210
[  738.317345][T17780]  ? __pfx___x64_sys_openat+0x10/0x10
[  738.317384][T17780]  ? rcu_is_watching+0x12/0xc0
[  738.317422][T17780]  do_syscall_64+0xcd/0x230
[  738.317465][T17780]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  738.317492][T17780] RIP: 0033:0x7f5a7118e969
[  738.317513][T17780] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  738.317539][T17780] RSP: 002b:00007f5a71fe4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  738.317564][T17780] RAX: ffffffffffffffda RBX: 00007f5a713b5fa0 RCX: 00007f5a7118e969
[  738.317582][T17780] RDX: 0000000000040802 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  738.317600][T17780] RBP: 00007f5a71210ab1 R08: 0000000000000000 R09: 0000000000000000
[  738.317617][T17780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  738.317633][T17780] R13: 0000000000000000 R14: 00007f5a713b5fa0 R15: 00007ffeb42d5088
[  738.317670][T17780]  </TASK>
[  738.710363][T17785] netlink: 296 bytes leftover after parsing attributes in process `syz.2.2546'.
[  739.056410][T17793] FAULT_INJECTION: forcing a failure.
[  739.056410][T17793] name failslab, interval 1, probability 0, space 0, times 0
[  739.124513][T17793] CPU: 1 UID: 0 PID: 17793 Comm: syz.3.2547 Tainted: G     U              6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  739.124558][T17793] Tainted: [U]=USER
[  739.124566][T17793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  739.124581][T17793] Call Trace:
[  739.124590][T17793]  <TASK>
[  739.124600][T17793]  dump_stack_lvl+0x16c/0x1f0
[  739.124642][T17793]  should_fail_ex+0x512/0x640
[  739.124680][T17793]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  739.124708][T17793]  should_failslab+0xc2/0x120
[  739.124738][T17793]  __kmalloc_cache_noprof+0x6a/0x3e0
[  739.124762][T17793]  ? __pfx__kstrtoull+0x10/0x10
[  739.124791][T17793]  ? refill_pi_state_cache+0x89/0x250
[  739.124830][T17793]  refill_pi_state_cache+0x89/0x250
[  739.124861][T17793]  futex_lock_pi+0x228/0x7b0
[  739.124896][T17793]  ? __lock_acquire+0x5ca/0x1ba0
[  739.124932][T17793]  ? __pfx_futex_lock_pi+0x10/0x10
[  739.124978][T17793]  ? find_held_lock+0x2b/0x80
[  739.125017][T17793]  ? proc_fail_nth_write+0x9f/0x250
[  739.125060][T17793]  ? __pfx_futex_wake_mark+0x10/0x10
[  739.125102][T17793]  ? ksys_write+0x190/0x240
[  739.125136][T17793]  do_futex+0x11a/0x350
[  739.125166][T17793]  ? __pfx_do_futex+0x10/0x10
[  739.125205][T17793]  __x64_sys_futex+0x1e0/0x4c0
[  739.125237][T17793]  ? fput+0x70/0xf0
[  739.125268][T17793]  ? __pfx___x64_sys_futex+0x10/0x10
[  739.125296][T17793]  ? ksys_write+0x1b9/0x240
[  739.125322][T17793]  ? __pfx_ksys_write+0x10/0x10
[  739.125361][T17793]  do_syscall_64+0xcd/0x230
[  739.125402][T17793]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  739.125435][T17793] RIP: 0033:0x7f5a7118e969
[  739.125456][T17793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  739.125481][T17793] RSP: 002b:00007f5a71fa2038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  739.125506][T17793] RAX: ffffffffffffffda RBX: 00007f5a713b6160 RCX: 00007f5a7118e969
[  739.125524][T17793] RDX: 0000000000000009 RSI: 0000000000000006 RDI: 0000000000000000
[  739.125542][T17793] RBP: 00007f5a71fa2090 R08: 0000000000000000 R09: 0000000000000006
[  739.125558][T17793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  739.125572][T17793] R13: 0000000000000001 R14: 00007f5a713b6160 R15: 00007ffeb42d5088
[  739.125603][T17793]  </TASK>
[  741.095179][T17822] nbd: must specify at least one socket
[  741.763162][T17844] FAULT_INJECTION: forcing a failure.
[  741.763162][T17844] name fail_futex, interval 1, probability 0, space 0, times 0
[  741.790512][T17844] CPU: 1 UID: 0 PID: 17844 Comm: syz.0.2558 Tainted: G     U              6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  741.790553][T17844] Tainted: [U]=USER
[  741.790563][T17844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  741.790578][T17844] Call Trace:
[  741.790587][T17844]  <TASK>
[  741.790597][T17844]  dump_stack_lvl+0x16c/0x1f0
[  741.790641][T17844]  should_fail_ex+0x512/0x640
[  741.790686][T17844]  get_futex_key+0x49e/0x1000
[  741.790719][T17844]  ? __pfx_get_futex_key+0x10/0x10
[  741.790752][T17844]  ? kasan_save_track+0x14/0x30
[  741.790779][T17844]  ? __kasan_kmalloc+0xaa/0xb0
[  741.790810][T17844]  futex_lock_pi+0x27c/0x7b0
[  741.790843][T17844]  ? __lock_acquire+0x5ca/0x1ba0
[  741.790878][T17844]  ? __pfx_futex_lock_pi+0x10/0x10
[  741.790923][T17844]  ? find_held_lock+0x2b/0x80
[  741.790962][T17844]  ? proc_fail_nth_write+0x9f/0x250
[  741.791001][T17844]  ? __pfx_futex_wake_mark+0x10/0x10
[  741.791039][T17844]  ? ksys_write+0x190/0x240
[  741.791071][T17844]  do_futex+0x11a/0x350
[  741.791099][T17844]  ? __pfx_do_futex+0x10/0x10
[  741.791138][T17844]  __x64_sys_futex+0x1e0/0x4c0
[  741.791169][T17844]  ? fput+0x70/0xf0
[  741.791196][T17844]  ? __pfx___x64_sys_futex+0x10/0x10
[  741.791224][T17844]  ? ksys_write+0x1b9/0x240
[  741.791257][T17844]  ? __pfx_ksys_write+0x10/0x10
[  741.791280][T17844]  ? rcu_is_watching+0x12/0xc0
[  741.791317][T17844]  do_syscall_64+0xcd/0x230
[  741.791357][T17844]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  741.791383][T17844] RIP: 0033:0x7f534038e969
[  741.791404][T17844] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  741.791430][T17844] RSP: 002b:00007f5341121038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  741.791455][T17844] RAX: ffffffffffffffda RBX: 00007f53405b6080 RCX: 00007f534038e969
[  741.791472][T17844] RDX: 0000000000000009 RSI: 0000000000000006 RDI: 0000000000000000
[  741.791487][T17844] RBP: 00007f5341121090 R08: 0000000000000000 R09: 0000000000000006
[  741.791503][T17844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  741.791518][T17844] R13: 0000000000000000 R14: 00007f53405b6080 R15: 00007ffd3e629de8
[  741.791557][T17844]  </TASK>
[  743.310537][T17874] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2563'.
[  743.406041][T17874] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2563'.
[  743.436783][T17868] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2562'.
[  743.597196][T17879] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2562'.
[  743.930350][T17868] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2562'.
[  744.999406][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  745.005759][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  745.351334][T17892] ubi0: detaching mtd0
[  745.386792][T17892] ubi0: mtd0 is detached
[  745.713690][T17902] FAULT_INJECTION: forcing a failure.
[  745.713690][T17902] name fail_futex, interval 1, probability 0, space 0, times 0
[  745.763023][T17902] CPU: 1 UID: 0 PID: 17902 Comm: syz.2.2569 Tainted: G     U              6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  745.763068][T17902] Tainted: [U]=USER
[  745.763075][T17902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  745.763089][T17902] Call Trace:
[  745.763097][T17902]  <TASK>
[  745.763107][T17902]  dump_stack_lvl+0x16c/0x1f0
[  745.763146][T17902]  should_fail_ex+0x512/0x640
[  745.763184][T17902]  get_futex_key+0x1c2/0x1000
[  745.763216][T17902]  ? __pfx_get_futex_key+0x10/0x10
[  745.763248][T17902]  ? kasan_save_track+0x14/0x30
[  745.763277][T17902]  ? __kasan_kmalloc+0xaa/0xb0
[  745.763308][T17902]  futex_lock_pi+0x27c/0x7b0
[  745.763343][T17902]  ? __lock_acquire+0x5ca/0x1ba0
[  745.763378][T17902]  ? __pfx_futex_lock_pi+0x10/0x10
[  745.763425][T17902]  ? find_held_lock+0x2b/0x80
[  745.763464][T17902]  ? proc_fail_nth_write+0x9f/0x250
[  745.763505][T17902]  ? __pfx_futex_wake_mark+0x10/0x10
[  745.763546][T17902]  ? ksys_write+0x190/0x240
[  745.763579][T17902]  do_futex+0x11a/0x350
[  745.763609][T17902]  ? __pfx_do_futex+0x10/0x10
[  745.763648][T17902]  __x64_sys_futex+0x1e0/0x4c0
[  745.763680][T17902]  ? fput+0x70/0xf0
[  745.763716][T17902]  ? __pfx___x64_sys_futex+0x10/0x10
[  745.763744][T17902]  ? ksys_write+0x1b9/0x240
[  745.763769][T17902]  ? __pfx_ksys_write+0x10/0x10
[  745.763806][T17902]  do_syscall_64+0xcd/0x230
[  745.763849][T17902]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  745.763875][T17902] RIP: 0033:0x7f546518e969
[  745.763896][T17902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  745.763920][T17902] RSP: 002b:00007f546603d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  745.763944][T17902] RAX: ffffffffffffffda RBX: 00007f54653b6160 RCX: 00007f546518e969
[  745.763961][T17902] RDX: 0000000000000009 RSI: 0000000000000006 RDI: 0000000000000000
[  745.763977][T17902] RBP: 00007f546603d090 R08: 0000000000000000 R09: 0000000000000006
[  745.763992][T17902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  745.764008][T17902] R13: 0000000000000001 R14: 00007f54653b6160 R15: 00007ffc4f3b4568
[  745.764044][T17902]  </TASK>
[  747.039748][T17933] Invalid ELF header magic: != ELF
[  748.463305][T17957] Invalid ELF header magic: != ELF
[  749.694887][T17982] FAULT_INJECTION: forcing a failure.
[  749.694887][T17982] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  749.738039][T17982] CPU: 0 UID: 0 PID: 17982 Comm: syz.2.2585 Tainted: G     U              6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  749.738081][T17982] Tainted: [U]=USER
[  749.738090][T17982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  749.738104][T17982] Call Trace:
[  749.738113][T17982]  <TASK>
[  749.738124][T17982]  dump_stack_lvl+0x16c/0x1f0
[  749.738166][T17982]  should_fail_ex+0x512/0x640
[  749.738208][T17982]  should_fail_alloc_page+0xe7/0x130
[  749.738243][T17982]  prepare_alloc_pages+0x3c2/0x610
[  749.738306][T17982]  __alloc_frozen_pages_noprof+0x18f/0x23a0
[  749.738337][T17982]  ? find_held_lock+0x2b/0x80
[  749.738363][T17982]  ? page_table_check_set+0x96f/0xb50
[  749.738405][T17982]  ? page_table_check_set+0x979/0xb50
[  749.738435][T17982]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  749.738468][T17982]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  749.738501][T17982]  ? const_folio_flags+0x5b/0x100
[  749.738538][T17982]  ? const_folio_flags+0x5b/0x100
[  749.738579][T17982]  ? folio_remove_rmap_pmd+0x2eb/0x7d0
[  749.738609][T17982]  ? split_huge_pmd_locked+0x27f/0x3bc0
[  749.738647][T17982]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  749.738684][T17982]  ? policy_nodemask+0xea/0x4e0
[  749.738717][T17982]  alloc_pages_mpol+0x1fb/0x550
[  749.738750][T17982]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  749.738782][T17982]  ? __split_huge_pmd+0x1f2/0x330
[  749.738827][T17982]  folio_alloc_mpol_noprof+0x36/0x2f0
[  749.738865][T17982]  vma_alloc_folio_noprof+0xed/0x1e0
[  749.738901][T17982]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  749.738934][T17982]  ? find_held_lock+0x2b/0x80
[  749.738960][T17982]  ? do_wp_page+0x229f/0x5930
[  749.739002][T17982]  do_wp_page+0x209f/0x5930
[  749.739051][T17982]  ? __pfx_do_wp_page+0x10/0x10
[  749.739091][T17982]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  749.739127][T17982]  ? ___pte_offset_map+0x1bc/0x540
[  749.739171][T17982]  __handle_mm_fault+0x1ada/0x2a40
[  749.739210][T17982]  ? __pfx___handle_mm_fault+0x10/0x10
[  749.739235][T17982]  ? arch_stack_walk+0xa6/0x100
[  749.739270][T17982]  ? __lock_acquire+0xaa4/0x1ba0
[  749.739328][T17982]  handle_mm_fault+0x3fe/0xad0
[  749.739362][T17982]  __get_user_pages+0x771/0x36f0
[  749.739424][T17982]  ? __pfx___get_user_pages+0x10/0x10
[  749.739464][T17982]  ? __pfx_down_read_killable+0x10/0x10
[  749.739504][T17982]  __gup_longterm_locked+0x20d/0x1850
[  749.739557][T17982]  ? __pfx___gup_longterm_locked+0x10/0x10
[  749.739602][T17982]  ? find_held_lock+0x2b/0x80
[  749.739638][T17982]  gup_fast_fallback+0x183d/0x2650
[  749.739669][T17982]  ? stack_trace_save+0x8e/0xc0
[  749.739696][T17982]  ? __pfx_stack_trace_save+0x10/0x10
[  749.739740][T17982]  ? __pfx_gup_fast_fallback+0x10/0x10
[  749.739778][T17982]  ? do_syscall_64+0xcd/0x230
[  749.739814][T17982]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  749.739860][T17982]  get_user_pages_fast+0xa7/0xf0
[  749.739884][T17982]  ? __pfx_get_user_pages_fast+0x10/0x10
[  749.739920][T17982]  get_futex_key+0x1f4/0x1000
[  749.739952][T17982]  ? __pfx_get_futex_key+0x10/0x10
[  749.739986][T17982]  ? kasan_save_track+0x14/0x30
[  749.740013][T17982]  ? __kasan_kmalloc+0xaa/0xb0
[  749.740045][T17982]  futex_lock_pi+0x27c/0x7b0
[  749.740080][T17982]  ? __lock_acquire+0x5ca/0x1ba0
[  749.740114][T17982]  ? __pfx_futex_lock_pi+0x10/0x10
[  749.740161][T17982]  ? find_held_lock+0x2b/0x80
[  749.740199][T17982]  ? proc_fail_nth_write+0x9f/0x250
[  749.740241][T17982]  ? __pfx_futex_wake_mark+0x10/0x10
[  749.740283][T17982]  ? ksys_write+0x190/0x240
[  749.740316][T17982]  do_futex+0x11a/0x350
[  749.740343][T17982]  ? __pfx_do_futex+0x10/0x10
[  749.740380][T17982]  __x64_sys_futex+0x1e0/0x4c0
[  749.740419][T17982]  ? fput+0x70/0xf0
[  749.740448][T17982]  ? __pfx___x64_sys_futex+0x10/0x10
[  749.740474][T17982]  ? ksys_write+0x1b9/0x240
[  749.740498][T17982]  ? __pfx_ksys_write+0x10/0x10
[  749.740535][T17982]  do_syscall_64+0xcd/0x230
[  749.740576][T17982]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  749.740602][T17982] RIP: 0033:0x7f546518e969
[  749.740624][T17982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  749.740649][T17982] RSP: 002b:00007f546605e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  749.740674][T17982] RAX: ffffffffffffffda RBX: 00007f54653b6080 RCX: 00007f546518e969
[  749.740693][T17982] RDX: 0000000000000009 RSI: 0000000000000006 RDI: 0000000000000000
[  749.740708][T17982] RBP: 00007f546605e090 R08: 0000000000000000 R09: 0000000000000006
[  749.740725][T17982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  749.740741][T17982] R13: 0000000000000000 R14: 00007f54653b6080 R15: 00007ffc4f3b4568
[  749.740778][T17982]  </TASK>
[  750.567668][T17995] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2588'.
[  751.929700][T18027] FAULT_INJECTION: forcing a failure.
[  751.929700][T18027] name failslab, interval 1, probability 0, space 0, times 0
[  751.957240][T18027] CPU: 1 UID: 0 PID: 18027 Comm: syz.2.2593 Tainted: G     U              6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  751.957287][T18027] Tainted: [U]=USER
[  751.957297][T18027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  751.957313][T18027] Call Trace:
[  751.957322][T18027]  <TASK>
[  751.957333][T18027]  dump_stack_lvl+0x16c/0x1f0
[  751.957378][T18027]  should_fail_ex+0x512/0x640
[  751.957418][T18027]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  751.957456][T18027]  should_failslab+0xc2/0x120
[  751.957497][T18027]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  751.957533][T18027]  ? shmem_alloc_inode+0x25/0x50
[  751.957580][T18027]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  751.957618][T18027]  shmem_alloc_inode+0x25/0x50
[  751.957656][T18027]  alloc_inode+0x61/0x240
[  751.957692][T18027]  new_inode+0x22/0x1c0
[  751.957730][T18027]  shmem_get_inode+0x19a/0xfb0
[  751.957762][T18027]  shmem_mknod+0x1a8/0x450
[  751.957794][T18027]  vfs_create+0x4e0/0x7a0
[  751.957838][T18027]  do_mknodat+0x3d3/0x5d0
[  751.957887][T18027]  ? __pfx_do_mknodat+0x10/0x10
[  751.957928][T18027]  ? getname_flags.part.0+0x1c5/0x550
[  751.957963][T18027]  ? rcu_is_watching+0x12/0xc0
[  751.957998][T18027]  __x64_sys_mknod+0x87/0xb0
[  751.958027][T18027]  do_syscall_64+0xcd/0x230
[  751.958071][T18027]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  751.958114][T18027] RIP: 0033:0x7f546518e969
[  751.958137][T18027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  751.958163][T18027] RSP: 002b:00007f546605e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[  751.958191][T18027] RAX: ffffffffffffffda RBX: 00007f54653b6080 RCX: 00007f546518e969
[  751.958210][T18027] RDX: 00000000000000cb RSI: 00000000000000c9 RDI: 0000200000000040
[  751.958228][T18027] RBP: 00007f5465210ab1 R08: 0000000000000000 R09: 0000000000000000
[  751.958246][T18027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  751.958264][T18027] R13: 0000000000000000 R14: 00007f54653b6080 R15: 00007ffc4f3b4568
[  751.958302][T18027]  </TASK>
[  752.401127][T18028] Invalid ELF header magic: != ELF
[  752.718936][T18035] ptrace attach of "./syz-executor exec"[16238] was attempted by "./syz-executor exec"[18035]
[  754.359629][T18060] FAULT_INJECTION: forcing a failure.
[  754.359629][T18060] name fail_futex, interval 1, probability 0, space 0, times 0
[  754.373580][T18060] CPU: 1 UID: 0 PID: 18060 Comm: syz.1.2597 Tainted: G     U              6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  754.373624][T18060] Tainted: [U]=USER
[  754.373633][T18060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  754.373650][T18060] Call Trace:
[  754.373659][T18060]  <TASK>
[  754.373669][T18060]  dump_stack_lvl+0x16c/0x1f0
[  754.373713][T18060]  should_fail_ex+0x512/0x640
[  754.373757][T18060]  get_futex_key+0xabc/0x1000
[  754.373790][T18060]  ? __pfx_get_futex_key+0x10/0x10
[  754.373820][T18060]  ? kasan_save_track+0x14/0x30
[  754.373847][T18060]  ? __kasan_kmalloc+0xaa/0xb0
[  754.373877][T18060]  futex_lock_pi+0x27c/0x7b0
[  754.373912][T18060]  ? __lock_acquire+0x5ca/0x1ba0
[  754.373946][T18060]  ? __pfx_futex_lock_pi+0x10/0x10
[  754.373993][T18060]  ? find_held_lock+0x2b/0x80
[  754.374033][T18060]  ? proc_fail_nth_write+0x9f/0x250
[  754.374069][T18060]  ? __pfx_futex_wake_mark+0x10/0x10
[  754.374110][T18060]  ? ksys_write+0x190/0x240
[  754.374142][T18060]  do_futex+0x11a/0x350
[  754.374172][T18060]  ? __pfx_do_futex+0x10/0x10
[  754.374208][T18060]  __x64_sys_futex+0x1e0/0x4c0
[  754.374240][T18060]  ? fput+0x70/0xf0
[  754.374269][T18060]  ? __pfx___x64_sys_futex+0x10/0x10
[  754.374313][T18060]  ? ksys_write+0x1b9/0x240
[  754.374338][T18060]  ? __pfx_ksys_write+0x10/0x10
[  754.374386][T18060]  do_syscall_64+0xcd/0x230
[  754.374429][T18060]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  754.374455][T18060] RIP: 0033:0x7fda5138e969
[  754.374476][T18060] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  754.374499][T18060] RSP: 002b:00007fda5225d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  754.374524][T18060] RAX: ffffffffffffffda RBX: 00007fda515b6160 RCX: 00007fda5138e969
[  754.374541][T18060] RDX: 0000000000000009 RSI: 0000000000000006 RDI: 0000000000000000
[  754.374556][T18060] RBP: 00007fda5225d090 R08: 0000000000000000 R09: 0000000000000006
[  754.374570][T18060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  754.374585][T18060] R13: 0000000000000001 R14: 00007fda515b6160 R15: 00007ffe81715698
[  754.374618][T18060]  </TASK>
[  756.800406][T18103] kafs: addr_prefs: Invalid Command
[  756.919664][T18100] bond0: no command found in slaves file - use +ifname or -ifname
[  757.746551][T18123] FAULT_INJECTION: forcing a failure.
[  757.746551][T18123] name fail_futex, interval 1, probability 0, space 0, times 0
[  757.761458][T18123] CPU: 0 UID: 0 PID: 18123 Comm: syz.1.2611 Tainted: G     U              6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  757.761499][T18123] Tainted: [U]=USER
[  757.761508][T18123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  757.761522][T18123] Call Trace:
[  757.761530][T18123]  <TASK>
[  757.761540][T18123]  dump_stack_lvl+0x16c/0x1f0
[  757.761584][T18123]  should_fail_ex+0x512/0x640
[  757.761627][T18123]  should_fail_futex+0x4c/0x60
[  757.761657][T18123]  futex_lock_pi_atomic+0x101/0xdb0
[  757.761697][T18123]  futex_lock_pi+0x2ee/0x7b0
[  757.761736][T18123]  ? __pfx_futex_lock_pi+0x10/0x10
[  757.761784][T18123]  ? find_held_lock+0x2b/0x80
[  757.761829][T18123]  ? proc_fail_nth_write+0x9f/0x250
[  757.761872][T18123]  ? __pfx_futex_wake_mark+0x10/0x10
[  757.761910][T18123]  ? ksys_write+0x190/0x240
[  757.761943][T18123]  do_futex+0x11a/0x350
[  757.761972][T18123]  ? __pfx_do_futex+0x10/0x10
[  757.762012][T18123]  __x64_sys_futex+0x1e0/0x4c0
[  757.762043][T18123]  ? fput+0x70/0xf0
[  757.762072][T18123]  ? __pfx___x64_sys_futex+0x10/0x10
[  757.762099][T18123]  ? ksys_write+0x1b9/0x240
[  757.762125][T18123]  ? __pfx_ksys_write+0x10/0x10
[  757.762162][T18123]  do_syscall_64+0xcd/0x230
[  757.762203][T18123]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  757.762229][T18123] RIP: 0033:0x7fda5138e969
[  757.762251][T18123] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  757.762275][T18123] RSP: 002b:00007fda5225d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  757.762299][T18123] RAX: ffffffffffffffda RBX: 00007fda515b6160 RCX: 00007fda5138e969
[  757.762317][T18123] RDX: 0000000000000009 RSI: 0000000000000006 RDI: 0000000000000000
[  757.762332][T18123] RBP: 00007fda5225d090 R08: 0000000000000000 R09: 0000000000000006
[  757.762348][T18123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  757.762363][T18123] R13: 0000000000000001 R14: 00007fda515b6160 R15: 00007ffe81715698
[  757.762404][T18123]  </TASK>
[  762.358555][T14689] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  762.603343][T14689] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  762.939496][T14689] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  763.218255][T14689] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  763.368779][T12788] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  763.382797][T12788] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  763.399955][T12788] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  763.448562][T12788] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  763.467248][T12788] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  763.619836][T14689] bridge_slave_1: left allmulticast mode
[  763.625749][T14689] bridge_slave_1: left promiscuous mode
[  763.634678][T14689] bridge0: port 2(bridge_slave_1) entered disabled state
[  763.677712][T14689] bridge_slave_0: left allmulticast mode
[  763.683420][T14689] bridge_slave_0: left promiscuous mode
[  763.693024][T14689] bridge0: port 1(bridge_slave_0) entered disabled state
[  764.387487][T14689] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  764.410405][T14689] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  764.438439][T14689] bond0 (unregistering): Released all slaves
[  765.529277][T12788] Bluetooth: hci1: command tx timeout
[  765.795261][T14689] hsr_slave_0: left promiscuous mode
[  765.822972][T14689] hsr_slave_1: left promiscuous mode
[  765.843932][T14689] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  765.859713][T14689] batman_adv: batadv0: Removing interface: batadv_slave_0
[  765.899416][T14689] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  765.918056][T14689] batman_adv: batadv0: Removing interface: batadv_slave_1
[  766.082670][T14689] veth1_macvtap: left promiscuous mode
[  766.090530][T14689] veth0_macvtap: left promiscuous mode
[  766.115858][T14689] veth1_vlan: left promiscuous mode
[  766.121455][T14689] veth0_vlan: left promiscuous mode
[  766.988048][   T30] audit: type=1800 audit(4294969778.955:80): pid=18283 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2644" name="dbroot" dev="configfs" ino=74103 res=0 errno=0
[  767.112080][T14689] team0 (unregistering): Port device team_slave_1 removed
[  767.150232][T18285] FAULT_INJECTION: forcing a failure.
[  767.150232][T18285] name fail_futex, interval 1, probability 0, space 0, times 0
[  767.164306][T18285] CPU: 1 UID: 0 PID: 18285 Comm: syz.3.2644 Tainted: G     U              6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  767.164351][T18285] Tainted: [U]=USER
[  767.164358][T18285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  767.164372][T18285] Call Trace:
[  767.164380][T18285]  <TASK>
[  767.164390][T18285]  dump_stack_lvl+0x16c/0x1f0
[  767.164432][T18285]  should_fail_ex+0x512/0x640
[  767.164467][T18285]  ? __pfx___futex_wait+0x10/0x10
[  767.164503][T18285]  get_futex_key+0x49e/0x1000
[  767.164531][T18285]  ? __pfx_futex_wake_mark+0x10/0x10
[  767.164564][T18285]  ? __pfx_get_futex_key+0x10/0x10
[  767.164594][T18285]  ? __lock_acquire+0x5ca/0x1ba0
[  767.164634][T18285]  futex_wake+0xe7/0x4e0
[  767.164669][T18285]  ? __pfx_futex_wake+0x10/0x10
[  767.164706][T18285]  ? __fget_files+0x204/0x3c0
[  767.164739][T18285]  do_futex+0x1e3/0x350
[  767.164769][T18285]  ? __pfx_do_futex+0x10/0x10
[  767.164797][T18285]  ? fdget+0x187/0x210
[  767.164820][T18285]  ? __sys_sendmsg+0x199/0x220
[  767.164855][T18285]  __x64_sys_futex+0x1e0/0x4c0
[  767.164887][T18285]  ? __pfx___x64_sys_futex+0x10/0x10
[  767.164916][T18285]  ? rcu_is_watching+0x12/0xc0
[  767.164952][T18285]  do_syscall_64+0xcd/0x230
[  767.164992][T18285]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  767.165018][T18285] RIP: 0033:0x7f5a7118e969
[  767.165039][T18285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  767.165062][T18285] RSP: 002b:00007f5a71fa20e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  767.165087][T18285] RAX: ffffffffffffffda RBX: 00007f5a713b6168 RCX: 00007f5a7118e969
[  767.165105][T18285] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5a713b616c
[  767.165129][T18285] RBP: 00007f5a713b6160 R08: 00007f5a71fe5000 R09: 0000000000000000
[  767.165146][T18285] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f5a713b616c
[  767.165161][T18285] R13: 0000000000000000 R14: 00007ffeb42d4fa0 R15: 00007ffeb42d5088
[  767.165192][T18285]  </TASK>
[  767.394801][T14689] team0 (unregistering): Port device team_slave_0 removed
[  767.597435][T12788] Bluetooth: hci1: command tx timeout
[  768.193740][T18214] chnl_net:caif_netlink_parms(): no params data found
[  768.954098][T18214] bridge0: port 1(bridge_slave_0) entered blocking state
[  768.974198][T18214] bridge0: port 1(bridge_slave_0) entered disabled state
[  768.981997][T18214] bridge_slave_0: entered allmulticast mode
[  769.002841][T18214] bridge_slave_0: entered promiscuous mode
[  769.058406][T18214] bridge0: port 2(bridge_slave_1) entered blocking state
[  769.071048][T18214] bridge0: port 2(bridge_slave_1) entered disabled state
[  769.078753][T18214] bridge_slave_1: entered allmulticast mode
[  769.086703][T18214] bridge_slave_1: entered promiscuous mode
[  769.232734][T18214] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  769.262055][T18214] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  769.558240][T18214] team0: Port device team_slave_0 added
[  769.560720][T18337] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2650'.
[  769.614286][T18214] team0: Port device team_slave_1 added
[  769.625620][T18337] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  769.665292][T12788] Bluetooth: hci1: command tx timeout
[  769.669379][T18337] batman_adv: batadv0: Removing interface: batadv_slave_0
[  769.689143][T18337] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  769.709191][T18337] batman_adv: batadv0: Removing interface: batadv_slave_1
[  769.995415][T18214] batman_adv: batadv0: Adding interface: batadv_slave_0
[  770.012581][T18214] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  770.063555][T18214] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  770.085073][T18214] batman_adv: batadv0: Adding interface: batadv_slave_1
[  770.092046][T18214] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  770.250111][T18214] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  770.454025][T18214] hsr_slave_0: entered promiscuous mode
[  770.462322][T18214] hsr_slave_1: entered promiscuous mode
[  770.468714][T18214] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  770.506407][T18214] Cannot create hsr debugfs directory
[  771.626569][T18388] FAULT_INJECTION: forcing a failure.
[  771.626569][T18388] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  771.659643][T18388] CPU: 0 UID: 0 PID: 18388 Comm: syz.0.2655 Tainted: G     U              6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  771.659689][T18388] Tainted: [U]=USER
[  771.659698][T18388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  771.659714][T18388] Call Trace:
[  771.659723][T18388]  <TASK>
[  771.659734][T18388]  dump_stack_lvl+0x16c/0x1f0
[  771.659778][T18388]  should_fail_ex+0x512/0x640
[  771.659822][T18388]  should_fail_alloc_page+0xe7/0x130
[  771.659864][T18388]  prepare_alloc_pages+0x3c2/0x610
[  771.659909][T18388]  __alloc_frozen_pages_noprof+0x18f/0x23a0
[  771.659940][T18388]  ? unwind_get_return_address+0x59/0xa0
[  771.659969][T18388]  ? arch_stack_walk+0xa6/0x100
[  771.660010][T18388]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  771.660043][T18388]  ? __pfx_stack_trace_save+0x10/0x10
[  771.660079][T18388]  ? stack_depot_save_flags+0x28/0xa50
[  771.660127][T18388]  ? kasan_save_stack+0x42/0x60
[  771.660154][T18388]  ? kasan_save_stack+0x33/0x60
[  771.660181][T18388]  ? kasan_save_track+0x14/0x30
[  771.660208][T18388]  ? __kasan_slab_alloc+0x89/0x90
[  771.660238][T18388]  ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[  771.660268][T18388]  ? alloc_vmap_area+0x613/0x2970
[  771.660304][T18388]  ? __get_vm_area_node+0x1ca/0x330
[  771.660342][T18388]  ? __vmalloc_node_range_noprof+0x277/0x1540
[  771.660384][T18388]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  771.660423][T18388]  ? policy_nodemask+0xea/0x4e0
[  771.660460][T18388]  alloc_pages_mpol+0x1fb/0x550
[  771.660497][T18388]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  771.660542][T18388]  alloc_pages_noprof+0x131/0x390
[  771.660577][T18388]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[  771.660605][T18388]  get_free_pages_noprof+0xc/0x40
[  771.660642][T18388]  kasan_populate_vmalloc_pte+0x2d/0x160
[  771.660672][T18388]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[  771.660701][T18388]  __apply_to_page_range+0x617/0xd60
[  771.660748][T18388]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[  771.660782][T18388]  ? __pfx___apply_to_page_range+0x10/0x10
[  771.660826][T18388]  ? alloc_vmap_area+0x872/0x2970
[  771.660871][T18388]  alloc_vmap_area+0x919/0x2970
[  771.660927][T18388]  ? __pfx_alloc_vmap_area+0x10/0x10
[  771.660977][T18388]  __get_vm_area_node+0x1ca/0x330
[  771.661026][T18388]  __vmalloc_node_range_noprof+0x277/0x1540
[  771.661078][T18388]  ? htab_map_alloc+0x456/0x1540
[  771.661127][T18388]  ? find_held_lock+0x2b/0x80
[  771.661155][T18388]  ? htab_map_alloc+0x456/0x1540
[  771.661197][T18388]  ? pcpu_memcg_post_alloc_hook+0x1e/0x740
[  771.661234][T18388]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  771.661276][T18388]  ? pcpu_alloc_noprof+0x1f5/0x1470
[  771.661318][T18388]  ? htab_map_alloc+0x456/0x1540
[  771.661356][T18388]  __bpf_map_area_alloc+0xeb/0x190
[  771.661399][T18388]  ? htab_map_alloc+0x456/0x1540
[  771.661439][T18388]  htab_map_alloc+0x456/0x1540
[  771.661486][T18388]  ? htab_map_alloc_check+0x2f2/0x430
[  771.661528][T18388]  map_create+0x592/0x1db0
[  771.661578][T18388]  ? __pfx_map_create+0x10/0x10
[  771.661612][T18388]  ? __might_fault+0xe3/0x190
[  771.661642][T18388]  ? __might_fault+0xe3/0x190
[  771.661672][T18388]  ? __might_fault+0x13b/0x190
[  771.661719][T18388]  __sys_bpf+0x47cc/0x4d80
[  771.661763][T18388]  ? __pfx___sys_bpf+0x10/0x10
[  771.661803][T18388]  ? ksys_write+0x190/0x240
[  771.661833][T18388]  ? do_futex+0x122/0x350
[  771.661865][T18388]  ? __pfx_do_futex+0x10/0x10
[  771.661914][T18388]  ? xfd_validate_state+0x5d/0x180
[  771.661943][T18388]  ? rcu_is_watching+0x12/0xc0
[  771.661977][T18388]  __x64_sys_bpf+0x78/0xc0
[  771.662016][T18388]  ? lockdep_hardirqs_on+0x7c/0x110
[  771.662074][T18388]  do_syscall_64+0xcd/0x230
[  771.662119][T18388]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  771.662149][T18388] RIP: 0033:0x7f534038e969
[  771.662172][T18388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  771.662199][T18388] RSP: 002b:00007f533e1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  771.662225][T18388] RAX: ffffffffffffffda RBX: 00007f53405b6160 RCX: 00007f534038e969
[  771.662245][T18388] RDX: 0000000000000098 RSI: 0000200000000100 RDI: 0000000000000000
[  771.662263][T18388] RBP: 00007f5340410ab1 R08: 0000000000000000 R09: 0000000000000000
[  771.662282][T18388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  771.662299][T18388] R13: 0000000000000000 R14: 00007f53405b6160 R15: 00007ffd3e629de8
[  771.662335][T18388]  </TASK>
[  772.109582][T12788] Bluetooth: hci1: command tx timeout
[  773.697137][T18214] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  773.715130][T18417] aoe: could not set interface list: too many interfaces
[  773.726922][T18214] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  773.807318][T18214] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  773.860159][T18214] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  774.449281][T18214] 8021q: adding VLAN 0 to HW filter on device bond0
[  774.531528][T18430] .^: entered promiscuous mode
[  774.554777][T18214] 8021q: adding VLAN 0 to HW filter on device team0
[  774.604752][T14691] bridge0: port 1(bridge_slave_0) entered blocking state
[  774.611969][T14691] bridge0: port 1(bridge_slave_0) entered forwarding state
[  774.657882][T14691] bridge0: port 2(bridge_slave_1) entered blocking state
[  774.665119][T14691] bridge0: port 2(bridge_slave_1) entered forwarding state
[  775.237923][T18443] FAULT_INJECTION: forcing a failure.
[  775.237923][T18443] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  775.282618][T18214] 8021q: adding VLAN 0 to HW filter on device batadv0
[  775.370313][T18443] CPU: 1 UID: 0 PID: 18443 Comm: syz.2.2666 Tainted: G     U              6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  775.370358][T18443] Tainted: [U]=USER
[  775.370367][T18443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  775.370383][T18443] Call Trace:
[  775.370392][T18443]  <TASK>
[  775.370403][T18443]  dump_stack_lvl+0x16c/0x1f0
[  775.370448][T18443]  should_fail_ex+0x512/0x640
[  775.370494][T18443]  strncpy_from_user+0x3b/0x2e0
[  775.370544][T18443]  getname_flags.part.0+0x8f/0x550
[  775.370586][T18443]  getname_flags+0x93/0xf0
[  775.370628][T18443]  do_sys_openat2+0xb8/0x1d0
[  775.370664][T18443]  ? __pfx_do_sys_openat2+0x10/0x10
[  775.370714][T18443]  __x64_sys_openat+0x174/0x210
[  775.370751][T18443]  ? __pfx___x64_sys_openat+0x10/0x10
[  775.370790][T18443]  ? rcu_is_watching+0x12/0xc0
[  775.370826][T18443]  do_syscall_64+0xcd/0x230
[  775.370869][T18443]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  775.370896][T18443] RIP: 0033:0x7f546518e969
[  775.370919][T18443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  775.370944][T18443] RSP: 002b:00007f546605e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  775.370971][T18443] RAX: ffffffffffffffda RBX: 00007f54653b6080 RCX: 00007f546518e969
[  775.370989][T18443] RDX: 0000000000082204 RSI: 0000200000000400 RDI: ffffffffffffff9c
[  775.371008][T18443] RBP: 00007f5465210ab1 R08: 0000000000000000 R09: 0000000000000000
[  775.371025][T18443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  775.371041][T18443] R13: 0000000000000000 R14: 00007f54653b6080 R15: 00007ffc4f3b4568
[  775.371077][T18443]  </TASK>
[  775.660101][T18214] veth0_vlan: entered promiscuous mode
[  775.736031][T18214] veth1_vlan: entered promiscuous mode
[  775.772134][T18214] veth0_macvtap: entered promiscuous mode
[  775.793165][T18214] veth1_macvtap: entered promiscuous mode
[  775.821430][T18214] batman_adv: batadv0: Interface activated: batadv_slave_0
[  775.863146][T18214] batman_adv: batadv0: Interface activated: batadv_slave_1
[  775.874944][T18214] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  775.883863][T18214] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  775.893118][T18214] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  775.910777][T18214] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  776.216916][T12789] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  776.266737][T12789] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  776.348406][T12789] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  776.401041][T12789] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  776.421398][T18473] ubi0: attaching mtd0
[  776.426229][T18473] ubi0 warning: ubi_attach: valid VID header but corrupted EC header at PEB 0
[  776.451080][T18473] ubi0: scanning is finished
[  776.576444][T18477] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7fe00
[  776.628125][T18477] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  776.654120][T18477] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  776.662633][T18477] page_type: f5(slab)
[  776.666823][T18477] raw: 00fff00000000040 ffff88801c6b8640 0000000000000000 dead000000000001
[  776.676677][T18477] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000
[  776.685873][T18477] head: 00fff00000000040 ffff88801c6b8640 0000000000000000 dead000000000001
[  776.696812][T18477] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000
[  776.705889][T18477] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff
[  776.718476][T18473] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  776.750034][T18473] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  776.763707][T18477] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  776.772945][T18477] page dumped because: unmovable page
[  776.779992][T18477] page_owner tracks the page as allocated
[  776.785741][T18477] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5825, tgid 5825 (syz-executor), ts 454755970177, free_ts 454738797015
[  776.817035][T18477]  post_alloc_hook+0x181/0x1b0
[  776.822231][T18473] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  776.822273][T18473] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  776.822297][T18473] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  776.822318][T18473] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  776.879709][T18473] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 1765013092
[  776.890325][T18473] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  776.900636][T18483] ubi0: background thread "ubi_bgt0d" started, PID 18483
[  776.909258][T18483] ubi0: scrubbed PEB 0 (LEB 2147479551:0), data moved to PEB 31
[  776.984870][T18477]  get_page_from_freelist+0x135c/0x3920
[  777.016570][T18477]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  777.134548][T18477]  alloc_pages_mpol+0x1fb/0x550
[  777.188814][T18477]  new_slab+0x244/0x340
[  777.215837][T18477]  ___slab_alloc+0xd9c/0x1940
[  777.220542][T18477]  __slab_alloc.constprop.0+0x56/0xb0
[  777.337119][T18477]  kmem_cache_alloc_noprof+0xef/0x3b0
[  777.342558][T18477]  getname_flags.part.0+0x4c/0x550
[  777.406887][T18477]  getname_flags+0x93/0xf0
[  777.494445][T18477]  do_sys_openat2+0xb8/0x1d0
[  777.659798][T18477]  __x64_sys_openat+0x174/0x210
[  777.775635][T18477]  do_syscall_64+0xcd/0x230
[  777.780186][T18477]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  777.789327][T18477] page last free pid 5816 tgid 5816 stack trace:
[  777.795844][T18477]  __free_frozen_pages+0x69d/0xff0
[  777.801149][T18477]  __folio_put+0x329/0x450
[  777.805808][T18477]  skb_release_data+0x618/0x960
[  777.810700][T18477]  __kfree_skb+0x4f/0x70
[  777.815282][T18477]  tcp_ack+0x19b2/0x5c90
[  777.819576][T18477]  tcp_rcv_established+0xcf0/0x2180
[  777.824955][T18477]  tcp_v4_do_rcv+0x5ca/0xa90
[  777.829735][T18477]  __release_sock+0x31b/0x400
[  777.835589][T18477]  release_sock+0x5a/0x220
[  777.840212][T18477]  tcp_sendmsg+0x38/0x50
[  777.844667][T18477]  inet_sendmsg+0xb9/0x140
[  777.849133][T18477]  sock_write_iter+0x4aa/0x5b0
[  777.854417][T18477]  vfs_write+0x5bd/0x1180
[  777.858835][T18477]  ksys_write+0x205/0x240
[  777.863356][T18477]  do_syscall_64+0xcd/0x230
[  777.867989][T18477]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  779.177310][T18531] Invalid ELF header magic: != ELF
[  779.201239][T18532] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2678'.
[  780.301585][T18556] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2682'.
[  781.009795][T18590] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2688'.
[  781.185214][T18596] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2688'.
[  781.498233][T18594] Invalid ELF header magic: != ELF
[  783.872466][T18666] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2698'.
[  785.664082][T18686] random: crng reseeded on system resumption
[  787.054705][T18705] netlink: 252 bytes leftover after parsing attributes in process `syz.1.2705'.
[  787.076546][T18705] netlink: 252 bytes leftover after parsing attributes in process `syz.1.2705'.
[  787.577770][T18728] netlink: 326 bytes leftover after parsing attributes in process `syz.2.2711'.
[  789.105518][T18767] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2720'.
[  789.228652][T18774] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2720'.
[  789.751179][T18767] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2720'.
[  791.473004][   T30] audit: type=1800 audit(4294969811.568:81): pid=18820 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2730" name="members" dev="configfs" ino=76325 res=0 errno=0
[  792.404376][T18828] sd 0:0:1:0: PR command failed: 1026
[  792.427957][T18828] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  792.435059][T18828] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  793.142096][T18852] netlink: 'syz.1.2737': attribute type 1 has an invalid length.
[  795.301522][T18897] Invalid ELF header magic: != ELF
[  795.350832][T18903] snd_virmidi snd_virmidi.0: control 5:9:1:IA��>/�[k<���mgx���<�5��+-C��Y��5:0 is already present
[  796.349984][T18913] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2752'.
[  796.470667][T18912] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2752'.
[  798.352876][T18932] ==================================================================
[  798.352896][T18932] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0xa03/0xc70
[  798.352941][T18932] Read of size 256 at addr ffff88806dabe3c0 by task syz.1.2754/18932
[  798.352966][T18932] 
[  798.352983][T18932] CPU: 1 UID: 0 PID: 18932 Comm: syz.1.2754 Tainted: G     U              6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  798.353024][T18932] Tainted: [U]=USER
[  798.353034][T18932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  798.353049][T18932] Call Trace:
[  798.353059][T18932]  <TASK>
[  798.353070][T18932]  dump_stack_lvl+0x116/0x1f0
[  798.353110][T18932]  print_report+0xc3/0x670
[  798.353149][T18932]  ? __virt_addr_valid+0x5e/0x590
[  798.353185][T18932]  ? __phys_addr+0xc6/0x150
[  798.353220][T18932]  ? fbcon_prepare_logo+0xa03/0xc70
[  798.353254][T18932]  kasan_report+0xe0/0x110
[  798.353288][T18932]  ? fbcon_prepare_logo+0xa03/0xc70
[  798.353328][T18932]  kasan_check_range+0xef/0x1a0
[  798.353367][T18932]  __asan_memcpy+0x23/0x60
[  798.353392][T18932]  fbcon_prepare_logo+0xa03/0xc70
[  798.353430][T18932]  fbcon_init+0xd77/0x1900
[  798.353462][T18932]  ? __pfx_drm_fb_helper_set_par+0x10/0x10
[  798.353496][T18932]  visual_init+0x31d/0x620
[  798.353524][T18932]  do_bind_con_driver.isra.0+0x57a/0xbf0
[  798.353561][T18932]  store_bind+0x61d/0x760
[  798.353594][T18932]  ? sysfs_file_kobj+0xe4/0x290
[  798.353632][T18932]  ? __pfx_store_bind+0x10/0x10
[  798.353662][T18932]  dev_attr_store+0x58/0x80
[  798.353697][T18932]  ? __pfx_dev_attr_store+0x10/0x10
[  798.353732][T18932]  sysfs_kf_write+0xef/0x150
[  798.353769][T18932]  kernfs_fop_write_iter+0x351/0x510
[  798.353804][T18932]  ? __pfx_sysfs_kf_write+0x10/0x10
[  798.353843][T18932]  vfs_write+0x5bd/0x1180
[  798.353870][T18932]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  798.353906][T18932]  ? __pfx___mutex_lock+0x10/0x10
[  798.353946][T18932]  ? __pfx_vfs_write+0x10/0x10
[  798.353984][T18932]  ksys_write+0x12a/0x240
[  798.354010][T18932]  ? __pfx_ksys_write+0x10/0x10
[  798.354036][T18932]  ? rcu_is_watching+0x12/0xc0
[  798.354068][T18932]  do_syscall_64+0xcd/0x230
[  798.354109][T18932]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  798.354145][T18932] RIP: 0033:0x7f1414d8e969
[  798.354167][T18932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  798.354194][T18932] RSP: 002b:00007f1415c03038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  798.354220][T18932] RAX: ffffffffffffffda RBX: 00007f1414fb6160 RCX: 00007f1414d8e969
[  798.354240][T18932] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003
[  798.354258][T18932] RBP: 00007f1414e10ab1 R08: 0000000000000000 R09: 0000000000000000
[  798.354277][T18932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  798.354294][T18932] R13: 0000000000000000 R14: 00007f1414fb6160 R15: 00007ffe5f568f68
[  798.354322][T18932]  </TASK>
[  798.354333][T18932] 
[  798.354340][T18932] The buggy address belongs to the object at ffff88806dabe370
[  798.354340][T18932]  which belongs to the cache hugetlbfs_inode_cache of size 1168
[  798.354364][T18932] The buggy address is located 80 bytes inside of
[  798.354364][T18932]  allocated 1168-byte region [ffff88806dabe370, ffff88806dabe800)
[  798.354392][T18932] 
[  798.354399][T18932] The buggy address belongs to the physical page:
[  798.354410][T18932] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6dabc
[  798.354434][T18932] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  798.354455][T18932] memcg:ffff888034f2d281
[  798.354466][T18932] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  798.354489][T18932] page_type: f5(slab)
[  798.354512][T18932] raw: 00fff00000000040 ffff888022ecda00 dead000000000122 0000000000000000
[  798.354537][T18932] raw: 0000000000000000 00000000800c000c 00000000f5000000 ffff888034f2d281
[  798.354562][T18932] head: 00fff00000000040 ffff888022ecda00 dead000000000122 0000000000000000
[  798.354586][T18932] head: 0000000000000000 00000000800c000c 00000000f5000000 ffff888034f2d281
[  798.354611][T18932] head: 00fff00000000002 ffffea0001b6af01 00000000ffffffff 00000000ffffffff
[  798.354636][T18932] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  798.354651][T18932] page dumped because: kasan: bad access detected
[  798.354664][T18932] page_owner tracks the page as allocated
[  798.354673][T18932] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 18811, tgid 18807 (syz.3.2728), ts 790857464541, free_ts 789987471715
[  798.354732][T18932]  post_alloc_hook+0x181/0x1b0
[  798.354758][T18932]  get_page_from_freelist+0x135c/0x3920
[  798.354788][T18932]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  798.354819][T18932]  alloc_pages_mpol+0x1fb/0x550
[  798.354849][T18932]  new_slab+0x244/0x340
[  798.354870][T18932]  ___slab_alloc+0xd9c/0x1940
[  798.354893][T18932]  __slab_alloc.constprop.0+0x56/0xb0
[  798.354917][T18932]  kmem_cache_alloc_lru_noprof+0xf4/0x3b0
[  798.354946][T18932]  hugetlbfs_alloc_inode+0x8c/0x1d0
[  798.354976][T18932]  alloc_inode+0x61/0x240
[  798.355006][T18932]  new_inode+0x22/0x1c0
[  798.355036][T18932]  hugetlbfs_get_inode+0x354/0x730
[  798.355065][T18932]  hugetlb_file_setup+0x15b/0x620
[  798.355098][T18932]  ksys_mmap_pgoff+0x189/0x5c0
[  798.355139][T18932]  __x64_sys_mmap+0x125/0x190
[  798.355162][T18932]  do_syscall_64+0xcd/0x230
[  798.355200][T18932] page last free pid 14670 tgid 14670 stack trace:
[  798.355215][T18932]  __free_frozen_pages+0x69d/0xff0
[  798.355239][T18932]  vfree+0x176/0x960
[  798.355277][T18932]  htab_map_free+0x85f/0xab0
[  798.355311][T18932]  bpf_map_free_deferred+0x1c7/0x410
[  798.355344][T18932]  process_one_work+0x9cf/0x1b70
[  798.355383][T18932]  worker_thread+0x6c8/0xf10
[  798.355421][T18932]  kthread+0x3c2/0x780
[  798.355454][T18932]  ret_from_fork+0x48/0x80
[  798.355477][T18932]  ret_from_fork_asm+0x1a/0x30
[  798.355512][T18932] 
[  798.355519][T18932] Memory state around the buggy address:
[  798.355533][T18932]  ffff88806dabe280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  798.355552][T18932]  ffff88806dabe300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  798.355572][T18932] >ffff88806dabe380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  798.355587][T18932]                                            ^
[  798.355602][T18932]  ffff88806dabe400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  798.355621][T18932]  ffff88806dabe480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  798.355636][T18932] ==================================================================
[  798.355659][T18932] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  798.355680][T18932] CPU: 1 UID: 0 PID: 18932 Comm: syz.1.2754 Tainted: G     U              6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  798.355722][T18932] Tainted: [U]=USER
[  798.355736][T18932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  798.355753][T18932] Call Trace:
[  798.355763][T18932]  <TASK>
[  798.355773][T18932]  dump_stack_lvl+0x3d/0x1f0
[  798.355814][T18932]  panic+0x71c/0x800
[  798.355853][T18932]  ? __pfx_panic+0x10/0x10
[  798.355892][T18932]  ? __pfx__printk+0x10/0x10
[  798.355933][T18932]  ? fbcon_prepare_logo+0xa03/0xc70
[  798.355970][T18932]  check_panic_on_warn+0xab/0xb0
[  798.356013][T18932]  end_report+0x107/0x170
[  798.356046][T18932]  kasan_report+0xee/0x110
[  798.356081][T18932]  ? fbcon_prepare_logo+0xa03/0xc70
[  798.356121][T18932]  kasan_check_range+0xef/0x1a0
[  798.356167][T18932]  __asan_memcpy+0x23/0x60
[  798.356194][T18932]  fbcon_prepare_logo+0xa03/0xc70
[  798.356237][T18932]  fbcon_init+0xd77/0x1900
[  798.356273][T18932]  ? __pfx_drm_fb_helper_set_par+0x10/0x10
[  798.356308][T18932]  visual_init+0x31d/0x620
[  798.356337][T18932]  do_bind_con_driver.isra.0+0x57a/0xbf0
[  798.356376][T18932]  store_bind+0x61d/0x760
[  798.356410][T18932]  ? sysfs_file_kobj+0xe4/0x290
[  798.356449][T18932]  ? __pfx_store_bind+0x10/0x10
[  798.356480][T18932]  dev_attr_store+0x58/0x80
[  798.356515][T18932]  ? __pfx_dev_attr_store+0x10/0x10
[  798.356551][T18932]  sysfs_kf_write+0xef/0x150
[  798.356591][T18932]  kernfs_fop_write_iter+0x351/0x510
[  798.356625][T18932]  ? __pfx_sysfs_kf_write+0x10/0x10
[  798.356667][T18932]  vfs_write+0x5bd/0x1180
[  798.356695][T18932]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  798.356732][T18932]  ? __pfx___mutex_lock+0x10/0x10
[  798.356773][T18932]  ? __pfx_vfs_write+0x10/0x10
[  798.356812][T18932]  ksys_write+0x12a/0x240
[  798.356839][T18932]  ? __pfx_ksys_write+0x10/0x10
[  798.356866][T18932]  ? rcu_is_watching+0x12/0xc0
[  798.356899][T18932]  do_syscall_64+0xcd/0x230
[  798.356941][T18932]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  798.356970][T18932] RIP: 0033:0x7f1414d8e969
[  798.356992][T18932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  798.357019][T18932] RSP: 002b:00007f1415c03038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  798.357046][T18932] RAX: ffffffffffffffda RBX: 00007f1414fb6160 RCX: 00007f1414d8e969
[  798.357067][T18932] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003
[  798.357085][T18932] RBP: 00007f1414e10ab1 R08: 0000000000000000 R09: 0000000000000000
[  798.357103][T18932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  798.357120][T18932] R13: 0000000000000000 R14: 00007f1414fb6160 R15: 00007ffe5f568f68
[  798.357153][T18932]  </TASK>
[  798.357384][T18932] Kernel Offset: disabled