last executing test programs:

9.368003413s ago: executing program 0 (id=316):
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
ioprio_get$auto(0x3, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000)
madvise$auto(0x0, 0xffffffffffff0006, 0x17)
mmap$auto(0x0, 0x8de, 0xdf, 0x591b, 0x2, 0xb)
r0 = socket(0x2, 0x1, 0x106)
bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$auto_SO_DETACH_REUSEPORT_BPF(r1, 0x1, 0x44, &(0x7f0000000180)='\x91u\xe5?{\x00\x00\x00', 0x7)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
ioctl$auto(0xffffffffffffffff, 0x8983, 0x4)
write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
socket$nl_generic(0x10, 0x3, 0x10)
select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x3, 0x948b, 0x8000000000003, 0x15f4da07, 0x3, 0x3, 0x65, 0x8000001f, 0x1000, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0)
select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x6, 0x3, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, &(0x7f0000000280)={0x6, 0xcb})
read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000003c0)=""/134, 0x86)
recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
r3 = getpid()
io_uring_setup$auto(0x10001, &(0x7f00000001c0)={0xf8, 0x200, 0xa37, 0x3, 0x8, 0x8, r1, [0x7, 0xd], {0x81, 0x7fff, 0x9, 0x0, 0x8, 0x6, 0x8, 0x4, 0x8}, {0x3ff, 0x9, 0x400, 0x6, 0x8, 0x2, 0x7, 0xffff, 0x1ad}})
r4 = set_tid_address$auto(0x0)
tgkill$auto(r3, r4, 0x7)
openat$auto_drm_crtc_crc_control_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f00000000c0), 0x20f02, 0x0)
write$auto(0x3, 0x0, 0xfffffdef)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff)

7.926908514s ago: executing program 0 (id=320):
rseq$auto(&(0x7f00000001c0)={0xe, 0x20401, 0x5fc, 0x10000006, 0xffffffff, 0x6}, 0x8000, 0x0, 0x6)
r0 = set_tid_address$auto(0x0)
syz_open_procfs$namespace(r0, &(0x7f0000000080))
move_pages$auto(r0, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000)
open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40)
execve$auto(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
rseq$auto(&(0x7f0000000040)={0x8e4, 0x21, 0x100000000, 0x0, 0x1000, 0x7, "8f5d94d53d443dda2362b9e740ec23af"}, 0x7, 0x7f, 0x0)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0)
readahead$auto(r1, 0x9, 0x7fffffffffffffff)
rseq$auto(&(0x7f00000001c0)={0xe, 0x20401, 0x5fc, 0x10000006, 0xffffffff, 0x6}, 0x8000, 0x0, 0x6) (async)
set_tid_address$auto(0x0) (async)
syz_open_procfs$namespace(r0, &(0x7f0000000080)) (async)
move_pages$auto(r0, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) (async)
open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) (async)
execve$auto(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async)
close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async)
rseq$auto(&(0x7f0000000040)={0x8e4, 0x21, 0x100000000, 0x0, 0x1000, 0x7, "8f5d94d53d443dda2362b9e740ec23af"}, 0x7, 0x7f, 0x0) (async)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) (async)
readahead$auto(r1, 0x9, 0x7fffffffffffffff) (async)

6.355727941s ago: executing program 2 (id=328):
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/sctp/udp_port\x00', 0x202, 0x0)
sendfile$auto(r0, r0, 0x0, 0x7fffe000)
r1 = prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x10000, 0x2)
sendfile$auto(r1, r1, &(0x7f0000000340)=0x7, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x2, 0x3, 0x15f4da0a, 0x3, 0x3, 0x6, 0x80000001, 0x9, 0x1, 0x9, 0x3, 0xfffffffffffffffe]}, 0x0)
write$auto(r2, &(0x7f00000001c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Zs\xf05`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5\xf4`\f6\xb98\xa4\xd0\xec\xc85\x9d\xb2\x03o\xdbv\xcd2\xedPQk\"\x16\x86yP\xb5\xf8\x82\x15\xb2\xb1\xbaD\xc2\x96\xa3z\x1b?\xc4\xbb\xd1\x86\xe9\xbe\x95\x80\xc0\x13!\xb5\xaa\xa5\x00\xc6\xf1\f\xea\xca\xfd\xd5m8', 0x100000a3dd)
write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r3 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/dri/vkms/Writeback-1/edid_override\x00', 0x0, 0x0)
r4 = getpid()
socket(0x2, 0x1, 0x106)
openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0)
openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x503040, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x0, 0x1, 0x1, 0xfffffffffffffff8, 0x3, 0x15f4da07, 0x3, 0x3, 0x65, 0x8000001f, 0x1000, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0)
process_vm_readv$auto(r4, &(0x7f0000000000)={0x0, 0x1002}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0x401}, 0x6, 0x0)
ioctl$auto(r3, 0x40246f4c, 0x38)
syz_genetlink_get_family_id$auto_ovs_flow(0x0, 0xffffffffffffffff)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/midiC2D1\x00', 0x48040, 0x0)
mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)

5.456523093s ago: executing program 3 (id=329):
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
r1 = mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0)
mq_notify$auto(r1, &(0x7f0000000180)={@sival_ptr=0x0, @raw=0x1, 0x1, @_sigev_thread={0x0, 0x0}}) (async)
read$auto_proc_page_owner_operations_page_owner(r1, 0x0, 0x0) (async)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
semctl$auto(0x2400, 0x9, 0x13, 0x0) (async)
socket(0x2b, 0x1, 0x1)
ioctl$auto(0x3, 0x40a0ae49, r0)

5.303965252s ago: executing program 2 (id=330):
mmap$auto(0x0, 0x400008, 0xdf, 0x4000000000009b72, 0x2, 0x8000)
select$auto(0xd, 0x0, 0x0, &(0x7f0000000200)={[0x1fe, 0x7, 0x3, 0x8fd6, 0x3, 0x3, 0x15f4da0a, 0x3, 0x3, 0x7f, 0x30, 0x7440, 0xd0, 0xa, 0x8, 0xdffffffffffffffe]}, 0x0)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21)
unshare$auto(0x40000080)
socket(0xa, 0x5, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$nci(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r1 = setfsuid$auto(0x0)
setuid$auto(r1)
msgctl$auto_IPC_RMID(0x4, 0x0, &(0x7f0000000240)={{0x0, r1, 0xee00, 0x9, 0x5, 0x8, 0x5}, &(0x7f00000001c0)=0x8, 0x0, 0x1, 0xfff, 0x0, 0x7, 0xc, 0x4, 0x9, 0xf})
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
writev$auto(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x40}, 0x8)
write$auto(r0, 0x0, 0x100000a3d9)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0)
ioctl$auto(r2, 0x540a, 0x0)
close_range$auto(0x2, 0x8, 0x0)
msgrcv$auto(0x9, 0x0, 0xfffffffffffffffd, 0x6, 0x80008)
bpf$auto_BPF_MAP_DELETE_ELEM(0x3, &(0x7f0000000380)=@bpf_attr_4={0x200000002000, 0xffffffffffffffff, 0x3, r2}, 0x12000000)
mmap$auto(0x200000000000, 0x400008, 0x7ff, 0x9b72, r0, 0x3)
madvise$auto(0x0, 0x2003f0, 0x15)
mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000)
madvise$auto(0x2, 0x5c61fa2c, 0xf)
syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), r0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_OVS_FLOW_CMD_GET(r3, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40010}, 0x800)
r4 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0)
read$auto(r4, 0x0, 0xb4d3)

4.797939662s ago: executing program 3 (id=332):
unshare$auto(0x40000080)
mmap$auto(0x0, 0x20009, 0x4000000000db, 0x12, 0x400, 0x18002)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/midiC2D0\x00', 0x20a002, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
close_range$auto(0x2, 0x8, 0x0)
ioctl$auto(0x3, 0x5411, 0x38)
socket(0x10, 0x2, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd15/capability\x00', 0x129102, 0x0)
openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000bc0)='/dev/binderfs/binder0\x00', 0x102, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/graphics/fbcon/cursor_blink\x00', 0x0, 0x0)
write$auto(0x3, 0x0, 0x100082)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
migrate_pages$auto(0x0, 0x8, 0x0, &(0x7f00000001c0)=0x7b)
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x40440, 0x0)
ioctl$auto_SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f00000001c0))
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
openat$auto_safesetid_uid_file_fops_securityfs(0xffffffffffffff9c, 0x0, 0x40042, 0x0)
openat$auto_lowpan_control_fops_6lowpan(0xffffffffffffff9c, &(0x7f0000000000), 0x183441, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x8ab0c70c380d743d, 0x48)
lgetxattr$auto(&(0x7f0000000000)='./cgroup/file0\x00', &(0x7f0000000080)='\'^(,$\x00', &(0x7f00000000c0)="b4b0a28dfec73e42eadc8c4a5745d9cee7f51b809127a0c2038d2257014c051cbef76453ad549ea6b26997585e9b8b41b22bc35e297f28df9628a2ee63a29eca3def7ab2abe11885b067b35150cdcd1cb59d9dfcefdf5c252960494d8f1ef48fc73721e465a8f1766eb6a8c7fcb060f88a5fac1e90e18a76613b27000890862ba725eb944e7d036dcd7b85ca21348087de719ee78db7", 0x7433)
faccessat$auto(r1, &(0x7f0000000180)='./cgroup/file0\x00', 0x1)
openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/etherd/discover\x00', 0x2000, 0x0)

4.698815749s ago: executing program 0 (id=333):
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000005800), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000005800), 0xffffffffffffffff)
sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(r0, &(0x7f0000006940)={0x0, 0x0, &(0x7f0000006900)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000de", @ANYRES16=r1, @ANYBLOB="010029bd7000ffdbdf250300000007000200a0602900"], 0x1c}, 0x1, 0x0, 0x0, 0x20000041}, 0x800)
socket(0xa, 0x1, 0x100) (async)
socket(0xa, 0x1, 0x100)
ioperm$auto(0x7, 0x5ad2, 0x8)
modify_ldt$auto(0xc, 0x0, 0x100000000) (async)
modify_ldt$auto(0xc, 0x0, 0x100000000)
setsockopt$auto(0xffffffffffffffff, 0x2b, 0x43b696d3, 0x0, 0x56b) (async)
setsockopt$auto(0xffffffffffffffff, 0x2b, 0x43b696d3, 0x0, 0x56b)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0)
mmap$auto(0xffffffff, 0x3, 0x5, 0xeb1, 0x405, 0x8000)
openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x2, 0x0) (async)
openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8) (async)
write$auto(0x3, 0x0, 0xffd8)
unshare$auto(0x40000080)
open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130)
r2 = open(&(0x7f00000000c0)='./file0\x00', 0x40000, 0x31)
fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d)
mmap$auto(0x0, 0x1, 0xfd5, 0x12, r2, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x1e9e02, 0x61)
mincore$auto(0x1000, 0x8001, 0x0)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6)
fcntl$auto(0x8000000000000001, 0x26, 0x8)
ioctl$auto_SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x5001, 0xfffffffffffffffc)
socket(0x15, 0x5, 0x0) (async)
socket(0x15, 0x5, 0x0)
io_uring_setup$auto(0x3ff, 0x0)

4.041059482s ago: executing program 2 (id=335):
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14be02, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r1, 0x80000541b, 0x38)
r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000240), r1)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'veth0_to_bond\x00', <r3=>0x0})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'batadv_slave_0\x00', <r4=>0x0})
sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f00000003c0)={&(0x7f0000000100), 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x74, r2, 0x8, 0x70bd2c, 0x25dfdbfb, {}, [@ETHTOOL_A_PAUSE_HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5dfa}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xbc1}]}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x8}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x8}, @ETHTOOL_A_PAUSE_TX={0x5, 0x4, 0xf0}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000851}, 0x4008010)
fcntl$auto_F_OFD_SETLKW(r1, 0x26, 0x2)
r5 = syz_genetlink_get_family_id$auto_nfc(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$auto_NFC_CMD_GET_SE(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="040027bd7000fddbdf251a0000000800030003000000450100000000000085a5f73e3f168e406aca362e3165d38b4254f508000100a3070000ff00"], 0x34}, 0x1, 0x0, 0x0, 0x4040}, 0x8080)
getrandom$auto(&(0x7f0000000040)='/dev/sda\x00', 0x10, 0x1000)
r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000440), r1)
r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/blkio.bfq.time_recursive\x00', 0x40880, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r7, &(0x7f00000000c0)=""/255, 0xff)
msgctl$auto_IPC_SET(0x5, 0x1, &(0x7f0000000500)={{0x1, 0xffffffffffffffff, 0x0, 0x7312, 0x9, 0x1, 0x6}, &(0x7f0000000480), &(0x7f00000004c0)=0x7, 0x3, 0x7, 0xfffffffffffffff9, 0x5, 0x2, 0x3, 0x100, 0x0, @raw=0x8, @raw=0x6})
r8 = clone$auto(0x6db, 0x9, 0x0, 0x0, 0x6)
migrate_pages$auto(r8, 0x4, 0x0, &(0x7f0000000180)=0x2)
sendmsg$auto_NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000c40)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000c00)={&(0x7f0000000c80)={0x680, r6, 0x800, 0x70bd2a, 0x25dfdbfb, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x5}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x9}, @NL80211_ATTR_REG_RULES={0xe0, 0x22, 0x0, 0x1, [@typed={0x8, 0xaf, 0x0, 0x0, @pid=r8}, @generic="a0bd9f99a56695c21b283a3a938071a506adc94096123ca5a38136a737a851db6edd12d7506535a1b55efafd3e17c345ec39a14a08b326237280a3d7fbde17da516819a62202f92a673cdebdbfc77b0a210a8eb31c95647ad22e172a6e1d0f20baf1633bb57d7b0189c03c4758e88eea8a69a1eff007f42bf98b3ce3fbd4d574e335dce459e3c26637b0e3074618a6a90e9416b327072ddb38145e730cc70053f104512f9daa9c78ba80c09a364b9dc3b699b89b6b4695dc6ace000139ffc7d8cf0095924dfca2c50218bae7e22418527dff7537"]}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}, @NL80211_ATTR_WIPHY_FREQ_HINT={0x8, 0xc9, 0x3b}, @NL80211_ATTR_SAR_SPEC={0x568, 0x12c, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS={0x104, 0x2, 0x0, 0x1, [{0x2c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x6}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x5}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x4}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x80000000}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xc88}]}, {0x3c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x1}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x6f}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x3}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x5}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x8}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x2000000}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x62}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x4}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x6}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x286af337}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x2}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x7}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x1}]}, {0x44, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xfffffffb}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x89e2cfe}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x5b45}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x401}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x3}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x7fff}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xffffffff}]}]}, @NL80211_SAR_ATTR_SPECS={0xf0, 0x2, 0x0, 0x1, [{0x3c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x9}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x5}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x1f}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x3}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x9}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xc28}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xa09d}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x2}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x1}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x2}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x10b7}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x101}, @NL80211_SAR_ATTR_SPECS_POWER={0x8}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xffffff11}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x7}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x9}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x1}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x6}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x4}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xffffff97}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x3}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x8001}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x26}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xdfff}]}]}, @NL80211_SAR_ATTR_SPECS={0x10, 0x2, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x4}]}]}, @NL80211_SAR_ATTR_SPECS={0xa8, 0x2, 0x0, 0x1, [{0x44, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xd}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x1}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x2}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x8}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xde8}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xffffffff}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x2}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x297}]}, {0x54, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x4}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x10}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x2255}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x4}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x2}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x6c1}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x57}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x5}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xec24}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x2}]}]}, @NL80211_SAR_ATTR_TYPE={0x8, 0x1, 0x3}, @NL80211_SAR_ATTR_SPECS={0x44, 0x2, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x5}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xd}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x5}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x923608a}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x4}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xffffbfd2}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xd45}]}]}, @NL80211_SAR_ATTR_TYPE={0x8, 0x1, 0x2}, @NL80211_SAR_ATTR_SPECS={0x160, 0x2, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x1ff}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x6c}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xbb2}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x1}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x78}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x65f}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x4}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x975}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xe}]}, {0x3c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x81}, @NL80211_SAR_ATTR_SPECS_POWER={0x8}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x83}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x7}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x1}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x10001}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x10000}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x6}]}, {0x44, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x5}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xd58}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x2}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x6}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x3}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x5}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x7}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x5}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x9}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x200}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x4}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x6}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x4}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xde0a}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x5b52}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x1c}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x10000}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x7f}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x5}, @NL80211_SAR_ATTR_SPECS_POWER={0x8}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x8}]}]}, @NL80211_SAR_ATTR_SPECS={0x104, 0x2, 0x0, 0x1, [{0x3c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x2}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x8889}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x8}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x6}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x6}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x7}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x8}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x9}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x80000000}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x9}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xffff}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x6}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xffffffff}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x3}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x5}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x2}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x1ad4}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x7fff}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xfffffffc}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xcac1}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x4}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x8}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x1}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xc15d}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x8001}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x1}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x740}]}]}]}, @NL80211_ATTR_FREQ_FIXED={0x4}]}, 0x680}, 0x1, 0x0, 0x0, 0x2}, 0x800)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
madvise$auto(0x0, 0x2003f1, 0x15)

3.497847117s ago: executing program 1 (id=336):
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/neigh/veth0_to_bond/delay_first_probe_time\x00', 0x8a042, 0x0)
sendfile$auto(r0, r0, 0x0, 0x40045)
mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/reboot/cpu\x00', 0x1a1842, 0x0)
mmap$auto(0x0, 0xfff, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x20009, 0xe3, 0x200100000eb1, 0xffffffffffffffff, 0x8000)
fanotify_mark$auto(0xffffffffffffffff, 0x209, 0xa, 0xffffffffffffffff, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
socket(0x2, 0x5, 0x0)
connect$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55)
connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x0, @rand_addr=0x64010101}, 0x55)
sendto$auto(0x3, 0x0, 0x2000f, 0x13f, &(0x7f0000000000)=@in={0x2, 0x4e22, @loopback}, 0x1c)
setresuid$auto(0x0, 0x7, 0x8080)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x40304}, 0x3)
remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x200, 0x0)
openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000000c0), 0x460a41, 0x0)
r3 = openat$auto_fops_u32_(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/netdevsim/netdevsim5/ports/2/ethtool/ring/rx_jumbo_max_pending\x00', 0x800, 0x0)
bpf$auto_BPF_TOKEN_CREATE(0x24, &(0x7f0000000240)=@link_update={r0, @new_map_fd=r3, 0x9, @old_map_fd=r1}, 0x1)
bpf$auto(0x14, &(0x7f00000000c0)=@enable_stats={0x1}, 0x7)
ioctl$auto_TCFLSH2(r2, 0x540b, 0x0)

3.361614976s ago: executing program 2 (id=337):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async, rerun: 32)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/serial8250/uevent\x00', 0x0, 0x0) (rerun: 32)
read$auto(r0, 0x0, 0x20) (async)
r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x12000, 0x0)
ioctl$auto_UI_DEV_CREATE(r1, 0x5501, 0x0) (async)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.7/usb8/ep_00/interval\x00', 0x80000, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000001680)=""/59, 0x3b)

3.308050455s ago: executing program 3 (id=338):
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0)
socket(0xa, 0x5, 0x0)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_proc_setgroups_operations_base(0xffffffffffffff9c, 0x0, 0x183200, 0x0)
sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r1, 0x0, 0x810)
sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="24051c27c100dedbdf250307cc0008000200", @ANYRES32=0x0, @ANYBLOB="060007000080000006000700050000000a00050000000000000000000a00010000000000000000000a0001000000000000000000060006000d00000006"], 0x6c}}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4044040}, 0x24008890)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x3, 0x100)
r2 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
read$auto(r0, 0x0, 0x20)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
accept4$auto(0xffffffffffffffff, 0x0, &(0x7f0000000180)=0xcd68, 0x1)
r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x400000, 0x0)
ioctl$auto_SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000100))
getsockopt$auto_SO_PEERSEC(r2, 0x1, 0x1f, &(0x7f0000000100)='&+\x00', &(0x7f00000001c0)=0xfffffffe)
unshare$auto(0x40000080)

2.960257802s ago: executing program 2 (id=339):
write$auto_tty_fops_tty_io(0xffffffffffffffff, &(0x7f0000000200)="352c8efa610c0bcf83a4ebdb040000000000000021cb244b19a48bb5e0d12df9735b745b9554dfb0ad77a37be296ebe6f598901d632a206d9bb0", 0x3a)
ioctl$auto(0xffffffffffffffff, 0x8912, 0x38)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000)
ustat$auto(0x801, 0x0)
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
madvise$auto(0x0, 0x2003f0, 0x15)
mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0xff1, 0x8000)
keyctl$auto(0x4, 0xffffffffffffffff, 0x363, 0xa, 0x8000000000000007)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/notify_on_release\x00', 0x121281, 0x0)
write$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000200)='5', 0x1)
bpf$auto(0x5, 0x0, 0x102)
getpid()
r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0)
bpf$auto_BPF_PROG_ATTACH(0x8, &(0x7f0000000240)=@query={@target_fd, 0x6, 0xfffffffd, 0x0, 0x5, @prog_cnt=0x4, 0x0, 0x7, 0x7, 0x0, 0x7}, 0x65be)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/graphics/fbcon/cursor_blink\x00', 0xa001, 0x0)
write$auto(r3, &(0x7f0000000140)='7\x81=\"\xad\xff\x8d\xf9P\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb&\xe8\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0xd4d0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0xfffffffffffefffd, 0x17)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x4002, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0xa, 0x6, 0xf, 0x29f, 0x103, 0x7f, 0x101, 0x6, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
madvise$auto(0x0, 0x400053, 0x9)
read$auto(r2, 0x0, 0xb4d3)

2.761705934s ago: executing program 3 (id=340):
r0 = open(&(0x7f0000000100)='.\x00', 0x595002, 0x408)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
write$auto(r0, 0x0, 0xfffffdf1)
linkat$auto(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000)
r1 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x800, 0x0)
ioctl$auto(r1, 0x90006441, 0xc35)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x2, 0x4, 0x81fe, 0x2, 0x8, 0xc, 0xe3, 0x4000000002, 0x2000000003}, 0x6f4)
close_range$auto(0x2, 0x8, 0x0)
socket(0x15, 0x5, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/ksm/run\x00', 0x88b02, 0x0)
socket(0x21, 0x6, 0xd08)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x100000000)
r3 = socket(0x2a, 0x2, 0x1)
connect$auto(r3, 0x0, 0x55)
r4 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, 0x0, 0x48402, 0x0)
read$auto(r4, 0x0, 0x1f40)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
r5 = waitid$auto_P_PIDFD(0x3, r2, &(0x7f0000000140)={@_si_pad}, 0x4, &(0x7f00000001c0)={{0x80000000, 0xe}, {0x6, 0x10000}, 0x8, 0x1, 0x4, 0x604448df, 0x5, 0x2, 0x60000000000, 0x7, 0x3, 0xcb7, 0x7, 0xfffffffffffff7ee, 0x800, 0x3})
getpgrp(r5)

2.428620941s ago: executing program 1 (id=341):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0)
ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0)
r1 = waitid$auto_P_PGID(0x2, 0xffffffffffffffff, &(0x7f0000000340)={@siginfo_0_0={0x1ff, 0x2, 0x8000, @_sigsys={&(0x7f0000000240)="b089237097b88e40064c533331bb0ef0f3871bb6271d7c7ebbe31d346d27fcd831cda35f211ad5adaa038e646c925d67cb31086631f969ce129b0382463779415e39b70fdf797cdb0eca20afbf1e054a9d1bf9b9fa44a34ce03f43ec9f1a78f74d9ccfca985bd58f840a", 0x9, 0xfffffffc}}}, 0x3ff, &(0x7f00000003c0)={{0x3, 0x6}, {0x6, 0x10000}, 0xc4, 0x5, 0x7f, 0xffffffffffffffff, 0x9, 0x5, 0x3ff, 0x6, 0x8, 0x978, 0x8, 0x6, 0x1, 0x819b})
kcmp$auto_KCMP_FILE(r1, 0xffffffffffffffff, 0x0, r0, 0xffffffffffffffff)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xffffffffffffffff, 0x2)
socket(0x15, 0x5, 0x0)
r2 = epoll_create$auto(0x12b8)
epoll_ctl$auto(r2, 0x1, 0x8000000000000000, 0x0)
keyctl$auto(0x4, 0xfffffffe, 0xffffffffffffffff, 0xffffffffffffffff, 0x8000000e)
ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x20800, 0x0)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
unshare$auto(0x40000080)
openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, 0x0, 0x101500, 0x0)
r3 = bpf$auto(0x12, &(0x7f0000000040)=@link_detach, 0x26)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/midiC2D0\x00', 0xc0982, 0x0)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001180)='/sys/devices/virtual/block/zram0/compact\x00', 0x20001, 0x0)
write$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000000), 0x0)
r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0)
sendfile$auto(0xffffffffffffffff, r5, 0x0, 0x1)
listen$auto(r3, 0x806a)

2.228655369s ago: executing program 0 (id=342):
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8003)
socket(0xb, 0x5, 0xb)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x20343, 0x0)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000000))
mmap$auto(0xfffffffffffffffd, 0x4000020809, 0x78, 0xeb8, 0x401, 0x0)
ioctl$auto_FIOQSIZE(0xffffffffffffffff, 0x5460, 0x8000000000000ec)
ioperm$auto(0x7, 0x5ad2, 0x8)
modify_ldt$auto(0xc, 0x0, 0x100000000)
mmap$auto(0xffffffff, 0x3, 0x5, 0xeb1, 0x405, 0x8000)
r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x0, 0x0)
unshare$auto(0x40000080)
rseq$auto(&(0x7f0000000300)={0x12, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6)
process_mrelease$auto(0xffffffffffffffff, 0x7)
socket(0x1a, 0x1, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/fs/cifs/smbd_send_credit_target\x00', 0x141001, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000)
semget$auto(0x0, 0x13c, 0x1ff)
r3 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000001f00), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYRES8=r2], 0x2c}, 0x1, 0x0, 0x0, 0x840}, 0x40d0)
semtimedop$auto(0x1, &(0x7f0000000000)={0x9, 0x8000, 0x36ec}, 0x1, 0x0)
semctl$auto(0x0, 0x9, 0x0, 0x2)
mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0)
chdir$auto(&(0x7f0000000200)='}[,&*}/file0\x00')
mount$auto(0x0, &(0x7f00000001c0)='.\x00', 0x0, 0x100000, 0x0)
clone$auto(0x10fffffffe22000, 0x2, 0xfffffffffffffffc, 0xfffffffffffffffc, 0xe45e)
pivot_root$auto(&(0x7f0000000100)='..\x00', &(0x7f0000000340)='.\x00z\x86E\xb8\xf1\xcbx\xf6cu<\x0e\xd8\xa5\xcd~\xaf\x80\xd3\xf4\xe5\x02\xf9q p\xe2\x8b\xc0\xedf\xba\x16*\x8ar\xa0\'$A\xe5\xc5\x89\xcb\xd5\xac\x98,\xd4Pycv\xdd\xa1\x84\xfb\xe9\r\x82\x15P*IM\xf7.\xf3v\x85Q\xbc:\xef\xd5\x1a\x9e\xbck\x1d\x114^\x1b\x02\xa1\xb0(\xa2\xdb\xbc\x1a\t\x94\x14\xbb\xc8\xfa\x18I\xff\x7f\xab\xf0\x8f\xd3Gr\xfb5\xf1,\x11\x052u&\xde\x9aF\n\xf0\x06\xfc\x1b\x17\x82%\x14\xb3\x19\x13\f\xbe_\xfdi\x17\xfcv\x82*\xbf<\xfa5\xfd\x8b\x1d\x99\a`\xde\xf4\x8a,\tP) \xf4\xdc\r\x17x\xc6\x18Y\xeaaUY\xeb\xd2\x81\xbare\x00\x8e\xfdA\x93\xb9\xac\xf1\x0eq\x85\xd9\x90\x8a%K\x95\x8fm\v\x98y\x9bc-\xa7;\x117\x19)\x04\xb4\nJ\x0e\x1b\x97e\xee\xdb\xc3\xca\xfe\xa7y\x12\xff\xce')
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x45, 0x0)

2.20327008s ago: executing program 3 (id=343):
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup/pids.peak\x00', 0x8000, 0x0)
write$auto(0xffffffffffffffff, 0x0, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000e3d9)
mmap$auto(0x9, 0x9644, 0x1ff, 0x13, 0x2, 0x3)
r1 = open(0x0, 0x7ffd, 0x12)
kexec_load$auto(0x9, 0x0, 0x0, 0x1003e0000)
mmap$auto(0x0, 0x2020006, 0x7, 0xf8, 0xfffffffffffffffa, 0x7fff)
madvise$auto(0xfffffffffffffffc, 0x7, 0x80000001)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6@d \xce\xcfx\x8d\t\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1Z\x04\x00\x00\x00\x00\x00\x00\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0x411)
mmap$auto(0x0, 0x2020009, 0x3, 0x10, 0xfffffffffffffffa, 0x8000)
r2 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
r3 = getpid()
process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0x1002}, 0x67a, &(0x7f0000000280)={&(0x7f00000001c0)="9dda8100", 0x8000}, 0x6, 0x0)
ioctl$auto(r2, 0x40246f4c, 0x38)
mmap$auto(0x7f, 0x82020009, 0x3, 0xeb1, 0xffffffffffffffff, 0xfff)
connect$auto(0xffffffffffffffff, 0x0, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_macsec(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$auto_MACSEC_CMD_DEL_RXSA(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={0x2c, r5, 0x501, 0x70bd2b, 0x25dfdbff, {}, [@MACSEC_ATTR_SA_CONFIG={0xc, 0x3, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @ipv4=@local}]}, @MACSEC_ATTR_IFINDEX={0x8}, @MACSEC_ATTR_RXSC_CONFIG={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x80)
unshare$auto(0x40000080)
r6 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000100), 0x80840, 0x0)
lseek$auto(r6, 0x0, 0x2)
r7 = open$dir(&(0x7f0000000040)='./file0\x00', 0x20000, 0x82)
io_uring_register$auto_IORING_REGISTER_BUFFERS_UPDATE(r7, 0x10, &(0x7f0000000180)="31cad0426efcf3d650035f5e074632d1f382cfd1d9aa4689d842d41826daa77b2d562b1e009e828f0f90f7d4933f8c4cc4", 0x7)
readv$auto(r1, &(0x7f0000000200)={0x0, 0x5b54}, 0x6)
mkdir$auto(0x0, 0x8001)
mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0)
mount$auto(0x0, &(0x7f0000000000)='}[,&*}\x00', 0x0, 0x3378, 0x0)

1.512140509s ago: executing program 0 (id=344):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
r0 = pipe$auto(0x0)
read$auto_console_fops_tty_io(r0, &(0x7f0000000040)=""/248, 0xf8)
connect$auto(0x3, 0x0, 0x55)
setsockopt$auto(0x3, 0x1, 0x35, 0x0, 0x9)
writev$auto(0x3, 0x0, 0x8009)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000140), r1)
mmap$auto(0x0, 0x4, 0xfffffffffffffc01, 0x40eb2, 0x4, 0x300000000002)
mmap$auto(0x3, 0x402000b, 0x2000006, 0xeb1, 0x401, 0xfff)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000)
r2 = socket(0xa, 0x3, 0x3b)
getsockopt$auto(r2, 0x29, 0x6, 0x0, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$auto_IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f0000007ac0)={0x0, 0x0, &(0x7f0000007a80)={&(0x7f0000004240)={0x18, r3, 0x1afd1dc61447ea27, 0x70bd2c, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/kallsyms\x00', 0x0, 0x0)
r5 = gettid()
rt_sigqueueinfo$auto(r5, 0x1, 0x0)
prctl$auto(0xc, 0x10001, r5, 0x1, 0x10)
io_uring_setup$auto(0x1, 0x0)
r6 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82400, 0x0)
ioctl$auto_SG_SCSI_RESET(r6, 0x2284, 0x0)
pread64$auto(r4, 0x0, 0x8, 0x8000)

1.273689455s ago: executing program 1 (id=345):
socket(0x1d, 0x2, 0x6)
r0 = socket(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r1=>0x0})
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
landlock_create_ruleset$auto(&(0x7f0000000000)={0xdaa1, 0x0, 0xfffffffffffffffd}, 0x8, 0x0)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
setsockopt$auto(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x4)
bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r1, 0xfd}, 0x6a)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
membarrier$auto(0x4, 0x81, 0x4)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/007/001\x00', 0x202040, 0x0)
socket(0x2, 0x1, 0x106)
openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0xffffffffffffffff, 0x15f4da07, 0x3, 0x3, 0x65, 0x8000001f, 0x1000, 0x6d3e, 0x9, 0x2, 0x3]}, 0x0)
bpf$auto(0x4, &(0x7f0000000080)=@info={r2, 0x3}, 0x40)
write$auto(0x3, 0x0, 0xfffffdef)

1.032499094s ago: executing program 1 (id=346):
shmctl$auto_IPC_SET(0x6, 0x1, &(0x7f0000000200)={{0x1, <r0=>0x0, <r1=>0xffffffffffffffff, 0x7, 0x2, 0x9, 0x7}, 0x12, 0x7, 0xffffffffffffffff, 0x0, @raw=0x8d0d, @raw=0x7, 0x3, 0x0, &(0x7f0000000000)="60cbf5d64ac4491e225472757c7196c49f9b47bbe8ea27f8992ab06d443438b966b145d600854195a1f22c127a14947f1bb2c21a956edbfad596f2bb41350553226e9dec81dbf91bcfed4c3fb12d4e979eb23d850a3ecb6a5b9d33b36a0e97ca78dd8c782452c0499d68d09245a70682d9b54bb9070059d2c85dc943d6771bdf91687b9537efe9c82f1866928c3a9f97a7c0e6b134201fc5f50671159d20071ac87691ab53a3bc74e900f0f8672ded38dbcdedbc5d9a1157ad562824044d98b6e2ff4daed4eee950b3afcaa2f50614b3e2d7a410180537", &(0x7f0000000100)="7a9838b5faf9344c8e6d69c8a35462b9df7feb96cae86af933f9d083954bd6e966a4f8ea5826ce7e0165ea7e5a15b519b8c9aca46ab8994271a9303bb5a6a4894adfa1352f8b6aec83eda9f8d211ee156b7c4b5d3796498237c22424a03b6b8ed0ea5a739a15e437a2836a4c23210710299f9946faf2c8d9ca05d7f8e663f92d5bc7d56ccb2b580fdc58bd90e39fb94e9f7a66ea41f63df523052d240ba293a3b2021d9ab634c69dbb6785a71964ad88f50ab3d1cce6e4315dbaf3f761eec7948c7added26eebbec7dbd470dfa8f82a4"})
keyctl$auto(0x9, r0, 0x0, 0x0, 0xe8)
r2 = getpgid(0x0)
move_pages$auto(r2, 0x8, &(0x7f0000000300)=&(0x7f0000000280)="adbfe7e89ca3a3256c6665c7dcd9f9d29614373003fe8bca41797dd263e9cb12cf894161d57e9ad20e5e2dff1bbb8cdf3cd75409d16cc33a9da8b0f56ddf4d57d649849f31b29f6d746bc05736122f0c116929bca11b34f5cf5389c6b8ac82b3df25a2", &(0x7f0000000340)=0xa9, &(0x7f0000000380)=0x93bf, 0x4)
r3 = openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/kernel/debug/tracing/current_tracer\x00', 0x24000, 0x0)
r4 = getsockopt$auto(r3, 0x7ff, 0x9, &(0x7f0000000400)='\x00', &(0x7f0000000440)=0x5)
write$auto(r4, &(0x7f0000000480)='\x00', 0x5)
write$auto_console_fops_tty_io(r4, &(0x7f00000004c0)="35507860d5fdf4821339447ab04ce9d6200952ce493bcff17dbdb4e0cb2c0b3bbe8d6d2903c785d965ea1fd7d00292", 0x2f)
r5 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000540), r4)
sendmsg$auto_NL802154_CMD_SET_CHANNEL(r4, &(0x7f0000000640)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x54, r5, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [@NL802154_ATTR_SCAN_DURATION={0x5, 0x24, 0x4}, @NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5, 0x12, 0x6f}, @NL802154_ATTR_BEACON_INTERVAL={0x5, 0x26, 0x5}, @NL802154_ATTR_WPAN_PHY_CAPS={0xc, 0x18, 0x0, 0x1, [@typed={0x8, 0x3e, 0x0, 0x0, @fd=r3}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x5}, @NL802154_ATTR_CCA_OPT={0x8, 0xd, 0x1ff}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0x5}]}, 0x54}, 0x1, 0x0, 0x0, 0x18040}, 0x20000004)
prlimit64$auto(r2, 0x1, &(0x7f0000000680)={0xfffffffffffffffa, 0x40}, &(0x7f00000006c0)={0x7})
madvise$auto(0x4, 0x7fff, 0xff)
r6 = open(&(0x7f0000000700)='./file0\x00', 0x20000, 0x101)
fstat$auto(r3, &(0x7f0000000740)={0x6, 0x4, 0x1, 0xdc33, r0, r1, 0x0, 0x8, 0x6, 0x7, 0x8, 0x6, 0x3c5f, 0x4, 0x7, 0x588000000000})
fcntl$auto_F_CREATED_QUERY(r6, 0x404, 0x1)
execve$auto(&(0x7f0000000800)='./file0\x00', &(0x7f0000000880)=&(0x7f0000000840)='])&\x00', &(0x7f0000000900)=&(0x7f00000008c0)='nl802154\x00')
io_uring_register$auto_IORING_UNREGISTER_PERSONALITY(r4, 0xa, &(0x7f0000000940)="5aed93d410930bced075314eae05eb80e95459725f993cd646ab57b06cc5170a795e089e7656ac1444b75bad0304b5db02d22b089e68bd11ee62ab178e1977974155c685997ecd8c24a740941cff20d4a62a99a75d1a84a07fcacc2c7ef0302e06a3ea33e00c8f6927a877d49d9d2c335246ed3ffc71e8e0c1b235b807a7549af59c4c67747a5ea7d7652d", 0x6)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto_TIOCMBIC(r4, 0x5417, &(0x7f0000000a00)="06")
r8 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000a80), r4)
sendmsg$auto_NL80211_CMD_GET_REG(r7, &(0x7f0000001140)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001100)={&(0x7f0000000ac0)={0x614, r8, 0x100, 0x70bd27, 0x9, {}, [@NL80211_ATTR_IE={0x5fe, 0x2a, "ad6a2aaef871e59e137af1b2147b1de1e910d34b7c48f3156d84d1a8eb5e0165fc6b29709239b348401b36b12ffcac7009be44a0cb9dc3c7727991d348e56e4b1daa4f6b64961cb5e13044dccc21d52da65cde5df5e2778ad0d393a58c7f517575378c8761531cb3e3ab57676db47d4179c2b66bfae8ddf5967c4cad05d43cfe158ba719f2e6b125cc4dc631b9e04cd5cf9ba60de6f118c5b9f0efaa3cc7aa55897892c26fb79a966c6101d8c89f25c149832bc78b334590346ffd2cf26fca50ae8469b588658bef32d0a904516927911949f17901d7fb00500a49bd7c757e03685e0e2d6b13980d083a42c63c1a372d47c996c2436ac90064498295297be00e3edbcd6e73c7dd5c592a75ac87f35b9acad2fcde3793afa0e39c50d69ed037f63ffb2d745bf207f139672bdedf151d8af0a1ad63c862bdc0c38deba13411d69db7a6558af8028569e70239dcd59f0c0011e183e9810016fdb8cc8e31455a9b5c04946584ec9d8a1cedfefbb8c5803a28ed8204f4fffc2e4caf6eb36d1bf90f6ad44dd24a76c8b95227e52a529985bd915788eb4155c92d5d7d7db98c48c459aade6d11fdb9fa36cf2066f4f46017ca7c809216fb8080a5fd4283ef1b4f5fe07b88cf1daa941858edd1c88cfd4dc716f4e955e1833928e456bb5f4e9934806fcb7b4c29fe086affa47825a7e6e9b0c8c4f1a75a80164bd54a43c042e91ad70fd479af3d1121eb412e2e7d78b55e9e242291659306b95d86db97e12cfdd288faebe55130738fcdec887e228315f58492a6353e51d0e331e3f91f93b1494bea3cd1968e813417d1802ba45ee30edb012d807f7b01a1b11c65784ac5206651dbbeba6a3c8f7c5a679f2977aa7fa3ad623b846cd8dfe2cde0b3f8a1bfa6e717c6e5379317f2972eb2456e67e51fe36ac769192919ed9ee839902ccbb8b8723708d1db3ca7f44fd8717f0f8dc25a86ad1df20007bcca07df308506a3b40c8074b28c3fb30c19784f9c3389a899eb5dd0cda1593d3e3a1893720eee691e7691d18ac52b7f916ed46aeb4db1a38190087981563f66215a10ef212fb89568cfe3ae9305513c836ac938b1e241ac44990a8840985858a576c945677b759e2baa6a2428efd2a6fb1a1c6b454cb9ab41e57e66f9191334d7ca314a8bcd3d93c7e0008b7488fa04446bbce37c3fec346159ed638218849a2d51c49ee0d2e47427f30d8abb0f6c5b4dea74688e79bea2c072a85aad75898d671ac7100a0882c6c8801d73e4597a7f9a4c3bd4d5d1ec5fcc9d85fc3551d5d8417abaf9eb7208fb538753f4416521bf7ea3e6a16da3782f05958e124408e3bcbf907650ee6e38db1bf39fe1497af7946c41b7a4694c72049e6dd101aeda7ac1b80119757de8e2f85c070656df3875a71089b0e14dc535d3947010178e1b1db46bd3c39e9748cb2f5d0dd8cdd32c35ac771e130a26f1501f895c30fb791085e3537eea4adeae24c49b60e96a68bb2028754f0be19d544d3e2a29f7323a1dd927887e5344509b0718fada1afed5c494605ed5d29c4a2f46623baecab0533879a15fc48208b8c782ad764a74c473569133d73e72b0df0f0161ecdc52acaedda1d1ef54a3d2ef6911a0cfbd443055985bdabddaaa94fd9386a54ade75a2058a8eb9d16a2f6db8cef07f1115e8703807e8645a75928c7a161767df62625422c1e59cc120550206e6ee3d506be76ad0fe73204c3cebddf018e6e25abfa0011ccde6cf744f0f975762ed31ab858498e6e66e91b44f2fcbbaeb50c8173f72cec0f9618e94af71ea717991ee8c06a718e96957c5a9bbab341ea6d58d89e4bbf6bfd333f1777ffd448f2c94052b09d1e388b9c492fdcccd877d6757bdb0f930b60bc1f95f628de37def8cbe6bb4bcfa82f7669c6b955de83f92023f89a802549b55152ab6ba6ec5f4cc03c4ae321f5d5db6a575fd0c29fc33eaf973c74681d2b55dccae37aaa184d92b55ae2c0c57007b9b80849cec0cbfe81ea91552854e233d4a69cc33a4ef2536623a274e854a6ae92bff8fd2248e4eacaca40351d9fe796b89bca115b51f13735f5e8b3e5aecec1d648e1d32873589e47bc589aeb0f8c694e05a8bda3b134df6e572deaf637832845a974d811cb023e46944c2bacf3182bae9bcbeaf0c6e491b3dc3e7a34f"}]}, 0x614}, 0x1, 0x0, 0x0, 0x4800}, 0x40c00)
write$auto_hwsim_simulate_radar_(r4, &(0x7f0000001180)="037b7c9416424b706060b4c5b74f0fef806909e9136e3042256052dbc5d4889d151a083e58fc80875e319d9781d027c78ac2a2d4ce79ebe51d224d0b631ad76e3b88c97bf773dbe20fbe0f272feb3a707ef42487b582222e7993d95503893a9874a70d1a4050108426c10f2c9f4cf902dfca2b08778c6f65a89d62fd4ffbbd22a4a1ee97a79606732f527a9b4ec3edc21bf0795428cff38360c0781aad989afb05600d862b08794d8c65586cf4281c2c3b3449b5e5a84a8a6c18298ed91a", 0xbe)
r9 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000001240), 0x610800, 0x0)
r10 = ioctl$auto_TUNSETGROUP(r9, 0x400454ce, &(0x7f0000001280)=0x10000)
r11 = openat$auto_fops_atomic_t_(0xffffffffffffff9c, &(0x7f00000012c0)='/sys/kernel/debug/fail_futex/space\x00', 0x200202, 0x0)
close_range$auto(r11, r3, 0x7ff)
write$auto_fops_u64_(r4, &(0x7f0000001300)="510ffeb95afde0aa", 0x8)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000001340)='/dev/dmmidi2\x00', 0x40, 0x0)
sendmsg$auto_NL80211_CMD_SET_MAC_ACL(r10, &(0x7f0000001440)={&(0x7f0000001380)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001400)={&(0x7f00000013c0)={0x34, r8, 0x4, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0x3}, @NL80211_ATTR_EPCS={0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x3}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x4040090)
mknod$auto(&(0x7f0000001480)='./file0\x00', 0x9, 0x3)

825.189996ms ago: executing program 3 (id=347):
unshare$auto(0x40000080)
r0 = socket(0x2, 0x1, 0x0)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000)
write$auto(r0, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x7f)

742.880246ms ago: executing program 1 (id=348):
r0 = openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/trace\x00', 0x600, 0x0)
lseek$auto(0x3, 0x0, 0x5)
socket$nl_generic(0x10, 0x3, 0x10)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
madvise$auto(0x6, 0x80, 0x1)
pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfdf1, 0x3)
r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2a241, 0x0)
signalfd$auto(r1, &(0x7f0000000040)={0x6}, 0xfffffffffffffff8)
ioctl$auto_SG_GET_NUM_WAITING(r1, 0x227d, &(0x7f00000001c0)="4380cc2af606431245be856412ec3ae7cc44689ad864dd427a45749e43e47c5f26e44ba56400bb54b44e29a4ed871a840cece2279494d3fa14f77200"/71)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(r0, r0, 0x541)
socket(0x2, 0x801, 0x106)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = io_uring_setup$auto(0x6, 0x0)
r3 = socket(0x10, 0x80002, 0x80)
close_range$auto(0x2, 0x8000, 0x0)
io_uring_setup$auto(0x6, 0x0)
timerfd_create$auto(0x0, 0x0)
timerfd_settime$auto(r3, 0x3, 0x0, 0x0)
adjtimex$auto(&(0x7f0000000000)={0x1ff, 0x0, 0xff, 0x7, 0x35fa, 0x0, 0x10, 0x0, 0x3, 0xbf, 0x1f6a, {0xffffffffffffffff, 0x3}, 0x9, 0x1, 0x2, 0x41, 0x0, 0x7, 0x545, 0x1, 0x0, 0x8})
ioctl$auto(0x3, 0x40085400, 0x38)
unshare$auto(0x20000080)
r4 = socket(0x23, 0x80805, 0x0)
poll$auto(&(0x7f0000000040)={<r5=>r4, 0x7, 0x8}, 0x80, 0x400400)
openat$auto_event_trigger_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/tracing/events/vmalloc/free_vmap_area_noflush/trigger\x00', 0x208c1, 0x0)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7114}, 0x100008)
setsockopt$auto(r5, 0x113, 0x1, 0x0, 0x81)
ioctl$auto_XFS_IOC_EXCHANGE_RANGE(r2, 0x40285881, &(0x7f0000000000)={<r6=>r0, 0x0, 0x1, 0x6, 0x4, 0x57})
ioctl$auto_FS_IOC_SETVERSION(r6, 0x40087602, &(0x7f0000000180)=0x7)

556.221658ms ago: executing program 1 (id=349):
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
mmap$auto(0x0, 0xfb1, 0xffffffff, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
memfd_create$auto(0x0, 0x7)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xfb1, 0xffffffff, 0x9b72, 0x2, 0x8000)
prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0xffffffffffffffff, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/amidi2\x00', 0x8080, 0x0)
mmap$auto(0x0, 0x400008, 0x6, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, 0x0, 0x900, 0x0)
ioctl$auto_CEC_DQEVENT(r0, 0xc0506107, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x6, 0x1, 0x948b, 0x3, 0xa, 0x572f14dc, 0x80000000, 0x80000000, 0x0, 0xb, 0x6d3c, 0x7, 0x2, 0x104af46a]}, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0x2e, 0x0, 0x0, &(0x7f00000002c0)={[0x1fe, 0x3, 0xd, 0x1, 0x948b, 0x3ff, 0x15f49a0a, 0x41000000003, 0x9, 0x62, 0x8000101b, 0x7, 0x6d3e, 0x9, 0x2, 0x200]}, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
rseq$auto(0x0, 0xfffffff5, 0x0, 0x5)
timer_settime$auto(0x6, 0x9, 0x0, &(0x7f0000000100)={{0x5, 0xf}, {0x101, 0x6}})
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)

506.27863ms ago: executing program 0 (id=350):
mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0)
mmap$auto(0x0, 0x1, 0x3, 0x17e, r0, 0x1000000000008000)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0)
ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0)
r2 = waitid$auto_P_PGID(0x2, 0xffffffffffffffff, &(0x7f0000000340)={@_si_pad}, 0x3ff, &(0x7f00000003c0)={{0x5, 0x8}, {0x9, 0xfffe}, 0xc4, 0x4, 0x7f, 0xffffffffffffffff, 0x9, 0x9, 0x3ff, 0x6, 0x4, 0x100, 0x8, 0x6, 0x1, 0x819b})
r3 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x10a)
r4 = open_by_handle_at$auto(r3, &(0x7f0000000040)={0x8, 0xb, "0600000200000000"}, 0xc)
kcmp$auto_KCMP_FILE(r2, 0xffffffffffffffff, 0x0, r1, r0)
keyctl$auto(0x4, 0xfffffffe, 0xffffffffffffffff, 0xffffffffffffffff, 0x8000000e)
lseek$auto(0x3, 0x7fffffffffffffff, 0x1)
ioctl$auto_BLKFLSBUF(r4, 0x1261, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x20800, 0x0)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
unshare$auto(0x40000080)
openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, 0x0, 0x101500, 0x0)
statmount$auto(0x0, &(0x7f0000000040)={0x0, 0x2, 0x5ae, 0x5, 0x7, 0x6, 0x10000, 0x1, 0xa, 0x8, 0x6, 0x9, 0x5, 0x4, 0x1ff, 0x2, 0x8, 0x10000, 0xb9, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x44a2, 0x0, 0x0, 0x0, 0x0, 0x5ffffffffffffffc, 0x0, 0x7f12]}, 0x6, 0x1000000)
bpf$auto(0x16, &(0x7f0000000040)=@test={r4, 0x7, 0x1ff, 0x9, 0x7, 0x1, 0x8, 0x8001, 0xda12, 0x80000001, 0x0, 0xfffffffffffffff1, 0x3, 0x20000, 0x3}, 0x26)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/midiC2D2\x00', 0x80980, 0x0)
r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001180)='/sys/devices/virtual/block/zram0/compact\x00', 0x20001, 0x0)
write$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000000)="b2", 0x1)
r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0)
sendfile$auto(r0, r6, 0x0, 0x1)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r7 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x6, 0x8, 0x19)
dup$auto(r7)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)

0s ago: executing program 2 (id=351):
unshare$auto(0x40000080)
ioctl$auto_VHOST_SET_VRING_CALL2(0xffffffffffffffff, 0x4008af21, &(0x7f0000000080)={0x4000000, <r0=>0xffffffffffffffff})
mmap$auto(0x8000000, 0x20009, 0x7, 0xeb1, r0, 0x10008000)
r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
write$auto_console_fops_tty_io(r1, &(0x7f0000001bc0)="51426572911c17e9dd66bf94ea32689283bb895dbc0a97721ed6e250c974356905898b7d48acecddf280cf6dd4ba18c1aa3928071c6585025ceab0e2f34f37ddec138ea587fc4def825608b0ab2a6ecac42062bd3c58ba606307b7471b20a40ffa168b91dde6727571c4ec94bfbde1df90ccb265ffda374c98ffb1ee22069af38a3f200532dbbe5e98f4455170e9a137517b9b7b8840359940ab00f37125c2bec0ac36606b6c69edb35967d723fb81a15faea2bd280d1581ad1ef597bb4dc09f6a5d53aaff1877b77c4e425761dc09d34498c1fce72c0ba1041a99b8748a37597b9567cda1de2cbf6962798e5ee11bf7cb2c70a9502f33c43b8e5dc54de743a2e24cb94c22d669b434888a7ce4cb16cd77b324258e07af32adc0cb38f8c622085783f6804edc3913fb9e98c55713fa0bf8101ad0f6f43407ce4be0001d1bb201bec283ade79ab23484c1076e703864629ac9a6031533dc956f705f89f0e0ef7d3109e46859d1f2ad1b8cb3cfcedf868a3be101e8b9acd75e39e6a27a541aa9fe86ad3119b7049c3fad2a901222eb948cabb4b5c3e5ba6ffc02a15bf7d550b00ab0f3dd3002924f7bd0701269ae293c4cb231b9127d1f6b38dd6fbb3429905384eed7eed9330a9c5e732bdd510169d9ca3e420ea2102be3770a0ab598c037b8f01e8910cf8b0942aafb156ac90724cf552df158a7f59c26e62f3fcf32d860c2259cb1b3118a773ff3cfbaf9c5b068dade5cd7778f1ea98700629b62534735fef3071c30afa6ea26f7e651ec140936c07d9e90f1c9faef3e05376b1e121af6a6691616c10e19fd4f16b1858b44d99e597908cda0e8fa8c21d8b700987d7723a4b5a4ff3c371f2d1cb9fb2f054abc58727239ba67a173f1431083fedc7c4304488c13c75e4995a58ac9de085377356ddc5338aeb44e7f3d06f82a5e0c846159c881a0395a3dbf32a9f2530a520721431a752b13b01a89bdf2b38387b72e8a533936623ec396f6ef94ddfcca047bf20a6fe450a03dedb36a57355e2519ff579b5c63095f48407ece8a7c6c4f5b2582616f0a6bba059810c0a28355fb08dceec9e290026452c3135f8ad93f9617f22e590122d43f6fdc1ea0f9ec12c551b5127108443bb081f7a89660034ea4f3c4305108428cc91918dbb28c2a117f09609e40903b13055e92a727afa767b1f97df335ee729686c0113e4cc18aa50f4ad82b1d403cc6c11ac3bf63415560417d7d488df01b69c925ca3fce60ca7ac767fd11df61caf62f3ab67dad043faf1cc334903e0f419c2e97553ecaad5814bf097192e76e9a16bc5c9be932718aba32cd7dbcc6bc634a463c6f709cc81963b39442e710c14c7e107b0aeb7b6a0e3f3757860d10dd741863277c43ce4dcec49f4558959b08f59182baf4f250aa045fee383ceaec280817bf222dfbeeca8c1ec8473176326c1ffd49ea072b5f3c73f36865b6052a1595c1bb76cfe37f976848fbcb408381ddeff9c318a2e6bbfe6c18ef16531fec3c47874a5391238c0d6b0e033db3fce94127cc9c98a4211e5d873f7b4810846d96be2d6cac532fce0ddee737e4d1ddb65b8b2449984a897e4090449ed4fb4006fb9d133e51396d4664a3f0c395c5b24781f8389979ccb565c6461b66db7134d15cff5ae8f935a5bcb23caace2edd2b37a726575e3cb0528de05edd9f03e30feb617767b6a557280a0a288b52af44a1607b6063867e5c9d8d56c44968fd509b5983fa06e6b1eefb2f8cee0c1cb49b8b569cf13b77adbc22ce972cd718167ac571ee41a446d13931f849d5636c729996b36ec84171fde260a4e01e9770cf687591a79833ae6473c51e12c0faab96ef093e6178d485526dbf775c94324c76bd4af2652e9036b1cc0d3df05c9232ee6eef7c4f46a6cf8ad160ad087aba6928bf156bf3ade1d135a965c4a2b283485737da67fe99227f2fbfb3baa74d75fe29122adfd82fcb9325b7ea826a52559654e76d494a374d9535facfcd4ab248e388c516bb8a0dc151b1557e418fd7c625c67ab1c50d6f05b97ba15c55631aeea44b21131aa93ead176f7bfd1418856e38782f004f272738827a64bb695f6b6a08cff8d1917be52a8851bd2bfd57d08bb0660e2ffc23792a419c2e9b006e3b0ad05044d99b97391fd2cceb86cf26acebe089a861340b04fd01e1baa70583032a30ea2e605217b80f7ee16d7e28be43d12bb2b67937dd26a8aeb84fef2f2d52f75232a400e7b279dcfc01953b0c46203477a50b5853e8f7b14b2ba31db742504bca6ed95b18846706c9fd85bf2a3a2642029b9ff2828bf0f7cbd96109a237961be8fe5c62f0fcc04c994f123f4a22f048403eac9308cfd2f2e4350c72e9ef83416ce973d3aa90d281a0275886dd3858b5869784ae58e257aa5af6d373dcc9cf520e364be748833adbb10daa6f6a334b51d27529d86ea5ce874562f9f93da45d244224b936fced3b658abbe7aa1f0d502fffce823f528ab47ea3540722f144733666229ae08cfc7e61247742ea4e3c180938ae7c7b81c1ee975c831f79672e044cefc49894c2ab73bba2580ac476cc0e56b6748b8edbb37a3f8dda7ffad4ec07abce7c4d10fc32e40d5a9db37f7b1e3a6eabedbefa9dd8eef189b92363d3391d384af26b7d47958d3d82845c9b668da5bcbd64058dc9e1c6d903ab5d2aa049d197116a11309a1abe9e5b3f9e7f1c623242b1d8089bc369d145a7070e8a9bdf543dbffe899ff9366009a3b0424a634681b530dad9ef23f136a10c7287068e57f3c2de45adf0a105c328e0035b97168f4c17aa4610b2e6e1a6ba0b71c06417b7a9497be4a009b19d7162adfd4d7b6490faf3782a920281333ad09b848ab5f4d15534b8c4e43dc9604b0630f8d349b2c80a98fde04693c31cbed7d460edfc0138dcc5d3974e682bbd555ac19625bf6e0607d8803391ec9c2dc41fc4e8bceae4f53507137324dd02914a067d52a577b812ddac4a34765c26a98839b3edb6290abff0c75991d6f8c1bd7540f38a7f25fec2f3539f894c938e1f3cf0ff1e6994d6a6ecc457a482f045ba712a85e8e31afd49c8e3480dc1c36d56ab2eceac6e5a847455d8ef4e3d45cd463c421bd1bce2ca57dd88f0e7ab3446cdfa8cb3914c240936f1738af7009e9131b240b59af55d7e38307b91fc8f00410cfdcfacaa341607a801afa63640091eb00b860700ea882878a8d9838f5597b970366be7d167ddebfe3c9253b5dbf7f30a67ee4d87dccb3c723c20200aa5fc036caf12811b19ce49c81ce328d7b24587353ecb99bafd327e33303cf447b36800d1bed8ee10df527d55c0d5f7506fb11cb1338074113579e665c6f3cffde5a8ee98a7bf3f8157986cf7c1c5dbdedaacbe3946b3d8809dec7387f006c062b93b6b481a806e5544ddeea7218fcc15c25a88164bfd0735e6290167cb2dbf4b4a317ba00b1fc27d203a6cff71ef8fe97a97d8e07af2ce1d0a0a2aa9ede7dd0572325075c83c2ecf866aa01654eff55ebe4e489e72152e6a3090e2348732704eb02997ffd23a63faabfbbbd1fb124cab606faed24a393058cea1c1286001ee5c0c1fa26b6a81ebdd4718a94cebdb45bfe812c771df398d3305da03d37ced9d0242b6da212dc9f5c14d7ff999bee20f6621792d1442e449eba8589a823e5e99c65fdffbaefe89e2e32406ec4cf574e335e2d288e4cdad56f4b1b57c364ed3e28809e480d6f410c7ebf43bd2a605d6a8c9facae6b7f8f2c56f792ae21fc0cc5dd9beae0cab3547ebb5467183c2f01bc315bd7bd191088886752dc5108093bdbc91348743440130f33d3dfa9c25490245e5fa904f8660e82253c826b7bea4e9a7a1c627e10c56d71878a644bd176016f29cf5398be14cc0fdec45c65e2b967aedb75212eed1eb05a44da62190009d1c08163b74813b82c27f1e6cd681a4b5150f967444b7bc930da68603fd706e96ba8663b2e50ef0a9b04e321a8a337b08fea7288a3fef5062c7e4c17ad3d490870d39c10b78a74eab25c993527e313a4f59d86de55aa9a8a63f734c2db556692fe993b0cd08e0ab5434c9ec02d5127354f55e6b5d5a7b61685d02edae21ece71d203abf7408211229a9ebbfdeffa2c0f38db274066d0706d80398c172e6daf4a0dce62c2287cbf0d30cfa313d7baf4e5caa18f594f0ab0d854f3cef76ff83e96fa49d0e0f8a47193b51a0a45aee2e1d9a5b372b8ee828f645a06979ec351d798480c7824e846028c02f58b5641acbae1e2079abd86182a662bb1642c9346d7fba628fb012da293acef33b8b76a8885c2e5d685348b6148c5b44409f58d8d5f29344fe8a2e4c2432ae622bb1912ea65d55745eff6aa689e859dcaeff39bff895025bd72cd780d59cbaa0886afd5d6676d2de6266903115525c075cc3f75ce9eba3787a890e1f758f0e502c4c9c0538dc942cf4e2d69742edeeddb66b1d459fcf6f744b2c40111104ab21fd4e99b4477e25cc5a9af59108c8b2f569d4ba227c754f294fdc1e6b383fd89861a203f4d4ee33814aeb21ee411a0d6918533aa2450b1e35c97ab6f01f3829c8a4c33fe0fbc81dd579bbdb44eda4f335d2bc512ca7f38f603c29033c94df2c9533f4422432f574a021e90a0fe3a4cf54de46e25986315b30956face49e26e8dcbcc9e1363627a9f38a2ee8304307dab4013d77f4c337551e2a6ac230788513cdd15e734263e4973c75757d9809c510977adc3be6c5b110597b09c7dad1f54e4506744710b53221e4a7982ac4c59bfae6370258b5af7864a4ca680addd736e35da579cc0e975e6cdefa3d082c8b4b10b205415c32797d9450c002895c9b40", 0xd4f)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r3 = fcntl$auto_F_GETOWN(r1, 0x9, 0x2)
prctl$auto(0x4, 0x1, r3, 0x40100000000000, 0x80000000)
write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0xe, 0x0, 0x20)
shmctl$auto(0x0, 0xd, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001680), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(r5, &(0x7f0000002300)={0x0, 0x0, &(0x7f00000022c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="110325bd7000fedbdf2501"], 0x14}}, 0x10040)
mmap$auto(0x0, 0x40009, 0x6, 0x9b72, 0x7, 0x28000)
mincore$auto(0x1000, 0x8001, 0x0)
fsopen$auto(&(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x5)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000000), r5)
syz_genetlink_get_family_id$auto_ovs_datapath(0x0, r5)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socket(0x15, 0x5, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0)

kernel console output (not intermixed with test programs):

no interfaces have a carrier
[   69.258349][ T5493] 8021q: adding VLAN 0 to HW filter on device bond0
[   69.277189][ T5493] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting crond: OK
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.225' (ED25519) to the list of known hosts.
syzkaller login: [   97.932886][ T5816] cgroup: Unknown subsys name 'net'
[   98.099478][ T5816] cgroup: Unknown subsys name 'cpuset'
[   98.108995][ T5816] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   99.945967][ T5816] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  102.237264][   T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  102.245888][   T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  102.253607][   T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  102.263101][ T5838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  102.305380][ T5838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  102.317560][   T10] cfg80211: failed to load regulatory.db
[  102.328694][   T52] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  102.355043][   T52] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  102.367425][   T52] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  102.384971][   T52] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  102.392264][ T5838] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  102.400618][ T5838] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  102.409674][ T5838] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  102.424592][ T5838] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  102.442014][ T5838] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  102.451537][   T52] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  102.463268][   T52] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  102.477053][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  102.486296][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  102.497729][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  102.507716][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  103.041496][ T5835] chnl_net:caif_netlink_parms(): no params data found
[  103.066908][ T5831] chnl_net:caif_netlink_parms(): no params data found
[  103.180424][ T5841] chnl_net:caif_netlink_parms(): no params data found
[  103.331682][ T5843] chnl_net:caif_netlink_parms(): no params data found
[  103.355728][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.362986][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.371037][ T5831] bridge_slave_0: entered allmulticast mode
[  103.378749][ T5831] bridge_slave_0: entered promiscuous mode
[  103.399384][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.406589][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.413775][ T5835] bridge_slave_0: entered allmulticast mode
[  103.421353][ T5835] bridge_slave_0: entered promiscuous mode
[  103.429718][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.437229][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.444407][ T5835] bridge_slave_1: entered allmulticast mode
[  103.451889][ T5835] bridge_slave_1: entered promiscuous mode
[  103.459190][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.466452][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.473651][ T5831] bridge_slave_1: entered allmulticast mode
[  103.481285][ T5831] bridge_slave_1: entered promiscuous mode
[  103.585782][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.617642][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.630753][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.676226][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.699163][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.706510][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.713723][ T5841] bridge_slave_0: entered allmulticast mode
[  103.721342][ T5841] bridge_slave_0: entered promiscuous mode
[  103.759276][ T5831] team0: Port device team_slave_0 added
[  103.765708][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.772916][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.780597][ T5841] bridge_slave_1: entered allmulticast mode
[  103.788074][ T5841] bridge_slave_1: entered promiscuous mode
[  103.822567][ T5831] team0: Port device team_slave_1 added
[  103.855584][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.862823][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.870293][ T5843] bridge_slave_0: entered allmulticast mode
[  103.878122][ T5843] bridge_slave_0: entered promiscuous mode
[  103.887694][ T5835] team0: Port device team_slave_0 added
[  103.893896][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.901102][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.908525][ T5843] bridge_slave_1: entered allmulticast mode
[  103.916342][ T5843] bridge_slave_1: entered promiscuous mode
[  103.952612][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.963912][ T5835] team0: Port device team_slave_1 added
[  103.988802][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.996259][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  104.022909][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.037373][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  104.087046][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.094035][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  104.120237][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.160857][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  104.180707][ T5841] team0: Port device team_slave_0 added
[  104.188019][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0
[  104.195320][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  104.221670][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.237971][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  104.262771][ T5841] team0: Port device team_slave_1 added
[  104.269438][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.276505][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  104.302670][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.377014][ T5843] team0: Port device team_slave_0 added
[  104.395885][ T5838] Bluetooth: hci0: command tx timeout
[  104.408519][ T5831] hsr_slave_0: entered promiscuous mode
[  104.415607][ T5831] hsr_slave_1: entered promiscuous mode
[  104.441390][ T5843] team0: Port device team_slave_1 added
[  104.448304][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0
[  104.455523][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  104.481584][ T5838] Bluetooth: hci1: command tx timeout
[  104.483113][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.540195][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.547441][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  104.555479][ T5838] Bluetooth: hci2: command tx timeout
[  104.574040][ T5833] Bluetooth: hci3: command tx timeout
[  104.579538][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.608678][ T5835] hsr_slave_0: entered promiscuous mode
[  104.615473][ T5835] hsr_slave_1: entered promiscuous mode
[  104.621715][ T5835] debugfs: 'hsr0' already exists in 'hsr'
[  104.627683][ T5835] Cannot create hsr debugfs directory
[  104.676149][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0
[  104.683315][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  104.709702][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.722728][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.729795][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  104.755875][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.877479][ T5841] hsr_slave_0: entered promiscuous mode
[  104.883963][ T5841] hsr_slave_1: entered promiscuous mode
[  104.890825][ T5841] debugfs: 'hsr0' already exists in 'hsr'
[  104.896649][ T5841] Cannot create hsr debugfs directory
[  104.936950][ T5843] hsr_slave_0: entered promiscuous mode
[  104.943437][ T5843] hsr_slave_1: entered promiscuous mode
[  104.949847][ T5843] debugfs: 'hsr0' already exists in 'hsr'
[  104.955783][ T5843] Cannot create hsr debugfs directory
[  105.342980][ T5831] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  105.364646][ T5831] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  105.389389][ T5831] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  105.412105][ T5831] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  105.462645][ T5835] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  105.482994][ T5835] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  105.497437][ T5835] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  105.537503][ T5835] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  105.590708][ T5841] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  105.609592][ T5841] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  105.633505][ T5841] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  105.665121][ T5841] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  105.736677][ T5843] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  105.748917][ T5843] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  105.762505][ T5843] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  105.796700][ T5843] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  105.900911][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.970045][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.983190][ T5831] 8021q: adding VLAN 0 to HW filter on device team0
[  106.002911][  T198] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.010391][  T198] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.039326][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.046519][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.097953][ T5835] 8021q: adding VLAN 0 to HW filter on device team0
[  106.124320][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.151131][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.158726][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.192319][ T1158] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.199592][ T1158] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.220712][ T5841] 8021q: adding VLAN 0 to HW filter on device team0
[  106.249471][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.281082][ T1158] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.288366][ T1158] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.340845][ T1330] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.348077][ T1330] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.389984][ T5843] 8021q: adding VLAN 0 to HW filter on device team0
[  106.425708][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.432907][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.476509][ T5833] Bluetooth: hci0: command tx timeout
[  106.490154][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.497476][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.565736][ T5833] Bluetooth: hci1: command tx timeout
[  106.643101][ T5833] Bluetooth: hci2: command tx timeout
[  106.645643][ T5838] Bluetooth: hci3: command tx timeout
[  106.756505][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.891954][ T5831] veth0_vlan: entered promiscuous mode
[  106.934905][ T5831] veth1_vlan: entered promiscuous mode
[  107.006622][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.031272][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.087197][ T5831] veth0_macvtap: entered promiscuous mode
[  107.109907][ T5831] veth1_macvtap: entered promiscuous mode
[  107.150755][ T5835] veth0_vlan: entered promiscuous mode
[  107.183829][ T5835] veth1_vlan: entered promiscuous mode
[  107.201769][ T5841] veth0_vlan: entered promiscuous mode
[  107.234245][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.248696][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0
[  107.256752][ T5841] veth1_vlan: entered promiscuous mode
[  107.280689][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1
[  107.310731][ T1158] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  107.334171][ T1158] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  107.343877][ T1158] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  107.361864][ T5835] veth0_macvtap: entered promiscuous mode
[  107.372761][ T1330] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  107.393833][ T5835] veth1_macvtap: entered promiscuous mode
[  107.426005][ T5841] veth0_macvtap: entered promiscuous mode
[  107.462068][ T5841] veth1_macvtap: entered promiscuous mode
[  107.491887][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0
[  107.509612][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1
[  107.524623][ T5843] veth0_vlan: entered promiscuous mode
[  107.568883][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  107.577772][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  107.591415][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0
[  107.604139][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1
[  107.611557][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  107.631372][ T5843] veth1_vlan: entered promiscuous mode
[  107.632221][ T1330] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.646133][ T1330] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.661269][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  107.671887][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  107.701843][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  107.710737][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  107.752846][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  107.771502][   T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.787621][   T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.883785][ T5831] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  107.898747][   T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.910736][   T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.930710][ T5843] veth0_macvtap: entered promiscuous mode
[  107.974694][ T5843] veth1_macvtap: entered promiscuous mode
[  108.016860][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.024762][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.124757][ T5916] vivid-007: =================  START STATUS  =================
[  108.133774][ T5916] vivid-007: Generate PTS: true
[  108.141234][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.148983][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.160328][ T5916] vivid-007: Generate SCR: true
[  108.166492][ T5916] tpg source WxH: 320x240 (Y'CbCr)
[  108.171622][ T5916] tpg field: 1
[  108.177497][ T5916] tpg crop: (0,0)/320x240
[  108.181862][ T5916] tpg compose: (0,0)/320x240
[  108.188055][ T5916] tpg colorspace: 8
[  108.191934][ T5916] tpg transfer function: 0/0
[  108.192545][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.234332][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1
[  108.242719][ T5916] tpg Y'CbCr encoding: 0/0
[  108.248036][ T5916] tpg quantization: 0/0
[  108.252244][ T5916] tpg RGB range: 0/2
[  108.270118][ T5916] vivid-007: ==================  END STATUS  ==================
[  108.315105][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  108.328826][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.368926][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.383333][ T5921] vivid-007: =================  START STATUS  =================
[  108.411723][ T5921] vivid-007: Generate PTS: true
[  108.431900][ T5921] vivid-007: Generate SCR: true
[  108.442787][ T5921] tpg source WxH: 320x240 (Y'CbCr)
[  108.462068][ T5921] tpg field: 1
[  108.465803][ T5921] tpg crop: (0,0)/320x240
[  108.470347][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.489177][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.498458][ T1330] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.505679][ T5917] can: request_module (can-proto-3) failed.
[  108.518737][ T1330] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.519038][ T5921] tpg compose: (0,0)/320x240
[  108.533461][ T5921] tpg colorspace: 8
[  108.539603][ T5921] tpg transfer function: 0/0
[  108.547406][ T5921] tpg Y'CbCr encoding: 0/0
[  108.552237][ T5921] tpg quantization: 0/0
[  108.559203][ T5921] tpg RGB range: 0/2
[  108.563263][ T5921] vivid-007: ==================  END STATUS  ==================
[  108.571064][ T5838] Bluetooth: hci0: command tx timeout
[  108.635991][ T5838] Bluetooth: hci1: command tx timeout
[  108.715653][ T5838] Bluetooth: hci3: command tx timeout
[  108.716068][ T5833] Bluetooth: hci2: command tx timeout
[  108.948769][ T1158] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.966467][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  108.975110][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  109.001463][ T1158] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.179415][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.191113][ T5924] can: request_module (can-proto-3) failed.
[  109.225135][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.582369][ T5933] random: crng reseeded on system resumption
[  109.757284][ T5936] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6'.
[  110.070215][ T5946] vivid-007: =================  START STATUS  =================
[  110.091593][ T5946] vivid-007: Generate PTS: true
[  110.142330][ T5946] vivid-007: Generate SCR: true
[  110.167256][ T5946] tpg source WxH: 320x240 (Y'CbCr)
[  110.182981][ T5946] tpg field: 1
[  110.186951][ T5937] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  110.207514][ T5946] tpg crop: (0,0)/320x240
[  110.212705][ T5946] tpg compose: (0,0)/320x240
[  110.262720][ T5946] tpg colorspace: 8
[  110.272588][ T5946] tpg transfer function: 0/0
[  110.305228][ T5946] tpg Y'CbCr encoding: 0/0
[  110.340894][ T5946] tpg quantization: 0/0
[  110.345848][ T5946] tpg RGB range: 0/2
[  110.361070][ T5946] vivid-007: ==================  END STATUS  ==================
[  110.589887][ T5946] can: request_module (can-proto-3) failed.
[  110.609673][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  110.635121][ T5833] Bluetooth: hci0: command tx timeout
[  110.715930][ T5833] Bluetooth: hci1: command tx timeout
[  110.795938][ T5833] Bluetooth: hci3: command tx timeout
[  110.796071][ T5838] Bluetooth: hci2: command tx timeout
[  110.975418][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  110.976085][ T5956] vivid-007: =================  START STATUS  =================
[  111.023646][ T5956] vivid-007: Generate PTS: true
[  111.048509][ T5956] vivid-007: Generate SCR: true
[  111.053503][ T5956] tpg source WxH: 320x240 (Y'CbCr)
[  111.099679][ T5956] tpg field: 1
[  111.103270][ T5956] tpg crop: (0,0)/320x240
[  111.109876][ T5956] tpg compose: (0,0)/320x240
[  111.152922][ T5956] tpg colorspace: 8
[  111.185330][ T5956] tpg transfer function: 0/0
[  111.206607][ T5956] tpg Y'CbCr encoding: 0/0
[  111.213234][ T5956] tpg quantization: 0/0
[  111.222459][ T5956] tpg RGB range: 0/2
[  111.227006][ T5956] vivid-007: ==================  END STATUS  ==================
[  111.369695][ T5964] vivid-007: =================  START STATUS  =================
[  111.532118][ T5964] vivid-007: Generate PTS: true
[  111.550564][ T5964] vivid-007: Generate SCR: true
[  111.613038][ T5964] tpg source WxH: 320x240 (Y'CbCr)
[  111.633159][ T5964] tpg field: 1
[  111.672242][ T5964] tpg crop: (0,0)/320x240
[  111.852855][ T5964] tpg compose: (0,0)/320x240
[  111.923081][ T5964] tpg colorspace: 8
[  111.939907][ T5964] tpg transfer function: 0/0
[  111.944635][ T5964] tpg Y'CbCr encoding: 0/0
[  111.950406][ T5956] can: request_module (can-proto-3) failed.
[  111.961136][ T5964] tpg quantization: 0/0
[  111.965479][ T5964] tpg RGB range: 0/2
[  111.969667][ T5964] vivid-007: ==================  END STATUS  ==================
[  112.040106][ T5959] sd 0:0:1:0: device reset
[  112.077262][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  112.104779][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  112.235715][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  112.462788][ T5969] can: request_module (can-proto-3) failed.
[  112.713154][ T5976] vivid-007: =================  START STATUS  =================
[  112.722734][ T5976] vivid-007: Generate PTS: true
[  112.772816][ T5976] vivid-007: Generate SCR: true
[  112.804112][ T5976] tpg source WxH: 320x240 (Y'CbCr)
[  112.825795][ T5976] tpg field: 1
[  112.847321][ T5976] tpg crop: (0,0)/320x240
[  112.852986][ T5976] tpg compose: (0,0)/320x240
[  112.893574][ T5976] tpg colorspace: 8
[  112.900904][ T5976] tpg transfer function: 0/0
[  112.905638][ T5976] tpg Y'CbCr encoding: 0/0
[  112.910165][ T5976] tpg quantization: 0/0
[  112.914359][ T5976] tpg RGB range: 0/2
[  112.921316][ T5976] vivid-007: ==================  END STATUS  ==================
[  112.961736][ T5981] vivid-007: =================  START STATUS  =================
[  112.979971][ T5981] vivid-007: Generate PTS: true
[  112.995348][ T5981] vivid-007: Generate SCR: true
[  113.008439][ T5981] tpg source WxH: 320x240 (Y'CbCr)
[  113.033407][ T5981] tpg field: 1
[  113.038438][ T5981] tpg crop: (0,0)/320x240
[  113.043680][ T5981] tpg compose: (0,0)/320x240
[  113.048439][ T5981] tpg colorspace: 8
[  113.052285][ T5981] tpg transfer function: 0/0
[  113.059530][ T5981] tpg Y'CbCr encoding: 0/0
[  113.063995][ T5981] tpg quantization: 0/0
[  113.068789][ T5981] tpg RGB range: 0/2
[  113.072737][ T5981] vivid-007: ==================  END STATUS  ==================
[  113.090771][ T5985] vivid-007: =================  START STATUS  =================
[  113.104299][ T5985] vivid-007: Generate PTS: true
[  113.109402][ T5985] vivid-007: Generate SCR: true
[  113.117827][ T5985] tpg source WxH: 320x240 (Y'CbCr)
[  113.122976][ T5985] tpg field: 1
[  113.127854][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  113.136744][ T5985] tpg crop: (0,0)/320x240
[  113.148642][ T5985] tpg compose: (0,0)/320x240
[  113.154414][ T5985] tpg colorspace: 8
[  113.158389][ T5985] tpg transfer function: 0/0
[  113.163030][ T5985] tpg Y'CbCr encoding: 0/0
[  113.175391][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  113.192531][ T5985] tpg quantization: 0/0
[  113.198208][ T5985] tpg RGB range: 0/2
[  113.208230][ T5985] vivid-007: ==================  END STATUS  ==================
[  113.285047][ T5976] can: request_module (can-proto-3) failed.
[  113.458909][ T5985] can: request_module (can-proto-3) failed.
[  113.699366][ T5987] can: request_module (can-proto-3) failed.
[  114.100782][ T6002] syz.0.15 uses obsolete (PF_INET,SOCK_PACKET)
[  114.305244][ T6007] netlink: 28 bytes leftover after parsing attributes in process `syz.3.17'.
[  114.409710][ T6009] netlink: 338 bytes leftover after parsing attributes in process `syz.3.17'.
[  114.575960][ T6009] Zero length message leads to an empty skb
[  115.058124][ T6016] sd 0:0:1:0: device reset
[  115.110636][ T6023] sd 0:0:1:0: device reset
[  115.541048][ T6024] sd 0:0:1:0: device reset
[  115.914086][ T6027] vivid-007: =================  START STATUS  =================
[  115.930304][ T6029] FAULT_INJECTION: forcing a failure.
[  115.930304][ T6029] name failslab, interval 1, probability 0, space 0, times 1
[  115.965690][ T6027] vivid-007: Generate PTS: true
[  115.968364][ T6029] CPU: 0 UID: 0 PID: 6029 Comm: syz.0.23 Not tainted syzkaller #0 PREEMPT(full) 
[  115.968411][ T6029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  115.968438][ T6029] Call Trace:
[  115.968450][ T6029]  <TASK>
[  115.968462][ T6029]  dump_stack_lvl+0x16c/0x1f0
[  115.968533][ T6029]  should_fail_ex+0x512/0x640
[  115.968566][ T6029]  ? __kmalloc_cache_noprof+0x5f/0x780
[  115.968618][ T6029]  should_failslab+0xc2/0x120
[  115.968654][ T6029]  __kmalloc_cache_noprof+0x72/0x780
[  115.968702][ T6029]  ? loopback_open+0xa4e/0x13f0
[  115.968765][ T6029]  ? loopback_open+0xa4e/0x13f0
[  115.968818][ T6029]  loopback_open+0xa4e/0x13f0
[  115.968884][ T6029]  snd_pcm_open_substream+0xa60/0x17f0
[  115.968946][ T6029]  ? __pfx_snd_pcm_open_substream+0x10/0x10
[  115.969002][ T6029]  ? lockdep_init_map_type+0x5c/0x280
[  115.969047][ T6029]  ? lockdep_init_map_type+0x5c/0x280
[  115.969092][ T6029]  snd_pcm_oss_open+0x735/0x1400
[  115.969155][ T6029]  ? __pfx_snd_pcm_oss_open+0x10/0x10
[  115.969201][ T6029]  ? __lock_acquire+0xb8a/0x1c90
[  115.969238][ T6029]  ? __pfx_default_wake_function+0x10/0x10
[  115.969310][ T6029]  ? __lock_acquire+0xb8a/0x1c90
[  115.969359][ T6029]  ? do_raw_spin_lock+0x12c/0x2b0
[  115.969408][ T6029]  ? soundcore_open+0x35a/0x580
[  115.969451][ T6029]  ? __pfx_snd_pcm_oss_open+0x10/0x10
[  115.969499][ T6029]  soundcore_open+0x40c/0x580
[  115.969540][ T6029]  ? __pfx_soundcore_open+0x10/0x10
[  115.969578][ T6029]  chrdev_open+0x234/0x6a0
[  115.969637][ T6029]  ? __pfx_chrdev_open+0x10/0x10
[  115.969698][ T6029]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  115.969760][ T6029]  do_dentry_open+0x982/0x1530
[  115.969815][ T6029]  ? __pfx_chrdev_open+0x10/0x10
[  115.969883][ T6029]  vfs_open+0x82/0x3f0
[  115.969927][ T6029]  path_openat+0x1de4/0x2cb0
[  115.969999][ T6029]  ? __pfx_path_openat+0x10/0x10
[  115.970056][ T6029]  ? __lock_acquire+0xb8a/0x1c90
[  115.970099][ T6029]  do_filp_open+0x20b/0x470
[  115.970153][ T6029]  ? __pfx_do_filp_open+0x10/0x10
[  115.970239][ T6029]  ? alloc_fd+0x471/0x7d0
[  115.970309][ T6029]  do_sys_openat2+0x11b/0x1d0
[  115.970352][ T6029]  ? __pfx_do_sys_openat2+0x10/0x10
[  115.970411][ T6029]  __x64_sys_openat+0x174/0x210
[  115.970454][ T6029]  ? __pfx___x64_sys_openat+0x10/0x10
[  115.970515][ T6029]  do_syscall_64+0xcd/0xfa0
[  115.970575][ T6029]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.970612][ T6029] RIP: 0033:0x7fb37798efc9
[  115.970648][ T6029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  115.970684][ T6029] RSP: 002b:00007fb378741038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  115.970719][ T6029] RAX: ffffffffffffffda RBX: 00007fb377be5fa0 RCX: 00007fb37798efc9
[  115.970753][ T6029] RDX: 0000000000020b42 RSI: 00002000000000c0 RDI: ffffffffffffff9c
[  115.970778][ T6029] RBP: 00007fb377a11f91 R08: 0000000000000000 R09: 0000000000000000
[  115.970798][ T6029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  115.970820][ T6029] R13: 00007fb377be6038 R14: 00007fb377be5fa0 R15: 00007ffc6600c048
[  115.970866][ T6029]  </TASK>
[  116.296301][ T6027] vivid-007: Generate SCR: true
[  116.316199][ T6027] tpg source WxH: 320x240 (Y'CbCr)
[  116.326928][ T6027] tpg field: 1
[  116.359365][ T6034] ubi0: attaching mtd0
[  116.366535][ T6034] ubi0: scanning is finished
[  116.371703][ T6034] ubi0: empty MTD device detected
[  116.388139][ T6027] tpg crop: (0,0)/320x240
[  116.392534][ T6027] tpg compose: (0,0)/320x240
[  116.443020][ T6027] tpg colorspace: 8
[  116.447871][ T6027] tpg transfer function: 0/0
[  116.452549][ T6027] tpg Y'CbCr encoding: 0/0
[  116.463310][ T6027] tpg quantization: 0/0
[  116.468679][ T6027] tpg RGB range: 0/2
[  116.472606][ T6027] vivid-007: ==================  END STATUS  ==================
[  116.516918][ T6037] capability: warning: `syz.3.24' uses 32-bit capabilities (legacy support in use)
[  116.686993][ T6034] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  116.695912][ T6034] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  116.705746][ T6034] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  116.716276][ T6034] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  116.725186][ T6034] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  116.747986][ T6034] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  116.763281][ T6042] netlink: 28 bytes leftover after parsing attributes in process `syz.1.26'.
[  116.799863][ T6034] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1429248805
[  116.817517][ T6034] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  116.828238][ T6043] ubi0: background thread "ubi_bgt0d" started, PID 6043
[  116.857436][ T6035] ubi0: detaching mtd0
[  116.873300][ T6027] can: request_module (can-proto-3) failed.
[  116.889722][ T6035] ubi0: mtd0 is detached
[  116.905510][ T6042] netlink: 338 bytes leftover after parsing attributes in process `syz.1.26'.
[  116.975879][ T6040] netlink: 338 bytes leftover after parsing attributes in process `syz.0.25'.
[  116.995971][ T6040] netlink: 338 bytes leftover after parsing attributes in process `syz.0.25'.
[  117.014640][ T6040] netlink: 338 bytes leftover after parsing attributes in process `syz.0.25'.
[  117.115985][ T6040] netlink: 338 bytes leftover after parsing attributes in process `syz.0.25'.
[  117.128359][ T6040] netlink: 338 bytes leftover after parsing attributes in process `syz.0.25'.
[  117.137870][ T6040] netlink: 338 bytes leftover after parsing attributes in process `syz.0.25'.
[  117.147474][ T6040] netlink: 338 bytes leftover after parsing attributes in process `syz.0.25'.
[  117.157015][ T6040] netlink: 338 bytes leftover after parsing attributes in process `syz.0.25'.
[  117.403069][ T6045] netlink: set zone limit has 8 unknown bytes
[  117.405713][ T5838] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  118.005084][ T6059] sd 0:0:1:0: device reset
[  118.482818][ T6070] netlink: 'syz.2.33': attribute type 21 has an invalid length.
[  118.635602][ T6070] netlink: 'syz.2.33': attribute type 21 has an invalid length.
[  119.435551][ T5833] Bluetooth: hci1: command tx timeout
[  120.157155][ T6101] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  122.466935][ T6133] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[  122.545426][ T6131] syz.3.48 (6131): /proc/6130/oom_adj is deprecated, please use /proc/6130/oom_score_adj instead.
[  123.034844][ T6153] __nla_validate_parse: 32 callbacks suppressed
[  123.045065][ T6153] netlink: 28 bytes leftover after parsing attributes in process `syz.1.54'.
[  123.461589][ T6163] uvcvideo: [Deprecated]: nodrop parameter will be eventually removed.
[  123.480082][ T6151] sd 0:0:1:0: PR command failed: 1026
[  123.505007][ T6151] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  123.522066][ T6151] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  123.839237][ T6167] vivid-007: =================  START STATUS  =================
[  123.855838][ T6167] vivid-007: Generate PTS: true
[  123.882506][ T6167] vivid-007: Generate SCR: true
[  123.913054][ T6167] tpg source WxH: 320x240 (Y'CbCr)
[  123.940339][ T6167] tpg field: 1
[  123.965363][ T6167] tpg crop: (0,0)/320x240
[  123.973594][ T6167] tpg compose: (0,0)/320x240
[  123.986263][ T6167] tpg colorspace: 8
[  123.990619][ T6167] tpg transfer function: 0/0
[  123.995423][ T6167] tpg Y'CbCr encoding: 0/0
[  124.004936][ T6167] tpg quantization: 0/0
[  124.009717][ T6167] tpg RGB range: 0/2
[  124.025180][ T6167] vivid-007: ==================  END STATUS  ==================
[  124.658834][ T6170] can: request_module (can-proto-3) failed.
[  125.306192][ T6196] random: crng reseeded on system resumption
[  125.510293][ T6199] netlink: 338 bytes leftover after parsing attributes in process `syz.3.62'.
[  125.555933][ T6199] netlink: 338 bytes leftover after parsing attributes in process `syz.3.62'.
[  125.574705][ T6199] netlink: 338 bytes leftover after parsing attributes in process `syz.3.62'.
[  125.606845][ T6199] netlink: 338 bytes leftover after parsing attributes in process `syz.3.62'.
[  125.647923][ T6200] sd 0:0:1:0: device reset
[  125.708209][ T6199] netlink: 338 bytes leftover after parsing attributes in process `syz.3.62'.
[  125.735896][ T6199] netlink: 338 bytes leftover after parsing attributes in process `syz.3.62'.
[  125.745523][ T6199] netlink: 338 bytes leftover after parsing attributes in process `syz.3.62'.
[  125.756195][ T6199] netlink: 338 bytes leftover after parsing attributes in process `syz.3.62'.
[  125.765743][ T6199] netlink: 338 bytes leftover after parsing attributes in process `syz.3.62'.
[  125.863012][ T6202] netlink: set zone limit has 8 unknown bytes
[  126.794198][ T6216] process 'syz.2.66' launched ':,' with NULL argv: empty string added
[  127.522944][ T6234] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[  128.720127][ T6245] delete_channel: no stack
[  128.971461][ T6254] kAFS: Invalid Command on /proc/fs/afs/cells file
[  130.992620][ T6271] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  132.235581][ T6283] sd 0:0:1:0: device reset
[  133.442803][ T6308] __nla_validate_parse: 27 callbacks suppressed
[  133.442822][ T6308] netlink: 28 bytes leftover after parsing attributes in process `syz.2.84'.
[  133.462134][ T6308] bridge_slave_1: left allmulticast mode
[  133.467983][ T6308] bridge_slave_1: left promiscuous mode
[  133.476115][ T6308] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.489997][ T6308] bridge_slave_0: left allmulticast mode
[  133.495810][ T6308] bridge_slave_0: left promiscuous mode
[  133.503719][ T6308] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.108423][ T6320] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0]
[  134.736458][ T6327] netlink: 28 bytes leftover after parsing attributes in process `syz.3.90'.
[  134.929986][ T6333] __vm_enough_memory: pid: 6333, comm: syz.3.92, bytes: 4398046511104 not enough memory for the allocation
[  135.406168][ T1330] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  136.625995][ T6343] kexec: Could not allocate control_code_buffer
[  137.079675][ T6365] zswap: compressor  not available
[  137.346475][ T6351] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  138.021769][ T6382] vivid-007: =================  START STATUS  =================
[  138.057960][ T6382] vivid-007: Generate PTS: true
[  138.087406][ T6382] vivid-007: Generate SCR: true
[  138.138606][ T6382] tpg source WxH: 320x240 (Y'CbCr)
[  138.148017][ T6382] tpg field: 1
[  138.152646][ T6382] tpg crop: (0,0)/320x240
[  138.157103][ T6382] tpg compose: (0,0)/320x240
[  138.165653][ T6382] tpg colorspace: 8
[  138.169530][ T6382] tpg transfer function: 0/0
[  138.190685][ T6382] tpg Y'CbCr encoding: 0/0
[  138.200395][ T6382] tpg quantization: 0/0
[  138.253629][ T6392] netlink: 268 bytes leftover after parsing attributes in process `syz.3.103'.
[  138.291019][ T6382] tpg RGB range: 0/2
[  138.294962][ T6382] vivid-007: ==================  END STATUS  ==================
[  138.316956][ T6393] vhci_hcd: invalid port number 16
[  138.347886][ T6398] random: crng reseeded on system resumption
[  138.400204][ T6393] vhci_hcd: invalid port number 16
[  138.500269][ T6392] syz.3.103 (6392) used greatest stack depth: 18952 bytes left
[  138.561335][ T6382] can: request_module (can-proto-3) failed.
[  138.994337][ T6411] mmap: syz.2.106 (6411) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  139.076510][ T6415] Console: switching to colour VGA+ 80x25
[  139.331439][ T6420] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[  139.942505][ T6426] FAULT_INJECTION: forcing a failure.
[  139.942505][ T6426] name failslab, interval 1, probability 0, space 0, times 0
[  139.955286][ T6426] CPU: 0 UID: 0 PID: 6426 Comm: syz.3.108 Not tainted syzkaller #0 PREEMPT(full) 
[  139.955314][ T6426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  139.955328][ T6426] Call Trace:
[  139.955336][ T6426]  <TASK>
[  139.955344][ T6426]  dump_stack_lvl+0x16c/0x1f0
[  139.955390][ T6426]  should_fail_ex+0x512/0x640
[  139.955410][ T6426]  ? kmem_cache_alloc_lru_noprof+0x66/0x6e0
[  139.955446][ T6426]  should_failslab+0xc2/0x120
[  139.955468][ T6426]  kmem_cache_alloc_lru_noprof+0x79/0x6e0
[  139.955499][ T6426]  ? __pfx___might_resched+0x10/0x10
[  139.955533][ T6426]  ? sock_alloc_inode+0x25/0x1c0
[  139.955561][ T6426]  ? __pfx_sock_alloc_inode+0x10/0x10
[  139.955583][ T6426]  ? sock_alloc_inode+0x25/0x1c0
[  139.955606][ T6426]  sock_alloc_inode+0x25/0x1c0
[  139.955629][ T6426]  alloc_inode+0x64/0x240
[  139.955652][ T6426]  sock_alloc+0x40/0x280
[  139.955675][ T6426]  __sock_create+0xc1/0x8d0
[  139.955707][ T6426]  __sys_socket+0x14d/0x260
[  139.955735][ T6426]  ? __pfx___sys_socket+0x10/0x10
[  139.955762][ T6426]  ? xfd_validate_state+0x61/0x180
[  139.955786][ T6426]  ? __pfx_ksys_write+0x10/0x10
[  139.955825][ T6426]  __x64_sys_socket+0x72/0xb0
[  139.955851][ T6426]  ? lockdep_hardirqs_on+0x7c/0x110
[  139.955885][ T6426]  do_syscall_64+0xcd/0xfa0
[  139.955922][ T6426]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.955944][ T6426] RIP: 0033:0x7f3de6b8efc9
[  139.955982][ T6426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  139.956003][ T6426] RSP: 002b:00007f3de7994038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  139.956042][ T6426] RAX: ffffffffffffffda RBX: 00007f3de6de6090 RCX: 00007f3de6b8efc9
[  139.956057][ T6426] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  139.956071][ T6426] RBP: 00007f3de6c11f91 R08: 0000000000000000 R09: 0000000000000000
[  139.956085][ T6426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  139.956098][ T6426] R13: 00007f3de6de6128 R14: 00007f3de6de6090 R15: 00007fff38c492c8
[  139.956128][ T6426]  </TASK>
[  139.956139][ T6426] socket: no more sockets
[  141.103859][ T6439] netlink: set zone limit has 8 unknown bytes
[  141.272325][ T6434] netlink: 338 bytes leftover after parsing attributes in process `syz.1.110'.
[  141.308593][ T6436] netlink: 338 bytes leftover after parsing attributes in process `syz.1.110'.
[  141.326846][ T6436] netlink: 338 bytes leftover after parsing attributes in process `syz.1.110'.
[  141.359025][ T6441] sd 0:0:1:0: device reset
[  141.390321][ T6436] netlink: 338 bytes leftover after parsing attributes in process `syz.1.110'.
[  141.464297][ T6436] netlink: 338 bytes leftover after parsing attributes in process `syz.1.110'.
[  141.585847][ T6436] netlink: 338 bytes leftover after parsing attributes in process `syz.1.110'.
[  141.598655][ T6436] netlink: 338 bytes leftover after parsing attributes in process `syz.1.110'.
[  141.631647][ T6436] netlink: 338 bytes leftover after parsing attributes in process `syz.1.110'.
[  141.686531][ T6436] netlink: 338 bytes leftover after parsing attributes in process `syz.1.110'.
[  141.727954][ T6436] netlink: 338 bytes leftover after parsing attributes in process `syz.1.110'.
[  143.289834][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  143.296622][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  144.011692][ T6486] kafs: addr_prefs: Invalid Command
[  144.440709][ T6497] FAULT_INJECTION: forcing a failure.
[  144.440709][ T6497] name failslab, interval 1, probability 0, space 0, times 0
[  144.546964][ T6497] CPU: 0 UID: 0 PID: 6497 Comm: syz.0.124 Not tainted syzkaller #0 PREEMPT(full) 
[  144.547003][ T6497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  144.547017][ T6497] Call Trace:
[  144.547024][ T6497]  <TASK>
[  144.547032][ T6497]  dump_stack_lvl+0x16c/0x1f0
[  144.547081][ T6497]  should_fail_ex+0x512/0x640
[  144.547121][ T6497]  ? kmem_cache_alloc_lru_noprof+0x66/0x6e0
[  144.547157][ T6497]  should_failslab+0xc2/0x120
[  144.547180][ T6497]  kmem_cache_alloc_lru_noprof+0x79/0x6e0
[  144.547223][ T6497]  ? __dquot_initialize+0x299/0xd50
[  144.547261][ T6497]  ? __d_alloc+0x32/0xae0
[  144.547300][ T6497]  ? __d_alloc+0x32/0xae0
[  144.547331][ T6497]  __d_alloc+0x32/0xae0
[  144.547369][ T6497]  d_alloc_pseudo+0x1c/0xc0
[  144.547393][ T6497]  alloc_file_pseudo+0xcf/0x230
[  144.547420][ T6497]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  144.547454][ T6497]  __shmem_file_setup+0x1a3/0x330
[  144.547485][ T6497]  shmem_zero_setup+0x93/0x1a0
[  144.547519][ T6497]  __mmap_region+0x2076/0x27a0
[  144.547555][ T6497]  ? __pfx___mmap_region+0x10/0x10
[  144.547584][ T6497]  ? lock_acquire+0x179/0x350
[  144.547607][ T6497]  ? find_held_lock+0x2b/0x80
[  144.547640][ T6497]  ? finish_task_switch.isra.0+0x21c/0xc10
[  144.547674][ T6497]  ? rcu_is_watching+0x12/0xc0
[  144.547706][ T6497]  ? finish_task_switch.isra.0+0x221/0xc10
[  144.547746][ T6497]  ? trace_sched_exit_tp+0xd1/0x120
[  144.547775][ T6497]  ? __schedule+0x11a3/0x5de0
[  144.547856][ T6497]  ? trace_cap_capable+0x18d/0x200
[  144.547889][ T6497]  mmap_region+0x1ab/0x3f0
[  144.547919][ T6497]  ? __get_unmapped_area+0x267/0x440
[  144.547948][ T6497]  do_mmap+0xa3e/0x1210
[  144.547974][ T6497]  ? __pfx_do_mmap+0x10/0x10
[  144.547996][ T6497]  ? __pfx_down_write_killable+0x10/0x10
[  144.548025][ T6497]  vm_mmap_pgoff+0x29e/0x470
[  144.548056][ T6497]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  144.548083][ T6497]  ? __x64_sys_futex+0x1e0/0x4c0
[  144.548124][ T6497]  ? __x64_sys_futex+0x1e9/0x4c0
[  144.548152][ T6497]  ksys_mmap_pgoff+0x7d/0x5c0
[  144.548172][ T6497]  ? xfd_validate_state+0x61/0x180
[  144.548203][ T6497]  __x64_sys_mmap+0x125/0x190
[  144.548234][ T6497]  do_syscall_64+0xcd/0xfa0
[  144.548272][ T6497]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.548295][ T6497] RIP: 0033:0x7fb37798efc9
[  144.548326][ T6497] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  144.548347][ T6497] RSP: 002b:00007fb378741038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  144.548368][ T6497] RAX: ffffffffffffffda RBX: 00007fb377be5fa0 RCX: 00007fb37798efc9
[  144.548383][ T6497] RDX: 00004000000000df RSI: 0000000000020009 RDI: 0000000000000000
[  144.548397][ T6497] RBP: 00007fb377a11f91 R08: 0000000000000401 R09: 0000000000008000
[  144.548411][ T6497] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000
[  144.548424][ T6497] R13: 00007fb377be6038 R14: 00007fb377be5fa0 R15: 00007ffc6600c048
[  144.548455][ T6497]  </TASK>
[  144.898404][ T6490] sd 0:0:1:0: device reset
[  145.183733][ T6492] sd 0:0:1:0: device reset
[  145.539786][ T6508] mkiss: ax0: crc mode is auto.
[  146.115117][ T6523] vivid-007: =================  START STATUS  =================
[  146.140157][ T6523] vivid-007: Generate PTS: true
[  146.159450][ T6523] vivid-007: Generate SCR: true
[  146.208913][ T6523] tpg source WxH: 320x240 (Y'CbCr)
[  146.244273][ T6523] tpg field: 1
[  146.264242][ T6523] tpg crop: (0,0)/320x240
[  146.316181][ T6523] tpg compose: (0,0)/320x240
[  146.320835][ T6523] tpg colorspace: 8
[  146.342994][ T6523] tpg transfer function: 0/0
[  146.349533][ T6523] tpg Y'CbCr encoding: 0/0
[  146.358037][ T6523] tpg quantization: 0/0
[  146.378960][ T6523] tpg RGB range: 0/2
[  146.387293][ T6523] vivid-007: ==================  END STATUS  ==================
[  146.872026][ T6524] can: request_module (can-proto-3) failed.
[  146.920035][ T6533] vivid-007: =================  START STATUS  =================
[  146.945920][ T6533] vivid-007: Generate PTS: true
[  146.950859][ T6533] vivid-007: Generate SCR: true
[  147.009542][ T6533] tpg source WxH: 320x240 (Y'CbCr)
[  147.025396][ T6533] tpg field: 1
[  147.059101][ T6533] tpg crop: (0,0)/320x240
[  147.063490][ T6533] tpg compose: (0,0)/320x240
[  147.155988][ T6533] tpg colorspace: 8
[  147.188277][ T6533] tpg transfer function: 0/0
[  147.212573][ T6533] tpg Y'CbCr encoding: 0/0
[  147.217331][ T6533] tpg quantization: 0/0
[  147.221982][ T6533] tpg RGB range: 0/2
[  147.226244][ T6533] vivid-007: ==================  END STATUS  ==================
[  147.601991][ T6535] can: request_module (can-proto-3) failed.
[  147.614189][ T6544] __nla_validate_parse: 26 callbacks suppressed
[  147.614206][ T6544] netlink: 28 bytes leftover after parsing attributes in process `syz.3.134'.
[  147.866918][ T6549] netlink: 338 bytes leftover after parsing attributes in process `syz.0.135'.
[  147.877994][ T6549] netlink: 338 bytes leftover after parsing attributes in process `syz.0.135'.
[  147.904786][ T6549] netlink: 338 bytes leftover after parsing attributes in process `syz.0.135'.
[  147.933276][ T6549] netlink: 338 bytes leftover after parsing attributes in process `syz.0.135'.
[  147.989811][ T6552] netlink: set zone limit has 8 unknown bytes
[  148.014286][ T6549] netlink: 338 bytes leftover after parsing attributes in process `syz.0.135'.
[  148.091837][ T6549] netlink: 338 bytes leftover after parsing attributes in process `syz.0.135'.
[  148.135030][ T6549] netlink: 338 bytes leftover after parsing attributes in process `syz.0.135'.
[  148.312666][ T6549] netlink: 338 bytes leftover after parsing attributes in process `syz.0.135'.
[  148.339005][ T6549] netlink: 338 bytes leftover after parsing attributes in process `syz.0.135'.
[  148.864555][ T6581] netlink: 'syz.2.143': attribute type 1 has an invalid length.
[  149.153003][ T6578] binder: 6576:6578 ioctl c00c620f 2000000000c0 returned -22
[  150.245174][ T6598] FAULT_INJECTION: forcing a failure.
[  150.245174][ T6598] name failslab, interval 1, probability 0, space 0, times 0
[  150.259282][ T6598] CPU: 0 UID: 0 PID: 6598 Comm: syz.3.147 Not tainted syzkaller #0 PREEMPT(full) 
[  150.259324][ T6598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  150.259343][ T6598] Call Trace:
[  150.259353][ T6598]  <TASK>
[  150.259366][ T6598]  dump_stack_lvl+0x16c/0x1f0
[  150.259423][ T6598]  should_fail_ex+0x512/0x640
[  150.259458][ T6598]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  150.259514][ T6598]  should_failslab+0xc2/0x120
[  150.259548][ T6598]  kmem_cache_alloc_noprof+0x75/0x6e0
[  150.259593][ T6598]  ? kvm_vm_ioctl+0xc2e/0x3fd0
[  150.259648][ T6598]  ? kvm_vm_ioctl+0xc2e/0x3fd0
[  150.259695][ T6598]  kvm_vm_ioctl+0xc2e/0x3fd0
[  150.259759][ T6598]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[  150.259832][ T6598]  ? kasan_quarantine_put+0x10a/0x240
[  150.259881][ T6598]  ? lockdep_hardirqs_on+0x7c/0x110
[  150.259936][ T6598]  ? find_held_lock+0x2b/0x80
[  150.259984][ T6598]  ? tomoyo_path_number_perm+0x295/0x580
[  150.260028][ T6598]  ? tomoyo_path_number_perm+0x18d/0x580
[  150.260071][ T6598]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  150.260124][ T6598]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  150.260171][ T6598]  ? do_vfs_ioctl+0x128/0x14f0
[  150.260208][ T6598]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  150.260255][ T6598]  ? find_held_lock+0x2b/0x80
[  150.260300][ T6598]  ? hook_file_ioctl_common+0x145/0x410
[  150.260352][ T6598]  ? __fget_files+0x20e/0x3c0
[  150.260402][ T6598]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[  150.260453][ T6598]  __x64_sys_ioctl+0x18e/0x210
[  150.260494][ T6598]  do_syscall_64+0xcd/0xfa0
[  150.260556][ T6598]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.260589][ T6598] RIP: 0033:0x7f3de6b8efc9
[  150.260614][ T6598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  150.260645][ T6598] RSP: 002b:00007f3de7994038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  150.260674][ T6598] RAX: ffffffffffffffda RBX: 00007f3de6de6090 RCX: 00007f3de6b8efc9
[  150.260696][ T6598] RDX: 0000000000000002 RSI: 000000000000ae41 RDI: 0000000000000003
[  150.260715][ T6598] RBP: 00007f3de6c11f91 R08: 0000000000000000 R09: 0000000000000000
[  150.260734][ T6598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  150.260753][ T6598] R13: 00007f3de6de6128 R14: 00007f3de6de6090 R15: 00007fff38c492c8
[  150.260797][ T6598]  </TASK>
[  152.310339][ T6620] vivid-007: =================  START STATUS  =================
[  152.344616][ T6620] vivid-007: Generate PTS: true
[  152.355184][ T6620] vivid-007: Generate SCR: true
[  152.387054][ T6620] tpg source WxH: 320x240 (Y'CbCr)
[  152.406447][ T6620] tpg field: 1
[  152.428933][ T6620] tpg crop: (0,0)/320x240
[  152.433382][ T6620] tpg compose: (0,0)/320x240
[  152.443953][ T6620] tpg colorspace: 8
[  152.451168][ T6620] tpg transfer function: 0/0
[  152.458754][ T6620] tpg Y'CbCr encoding: 0/0
[  152.464217][ T6620] tpg quantization: 0/0
[  152.474115][ T6620] tpg RGB range: 0/2
[  152.478286][ T6620] vivid-007: ==================  END STATUS  ==================
[  152.804363][ T6621] can: request_module (can-proto-3) failed.
[  154.090006][ T6640] sd 0:0:1:0: device reset
[  154.825345][ T6656] __nla_validate_parse: 27 callbacks suppressed
[  154.825372][ T6656] netlink: 20 bytes leftover after parsing attributes in process `syz.2.161'.
[  155.052245][ T6656] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode
[  155.315046][ T6663] vivid-007: =================  START STATUS  =================
[  155.344000][ T6663] vivid-007: Generate PTS: true
[  155.348918][ T6663] vivid-007: Generate SCR: true
[  155.377442][ T6663] tpg source WxH: 320x240 (Y'CbCr)
[  155.432905][ T6663] tpg field: 1
[  155.477045][ T6663] tpg crop: (0,0)/320x240
[  155.481687][ T6663] tpg compose: (0,0)/320x240
[  155.489501][ T6663] tpg colorspace: 8
[  155.499568][ T6663] tpg transfer function: 0/0
[  155.504419][ T6663] tpg Y'CbCr encoding: 0/0
[  155.525418][ T6663] tpg quantization: 0/0
[  155.605921][ T6663] tpg RGB range: 0/2
[  155.627781][ T6663] vivid-007: ==================  END STATUS  ==================
[  155.965964][ T6663] can: request_module (can-proto-3) failed.
[  157.261734][ T6695] netlink: 16 bytes leftover after parsing attributes in process `syz.2.169'.
[  157.406595][ T6693] sd 0:0:1:0: device reset
[  157.626658][ T6698] can: request_module (can-proto-0) failed.
[  159.229456][ T6718] FAULT_INJECTION: forcing a failure.
[  159.229456][ T6718] name failslab, interval 1, probability 0, space 0, times 0
[  159.249532][ T6718] CPU: 0 UID: 0 PID: 6718 Comm: syz.1.175 Not tainted syzkaller #0 PREEMPT(full) 
[  159.249563][ T6718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  159.249577][ T6718] Call Trace:
[  159.249585][ T6718]  <TASK>
[  159.249594][ T6718]  dump_stack_lvl+0x16c/0x1f0
[  159.249633][ T6718]  should_fail_ex+0x512/0x640
[  159.249654][ T6718]  ? __kmalloc_node_track_caller_noprof+0xcb/0x8a0
[  159.249698][ T6718]  should_failslab+0xc2/0x120
[  159.249722][ T6718]  __kmalloc_node_track_caller_noprof+0xde/0x8a0
[  159.249761][ T6718]  ? xfrm_sysctl_init+0x10a/0x2d0
[  159.249803][ T6718]  ? kmemdup_noprof+0x29/0x60
[  159.249835][ T6718]  kmemdup_noprof+0x29/0x60
[  159.249869][ T6718]  xfrm_sysctl_init+0x10a/0x2d0
[  159.249908][ T6718]  xfrm_net_init+0x842/0xcc0
[  159.249948][ T6718]  ? __pfx_xfrm_net_init+0x10/0x10
[  159.249981][ T6718]  ops_init+0x1e2/0x5f0
[  159.250006][ T6718]  setup_net+0x100/0x390
[  159.250028][ T6718]  ? __pfx_setup_net+0x10/0x10
[  159.250051][ T6718]  ? debug_mutex_init+0x37/0x70
[  159.250088][ T6718]  copy_net_ns+0x2f8/0x690
[  159.250116][ T6718]  create_new_namespaces+0x3ea/0xa90
[  159.250167][ T6718]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  159.250206][ T6718]  ksys_unshare+0x45b/0xa40
[  159.250229][ T6718]  ? __pfx_ksys_unshare+0x10/0x10
[  159.250254][ T6718]  ? xfd_validate_state+0x61/0x180
[  159.250288][ T6718]  __x64_sys_unshare+0x31/0x40
[  159.250311][ T6718]  do_syscall_64+0xcd/0xfa0
[  159.250353][ T6718]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.250377][ T6718] RIP: 0033:0x7f65b698efc9
[  159.250395][ T6718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.250417][ T6718] RSP: 002b:00007f65b77fa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  159.250443][ T6718] RAX: ffffffffffffffda RBX: 00007f65b6be5fa0 RCX: 00007f65b698efc9
[  159.250458][ T6718] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  159.250473][ T6718] RBP: 00007f65b6a11f91 R08: 0000000000000000 R09: 0000000000000000
[  159.250486][ T6718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  159.250500][ T6718] R13: 00007f65b6be6038 R14: 00007f65b6be5fa0 R15: 00007ffcf1259b28
[  159.250531][ T6718]  </TASK>
[  160.063526][ T6728] netlink: 338 bytes leftover after parsing attributes in process `syz.2.178'.
[  160.153921][ T6728] netlink: 338 bytes leftover after parsing attributes in process `syz.2.178'.
[  160.184348][ T6728] netlink: 338 bytes leftover after parsing attributes in process `syz.2.178'.
[  160.193857][ T6728] netlink: 338 bytes leftover after parsing attributes in process `syz.2.178'.
[  160.243120][ T6728] netlink: 338 bytes leftover after parsing attributes in process `syz.2.178'.
[  160.264902][ T6728] netlink: 338 bytes leftover after parsing attributes in process `syz.2.178'.
[  160.319289][ T6728] netlink: 338 bytes leftover after parsing attributes in process `syz.2.178'.
[  160.370727][ T6728] netlink: 338 bytes leftover after parsing attributes in process `syz.2.178'.
[  160.394422][ T6733] netlink: set zone limit has 8 unknown bytes
[  160.434915][ T6728] netlink: 338 bytes leftover after parsing attributes in process `syz.2.178'.
[  160.458167][ T6728] netlink: 338 bytes leftover after parsing attributes in process `syz.2.178'.
[  161.319152][ T6741] netlink: set zone limit has 8 unknown bytes
[  161.668965][ T6736] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  161.675439][ T6736] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  161.688997][ T6736] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  161.745332][ T6736] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  161.760266][ T6736] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  161.783564][ T6736] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  161.884651][ T6736] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  161.894317][ T6736] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  161.900333][ T6736] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  161.908097][ T6736] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  161.915666][ T6736] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  161.921668][ T6736] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  161.929095][ T6736] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  162.813108][ T5833] Bluetooth: hci0: command 0x0c1a tx timeout
[  163.774646][ T5833] Bluetooth: hci1: command 0x0c1a tx timeout
[  164.015076][ T5833] Bluetooth: hci3: command 0x0c1a tx timeout
[  164.015114][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout
[  164.862433][   T30] audit: type=1800 audit(1760716092.925:2): pid=6790 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.190" name="version" dev="configfs" ino=11598 res=0 errno=0
[  164.903741][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout
[  165.854725][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout
[  166.095311][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout
[  166.095347][ T5833] Bluetooth: hci2: command 0x0c1a tx timeout
[  166.976522][ T5833] Bluetooth: hci0: command 0x0c1a tx timeout
[  167.935763][ T5833] Bluetooth: hci1: command 0x0c1a tx timeout
[  167.988463][ T6830] input: f�
 as /devices/virtual/input/input7
[  168.175847][ T5833] Bluetooth: hci2: command 0x0c1a tx timeout
[  168.181928][ T5833] Bluetooth: hci3: command 0x0c1a tx timeout
[  169.036440][ T6833] sd 0:0:1:0: device reset
[  169.858329][ T6849] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8
[  170.024676][ T5833] Bluetooth: hci1: command 0x0c1a tx timeout
[  170.466713][ T6850] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9
[  171.503416][ T6871] ubi0: attaching mtd0
[  171.533333][ T6871] ubi0: scanning is finished
[  172.107050][ T6871] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  172.148962][ T6871] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  172.156361][ T6871] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  172.186942][ T6871] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  172.202195][ T6871] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  172.324337][ T6871] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  172.333735][ T6871] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 1429248805
[  172.354210][ T6871] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  172.364589][ T6872] ubi0: detaching mtd0
[  172.365846][ T6883] ubi0: background thread "ubi_bgt0d" started, PID 6883
[  172.434792][ T6872] ubi0: mtd0 is detached
[  173.336543][ T6887] ubi0: attaching mtd0
[  173.343187][ T6887] ubi0: scanning is finished
[  173.533223][ T6887] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  173.540893][ T6887] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  173.574224][ T6887] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  173.638676][ T6887] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  173.659028][ T6887] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  173.686918][ T6887] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  173.727525][ T6887] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 1429248805
[  173.778856][ T6887] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  173.848657][ T6889] ubi0: background thread "ubi_bgt0d" started, PID 6889
[  173.848695][ T6888] ubi0: detaching mtd0
[  173.955201][ T6888] ubi0: mtd0 is detached
[  174.082136][ T6897] ptrace attach of "./syz-executor exec"[5831] was attempted by ""[6897]
[  174.426590][ T6901] =======================================================
[  174.426590][ T6901] WARNING: The mand mount option has been deprecated and
[  174.426590][ T6901]          and is ignored by this kernel. Remove the mand
[  174.426590][ T6901]          option from the mount to silence this warning.
[  174.426590][ T6901] =======================================================
[  175.505732][ T5833] Bluetooth: hci1: unexpected event 0x3e length: 728 > 260
[  175.505772][ T5833] Bluetooth: hci1: unexpected subevent 0x03 length: 727 > 9
[  175.521579][ T5833] Bluetooth: hci1: unexpected event 0x3e length: 728 > 260
[  175.521616][ T5833] Bluetooth: hci1: unexpected subevent 0x03 length: 727 > 9
[  175.608710][ T6936] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  175.709764][ T6936] CIFS mount error: No usable UNC path provided in device string!
[  175.709764][ T6936] 
[  175.739181][ T6936] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  176.452660][ T6942] can: request_module (can-proto-4) failed.
[  179.784698][ T6981] netlink: set zone limit has 8 unknown bytes
[  180.290552][ T6983] FAULT_INJECTION: forcing a failure.
[  180.290552][ T6983] name failslab, interval 1, probability 0, space 0, times 0
[  180.382190][ T6983] CPU: 0 UID: 0 PID: 6983 Comm: syz.0.232 Not tainted syzkaller #0 PREEMPT(full) 
[  180.382228][ T6983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  180.382242][ T6983] Call Trace:
[  180.382250][ T6983]  <TASK>
[  180.382258][ T6983]  dump_stack_lvl+0x16c/0x1f0
[  180.382321][ T6983]  should_fail_ex+0x512/0x640
[  180.382345][ T6983]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  180.382381][ T6983]  should_failslab+0xc2/0x120
[  180.382405][ T6983]  kmem_cache_alloc_noprof+0x75/0x6e0
[  180.382436][ T6983]  ? anon_vma_clone+0x405/0x5c0
[  180.382470][ T6983]  ? anon_vma_fork+0x200/0x620
[  180.382514][ T6983]  ? anon_vma_fork+0x200/0x620
[  180.382541][ T6983]  anon_vma_fork+0x200/0x620
[  180.382586][ T6983]  dup_mmap+0x151f/0x2280
[  180.382620][ T6983]  ? __pfx_dup_mmap+0x10/0x10
[  180.382663][ T6983]  copy_process+0x3f0c/0x76a0
[  180.382684][ T6983]  ? __pfx___futex_wait+0x10/0x10
[  180.382724][ T6983]  ? __pfx_copy_process+0x10/0x10
[  180.382763][ T6983]  ? futex_private_hash_put+0x176/0x300
[  180.382804][ T6983]  ? futex_private_hash_put+0x18a/0x300
[  180.382847][ T6983]  kernel_clone+0xfc/0x930
[  180.382869][ T6983]  ? __pfx_kernel_clone+0x10/0x10
[  180.382906][ T6983]  __do_sys_clone+0xce/0x120
[  180.382926][ T6983]  ? __pfx___do_sys_clone+0x10/0x10
[  180.382945][ T6983]  ? ksys_unshare+0x687/0xa40
[  180.382979][ T6983]  ? xfd_validate_state+0x61/0x180
[  180.383013][ T6983]  do_syscall_64+0xcd/0xfa0
[  180.383050][ T6983]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.383073][ T6983] RIP: 0033:0x7fb37798efc9
[  180.383090][ T6983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  180.383112][ T6983] RSP: 002b:00007fb378740fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  180.383133][ T6983] RAX: ffffffffffffffda RBX: 00007fb377be5fa0 RCX: 00007fb37798efc9
[  180.383152][ T6983] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411
[  180.383165][ T6983] RBP: 00007fb377a11f91 R08: 0000000000000000 R09: 0000000000000000
[  180.383178][ T6983] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  180.383191][ T6983] R13: 00007fb377be6038 R14: 00007fb377be5fa0 R15: 00007ffc6600c048
[  180.383221][ T6983]  </TASK>
[  181.613443][ T7010] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0]
[  182.687404][   T30] audit: type=1800 audit(1760716110.726:3): pid=7030 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.244" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0
[  184.423053][ T7064] zero sized request
[  185.916694][ T7083] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  187.205783][   T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  187.606945][   T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  187.981636][   T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  187.993017][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  188.006617][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  188.024225][ T5838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  188.036756][ T5838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  188.045274][ T5838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  188.859529][   T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  189.444568][   T13] bridge_slave_1: left allmulticast mode
[  189.486424][   T13] bridge_slave_1: left promiscuous mode
[  189.494123][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  189.573328][   T13] bridge_slave_0: left allmulticast mode
[  189.590963][   T13] bridge_slave_0: left promiscuous mode
[  189.617332][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  189.663205][ T7136] __nla_validate_parse: 62 callbacks suppressed
[  189.663225][ T7136] netlink: 32 bytes leftover after parsing attributes in process `syz.2.267'.
[  189.763252][ T7136] netlink: 28 bytes leftover after parsing attributes in process `syz.2.267'.
[  190.109504][ T5833] Bluetooth: hci0: command tx timeout
[  190.295321][ T5838] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  190.312448][ T5838] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  190.323585][ T5838] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  190.331964][ T5838] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  190.341617][ T5838] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  190.538300][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  190.552041][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  190.563567][   T13] bond0 (unregistering): Released all slaves
[  190.639831][ T7113] chnl_net:caif_netlink_parms(): no params data found
[  191.388541][ T7113] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.410425][ T7113] bridge0: port 1(bridge_slave_0) entered disabled state
[  191.427666][ T7113] bridge_slave_0: entered allmulticast mode
[  191.435930][ T7113] bridge_slave_0: entered promiscuous mode
[  191.520897][ T7113] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.554713][ T7113] bridge0: port 2(bridge_slave_1) entered disabled state
[  191.569134][ T7113] bridge_slave_1: entered allmulticast mode
[  191.580527][ T7113] bridge_slave_1: entered promiscuous mode
[  191.867469][ T7113] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  191.901175][ T7183] ptrace attach of "./syz-executor exec"[5841] was attempted by "./syz-executor exec"[7183]
[  192.129969][   T13] hsr_slave_0: left promiscuous mode
[  192.155695][   T13] hsr_slave_1: left promiscuous mode
[  192.169809][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  192.191495][ T5833] Bluetooth: hci0: command tx timeout
[  192.207812][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  192.257694][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  192.265343][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  192.362463][   T13] veth1_macvtap: left promiscuous mode
[  192.388166][   T13] veth0_macvtap: left promiscuous mode
[  192.398496][   T13] veth1_vlan: left promiscuous mode
[  192.414327][   T13] veth0_vlan: left promiscuous mode
[  192.428118][ T5833] Bluetooth: hci1: command tx timeout
[  192.612584][ T7191] netlink: 186 bytes leftover after parsing attributes in process `syz.0.275'.
[  194.270694][ T5833] Bluetooth: hci0: command tx timeout
[  194.290130][   T13] team0 (unregistering): Port device team_slave_1 removed
[  194.419866][   T13] team0 (unregistering): Port device team_slave_0 removed
[  194.510838][ T5833] Bluetooth: hci1: command tx timeout
[  195.632626][ T7113] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  195.834034][ T7113] team0: Port device team_slave_0 added
[  195.917893][ T7113] team0: Port device team_slave_1 added
[  196.043814][ T7113] batman_adv: batadv0: Adding interface: batadv_slave_0
[  196.051791][ T7113] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  196.093828][ T7113] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  196.191490][ T7113] batman_adv: batadv0: Adding interface: batadv_slave_1
[  196.219790][ T7113] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  196.297074][ T7113] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  196.349846][ T5833] Bluetooth: hci0: command tx timeout
[  196.600246][ T5833] Bluetooth: hci1: command tx timeout
[  196.630468][ T7216] netlink: 334 bytes leftover after parsing attributes in process `syz.2.280'.
[  196.635232][ T7148] chnl_net:caif_netlink_parms(): no params data found
[  196.686950][ T7113] hsr_slave_0: entered promiscuous mode
[  196.709098][ T7113] hsr_slave_1: entered promiscuous mode
[  197.374241][ T7148] bridge0: port 1(bridge_slave_0) entered blocking state
[  197.391640][ T7148] bridge0: port 1(bridge_slave_0) entered disabled state
[  197.430285][ T7148] bridge_slave_0: entered allmulticast mode
[  197.461062][ T7148] bridge_slave_0: entered promiscuous mode
[  197.574044][ T7148] bridge0: port 2(bridge_slave_1) entered blocking state
[  197.600868][ T7148] bridge0: port 2(bridge_slave_1) entered disabled state
[  197.640792][ T7148] bridge_slave_1: entered allmulticast mode
[  197.670574][ T7148] bridge_slave_1: entered promiscuous mode
[  198.008263][ T7148] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  198.073761][ T7148] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  198.206749][   T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  198.453317][   T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  198.648395][ T7260] random: crng reseeded on system resumption
[  198.658671][ T7148] team0: Port device team_slave_0 added
[  198.675278][ T5833] Bluetooth: hci1: command tx timeout
[  198.807908][   T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  198.854600][ T7148] team0: Port device team_slave_1 added
[  199.625309][ T7148] batman_adv: batadv0: Adding interface: batadv_slave_0
[  199.638661][ T7148] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  199.700713][ T7148] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  199.796106][   T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.872175][ T7148] batman_adv: batadv0: Adding interface: batadv_slave_1
[  199.890074][ T7148] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  199.949798][ T7148] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  200.165686][ T7148] hsr_slave_0: entered promiscuous mode
[  200.196099][ T7148] hsr_slave_1: entered promiscuous mode
[  200.209293][ T7148] debugfs: 'hsr0' already exists in 'hsr'
[  200.216454][ T7148] Cannot create hsr debugfs directory
[  200.799578][ T7113] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  200.865483][ T7113] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  200.939084][ T7113] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  200.975223][ T7113] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  201.030321][ T7292] Invalid ELF header magic: != ELF
[  201.033749][   T13] bridge_slave_1: left allmulticast mode
[  201.066108][   T13] bridge_slave_1: left promiscuous mode
[  201.072005][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  201.153605][   T13] bridge_slave_0: left allmulticast mode
[  201.186924][   T13] bridge_slave_0: left promiscuous mode
[  201.202625][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  202.027606][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  202.040008][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  202.053911][   T13] bond0 (unregistering): Released all slaves
[  202.240705][ T7320] netlink: 338 bytes leftover after parsing attributes in process `syz.2.295'.
[  202.311640][ T7320] netlink: 338 bytes leftover after parsing attributes in process `syz.2.295'.
[  202.424304][ T7321] netlink: set zone limit has 8 unknown bytes
[  202.474670][ T7320] netlink: 338 bytes leftover after parsing attributes in process `syz.2.295'.
[  202.488849][ T7320] netlink: 338 bytes leftover after parsing attributes in process `syz.2.295'.
[  202.769854][ T7320] netlink: 338 bytes leftover after parsing attributes in process `syz.2.295'.
[  202.783390][ T7320] netlink: 338 bytes leftover after parsing attributes in process `syz.2.295'.
[  202.856648][ T7320] netlink: 338 bytes leftover after parsing attributes in process `syz.2.295'.
[  202.903428][ T7320] netlink: 338 bytes leftover after parsing attributes in process `syz.2.295'.
[  202.930394][ T7320] netlink: 338 bytes leftover after parsing attributes in process `syz.2.295'.
[  203.126716][   T13] hsr_slave_0: left promiscuous mode
[  203.142209][   T13] hsr_slave_1: left promiscuous mode
[  203.155852][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  203.164988][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  203.192280][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  203.200762][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  203.222655][   T13] veth1_macvtap: left promiscuous mode
[  203.253078][   T13] veth0_macvtap: left promiscuous mode
[  203.283438][   T13] veth1_vlan: left promiscuous mode
[  203.288817][   T13] veth0_vlan: left promiscuous mode
[  204.499532][   T13] team0 (unregistering): Port device team_slave_1 removed
[  204.592943][   T13] team0 (unregistering): Port device team_slave_0 removed
[  204.764703][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  204.771240][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  205.283597][ T7320] netlink: 338 bytes leftover after parsing attributes in process `syz.2.295'.
[  205.727418][ T7113] 8021q: adding VLAN 0 to HW filter on device bond0
[  205.739600][ T7148] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  205.754211][ T7148] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  205.781439][ T7148] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  205.874672][ T7148] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  205.897917][ T7113] 8021q: adding VLAN 0 to HW filter on device team0
[  205.929111][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  205.936340][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  205.966484][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[  205.973658][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[  206.326649][ T7378] input: jJǸ-���9�%v����l��Q�	J86�� as /devices/virtual/input/input10
[  206.331697][ T7148] 8021q: adding VLAN 0 to HW filter on device bond0
[  206.378367][ T7148] 8021q: adding VLAN 0 to HW filter on device team0
[  206.401805][ T1330] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.409025][ T1330] bridge0: port 1(bridge_slave_0) entered forwarding state
[  206.461769][ T1158] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.468995][ T1158] bridge0: port 2(bridge_slave_1) entered forwarding state
[  206.877609][ T7113] 8021q: adding VLAN 0 to HW filter on device batadv0
[  206.990339][ T7113] veth0_vlan: entered promiscuous mode
[  207.014743][ T7113] veth1_vlan: entered promiscuous mode
[  207.361561][ T7113] veth0_macvtap: entered promiscuous mode
[  207.458835][ T7113] veth1_macvtap: entered promiscuous mode
[  207.531181][ T7113] batman_adv: batadv0: Interface activated: batadv_slave_0
[  207.548782][ T7113] batman_adv: batadv0: Interface activated: batadv_slave_1
[  207.589471][ T1158] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  207.628670][ T1158] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  207.749888][ T7148] 8021q: adding VLAN 0 to HW filter on device batadv0
[  207.760432][ T1158] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  207.787892][ T1158] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  208.099476][ T7148] veth0_vlan: entered promiscuous mode
[  208.109984][   T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  208.121216][   T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  208.243753][ T7409] __nla_validate_parse: 27 callbacks suppressed
[  208.243778][ T7409] netlink: 338 bytes leftover after parsing attributes in process `syz.2.306'.
[  208.261879][ T7148] veth1_vlan: entered promiscuous mode
[  208.275137][ T7411] netlink: 338 bytes leftover after parsing attributes in process `syz.2.306'.
[  208.287046][ T7411] netlink: 338 bytes leftover after parsing attributes in process `syz.2.306'.
[  208.313414][ T1158] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  208.324826][ T1158] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  208.370133][ T7411] netlink: 338 bytes leftover after parsing attributes in process `syz.2.306'.
[  208.412472][ T7406] netlink: set zone limit has 8 unknown bytes
[  208.420758][ T7411] netlink: 338 bytes leftover after parsing attributes in process `syz.2.306'.
[  208.469514][ T7411] netlink: 338 bytes leftover after parsing attributes in process `syz.2.306'.
[  208.501722][ T7411] netlink: 338 bytes leftover after parsing attributes in process `syz.2.306'.
[  208.523279][ T7411] netlink: 338 bytes leftover after parsing attributes in process `syz.2.306'.
[  208.547258][ T7411] netlink: 338 bytes leftover after parsing attributes in process `syz.2.306'.
[  208.577805][ T7148] veth0_macvtap: entered promiscuous mode
[  208.623132][ T7411] netlink: 338 bytes leftover after parsing attributes in process `syz.2.306'.
[  208.715309][ T7148] veth1_macvtap: entered promiscuous mode
[  208.774821][ T7148] batman_adv: batadv0: Interface activated: batadv_slave_0
[  208.811481][ T7148] batman_adv: batadv0: Interface activated: batadv_slave_1
[  208.855740][   T50] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  208.873672][   T50] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  208.980672][   T50] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  209.005461][   T50] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  209.130842][   T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  209.146648][   T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  209.185957][   T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  209.198768][   T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  209.680139][ T7430] can: request_module (can-proto-3) failed.
[  211.922473][ T7465] sd 0:0:1:0: device reset
[  212.935614][ T7480] syz.1.319 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  214.321374][ T7499] can: request_module (can-proto-3) failed.
[  216.539562][ T7527] sd 0:0:1:0: device reset
[  217.318059][ T7544] __nla_validate_parse: 28 callbacks suppressed
[  217.318089][ T7544] netlink: 338 bytes leftover after parsing attributes in process `syz.3.338'.
[  217.386192][ T7544] bridge0: port 2(bridge_slave_1) entered disabled state
[  217.394845][ T7544] bridge0: port 1(bridge_slave_0) entered disabled state
[  217.733141][   T30] audit: type=1804 audit(1760716145.789:4): pid=7551 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.333" name="/newroot/83/file0" dev="tmpfs" ino=447 res=1 errno=0
[  217.757659][   T30] audit: type=1804 audit(1760716145.789:5): pid=7551 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.333" name="/newroot/83/file0" dev="tmpfs" ino=447 res=1 errno=0
[  218.546627][ T7572] netlink: 'syz.3.343': attribute type 1 has an invalid length.
[  219.542070][ T7585] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[  219.756192][ T7579] sd 0:0:1:0: device reset
[  220.381317][ T7597] ==================================================================
[  220.381340][ T7597] BUG: KASAN: slab-use-after-free in fbcon_prepare_logo+0xa03/0xc70
[  220.381401][ T7597] Read of size 256 at addr ffff8880287f23c0 by task syz.0.350/7597
[  220.381430][ T7597] 
[  220.381453][ T7597] CPU: 1 UID: 0 PID: 7597 Comm: syz.0.350 Not tainted syzkaller #0 PREEMPT(full) 
[  220.381489][ T7597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  220.381508][ T7597] Call Trace:
[  220.381518][ T7597]  <TASK>
[  220.381530][ T7597]  dump_stack_lvl+0x116/0x1f0
[  220.381583][ T7597]  print_report+0xcd/0x630
[  220.381614][ T7597]  ? __virt_addr_valid+0x81/0x610
[  220.381645][ T7597]  ? __phys_addr+0xe8/0x180
[  220.381676][ T7597]  ? fbcon_prepare_logo+0xa03/0xc70
[  220.381736][ T7597]  kasan_report+0xe0/0x110
[  220.381770][ T7597]  ? fbcon_prepare_logo+0xa03/0xc70
[  220.381828][ T7597]  kasan_check_range+0x100/0x1b0
[  220.381869][ T7597]  __asan_memcpy+0x23/0x60
[  220.381914][ T7597]  fbcon_prepare_logo+0xa03/0xc70
[  220.381976][ T7597]  fbcon_init+0xd77/0x1900
[  220.382033][ T7597]  visual_init+0x320/0x620
[  220.382097][ T7597]  do_bind_con_driver.isra.0+0x57a/0xbf0
[  220.382142][ T7597]  store_bind+0x61d/0x760
[  220.382180][ T7597]  ? sysfs_file_kobj+0xe4/0x290
[  220.382235][ T7597]  ? __pfx_store_bind+0x10/0x10
[  220.382269][ T7597]  dev_attr_store+0x58/0x80
[  220.382318][ T7597]  ? __pfx_dev_attr_store+0x10/0x10
[  220.382369][ T7597]  sysfs_kf_write+0xf2/0x150
[  220.382415][ T7597]  kernfs_fop_write_iter+0x3af/0x570
[  220.382453][ T7597]  ? __pfx_sysfs_kf_write+0x10/0x10
[  220.382501][ T7597]  iter_file_splice_write+0xa24/0x12e0
[  220.382558][ T7597]  ? __pfx_iter_file_splice_write+0x10/0x10
[  220.382607][ T7597]  ? __pfx_copy_splice_read+0x10/0x10
[  220.382661][ T7597]  ? __pfx_iter_file_splice_write+0x10/0x10
[  220.382708][ T7597]  direct_splice_actor+0x192/0x6c0
[  220.382755][ T7597]  splice_direct_to_actor+0x345/0xa30
[  220.382800][ T7597]  ? __pfx_direct_splice_actor+0x10/0x10
[  220.382850][ T7597]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  220.382901][ T7597]  do_splice_direct+0x174/0x240
[  220.382945][ T7597]  ? __pfx_do_splice_direct+0x10/0x10
[  220.382989][ T7597]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  220.383037][ T7597]  ? rw_verify_area+0xcf/0x6c0
[  220.383081][ T7597]  do_sendfile+0xb06/0xe50
[  220.383130][ T7597]  ? __pfx_do_sendfile+0x10/0x10
[  220.383178][ T7597]  ? __x64_sys_futex+0x1e0/0x4c0
[  220.383218][ T7597]  ? __x64_sys_futex+0x1e9/0x4c0
[  220.383255][ T7597]  __x64_sys_sendfile64+0x1d8/0x220
[  220.383288][ T7597]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[  220.383328][ T7597]  do_syscall_64+0xcd/0xfa0
[  220.383381][ T7597]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  220.383415][ T7597] RIP: 0033:0x7fb37798efc9
[  220.383441][ T7597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  220.383471][ T7597] RSP: 002b:00007fb375bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  220.383502][ T7597] RAX: ffffffffffffffda RBX: 00007fb377be6090 RCX: 00007fb37798efc9
[  220.383524][ T7597] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000003
[  220.383543][ T7597] RBP: 00007fb377a11f91 R08: 0000000000000000 R09: 0000000000000000
[  220.383562][ T7597] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[  220.383580][ T7597] R13: 00007fb377be6128 R14: 00007fb377be6090 R15: 00007ffc6600c048
[  220.383612][ T7597]  </TASK>
[  220.383623][ T7597] 
[  220.383631][ T7597] Allocated by task 7543:
[  220.383646][ T7597]  kasan_save_stack+0x33/0x60
[  220.383696][ T7597]  kasan_save_track+0x14/0x30
[  220.383746][ T7597]  __kasan_slab_alloc+0x89/0x90
[  220.383775][ T7597]  kmem_cache_alloc_noprof+0x250/0x6e0
[  220.383819][ T7597]  getname_flags.part.0+0x4c/0x550
[  220.383854][ T7597]  getname_flags+0x93/0xf0
[  220.383895][ T7597]  __x64_sys_symlinkat+0x86/0xc0
[  220.383945][ T7597]  do_syscall_64+0xcd/0xfa0
[  220.383992][ T7597]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  220.384024][ T7597] 
[  220.384032][ T7597] Freed by task 7543:
[  220.384047][ T7597]  kasan_save_stack+0x33/0x60
[  220.384095][ T7597]  kasan_save_track+0x14/0x30
[  220.384142][ T7597]  __kasan_save_free_info+0x3b/0x60
[  220.384182][ T7597]  __kasan_slab_free+0x5f/0x80
[  220.384243][ T7597]  kmem_cache_free+0x2d4/0x6c0
[  220.384288][ T7597]  putname+0x154/0x1a0
[  220.384314][ T7597]  do_symlinkat+0x1ab/0x310
[  220.384362][ T7597]  __x64_sys_symlinkat+0x93/0xc0
[  220.384412][ T7597]  do_syscall_64+0xcd/0xfa0
[  220.384459][ T7597]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  220.384491][ T7597] 
[  220.384500][ T7597] The buggy address belongs to the object at ffff8880287f2200
[  220.384500][ T7597]  which belongs to the cache names_cache of size 4096
[  220.384527][ T7597] The buggy address is located 448 bytes inside of
[  220.384527][ T7597]  freed 4096-byte region [ffff8880287f2200, ffff8880287f3200)
[  220.384561][ T7597] 
[  220.384569][ T7597] The buggy address belongs to the physical page:
[  220.384583][ T7597] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x287f0
[  220.384613][ T7597] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  220.384640][ T7597] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  220.384668][ T7597] page_type: f5(slab)
[  220.384697][ T7597] raw: 00fff00000000040 ffff88801bec3640 dead000000000100 dead000000000122
[  220.384727][ T7597] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000
[  220.384760][ T7597] head: 00fff00000000040 ffff88801bec3640 dead000000000100 dead000000000122
[  220.384790][ T7597] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000
[  220.384821][ T7597] head: 00fff00000000003 ffffea0000a1fc01 00000000ffffffff 00000000ffffffff
[  220.384851][ T7597] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  220.384871][ T7597] page dumped because: kasan: bad access detected
[  220.384896][ T7597] page_owner tracks the page as allocated
[  220.384916][ T7597] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5207, tgid 5207 (udevd), ts 55803126288, free_ts 55684813375
[  220.384975][ T7597]  post_alloc_hook+0x1c0/0x230
[  220.385020][ T7597]  get_page_from_freelist+0x10a3/0x3a30
[  220.385069][ T7597]  __alloc_frozen_pages_noprof+0x25f/0x2470
[  220.385114][ T7597]  alloc_pages_mpol+0x1fb/0x550
[  220.385143][ T7597]  new_slab+0x24a/0x360
[  220.385190][ T7597]  ___slab_alloc+0xdc4/0x1ae0
[  220.385227][ T7597]  __slab_alloc.constprop.0+0x63/0x110
[  220.385268][ T7597]  kmem_cache_alloc_noprof+0x43f/0x6e0
[  220.385311][ T7597]  getname_flags.part.0+0x4c/0x550
[  220.385346][ T7597]  getname_flags+0x93/0xf0
[  220.385388][ T7597]  do_sys_openat2+0xb8/0x1d0
[  220.385420][ T7597]  __x64_sys_openat+0x174/0x210
[  220.385456][ T7597]  do_syscall_64+0xcd/0xfa0
[  220.385504][ T7597]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  220.385536][ T7597] page last free pid 5206 tgid 5206 stack trace:
[  220.385554][ T7597]  __free_frozen_pages+0x7df/0x1160
[  220.385588][ T7597]  __put_partials+0x130/0x170
[  220.385627][ T7597]  qlist_free_all+0x4d/0x120
[  220.385673][ T7597]  kasan_quarantine_reduce+0x195/0x1e0
[  220.385721][ T7597]  __kasan_slab_alloc+0x69/0x90
[  220.385750][ T7597]  kmem_cache_alloc_noprof+0x250/0x6e0
[  220.385793][ T7597]  anon_vma_fork+0xe6/0x620
[  220.385830][ T7597]  dup_mmap+0x151f/0x2280
[  220.385861][ T7597]  copy_process+0x3f0c/0x76a0
[  220.385889][ T7597]  kernel_clone+0xfc/0x930
[  220.385915][ T7597]  __do_sys_clone+0xce/0x120
[  220.385941][ T7597]  do_syscall_64+0xcd/0xfa0
[  220.385988][ T7597]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  220.386020][ T7597] 
[  220.386028][ T7597] Memory state around the buggy address:
[  220.386045][ T7597]  ffff8880287f2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  220.386070][ T7597]  ffff8880287f2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  220.386094][ T7597] >ffff8880287f2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  220.386112][ T7597]                                            ^
[  220.386131][ T7597]  ffff8880287f2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  220.386155][ T7597]  ffff8880287f2480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  220.386174][ T7597] ==================================================================
[  220.441513][ T7597] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  220.441541][ T7597] CPU: 1 UID: 0 PID: 7597 Comm: syz.0.350 Not tainted syzkaller #0 PREEMPT(full) 
[  220.441580][ T7597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  220.441600][ T7597] Call Trace:
[  220.441611][ T7597]  <TASK>
[  220.441623][ T7597]  dump_stack_lvl+0x3d/0x1f0
[  220.441689][ T7597]  vpanic+0x640/0x6f0
[  220.441726][ T7597]  panic+0xca/0xd0
[  220.441761][ T7597]  ? __pfx_panic+0x10/0x10
[  220.441798][ T7597]  ? fbcon_prepare_logo+0xa03/0xc70
[  220.441849][ T7597]  ? preempt_schedule_common+0x44/0xc0
[  220.441899][ T7597]  ? preempt_schedule_thunk+0x16/0x30
[  220.441946][ T7597]  check_panic_on_warn+0xab/0xb0
[  220.441984][ T7597]  end_report+0x107/0x170
[  220.442014][ T7597]  kasan_report+0xee/0x110
[  220.442046][ T7597]  ? fbcon_prepare_logo+0xa03/0xc70
[  220.442102][ T7597]  kasan_check_range+0x100/0x1b0
[  220.442149][ T7597]  __asan_memcpy+0x23/0x60
[  220.442201][ T7597]  fbcon_prepare_logo+0xa03/0xc70
[  220.442264][ T7597]  fbcon_init+0xd77/0x1900
[  220.442320][ T7597]  visual_init+0x320/0x620
[  220.442373][ T7597]  do_bind_con_driver.isra.0+0x57a/0xbf0
[  220.442418][ T7597]  store_bind+0x61d/0x760
[  220.442455][ T7597]  ? sysfs_file_kobj+0xe4/0x290
[  220.442503][ T7597]  ? __pfx_store_bind+0x10/0x10
[  220.442536][ T7597]  dev_attr_store+0x58/0x80
[  220.442588][ T7597]  ? __pfx_dev_attr_store+0x10/0x10
[  220.442638][ T7597]  sysfs_kf_write+0xf2/0x150
[  220.442687][ T7597]  kernfs_fop_write_iter+0x3af/0x570
[  220.442729][ T7597]  ? __pfx_sysfs_kf_write+0x10/0x10
[  220.442780][ T7597]  iter_file_splice_write+0xa24/0x12e0
[  220.442840][ T7597]  ? __pfx_iter_file_splice_write+0x10/0x10
[  220.442891][ T7597]  ? __pfx_copy_splice_read+0x10/0x10
[  220.442943][ T7597]  ? __pfx_iter_file_splice_write+0x10/0x10
[  220.442991][ T7597]  direct_splice_actor+0x192/0x6c0
[  220.443038][ T7597]  splice_direct_to_actor+0x345/0xa30
[  220.443083][ T7597]  ? __pfx_direct_splice_actor+0x10/0x10
[  220.443130][ T7597]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  220.443187][ T7597]  do_splice_direct+0x174/0x240
[  220.443232][ T7597]  ? __pfx_do_splice_direct+0x10/0x10
[  220.443278][ T7597]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  220.443325][ T7597]  ? rw_verify_area+0xcf/0x6c0
[  220.443368][ T7597]  do_sendfile+0xb06/0xe50
[  220.443416][ T7597]  ? __pfx_do_sendfile+0x10/0x10
[  220.443465][ T7597]  ? __x64_sys_futex+0x1e0/0x4c0
[  220.443498][ T7597]  ? __x64_sys_futex+0x1e9/0x4c0
[  220.443535][ T7597]  __x64_sys_sendfile64+0x1d8/0x220
[  220.443568][ T7597]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[  220.443607][ T7597]  do_syscall_64+0xcd/0xfa0
[  220.443658][ T7597]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  220.443691][ T7597] RIP: 0033:0x7fb37798efc9
[  220.443716][ T7597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  220.443746][ T7597] RSP: 002b:00007fb375bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  220.443775][ T7597] RAX: ffffffffffffffda RBX: 00007fb377be6090 RCX: 00007fb37798efc9
[  220.443796][ T7597] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000003
[  220.443826][ T7597] RBP: 00007fb377a11f91 R08: 0000000000000000 R09: 0000000000000000
[  220.443845][ T7597] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[  220.443864][ T7597] R13: 00007fb377be6128 R14: 00007fb377be6090 R15: 00007ffc6600c048
[  220.443897][ T7597]  </TASK>
[  220.444321][ T7597] Kernel Offset: disabled