last executing test programs:

6.866244507s ago: executing program 3 (id=4121):
socket(0xa, 0x1, 0x84) (async)
mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x15, 0x5, 0x0) (async)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) (async)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async)
socket(0x23, 0x80805, 0x0) (async)
bind$auto(r0, &(0x7f0000000000)=@in={0x2, 0x4e21, @empty}, 0x3)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/memory_tiering/memory_tier4/nodelist\x00', 0x22100, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000080)=""/247, 0xf7) (async)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async)
openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1fd, 0x7, 0xd3e, 0x4000000000001, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x4000000006d3f, 0xc, 0x20000002, 0xfffffffffffffffe]}, 0x0) (async)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) (async)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x37, 0xa, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x7, 0x3, 0x800, 0x80000023, 0x200000000000007, 0x6d42, 0xc, 0x2495dae0, 0x6]}, 0x0) (async, rerun: 64)
close_range$auto(0x2, 0x8, 0x0) (rerun: 64)
fanotify_init$auto(0x602, 0x1)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x12ba7e, 0x45)
fanotify_mark$auto(0x0, 0x451, 0xa, r3, 0x0) (async)
open(&(0x7f0000000100)='.\x00', 0x0, 0x408) (async)
r4 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
write$auto_console_fops_tty_io(r4, &(0x7f0000000e00)="51426572911c17e9dd66bf94ea32689283bb895dbc0a97721ed6e250c974356905898b7d48acecddf280cf6dd4ba18c1aa3928071c6585025ceab0e2f34f37ddec138ea587fc4def825608b0ab2a6ecac42062bd3c58ba606307b7471b20a40ffa168b91dde4727571c4ec94bfbde1df90ccb265ffda374c98ffb1ee22069af38a3f200532dbbe5e98f4455170e9a137517b9b7b8840359940ab00f37125c2bec0ac36606b6c69edb35967d723fb81a15faea2bd280d1581ad1ef597bb4dc09f6a5d53aaff1877b77c4e425761dc09d34498c1fce72c0ba1041a99b8748a37597b9567cda1de2cbf6962798e5ee11bf7cb2c70a9502f33c43b8e5dc54de743a2e24cb94c22d669b434888a7ce4cb16cd77b324258e07af32adc0cb38f8c622085783f6804edc3913fb9e98c55713fa0bf8101ad0f6f43407ce4be0001d1bb201bec283ade79ab23484c1076e703864629ac9a6031533dc956f705f89f0e0ef7d3109e46859d1f2ad1b8cb3cfcedf868a3be101e8b9acd75e39e6a27a541aa9fe86ad3119b7049c3fad2a901222eb948cabb4b5c3e5ba6ffc02a15bf7d550b00ab0f3dd3002924f7bd0701269ae293c4cb231b9127d1f6b38dd6fbb3429905384eed7eed9330a9c5e732bdd510169d9ca3e420ea2102be3770a0ab598c037b8f01e8910cf8b0942aafb156ac90724cf552df158a7f59c26e62f3fcf32d860c2259cb1b3118a773ff3cfbaf9c5b068dade5cd7778f1ea98700629b62534735fef3071c30afa6ea26f7e651ec140936c07d9e90f1c9faef3e05376b1e121af6a6691616c10e19fd4f16b1858b44d99e597908cda0e8fa8c21d8b700987d7723a4b5a4ff3c371f2d1cb9fb2f054abc58727239ba67a173f1431083fedc7c4304488c13c75e4995a58ac9de085377356ddc5338aeb44e7f3d06f82a5e0c846159c881a0395a3dbf32a9f2530a520721431a752b13b01a89bdf2b38387b72e8a533936623ec396f6ef94ddfcca047bf20a6fe450a03dedb36a57355e2519ff579b5c63095f48407ece8a7c6c4f5b2582616f0a6bba059810c0a28355fb08dceec9e290026452c3135f8ad93f9617f22e590122d43f6fdc1ea0f9ec12c551b5127108443bb081f7a89660034ea4f3c4305108428cc91918dbb28c2a117f09609e40903b13055e92a727afa767b1f97df335ee729686c0113e4cc18aa50f4ad82b1d403cc6c11ac3bf63415560417d7d488df01b69c925ca3fce60ca7ac767fd11df61caf62f3ab67dad043faf1cc334903e0f419c2e97553ecaad5814bf097192e76e9a16bc5c9be932718aba32cd7dbcc6bc634a463c6f709cc81963b39442e710c14c7e107b0aeb7b6a0e3f3757860d10dd741863277c43ce4dcec49f4558959b08f59182baf4f250aa045fee383ceaec280817bf222dfbeeca8c1ec8473176326c1ffd49ea072b5f3c73f36865b6052a1595c1bb76cfe37f976848fbcb408381ddeff9c318a2e6bbfe6c18ef16531fec3c47874a5391238c0d6b0e033db3fce94127cc9c98a4211e5d873f7b4810846d96be2d6cac532fce0ddee737e4d1ddb65b8b2449984a897e4090449ed4fb4006fb9d133e51396d4664a3f0c395c5b24781f8389979ccb565c6461b66db7134d15cff5ae8f935a5bcb23caace2edd2b37a726575e3cb0528de05edd9f03e30feb617767b6a557280a0a288b52af44a1607b6063867e5c9d8d56c44968fd509b5983fa06e6b1eefb2f8cee0c1cb49b8b569cf13b77adbc22ce972cd718167ac571ee41a446d13931f849d5636c729996b36ec84171fde260a4e01e9770cf687591a79833ae6473c51e12c0faab96ef093e6178d485526dbf775c94324c76bd4af2652e9036b1cc0d3df05c9232ee6eef7c4f46a6cf8ad160ad087aba6928bf156bf3ade1d135a965c4a2b283485737da67fe99227f2fbfb3baa74d75fe29122adfd82fcb9325b7ea826a52559654e76d494a374d9535facfcd4ab248e388c516bb8a0dc151b1557e418fd7c625c67ab1c50d6f05b97ba15c55631aeea44b21131aa93ead176f7bfd1418856e28782f004f272738827a64bb695f6b6a08cff8d1917be52a8851bd2bfd57d08bb0660e2ffc23792a419c2e9b006e3b0ad05044d99b97391fd2cceb86cf26acebe089a861340b04fd01e1baa70583032a30ea2e605217b80f7ee16d7e28be43d12bb2b67937dd26a8aeb84fef2f2d52f75232a400e7b279dcfc01953b0c46203477a50b5853e8f7b14b2ba31db742504bca6ed95b18846706c9fd85bf2a3a2642029b9ff2828bf0f7cbd96109a237961be8fe5c62f0fcc04c994f123f4a22f048403eac9308cfd2f2e4350c72e9ef83416ce973d3aa90d281a0275886dd3858b5869784ae58e257aa5af6d373dcc9cf520e364be748833adbb10daa6f6a334b51d27529d86ea5ce874562f9f93da45d244224b936fced3b658abbe7aa1f0d502fffce823f528ab47ea3540722f144733666229ae08cfc7e61247742ea4e3c180938ae7c7b81c1ee975c831f79672e044cefc49894c2ab73bba2580ac476cc0e56b6748b8edbb37a3f8dda7ffad4ec07abce7c4d10fc32e40d5a9db37f7b1e3a6eabedbefa9dd8eef189b92363d3391d384af26b7d47958d3d82845c9b668da5bcbd64058dc9e1c6d903ab5d2aa049d197116a11309a1abe9e5b3f9e7f1c623242b1d8089bc369d145a7070e8a9bdf543dbffe899ff9366009a3b0424a634681b530dad9ef23f136a10c7287068e57f3c2de45adf0a105c328e0035b97168f4c17aa4610b2e6e1a6ba0b71c06417b7a9497be4a009b19d7162adfd4d7b6490faf3782a920281333ad09b848ab5f4d15534b8c4e43dc9604b0630f8d349b2c80a98fde04693c31cbed7d460edfc0138dcc5d3974e682bbd555ac19625bf6e0607d8803391ec9c2dc41fc4e8bceae4f53507137324dd02914a067d52a577b812ddac4a34765c26a98839b3edb6290abff0c75991d6f8c1bd7540f38a7f25fec2f3539f894c938e1f3cf0ff1e6994d6a6ecc457a482f045ba712a85e8e31afd49c8e3480dc1c36d56ab2eceac6e5a847455d8ef4e3d45cd463c421bd1bce2ca57dd88f0e7ab3446cdfa8cb3914c240936f1738af7009e9131b240b59af55d7e38307b91fc8f00410cfdcfacaa341607a801afa63640091eb00b860700ea882878a8d9838f5597b970366be7d167ddebfe3c9253b5dbf7f30a67ee4d87dccb3c723c20200aa5fc036caf12811b19ce49c81ce328d7b24587353ecb99bafd327e33303cf447b36800d1bed8ee10df527d55c0d5f7506fb11cb1338074113579e665c6f3cffde5a8ee98a7bf3f8157986cf7c1c5dbdedaacbe3946b3d8809dec7387f006c062b93b6b481a806e5544ddeea7218fcc15c25a88164bfd0735e6290167cb2dbf4b4a317ba00b1fc27d203a6cff71ef8fe97a97d8e07af2ce1d0a0a2aa9ede7dd0572325075c83c2ecf866aa01654eff55ebe4e489e72152e6a3090e2348732704eb02997ffd23a63faabfbbbd1fb124cab606faed24a393058cea1c1286001ee5c0c1fa26b6a81ebdd4718a94cebdb45bfe812c771df398d3305da03d37ced9d0242b6da212dc9f5c14d7ff999bee20f6621792d1442e449eba8589a823e5e99c65fdffbaefe89e2e32406ec4cf574e335e2d288e4cdad56f4b1b57c364ed3e28809e480d6f410c7ebf43bd2a605d6a8c9facae6b7f8f2c56f792ae21fc0cc5dd9beae0cab3547ebb5467183c2f01bc315bd7bd191088886752dc5108093bdbc91348743440130f33d3dfa9c25490245e5fa904f8660e82253c826b7bea4e9a7a1c627e10c56d71878a644bd176016f29cf5398be14cc0fdec45c65e2b967aedb75212eed1eb05a44da62190009d1c08163b74813b82c27f1e6cd681a4b5150f967444b7bc930da68603fd706e96ba8663b2e50ef0a9b04e321a8a337b08fea7288a3fef5062c7e4c17ad3d490870d39c10b78a74eab25c993527e313a4f59d86de55aa9a8a63f734c2db556692fe993b0cd08e0ab5434c9ec02d5127354f55e6b5d5a7b61685d02edae21ece71d203abf7408211229a9ebbfdeffa2c0f38db274066d0706", 0xb5f)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffff) (async)
sysfs$auto(0x2, 0x4, 0x0)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0xc800)
r5 = openat$auto_event_inject_fops_trace(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/inject\x00', 0x40482, 0x0)
writev$auto(r5, &(0x7f0000000000)={&(0x7f0000000000), 0x4}, 0x2) (async)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)

5.906132536s ago: executing program 3 (id=4126):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
get_robust_list$auto(0x0, 0x0, 0x0)
io_uring_setup$auto(0x1, 0x0)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x3, 0xa)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card2/id\x00', 0x0, 0x0)
pread64$auto(r1, 0x0, 0x200000000003, 0x2f4a3a23)
socket(0x2, 0x5, 0x0)
fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d)
rseq$auto(&(0x7f0000000040)={0x4, 0x3, 0x401, 0x2, 0x80, 0xffffffff, "854f65f20c191a89b503fd68819ee59b0142e8a85edf36c80ce4ebbe1aeb199fea692e7a711d1740e0fb9ad24412bf015295d52839a4487357d07230b7cd12b6b6fbeab99d7d74d8c7545a80995ff47dcf0ad6e1c2c56f8f2deae414554e35478a4a935c283f805e9ab80f6c6b0fbaffcadd"}, 0x1, 0x9, 0x6)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfdf3)
ioctl$auto(0xffffffffffffffff, 0x4b4b, 0xffffffffffffffff)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
r2 = io_uring_setup$auto(0x1, 0x0)
ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0)
epoll_pwait$auto(r2, &(0x7f0000000100)={0xee69, 0x81}, 0x4, 0xd, &(0x7f0000000140), 0x8)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)

5.729869082s ago: executing program 1 (id=4128):
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x848000000015, 0x5, 0x0)
bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xfd}}, 0x6b)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0xff, 0x0}}, 0x55)
sendmsg$auto_NL80211_CMD_GET_MPATH(r0, &(0x7f0000000d80)={0x0, 0x0, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0x20004000}, 0x100000)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup/pids.peak\x00', 0x8000, 0x0)
write$auto(0xffffffffffffffff, 0x0, 0x0)
r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000e3d9)
mmap$auto(0x0, 0x9644, 0xdf, 0x9b72, 0x2, 0x2d4a29c0)
pivot_root$auto(0x0, 0x0)
open(0x0, 0x7ffd, 0x12)
mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0x2000040080000000, 0xe)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000080)="67a59a0d", 0x4)
mmap$auto(0x7f, 0x82020009, 0x3, 0xeb1, 0xffffffffffffffff, 0xfff)
connect$auto(0x3, 0x0, 0x10)
unshare$auto(0x40000080)
r3 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000100), 0x4eec40, 0x0)
lseek$auto(r3, 0x0, 0x2)
readv$auto(r3, &(0x7f0000000a80)={0x0, 0x5b54}, 0x1)
r4 = socket(0x2, 0x2, 0x1)
getsockopt$auto(r4, 0x1, 0x4, &(0x7f0000000040)='/dev/cec27\x00', 0x0)
madvise$auto(0x0, 0xef, 0x15)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000180), 0x101600, 0x0)

5.650343337s ago: executing program 3 (id=4129):
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/pm_trace\x00', 0x80302, 0x0) (async)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0)
read$auto(r0, 0x0, 0x9) (async)
write$auto(0x3, 0x0, 0xfdef) (async)
mmap$auto(0x3, 0x40, 0xe3, 0x100000eb1, 0x40000000000a1, 0xffffffff) (async)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/ifb0/flags\x00', 0xb02, 0x0) (async)
write$auto(0x3, 0x0, 0xfdef)
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x5, 0x0) (async)
setsockopt$auto(0x3, 0x10000000084, 0x20, 0x0, 0x4) (async)
r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000005c0), r1)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.5/usb6/bMaxPacketSize0\x00', 0x12bc00, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0) (async)
socket(0x2, 0x1, 0x106)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @broadcast}, 0x6e) (async)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) (async)
recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) (async)
read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000040)=""/203, 0xcb) (async)
sendmsg$auto_ETHTOOL_MSG_STRSET_GET(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000080)=ANY=[@ANYBLOB="0400e046712000906f8284ff97c4fb473a8edf0b5869f6109203000000000000003791340efef8e3e47238639d1ae511188fd51b6219cf1e366c82bd6f7c24e9704b49116d24ed41774b863a705e1f5f08692c8ea7447766d41b8642862f2089c77f", @ANYRES16=r2, @ANYBLOB="01002bbd7000fedbdf25010000000c0001800800040007000000"], 0x20}, 0x1, 0x0, 0x0, 0x20000004}, 0x10)

5.49845934s ago: executing program 3 (id=4131):
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80480, 0x0)
socket(0xf, 0x3, 0x2) (async)
write$auto(0xffffffffffffffff, 0x0, 0x8587) (async)
writev$auto(0x3, 0x0, 0x8) (async)
select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x6, 0x3, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, 0x0)
mmap$auto(0x80800, 0x4, 0x6, 0xffffffffffffffff, r0, 0x1)
unshare$auto(0x40000080) (async)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
read$auto(0xffffffffffffffff, 0x0, 0x20) (async)
write$auto(0x3, 0x0, 0x81)
r1 = openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, 0x0, 0x2482, 0x0)
fcntl$auto_F_DUPFD_QUERY(r1, 0x403, 0x0) (async)
timer_create$auto(0x7, 0x0, 0x0)
unshare$auto(0x40000080) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) (async)
connect$auto(r2, &(0x7f0000000040)=@isdn={0x22, 0xad, 0x5, 0x8, 0x3f}, 0x3) (async)
socket(0x2b, 0x1, 0x1) (async)
mmap$auto(0x0, 0x2020409, 0xa, 0xeb1, 0xffffffffffffffff, 0x8000) (async)
ioctl$auto(0x3, 0x894b, 0x38)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async)
close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async)
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') (async)
socket(0x2, 0xa, 0x1) (async)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
ioctl$auto(0x1, 0x890c, 0x8)

4.627420166s ago: executing program 1 (id=4134):
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) (async)
unshare$auto(0x40000080) (async)
setregid$auto(0x0, 0xffffffffffffffff) (async)
mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) (async)
getsockopt$auto(0xffffffffffffffff, 0x0, 0xd0, 0x0, 0x0)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x80000, 0x0)
read$auto(r0, 0x0, 0x20) (async)
futex$auto(0x0, 0x81, 0x1ffb, 0x0, 0x0, 0xa2) (async)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vbi21\x00', 0x149800, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) (async)
socketpair$auto(0x3, 0x5, 0x7, 0x0) (async)
syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) (async)
mmap$auto(0x3, 0x9, 0x72, 0x8b72, 0x2, 0x8000) (async)
semctl$auto(0x1ff, 0x2, 0x13, 0x1) (async)
ioctl$auto(0x1, 0x5421, 0xa) (async)
write$auto(0xca, 0x0, 0x2d9) (async)
close_range$auto(0x2, 0xa, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async)
write$auto(0xca, 0x0, 0x2b) (async)
write$auto(0xffffffffffffffff, 0x0, 0x1) (async)
openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x2, 0x0)

3.690373135s ago: executing program 1 (id=4139):
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/neigh/veth0_to_bond/delay_first_probe_time\x00', 0x8a042, 0x0)
r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) (async)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async)
r1 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000011c0)='/dev/snd/pcmC1D1c\x00', 0x0, 0x0)
ioctl$auto_SNDRV_PCM_IOCTL_HW_PARAMS_OLD2(r1, 0xc1004111, 0x0) (async)
getsockopt$auto_SO_RCVPRIORITY(0xffffffffffffffff, 0x2, 0x52, 0x0, 0x0) (async)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) (async)
close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async, rerun: 32)
socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socketpair$auto(0xf, 0x7, 0x8, 0x0) (async, rerun: 64)
r2 = socket(0x2c, 0x2, 0x200) (rerun: 64)
setsockopt$auto(r2, 0x110, 0x7, 0x0, 0x4) (async)
pread64$auto(r0, 0x0, 0x7fb, 0x400) (async)
openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
socket(0xb, 0x2, 0x6) (async)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
capset$auto(0x0, 0x0) (async)
setsockopt$auto(0x3, 0x0, 0x17, 0x0, 0x28)
mmap$auto(0x4, 0x6, 0xe2, 0x1e, r0, 0x8000)
setsockopt$auto(0x3, 0x0, 0x17, 0x0, 0x28)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/admmidi2\x00', 0x14a280, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x0, 0x0) (async)
read$auto(0xffffffffffffffff, 0x0, 0x400fffffffd) (async)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0x8, 0x8fd6, 0x8, 0x3, 0x15f4da09, 0x3, 0x3, 0x62, 0x5, 0x3, 0x1, 0x9, 0x4, 0xfffffffffffffffe]}, 0x0)
write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xb, 0xd, 0x1, 0x5, 0x3, 0x8, 0x3, 0x3, 0x1ff, 0x8000001f, 0x1000000000000008, 0x6d3e, 0x9, 0x4, 0x6]}, 0x0) (async, rerun: 64)
inotify_init1$auto(0x403) (rerun: 64)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

3.068531246s ago: executing program 2 (id=4142):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/rxrpc/stats\x00', 0xaa102, 0x0)
write$auto(r0, 0x0, 0x1)
mq_notify$auto(0x4, &(0x7f0000000040)={@sival_ptr=0x0, @inferred, 0x1, @_tid})
sendmsg$auto_NL802154_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100001}, 0xfffffffffffffd59, 0x0}, 0x80)
r1 = socket(0x11, 0x3, 0x9)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48})
sendmmsg$auto(r1, &(0x7f00000006c0)={{&(0x7f0000000000), 0x5ab, &(0x7f0000000100)={&(0x7f0000000040)='L', 0x49}, 0x1, &(0x7f0000000040), 0x4c, 0x1}, 0x5}, 0x2, 0x100)
r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
write$auto(r2, &(0x7f0000000140)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7\xe6\x04\x8c\x83k', 0x1000000007e)
prctl$auto(0x988e, 0x9, 0x0, 0x2, 0x9)
unshare$auto(0x1)
mremap$auto(0x200001000000, 0x4, 0x4, 0x3, 0x100000000)

2.998117688s ago: executing program 3 (id=4143):
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00\xb7\x1bL\xb2\xb8\xddl\xd22\x15\x14\xc0\x14\xa4\xb0\xac\x8b\x98j\x89\xb7]\bL\x81\x88E\x94X\xe8`Il\x0eT\xedV\xffR\xee\xf8NDex}\"\xb6\xedk\x89X\x9c\x93\xfc\xcb\x8d\x8dX\x90\xbc\x8bp\xf8\xea\rL\'\x82\xaa\x0e\xc9\xef>\x1d\x8b\x04\x1e\x97\xf5\x03\xc5\x9bZ\xb3\xf4\xd5B\xd0i\x00\t\xd9\xa87E\x1b0,&', 0x100000a3d9)
socketpair$auto(0x2, 0x4, 0x8, 0x0)
r2 = timerfd_create$auto(0x4, 0x5)
mmap$auto(0x2, 0x7, 0x2, 0x17, r2, 0x6)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x20009, 0x7, 0x19, 0x401, 0x1)
r3 = socket(0x8, 0x4, 0x0)
openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace\x00', 0x1a6b75d638a2a513, 0x0)
mmap$auto(0x0, 0x2000c, 0xe3, 0x100000eb1, r3, 0x8003)
unshare$auto(0x40000080)
r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/mpls/platform_labels\x00', 0x202, 0x0)
pwrite64$auto(r4, 0x0, 0x7, 0x7)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000001540)={'netdevsim0\x00', <r5=>0x0})
sendmsg$auto_NET_SHAPER_CMD_GROUP(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f00000010c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="010029bd7000fedbdf25040000000c000180080001000300000010000a800c000180080001000200000008000800", @ANYRES32=r5], 0x38}, 0x1, 0x0, 0x0, 0x44000}, 0x14)
sendmsg$auto_NET_SHAPER_CMD_DELETE(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000011}, 0x10)
ioctl$auto_MEMWRITE(r1, 0xc0304d18, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x33, 0x65f, 0x7fdfffff, 0x7, 0x3, 0x20000002, 0x9, 0x1, 0x6, 0x4, 0x7fff, 0x9, 0x6, 0x10003, 0x80, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x8, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x10000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x800000000000, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x100000001]}, 0x5, 0xd)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r6 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r6, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
futex$auto(0x0, 0x6, 0x80000001, 0x0, 0x0, 0x0)
socket(0x1d, 0x3, 0x1)
getsockopt$auto(r6, 0x66, 0x5, 0x0, 0x0)
openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, 0x0, 0x34201, 0x0)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0)

2.50611829s ago: executing program 2 (id=4144):
read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000000)=""/142, 0x8e)
r0 = socket(0x5, 0x2, 0x5)
r1 = prctl$auto_PR_SYS_DISPATCH_OFF(0xe, 0x0, 0xffffffffffffffff, 0x8000, 0x2b2)
ioctl$auto_PPPIOCSMRU(r1, 0x40047452, &(0x7f0000000100)=0x9)
fcntl$auto_F_DUPFD(r0, 0x0, r0)
openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000040), 0x201, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc0202, 0x0)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x20009, 0x7, 0x12, 0xffffffffffffffff, 0xf4e)
mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000)
r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
write$auto_console_fops_tty_io(r2, &(0x7f0000001bc0), 0x0)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3f, 0x8, 0x0, 0x8007, 0x0)
write$auto(r3, 0x0, 0x100000a3d9)
close_range$auto(0x2, 0x8, 0x0)
read$auto_proc_iter_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000180)=""/250, 0xfa)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x10, 0x2, 0x2000008)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
io_uring_setup$auto(0x2, 0x0)
mmap$auto(0x5, 0x47, 0xfffffffffffffffe, 0x9b72, 0x2, 0x7ffd)
getsockopt$auto(0xffffffffffffffff, 0x84, 0x80, 0x0, &(0x7f00000000c0)=0x97)
r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0)
ioctl$auto_TIOCSETD2(r4, 0x5423, 0x0)
socketpair$auto(0x5b, 0x2, 0x420000, 0x0)
syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e</\xfd\x9b\xe4\x99G\xeaS\x9a\xadu(:\x94:\xaf\x06c=3>1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0xda)
write$auto(0xca, &(0x7f0000000400)='\x04>\x00\x1d\xa4\xd2\xc3\xec&9\v\xbc\xdein\xe1G8\x02\x18\x00\x00\xd3b\x01\xbd\x9b@\xb0\x00\x00\x00\x84\xa2\\\x15\xc4>\xa9\x82,\x95\xeeH\xf8}v\xb3\xcb(\xa90Abe\xc3\x8c\xcc\xe7\xb8\x00F\x89#\xb4\xf0F\xa1GH\xb5\x8f\x9dZ~\xea\xa3\x93\xc2\x04\xe1;b\x99\x97}Z\x7f\x0f\x90\xce\x85-e\xb6n\xbc\xc6=\xf8\xce\xe7\x1e]\x85|\xce\xd7L\x9b\xd3lb\xc5\xee\xdb\xcb\xbb\xd8\xd9\xd3\xf8 \xe9e\xe5\x80\x1c7B+]\\!\xcej}H\x03x\x83Z\x98\xb8\t\xde\xd4\xf5\xf32\xccR\xaa\xdd\x16\xab\xd8\x1d\"\xc7\xa5\xe1k\x1d\xd9k\xc6\xb2\xa7\x97\x9a\xf6\xfe\xef\x1a\xbd\xcb\xb8*\x8b9\x00R\xe9)?Em\xb2\xac\xd1\xf6\xff\xc1\xc7\xbdl\xa2+tI\xa3\xa8\xabVe\x87\xa9\xae9\x82\xd2.SCt\xcc\x8c7\x7f\xdc\xc3\xfb\x94\xfc\xdfc+\x04\xfb\xf5$\xecO1@\x99l;\xd3X\xd5\"\xec\x17hR\xc5\x99\x8b\x9f\xf3\xf48%\xfa\xf2\x1d\xc5\x10T\x83p0\xd7]\x83{\x81\xdei\xd2\xfc\xfd=3K\xc3\xfe\x12\x98\x8b\xbe\xd1+\xc4r\x7f\x8f5\xcc\xa6\xd8>k\xcc\xee\xe0\x9bW\x0e\xc63\x84^\xde`\xd2\xe8\xfc\x02\xef\xa4\xdc\xd0A\xd5`?9D\x1c\x1b\x1b\xd5\xcb\xfb\x03I\xc9\x97\xac#\x0ee\xc8ltL\x88\x17m~aA%\xd3\xaf\xaa6hf\x9b\x83\x02A\xb0\xf6\x14\xb3\x18B\xfd\x9ai\xf8j \a\x1es\xa3U\x98sqq,\xd2A4?l\xa2\x9c\xc9\x9fa\xe8\x99qw\xf3\x18\x12R+(%x\xb6\xf8\x92\xa5\xe4\xdd\xe9\xf2\x0e\xc8', 0x100)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0xe, 0x0, 0x20)

2.334217403s ago: executing program 1 (id=4146):
socket(0x5, 0x2, 0x0) (async)
r0 = socket(0x5, 0x2, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/loop13/queue/max_sectors_kb\x00', 0x109206, 0x0)
r2 = bpf$auto(0x5, &(0x7f0000000000)=@info={0xffffffffffffffff, 0x2, 0x2}, 0x7)
ioctl$auto_TUNGETVNETHDRSZ(r2, 0x800454d7, &(0x7f00000001c0)=0x2)
mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, r0, 0x8000) (async)
mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, r0, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0xa, 0x2, 0x73)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) (async)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
socket(0x1, 0x1, 0x0)
bind$auto(0x3, 0x0, 0x6b)
socket(0x10, 0x2, 0x4) (async)
socket(0x10, 0x2, 0x4)
sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="4930bae1", @ANYRES16=0x0, @ANYBLOB="21022cbc7000ebdbdf2501"], 0x14}, 0x1, 0x0, 0x0, 0x400c050}, 0x4000080) (async)
sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="4930bae1", @ANYRES16=0x0, @ANYBLOB="21022cbc7000ebdbdf2501"], 0x14}, 0x1, 0x0, 0x0, 0x400c050}, 0x4000080)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000014"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) (async)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000014"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000)
write$auto(r0, &(0x7f0000000180)='\x06\x00', 0x2fb)
write$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)='-', 0x1)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/fs/ext4/sda1/extent_max_zeroout_kb\x00', 0x4929c1, 0x0) (async)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/fs/ext4/sda1/extent_max_zeroout_kb\x00', 0x4929c1, 0x0)
r3 = socket(0x11, 0x3, 0x9)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48})
sendmmsg$auto(r3, &(0x7f00000001c0)={{&(0x7f00000002c0)="db095d6e12120cfa2172e7ac8fc095c316ba0f54d0f19c6a5795b876b682a22d7ccecf0c87a8c87e007026bfd13f3d664eb1c5ff38ca2dc293c2137f90fb9344626ea7ed7bfed1a3e8af9aaf9bf2ccd5044ec247ce0827c737d6ab79e3e5f2225857d6021a82d58d397a9ba8c10d90ba1e5dda13e9003c602a6533a5a6abac0b9fc928d8b98a", 0x1aa, &(0x7f0000000200)={&(0x7f00000003c0)="4a67d23edb317545d9bc87452a055975210d2de49406", 0x7}, 0x5, &(0x7f0000000680)="033fa517c37ec9745e60e2b16b12fa0454c86939ec896c6c4c357510e29e4e8c525ebecf4346b26b5d0b0bf7a791e444cf44498e36175a7ec991de0858c50e000000000000c47e33a59eb4f545d5b6b94e6e6138ef3e61e2a20b55299c75712024c466df55c7f6d1244a6ce8db1761ca81bb01d33314667fa45ae4fab42c0a57e30cbed8000000000c000000000000000000000062866309c9e5d6cdc51ce712ee6611d77b4b0f8f2f2df647228fe956d30751936dc539a34880c1d841af72315338b230cf05008188a4a6960b183f6b6d8eeaa18c77d289ad3bbc53847062765ec40bc216911356df401e34ca743c0e00000000000000000000000000000000000000008a448a28aafc714acb63bc11ce7afdc82a2ab8c2284d15a7c5303173b0d55469b86794e6b3a1da15a8545529feda1b89797e7097561b2ee4483c538e84185bc6927af32a87e93dac6b5fdc64b7013cfaed35fb225d54386df5ea02bc5d58222ebb82ec59f9", 0x5, 0x1000}, 0x5}, 0x2, 0x80100)
sendmsg$auto_NL80211_CMD_ABORT_SCAN(0xffffffffffffffff, 0x0, 0x20000004)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000840), r4)
sendmsg$auto_OVS_CT_LIMIT_CMD_SET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000006400)=ANY=[@ANYBLOB=' .\x00\x00', @ANYRES16=r5, @ANYBLOB="01002ebd5100a63016250100000004000180072e0180"], 0x2e20}, 0x1, 0x0, 0x0, 0x2000c040}, 0x4)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(r6, &(0x7f0000003480)={0x0, 0x0, &(0x7f0000003440)={&(0x7f00000009c0)={0x38, r7, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x4}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x20, 0x1, 0x0, 0x1, [@nested={0x1c, 0x2f, 0x0, 0x1, [@typed={0x14, 0x42, 0x0, 0x0, @ipv6=@local}, @nested={0x4, 0xf7}]}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x40c4}, 0x4000)

1.589522771s ago: executing program 2 (id=4148):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x149041, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
r1 = socket(0x2b, 0x2, 0x8000)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/fs/dentry-state\x00', 0x0, 0x0)
openat$auto_force_wakeup_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/bluetooth/hci3/force_wakeup\x00', 0x8742, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video61\x00', 0x0, 0x0)
openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/time\x00')
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
socket(0x2b, 0x1, 0x1)
open(&(0x7f00000001c0)='./file0\x00', 0x40, 0x100)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x3, 0x100)
socket(0x10, 0x2, 0x0)
sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030009000000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a000100aaaaaaaaaabb00000a000500aaaaaaaaaa370000080004001000000008000200", @ANYRES32=0x0, @ANYBLOB="08001b"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
memfd_create$auto(0x0, 0x12)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty21\x00', 0xc00, 0x0)
socketpair$auto(0x1e, 0x4, 0x0, 0x0)
ioctl$auto(r0, 0x541c, r1)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/workqueue/writeback/max_active\x00', 0x1a2b02, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
write$auto(0x3, 0x0, 0xfffffdef)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)

1.435205749s ago: executing program 3 (id=4149):
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
flock$auto(0xffffffffffffffff, 0x2)
r0 = socket(0x1e, 0x805, 0x0)
socket(0x2, 0x1, 0x0)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r1, 0x4b52, 0x1)
setsockopt$auto(0x3, 0x1, 0x25, 0x0, 0x9)
syz_genetlink_get_family_id$auto_nl80211(0x0, r0)
r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
ioctl$auto_BLKFLSBUF(r2, 0x1261, 0x0)
r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
socket(0x1e, 0xa, 0x0)
r4 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
getsockopt$auto_SO_REUSEADDR(r4, 0x9a, 0x2, &(0x7f0000000000)='%\xf8+\x85*3#{,\\&\x00', &(0x7f0000000380))
ioctl$auto_FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS2(r4, 0xc0406619, &(0x7f0000000080)={{0x9, 0x0, @identifier="611ae7c59a110faa26000e5f4dd9ba16"}, 0x6})
r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r6 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/v4l-subdev4\x00', 0x169000, 0x0)
ioctl$auto(r6, 0xc0905664, r6)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r5, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccW\x1c\x94t\x98\xc6\xd7\x9dh\xdf\x91\xd9\x1ew\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5,\xcc\xfa`\xfa\x90\xf0C\xdc\xbebBW\x8a\x95\xf4\x14\xc7\x90V\xe7a\xfb*\xcc6\xba\x9ef\x19R\xff\xd2\xd8\x98\xa8\x17\xcb\x84\xe8\xfb\x00`\xc2\xce~U\xca\\\xc1\xb7\xf1\n\xb9\xbfk\x1e\xdb\xed\x81{\x1f\x18j\x16\rk\x0eO\xe3\xa78&Z\x9e\xbf\x84\xd6\x1f\xe8\x88\x1f\xbc\x1eT\xa6{9hb\xbc\x1a\\\xb3\x846&\x1a\xbb\x9c:e\x9c\x18\x11\xf0\x8eQ\xd8\x8a3^?\x13\x00\xcbx\xb2\x18e\x95$\x9d\x804', 0x100000a3d9)
setsockopt$auto(r3, 0x10000009, 0x69ce, &(0x7f0000000040)='(%}[\x00', 0x3)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/virtual/tty/ptyqe/power/control\x00', 0xa0b02, 0x0)
socket(0x2, 0x801, 0x100)

1.374894114s ago: executing program 2 (id=4150):
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x1, 0x20009, 0x8, 0xeb1, 0x7f, 0x8000)
rseq$auto(0x0, 0xfffffff5, 0x0, 0x5)
mmap$auto(0x0, 0x40009, 0x7, 0x9b72, 0x7, 0x28000)
r0 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
sendmmsg$auto(r0, 0x0, 0x9a1, 0xd)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mtrr\x00', 0xc4002, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
r1 = bpf$auto(0x3, &(0x7f00000001c0)=@bpf_attr_1={r0, 0x818a, @value=0x5, 0x6}, 0xc)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x2, 0x88)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'ip6gretap0\x00', <r4=>0x0})
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r4, r3, 0x4, 0x1, r1, @relative_id=0x5, 0xe600}, 0xf)
readv$auto(0x3, &(0x7f0000000600)={0x0, 0x4}, 0x1da)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x20009, 0xe3, 0x200100000eb1, 0xffffffffffffffff, 0x8000)
io_uring_setup$auto(0x1, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x55)
openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x4ac241, 0x0)
r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$auto(0x3, 0x40106f52, r5)

1.290190262s ago: executing program 0 (id=4151):
mkdir$auto(0x0, 0x1)
open(0x0, 0x0, 0x10a)
r0 = openat2$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x24001, 0x108, 0x50}, 0x18)
mmap$auto(0x10001, 0x400005, 0xdf, 0x9b72, 0x2, 0x8004)
mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x9)
close_range$auto(0x2, 0x8, 0x0)
open(&(0x7f0000000080)='./file1\x00', 0x1d9001, 0x567)
r1 = socket(0xa, 0x2, 0x0)
socketpair$auto(0x1, 0x2, 0xfffffff7, 0x0)
r2 = open(0x0, 0x149443, 0x0)
open(0x0, 0x22240, 0x155)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0xc0440, 0x0)
r3 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0)
getdents64$auto(r3, 0x0, 0x400)
r4 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/pagemap\x00', 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0)
r6 = ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$auto(r6, 0xc018aebe, r4)
fchmodat2$auto(r6, &(0x7f0000000140)='./file0\x00', 0x2801, 0x5)
socket(0x2, 0x1, 0x106)
getsockopt$auto(0xffffffffffffffff, 0x110, 0x9, 0xffffffffffffffff, 0x0)
unshare$auto(0x40000080)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000b40), 0xffffffffffffffff)
unshare$auto(0x5)
sendmsg$auto_SMC_PNETID_GET(r7, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000240)=ANY=[@ANYBLOB="677cbc744464f7d1697153c591e64ec52791d5a7a76e770fe7862891ea36adcb55ba50976ef7f4a1c1f831e5a8a582b934f19d14d0b2141853117f48d8e9e49a", @ANYRESHEX=r4, @ANYRES8, @ANYRESOCT=r5, @ANYRESHEX=r7, @ANYRESOCT=r0, @ANYRES64=r2, @ANYRES8=r1, @ANYRES8], 0x20}}, 0x20040840)
close_range$auto(0x2, 0x8, 0x0)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
getrandom$auto(0x0, 0x6000000, 0x3)

1.200667278s ago: executing program 1 (id=4152):
mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x20000008000)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0)
writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000180)="bff32e36240000004d836cf147c83be958edd5a94b1fd8dbaaf3403549fe0f31f810a025c4", 0x7112}, 0x8)
r0 = accept$auto(0xffffffffffffffff, &(0x7f00000000c0)=@isdn={0x22, 0x9, 0x6, 0x2, 0x6}, &(0x7f0000000140)=0x6)
r1 = syz_genetlink_get_family_id$auto_nfc(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$auto_NFC_CMD_LLC_SET_PARAMS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)={0xf0, r1, 0x2, 0x70bd2a, 0x25dfdbfb, {}, [@NFC_ATTR_SE_APDU={0xc0, 0x19, "9cd08ce681c75db6f21d42bceaa7d91a119340c9d40ad6acc8d3b6b431f3b0c08075a38c73ea756bcf05e5b114c27202007c216056bd70515d432f27cd124431ba2412bedd63344bd83e2f6190ba59c39632e036ea73bb81293e80710d2224fd2504d46e3cac7c677b94ad815e45923ce0c15fd536d9288f3bdee29a1a5d8bd973caa94bdd0a2e78b59c2f16b8f958afabf326ab4990b453f1f4f6d70d5efdca7dac3ecd4e8b1da38834e696d41dc33059169cb42fc6b1c6d484a871"}, @NFC_ATTR_IM_PROTOCOLS={0x8, 0xd, 0x4}, @NFC_ATTR_LLC_PARAM_LTO={0x5, 0xf, 0x81}, @NFC_ATTR_DEVICE_NAME={0x4}, @NFC_ATTR_LLC_PARAM_RW={0x5, 0x10, 0x40}]}, 0xf0}, 0x1, 0x0, 0x0, 0x8000}, 0xba1040e500704d59)
sendmsg$auto_NFC_CMD_STOP_POLL(r0, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x9c, r1, 0x300, 0x70bd2d, 0x25dfdbfc, {}, [@NFC_ATTR_VENDOR_DATA={0x6e, 0x1f, "08e75cb3a040259a9e9ed86e6b98146d8b16a67131c49136932d0ab7e6e733d0858d761cb01fc13efb883edf9e6db82fb73ad0db66ac40de7d6eeed5032293558eb0ac41bc3f96b91fe0c110a0f43b07eb0e68eb9481d95d5b1bd65a32ec423e776554bb14749e89d59f"}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0xffff}, @NFC_ATTR_VENDOR_SUBCMD={0x8, 0x1e, 0x4}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x3}]}, 0x9c}}, 0x4)
fsmount$auto(r0, 0x1, 0x2)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a)
close_range$auto(0x2, 0x8, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$auto(0x3, 0xaea3, 0xffffffffffffffff)
write$auto_qrtr_tun_ops_tun(r0, &(0x7f00000001c0)="b010f85f100e4a115d689866cb324bb65a0fb680f65c445b72986dedd7197e4835cefa7bc6315771a25adb176252818cf91c041fcbb724273d80aa60def8621e3bf61e2c288137273a8605633ea895a57dded448b3e6407e56e0f3977b7f73242bd183a4cde3b6f152fe2498ad89a8c172551bb29062b40de2be695ce91422ba1d2e281c675ec690f11c981371d48db78fc99d30f389819af76eb040502fef6b64abf275f42798650759c8c1e71e746fda43df4a69dac2a1bdb518bd489e6c631f3466490d929f8d6ca06873d1697d65e2d4247f083c0394dd08", 0xda)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @empty}, 0x51)
setsockopt$auto(r0, 0x6, 0x19, 0x0, 0x0)

1.134882183s ago: executing program 0 (id=4153):
clock_nanosleep$auto(0xa, 0x3ff, &(0x7f0000000000)={0x9, 0x1}, &(0x7f0000000040)={0xcea, 0x4})
mmap$auto(0x9496, 0x6c, 0x46d, 0x12, 0xffffffffffffffff, 0xfffffffffffffffd)
r0 = ioctl$auto_SIOCSIFHWADDR2(0xffffffffffffffff, 0x8924, &(0x7f0000000080)="9985dc794459b81f380493467c44471e66ea211fe16c1dd329103fb3ee259cafac67d9ee0c4a67ae364eeada4dc3a90ef4e0f61331df75a4a34883295c41b07eb6ef3d2f0ed5501cc9b5fe6d008f2ebfc8f35eaddcb1b374f3d923e1da0bba7917428b8006f92e553cc973d6eb53fd5e8b0b9fcfff3f47b88f260f5ed57fe49cf058881978e0")
ioctl$auto_BINDER_SET_CONTEXT_MGR(r0, 0x40046207, &(0x7f0000000140)="45cf3caca017c79de63a1da6e8ac8116ef816c62cecb5696474b3bc27351b37d838ea80c8c37fba9eb6a31ccffbf59509c8defddb991b9a740ddaf1a78ba89b5bd2f0b01715ba4cc7dd7c7795ce65b925c96c17ec0d4f1c6bce06f057bf1c3269c2252ff211cf4af54b8ef7c84c7757d8e")
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'team_slave_1\x00', <r1=>0x0})
r2 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/statm\x00', 0x182002, 0x0)
bpf$auto_BPF_LINK_GET_NEXT_ID(0x1f, &(0x7f0000000240)=@bpf_attr_3={0x8, 0x6, 0xf, 0x9, 0x3, 0x5, 0x5, 0x2, 0x7, "b4d76019c7c45fe90af00067ce545600", <r3=>r1, 0x2, <r4=>r0, 0x81, 0x8, 0x0, 0x9, 0x7fffffffffffffff, 0x6, 0x1, @attach_btf_obj_fd=<r5=>r0, 0x6b6ac046, 0x4, 0x3, 0x6, 0x6, <r6=>r0, <r7=>r2}, 0xfffffff9)
faccessat$auto(r5, &(0x7f0000000300)='./file0\x00', 0x7)
ioctl$auto_I2C_SMBUS(r0, 0x720, &(0x7f0000000340)="b7671a0ea2ac2bc8a248b079539e12abfcc1c6416f7a53937380ffeba0012189848e37a63df7001965f43726762a5c1d970228f47a6e260c2d3ad28c7c8bbb4c792bc659d4ec90f42d095709a1b848dda44bc762db3a3fd4cebc01bbbc42527d52b0")
r8 = open_tree$auto(r5, &(0x7f00000003c0)='./file0\x00', 0x964c)
r9 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000440), r6)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000480)={'vcan0\x00', <r10=>0x0})
sendmsg$auto_NET_SHAPER_CMD_CAP_GET2(r8, &(0x7f0000000540)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x34, r9, 0x2, 0x70bd2b, 0x25dfdbfb, {}, [@NET_SHAPER_A_CAPS_IFINDEX={0x8, 0x1, r1}, @NET_SHAPER_A_CAPS_IFINDEX={0x8, 0x1, r3}, @NET_SHAPER_A_CAPS_IFINDEX={0x8, 0x1, r3}, @NET_SHAPER_A_CAPS_IFINDEX={0x8, 0x1, r10}]}, 0x34}, 0x1, 0x0, 0x0, 0x2000080}, 0x8)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000580), r11)
r12 = openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f00000005c0), 0x4a200, 0x0)
fcntl$auto_F_DUPFD(r0, 0x0, r12)
madvise$auto(0xc, 0x5, 0xffffff7f)
getsockname$auto(r2, &(0x7f0000000600)=@llc={0x1a, 0x104, 0x2, 0x8, 0xff, 0xd6, @random="7ab24429e4bd"}, &(0x7f0000000640))
signalfd$auto(r0, &(0x7f0000000680)={0x6}, 0x6)
io_uring_register$auto_IORING_REGISTER_EVENTFD_ASYNC(r4, 0x7, &(0x7f00000006c0)="83bcae64ad42f2e0c11023e96c1fd87b06083ebc98f155155cc321b9a0d6b227e0a9c5b4b0646a86cfa276274df2791e4c66bffcf80bc0a4c47b894330a5e22a5c04aefa91bea7282d814843eb7a4161e533058f469843c8c5a8bf5c21b1835f7bff29157ce633301fb2fe8a28a7c05363ff20a537b355f5ed923568c642e36c71931852ed2f306a94f12593d8e8fa6ea110fb", 0x1)
r13 = prctl$auto_PR_SYS_DISPATCH_OFF(0x61, 0x0, 0x0, 0x2, 0x7fff)
ioctl$auto_FITRIM(r13, 0xc0185879, &(0x7f0000000780)={0x5, 0x8, 0x6})
r14 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000800), r7)
sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(r0, &(0x7f0000000ac0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000840)={0x23c, r14, 0x20, 0x70bd28, 0x25dfdbff, {}, [@HWSIM_ATTR_FRAME={0x140, 0x3, "7baf31305d2880b50d413d9b547fe9e1db761821929502d724a041e48c6bc33c69f05b8b2d533de32c22f17a09395717c4cf7f7f579431672a0b0ac35ae7fae498494545ec61257cda575e8fdbbf398b42fba15e86114524b007d04839a207c86254e6ba8fa1b0a0673a10f2f01e6698b44f90d6b1bbdc8c50d1f7eb9d2dbff8c59370b8739bae882a67f10f51fb7b5586d5f79fb5b1405dd43ef8037c9d5aa41e9c6737844ae0e9068ce35347ee90f637b0c59fed3d1ebeb14438d7402c5f0ff6e438dc7a454d5279e605619a8589f1c525da2f23a2ae8504709da01145eefd4698886bbafb5975bba71a4ce6ae1c2301be6c0f4aad43e51d2c54b1514d953a23f100336ff4cfb5480fecb46a801b25d826ea4f1683e628be4247e2c27c2944b0c031a3a00447efa794ecc090108e3eefad193f492401949e39f56d"}, @HWSIM_ATTR_CHANNELS={0x8, 0x9, 0x2}, @HWSIM_ATTR_RADIO_NAME={0x8, 0x11, '-(^/'}, @HWSIM_ATTR_USE_CHANCTX={0x4}, @HWSIM_ATTR_PERM_ADDR={0xc4, 0x16, "3602184d636c9fc19d4ffecaea1bf5bd6cb78159661beb755d77ee080fdb9d8350cf07434b4cc902ab42f13a8109c4159b9ef8b33724f9b0b67928fc9ec9c072e11797736364849046456302637bbd19bbe4c5df131c09c986780e43f4c2d96d5f40a11ede567beb2c3519f1445eab7ac0e7b6e06accd33492041a7a1758fec22a9143be8121d84cb211cf2e13e4c8484ce2bbbdc7dce83eff7a438f3f3ff8e05f63e12b89c098f8f9cda68410a2c2d5a34ad29a1346e68712a1d425c1705e02"}, @HWSIM_ATTR_DESTROY_RADIO_ON_CLOSE={0x4}, @HWSIM_ATTR_NO_VIF={0x4}, @HWSIM_ATTR_IFTYPE_SUPPORT={0x8, 0x17, 0x1e}]}, 0x23c}, 0x1, 0x0, 0x0, 0xc001}, 0x8000)
sendmsg$auto_NLBL_CIPSOV4_C_LIST(r4, &(0x7f0000000bc0)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b40)={0x14, 0x0, 0x300, 0x70bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x200400c0)
ustat$auto(0x8a, &(0x7f0000000c00)={0x4df0, 0x6, "842d1a240efa", "c29285988a28"})
read$auto_rts_threshold_ops_(r0, &(0x7f0000000c40)=""/30, 0x1e)
madvise$auto(0x3, 0x3, 0x7)
openat$nci(0xffffffffffffff9c, &(0x7f0000000c80), 0x2, 0x0)

1.06443757s ago: executing program 0 (id=4154):
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x4, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x400008, 0x1, 0x9b72, 0x2, 0x400000000008000)
mlock$auto(0x112, 0x80006)
mlockall$auto(0x800000000000005)
madvise$auto(0x0, 0x200007, 0x19)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$auto_ILA_CMD_ADD(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)={0x14, r3, 0x1, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x48884}, 0x4)
r4 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/mem\x00', 0x28042, 0x0)
mmap$auto(0x102, 0x7f, 0x8, 0x15, r4, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x24, 0x0, 0x300, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_TT_CRC32={0x0, 0x13, 0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x800)
r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="fc000000", @ANYRES16=r5, @ANYBLOB="01002dbd7000fedbdf2505000000e60003800800c000e000000204002a000400110008002e00", @ANYRES32=0x0, @ANYBLOB="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac4138553ecfbb1b32"], 0xfc}, 0x1, 0x0, 0x0, 0x40000}, 0x10)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
get_robust_list$auto(0x0, 0x0, 0x0)
write$auto(r0, &(0x7f0000000100)='\x00', 0x9)
setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14)
setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14)
bind$auto(0x4, 0xfffffffffffffffe, 0x0)
bind$auto(0x3, 0xfffffffffffffffd, 0x0)
write$auto(0x3, 0x0, 0xfdef)

941.413734ms ago: executing program 1 (id=4155):
openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0xb8642, 0x0)
r0 = socket(0x1a, 0x1, 0x0)
r1 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000080), 0xc0402, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r1, 0xc0403d11, 0x0)
r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
write$auto_console_fops_tty_io(r2, &(0x7f0000000000)="c80d1b5d399b50", 0xfdef)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80002, 0x0)
r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r5 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000001c0), r4)
sendmsg$auto_L2TP_CMD_TUNNEL_DELETE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="cb0a00", @ANYRES16=r5, @ANYBLOB="00002cbd7000ffdbdf250200000006000200040000", @ANYRES32=r0, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x8800)
r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
r7 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
ioctl$auto(r7, 0x541c, r6)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
r8 = socket(0x2, 0x1, 0x0)
getsockopt$auto(r8, 0x6, 0x23, 0x0, 0x0)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80802, 0x0)
r9 = socket(0x2b, 0x1, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/bond0/bonding/fail_over_mac\x00', 0x103b02, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a)
sendmmsg$auto(r9, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, 0x0, 0x9, 0x0, 0x1f, 0x9}, 0x800009}, 0x7, 0x20000000)
io_uring_setup$auto(0x6, 0x0)
syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff)
write$auto(0x3, 0x0, 0xfffffdef)

919.41127ms ago: executing program 0 (id=4156):
mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
unshare$auto(0x4000007f) (async)
mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) (async)
r0 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0) (async, rerun: 64)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) (rerun: 64)
timer_settime$auto(0xfffffffc, 0x6d75, &(0x7f00000000c0)={{0x1, 0x2}, {0xfbffffffffffffff, 0x4d2f4a03}}, 0x0) (async)
io_uring_register$auto(0x2, 0x11, &(0x7f0000000180), 0x83) (async)
setsockopt$auto_SO_BUSY_POLL_BUDGET(0xffffffffffffffff, 0x3, 0x46, &(0x7f0000000200)='})*($$\x00', 0x9) (async)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8a01, 0x0)
ioctl$auto(r1, 0x401870c8, r0)
sendmsg$auto_NL80211_CMD_LEAVE_OCB(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000028bd7000fcdbdf256d00000007000a00107c4c000400d1000600b400030000000500020000000000"], 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x40000) (async)
rt_sigaction$auto(0x9, &(0x7f00000002c0)={&(0x7f0000000040)=&(0x7f0000000000)=0x7, 0x8, &(0x7f0000000280)=&(0x7f0000000240)=0xfb, {0x7}}, &(0x7f0000000400)={&(0x7f0000000340)=&(0x7f0000000300)=0x8, 0x8, &(0x7f00000003c0)=&(0x7f0000000380)=0xf2, {0x100000000000}}, 0x8) (async)
madvise$auto(0x0, 0xffffffffffff0005, 0x17) (async)
set_mempolicy_home_node$auto(0x0, 0x2010001, 0x0, 0x0)

590.333979ms ago: executing program 0 (id=4157):
unshare$auto(0x40000080)
mmap$auto(0x0, 0x20009, 0x7, 0x12, 0xffffffffffffffff, 0xf4e) (async)
mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) (async)
r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
write$auto_console_fops_tty_io(r0, &(0x7f0000001bc0)="51426572911c17e9dd66bf94ea32689283bb895dbc0a97721ed6e250c974356905898b7d48acecddf280cf6dd4ba18c1aa3928071c6585025ceab0e2f34f37ddec138ea587fc4def825608b0ab2a6ecac42062bd3c58ba606307b7471b20a40ffa168b91dde6727571c4ec94bfbde1df90ccb265ffda374c98ffb1ee22069af38a3f200532dbbe5e98f4455170e9a137517b9b7b8840359940ab00f37125c2bec0ac36606b6c69edb35967d723fb81a15faea2bd280d1581ad1ef597bb4dc09f6a5d53aaff1877b77c4e425761dc09d34498c1fce72c0ba1041a99b8748a37597b9567cda1de2cbf6962798e5ee11bf7cb2c70a9502f33c43b8e5dc54de743a2e24cb94c22d669b434888a7ce4cb16cd77b324258e07af32adc0cb38f8c622085783f6804edc3913fb9e98c55713fa0bf8101ad0f6f43407ce4be0001d1bb201bec283ade79ab23484c1076e703864629ac9a6031533dc956f705f89f0e0ef7d3109e46859d1f2ad1b8cb3cfcedf868a3be101e8b9acd75e39e6a27a541aa9fe86ad3119b7049c3fad2a901222eb948cabb4b5c3e5ba6ffc02a15bf7d550b00ab0f3dd3002924f7bd0701269ae293c4cb231b9127d1f6b38dd6fbb3429905384eed7eed9330a9c5e732bdd510169d9ca3e420ea2102be3770a0ab598c037b8f01e8910cf8b0942aafb156ac90724cf552df158a7f59c26e62f3fcf32d860c2259cb1b3118a773ff3cfbaf9c5b068dade5cd7778f1ea98700629b62534735fef3071c30afa6ea26f7e651ec140936c07d9e90f1c9faef3e05376b1e121af6a6691616c10e19fd4f16b1858b44d99e597908cda0e8fa8c21d8b700987d7723a4b5a4ff3c371f2d1cb9fb2f054abc58727239ba67a173f1431083fedc7c4304488c13c75e4995a58ac9de085377356ddc5338aeb44e7f3d06f82a5e0c846159c881a0395a3dbf32a9f2530a520721431a752b13b01a89bdf2b38387b72e8a533936623ec396f6ef94ddfcca047bf20a6fe450a03dedb36a57355e2519ff579b5c63095f48407ece8a7c6c4f5b2582616f0a6bba059810c0a28355fb08dceec9e290026452c3135f8ad93f9617f22e590122d43f6fdc1ea0f9ec12c551b5127108443bb081f7a89660034ea4f3c4305108428cc91918dbb28c2a117f09609e40903b13055e92a727afa767b1f97df335ee729686c0113e4cc18aa50f4ad82b1d403cc6c11ac3bf63415560417d7d488df01b69c925ca3fce60ca7ac767fd11df61caf62f3ab67dad043faf1cc334903e0f419c2e97553ecaad5814bf097192e76e9a16bc5c9be932718aba32cd7dbcc6bc634a463c6f709cc81963b39442e710c14c7e107b0aeb7b6a0e3f3757860d10dd741863277c43ce4dcec49f4558959b08f59182baf4f250aa045fee383ceaec280817bf222dfbeeca8c1ec8473176326c1ffd49ea072b5f3c73f36865b6052a1595c1bb76cfe37f976848fbcb408381ddeff9c318a2e6bbfe6c18ef16531fec3c47874a5391238c0d6b0e033db3fce94127cc9c98a4211e5d873f7b4810846d96be2d6cac532fce0ddee737e4d1ddb65b8b2449984a897e4090449ed4fb4006fb9d133e51396d4664a3f0c395c5b24781f8389979ccb565c6461b66db7134d15cff5ae8f935a5bcb23caace2edd2b37a726575e3cb0528de05edd9f03e30feb617767b6a557280a0a288b52af44a1607b6063867e5c9d8d56c44968fd509b5983fa06e6b1eefb2f8cee0c1cb49b8b569cf13b77adbc22ce972cd718167ac571ee41a446d13931f849d5636c729996b36ec84171fde260a4e01e9770cf687591a79833ae6473c51e12c0faab96ef093e6178d485526dbf775c94324c76bd4af2652e9036b1cc0d3df05c9232ee6eef7c4f46a6cf8ad160ad087aba6928bf156bf3ade1d135a965c4a2b283485737da67fe99227f2fbfb3baa74d75fe29122adfd82fcb9325b7ea826a52559654e76d494a374d9535facfcd4ab248e388c516bb8a0dc151b1557e418fd7c625c67ab1c50d6f05b97ba15c55631aeea44b21131aa93ead176f7bfd1418856e38782f004f272738827a64bb695f6b6a08cff8d1917be52a8851bd2bfd57d08bb0660e2ffc23792a419c2e9b006e3b0ad05044d99b97391fd2cceb86cf26acebe089a861340b04fd01e1baa70583032a30ea2e605217b80f7ee16d7e28be43d12bb2b67937dd26a8aeb84fef2f2d52f75232a400e7b279dcfc01953b0c46203477a50b5853e8f7b14b2ba31db742504bca6ed95b18846706c9fd85bf2a3a2642029b9ff2828bf0f7cbd96109a237961be8fe5c62f0fcc04c994f123f4a22f048403eac9308cfd2f2e4350c72e9ef83416ce973d3aa90d281a0275886dd3858b5869784ae58e257aa5af6d373dcc9cf520e364be748833adbb10daa6f6a334b51d27529d86ea5ce874562f9f93da45d244224b936fced3b658abbe7aa1f0d502fffce823f528ab47ea3540722f144733666229ae08cfc7e61247742ea4e3c180938ae7c7b81c1ee975c831f79672e044cefc49894c2ab73bba2580ac476cc0e56b6748b8edbb37a3f8dda7ffad4ec07abce7c4d10fc32e40d5a9db37f7b1e3a6eabedbefa9dd8eef189b92363d3391d384af26b7d47958d3d82845c9b668da5bcbd64058dc9e1c6d903ab5d2aa049d197116a11309a1abe9e5b3f9e7f1c623242b1d8089bc369d145a7070e8a9bdf543dbffe899ff9366009a3b0424a634681b530dad9ef23f136a10c7287068e57f3c2de45adf0a105c328e0035b97168f4c17aa4610b2e6e1a6ba0b71c06417b7a9497be4a009b19d7162adfd4d7b6490faf3782a920281333ad09b848ab5f4d15534b8c4e43dc9604b0630f8d349b2c80a98fde04693c31cbed7d460edfc0138dcc5d3974e682bbd555ac19625bf6e0607d8803391ec9c2dc41fc4e8bceae4f53507137324dd02914a067d52a577b812ddac4a34765c26a98839b3edb6290abff0c75991d6f8c1bd7540f38a7f25fec2f3539f894c938e1f3cf0ff1e6994d6a6ecc457a482f045ba712a85e8e31afd49c8e3480dc1c36d56ab2eceac6e5a847455d8ef4e3d45cd463c421bd1bce2ca57dd88f0e7ab3446cdfa8cb3914c240936f1738af7009e9131b240b59af55d7e38307b91fc8f00410cfdcfacaa341607a801afa63640091eb00b860700ea882878a8d9838f5597b970366be7d167ddebfe3c9253b5dbf7f30a67ee4d87dccb3c723c20200aa5fc036caf12811b19ce49c81ce328d7b24587353ecb99bafd327e33303cf447b36800d1bed8ee10df527d55c0d5f7506fb11cb1338074113579e665c6f3cffde5a8ee98a7bf3f8157986cf7c1c5dbdedaacbe3946b3d8809dec7387f006c062b93b6b481a806e5544ddeea7218fcc15c25a88164bfd0735e6290167cb2dbf4b4a317ba00b1fc27d203a6cff71ef8fe97a97d8e07af2ce1d0a0a2aa9ede7dd0572325075c83c2ecf866aa01654eff55ebe4e489e72152e6a3090e2348732704eb02997ffd23a63faabfbbbd1fb124cab606faed24a393058cea1c1286001ee5c0c1fa26b6a81ebdd4718a94cebdb45bfe812c771df398d3305da03d37ced9d0242b6da212dc9f5c14d7ff999bee20f6621792d1442e449eba8589a823e5e99c65fdffbaefe89e2e32406ec4cf574e335e2d288e4cdad56f4b1b57c364ed3e28809e480d6f410c7ebf43bd2a605d6a8c9facae6b7f8f2c56f792ae21fc0cc5dd9beae0cab3547ebb5467183c2f01bc315bd7bd191088886752dc5108093bdbc91348743440130f33d3dfa9c25490245e5fa904f8660e82253c826b7bea4e9a7a1c627e10c56d71878a644bd176016f29cf5398be14cc0fdec45c65e2b967aedb75212eed1eb05a44da62190009d1c08163b74813b82c27f1e6cd681a4b5150f967444b7bc930da68603fd706e96ba8663b2e50ef0a9b04e321a8a337b08fea7288a3fef5062c7e4c17ad3d490870d39c10b78a74eab25c993527e313a4f59d86de55aa9a8a63f734c2db556692fe993b0cd08e0ab5434c9ec02d5127354f55e6b5d5a7b61685d02edae21ece71d203abf7408211229a9ebbfdeffa2c0f38db274066d0706d80398c172e6daf4a0dce62c2287cbf0d30cfa313d7baf4e5caa18f594f0ab0d854f3cef76ff83e96fa49d0e0f8a47193b51a0a45aee2e1d9a5b372b8ee828f645a06979ec351d798480c7824e846028c02f58b5641acbae1e2079abd86182a662bb1642c9346d7fba628fb012da293acef33b8b76a8885c2e5d685348b6148c5b44409f58d8d5f29344fe8a2e4c2432ae622bb1912ea65d55745eff6aa689e859dcaeff39bff895025bd72cd780d59cbaa0886afd5d6676d2de6266903115525c075cc3f75ce9eba3787a890e1f758f0e502c4c9c0538dc942cf4e2d69742edeeddb66b1d459fcf6f744b2c40111104ab21fd4e99b4477e25cc5a9af59108c8b2f569d4ba227c754f294fdc1e6b383fd89861a203f4d4ee33814aeb21ee411a0d6918533aa2450b1e35c97ab6f01f3829c8a4c33fe0fbc81dd579bbdb44eda4f335d2bc512ca7f38f603c29033c94df2c9533f4422432f574a021e90a0fe3a4cf54de46e25986315b30956face49e26e8dcbcc9e1363627a9f38a2ee8304307dab4013d77f4c337551e2a6ac230788513cdd15e734263e4973c75757d9809c510977adc3be6c5b110597b09c7dad1f54e4506744710b53221e4a7982ac4c59bfae6370258b5af7864a4ca680addd736e35da579cc0e975e6cdefa3d082c8b4b10b205415c32797d9450c002895c9b40", 0xd4f)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async)
r2 = socket(0x10, 0x3, 0x9)
write$auto(r2, 0x0, 0x5) (async)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/bus/usb/drivers/dm9601/bind\x00', 0x63100, 0x0) (async)
r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/vrf/strict_mode\x00', 0x80202, 0x0)
sendfile$auto(r3, 0x3, 0x0, 0x400000000008) (async)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x3)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x102, 0x0) (async)
mmap$auto(0xfffffffffffffffd, 0x40000b, 0x20000df, 0x10, 0xffffffffffffffff, 0xb9)
openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kpagecount\x00', 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, r2, 0x8000) (async)
sendmsg$auto_MAC802154_HWSIM_CMD_NEW_EDGE(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40001}, 0x400c091) (async)
mmap$auto(0x0, 0x202000a, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
socket(0x10, 0x2, 0x0)
userfaultfd$auto(0x1) (async)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) (async)
socket(0xa, 0x801, 0x84)
socket(0xa, 0x3, 0x73)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket(0x1, 0x1, 0x1) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket(0xa, 0x801, 0x84)

496.144014ms ago: executing program 2 (id=4158):
r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/tracing/set_event\x00', 0x20002, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff)
mmap$auto(0x3e02d217, 0xe344, 0x3, 0x10010, r1, 0xe)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000fcdbdf2504000000040010"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800)
close_range$auto(r0, r1, 0x0)

321.716292ms ago: executing program 0 (id=4159):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
socket(0x2, 0x2, 0x0)
bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0x5974, 0x1d2c, 0x3, 0x4, 0x15f4da0e, 0x6, 0x9, 0x100008000000000c, 0x0, 0x4, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0)
pwrite64$auto(0xc8, 0x0, 0xfdf0, 0x39)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
socket(0x2c, 0x1, 0x3)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sysinfo$auto(0x0)
r1 = socket(0xa, 0x801, 0x100)
setsockopt$auto(r1, 0x6, 0x2, 0x0, 0xfb3)
prctl$auto(0x400, 0x7fff, 0x0, 0x10000, 0x100000000000007)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
bind$auto(0x3, 0x0, 0x6a)
mmap$auto(0x0, 0xfffffffffffffff7, 0x5, 0x19, r0, 0x7)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
close_range$auto(0x2, 0xa, 0x0)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x2, 0x5, 0xeb1, 0xffffffffffffffff, 0x0)

0s ago: executing program 2 (id=4160):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_tracing_mark_raw_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/trace_marker_raw\x00', 0x485, 0x0)
writev$auto(r0, &(0x7f0000000140)={0x0, 0x6}, 0x4)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/workqueue/cpumask\x00', 0x2, 0x0)
write$auto(r1, &(0x7f0000000180)='1\x00\\\xa0\x04|\x9d$\xdcM)\xb9\xdd\xd6', 0x5)

kernel console output (not intermixed with test programs):

9
[  934.256463][T21073] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  934.256479][T21073] RBP: 00007f13e7211f91 R08: 0000000000000000 R09: 0000000000000000
[  934.256495][T21073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  934.256511][T21073] R13: 00007f13e73e6038 R14: 00007f13e73e5fa0 R15: 00007ffd6c2abe68
[  934.256550][T21073]  </TASK>
[  934.483703][    C1] vkms_vblank_simulate: vblank timer overrun
[  935.997321][ T5836] Bluetooth: hci1: unexpected event 0x36 length: 123 > 7
[  936.472363][T21107] FAULT_INJECTION: forcing a failure.
[  936.472363][T21107] name failslab, interval 1, probability 0, space 0, times 0
[  936.500684][T21107] CPU: 0 UID: 0 PID: 21107 Comm: syz.2.3104 Tainted: G          I         syzkaller #0 PREEMPT(full) 
[  936.500730][T21107] Tainted: [I]=FIRMWARE_WORKAROUND
[  936.500740][T21107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  936.500756][T21107] Call Trace:
[  936.500765][T21107]  <TASK>
[  936.500775][T21107]  dump_stack_lvl+0x16c/0x1f0
[  936.500812][T21107]  should_fail_ex+0x512/0x640
[  936.500844][T21107]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  936.500876][T21107]  should_failslab+0xc2/0x120
[  936.500909][T21107]  kmem_cache_alloc_noprof+0x75/0x6e0
[  936.500934][T21107]  ? sk_prot_alloc+0x60/0x2a0
[  936.500976][T21107]  ? sk_prot_alloc+0x60/0x2a0
[  936.501008][T21107]  ? find_held_lock+0x2b/0x80
[  936.501032][T21107]  sk_prot_alloc+0x60/0x2a0
[  936.501069][T21107]  sk_alloc+0x36/0xc20
[  936.501109][T21107]  inet6_create+0x381/0x12b0
[  936.501141][T21107]  ? inet6_create+0x7f/0x12b0
[  936.501171][T21107]  __sock_create+0x338/0x8d0
[  936.501214][T21107]  __sys_socket+0x14d/0x260
[  936.501251][T21107]  ? __pfx___sys_socket+0x10/0x10
[  936.501286][T21107]  ? xfd_validate_state+0x61/0x180
[  936.501319][T21107]  ? __pfx___do_sys_close_range+0x10/0x10
[  936.501354][T21107]  __x64_sys_socket+0x72/0xb0
[  936.501389][T21107]  ? lockdep_hardirqs_on+0x7c/0x110
[  936.501419][T21107]  do_syscall_64+0xcd/0xfa0
[  936.501451][T21107]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  936.501479][T21107] RIP: 0033:0x7f13e718eec9
[  936.501501][T21107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  936.501528][T21107] RSP: 002b:00007f13e8113038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  936.501555][T21107] RAX: ffffffffffffffda RBX: 00007f13e73e5fa0 RCX: 00007f13e718eec9
[  936.501575][T21107] RDX: 0000000000000088 RSI: 0000000000000002 RDI: 000000000000000a
[  936.501592][T21107] RBP: 00007f13e7211f91 R08: 0000000000000000 R09: 0000000000000000
[  936.501608][T21107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  936.501624][T21107] R13: 00007f13e73e6038 R14: 00007f13e73e5fa0 R15: 00007ffd6c2abe68
[  936.501663][T21107]  </TASK>
[  938.749044][T21132] NFSD: Unable to initialize client recovery tracking! (-110)
[  938.756571][T21132] NFSD: Is nfsdcld running? If not, enable CONFIG_NFSD_LEGACY_CLIENT_TRACKING.
[  938.771932][T21132] NFSD: starting 90-second grace period (net f0000607)
[  940.662655][T21174] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3116'.
[  941.805495][T21217] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3125'.
[  941.862973][T21217] team0: Port device team_slave_1 removed
[  944.667429][T21267] netlink: 338 bytes leftover after parsing attributes in process `syz.3.3135'.
[  944.686416][T21267] netlink: 338 bytes leftover after parsing attributes in process `syz.3.3135'.
[  945.651721][T21311] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3143'.
[  946.736175][T21329] netlink: 93 bytes leftover after parsing attributes in process `syz.2.3146'.
[  947.689423][T21349] netlink: 93 bytes leftover after parsing attributes in process `syz.0.3149'.
[  947.698657][T21347] netlink: 93 bytes leftover after parsing attributes in process `syz.0.3149'.
[  949.969147][T21396] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3160'.
[  950.302104][T21396] team0: Port device team_slave_1 removed
[  952.295616][T21432] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3172'.
[  952.855780][T21438] FAULT_INJECTION: forcing a failure.
[  952.855780][T21438] name failslab, interval 1, probability 0, space 0, times 0
[  952.896503][T21438] CPU: 0 UID: 0 PID: 21438 Comm: syz.2.3167 Tainted: G          I         syzkaller #0 PREEMPT(full) 
[  952.896545][T21438] Tainted: [I]=FIRMWARE_WORKAROUND
[  952.896554][T21438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  952.896569][T21438] Call Trace:
[  952.896578][T21438]  <TASK>
[  952.896589][T21438]  dump_stack_lvl+0x16c/0x1f0
[  952.896622][T21438]  should_fail_ex+0x512/0x640
[  952.896650][T21438]  ? __kmalloc_cache_noprof+0x5f/0x780
[  952.896691][T21438]  should_failslab+0xc2/0x120
[  952.896723][T21438]  __kmalloc_cache_noprof+0x72/0x780
[  952.896758][T21438]  ? kernfs_fop_open+0x244/0xda0
[  952.896785][T21438]  ? kernfs_fop_open+0x244/0xda0
[  952.896807][T21438]  kernfs_fop_open+0x244/0xda0
[  952.896838][T21438]  do_dentry_open+0x982/0x1530
[  952.896867][T21438]  ? __pfx_kernfs_fop_open+0x10/0x10
[  952.896899][T21438]  vfs_open+0x82/0x3f0
[  952.896937][T21438]  path_openat+0x1de4/0x2cb0
[  952.896977][T21438]  ? __pfx_path_openat+0x10/0x10
[  952.897014][T21438]  do_filp_open+0x20b/0x470
[  952.897042][T21438]  ? __pfx_do_filp_open+0x10/0x10
[  952.897097][T21438]  ? alloc_fd+0x471/0x7d0
[  952.897133][T21438]  do_sys_openat2+0x11b/0x1d0
[  952.897167][T21438]  ? __pfx_do_sys_openat2+0x10/0x10
[  952.897214][T21438]  __x64_sys_openat+0x174/0x210
[  952.897247][T21438]  ? __pfx___x64_sys_openat+0x10/0x10
[  952.897296][T21438]  do_syscall_64+0xcd/0xfa0
[  952.897327][T21438]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  952.897352][T21438] RIP: 0033:0x7f13e718eec9
[  952.897373][T21438] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  952.897405][T21438] RSP: 002b:00007f13e8113038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  952.897430][T21438] RAX: ffffffffffffffda RBX: 00007f13e73e5fa0 RCX: 00007f13e718eec9
[  952.897447][T21438] RDX: 0000000000020b42 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  952.897463][T21438] RBP: 00007f13e7211f91 R08: 0000000000000000 R09: 0000000000000000
[  952.897479][T21438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  952.897495][T21438] R13: 00007f13e73e6038 R14: 00007f13e73e5fa0 R15: 00007ffd6c2abe68
[  952.897530][T21438]  </TASK>
[  954.229781][T21454] HfR: entered promiscuous mode
[  954.271450][T21469] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3170'.
[  954.465403][T21469] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3170'.
[  954.478272][T21469] geneve1: entered promiscuous mode
[  954.483537][T21469] geneve1: entered allmulticast mode
[  954.667189][T21470] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3170'.
[  954.960108][T21486] svc: failed to register nfsdv3 RPC service (errno 111).
[  954.968956][T21486] svc: failed to register nfsaclv3 RPC service (errno 111).
[  956.456867][T21507] openvswitch: netlink: IP tunnel dst address not specified
[  956.808343][ T5836] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  957.113535][T21490] NFSD: Unable to initialize client recovery tracking! (-110)
[  957.121054][T21490] NFSD: Is nfsdcld running? If not, enable CONFIG_NFSD_LEGACY_CLIENT_TRACKING.
[  957.163446][T21490] NFSD: starting 90-second grace period (net f0000420)
[  958.229595][T21544] FAULT_INJECTION: forcing a failure.
[  958.229595][T21544] name failslab, interval 1, probability 0, space 0, times 0
[  958.243279][T21544] CPU: 1 UID: 0 PID: 21544 Comm: syz.2.3188 Tainted: G          I         syzkaller #0 PREEMPT(full) 
[  958.243320][T21544] Tainted: [I]=FIRMWARE_WORKAROUND
[  958.243330][T21544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  958.243345][T21544] Call Trace:
[  958.243355][T21544]  <TASK>
[  958.243365][T21544]  dump_stack_lvl+0x16c/0x1f0
[  958.243402][T21544]  should_fail_ex+0x512/0x640
[  958.243435][T21544]  ? __kmalloc_node_track_caller_noprof+0xcb/0x8a0
[  958.243475][T21544]  should_failslab+0xc2/0x120
[  958.243511][T21544]  __kmalloc_node_track_caller_noprof+0xde/0x8a0
[  958.243545][T21544]  ? kstrdup_const+0x63/0x80
[  958.243581][T21544]  ? kstrdup+0x53/0x100
[  958.243606][T21544]  kstrdup+0x53/0x100
[  958.243635][T21544]  kstrdup_const+0x63/0x80
[  958.243663][T21544]  kvasprintf_const+0x10f/0x1a0
[  958.243701][T21544]  kobject_set_name_vargs+0x5a/0x140
[  958.243743][T21544]  kobject_init_and_add+0xe7/0x190
[  958.243780][T21544]  ? __pfx_kobject_init_and_add+0x10/0x10
[  958.243824][T21544]  ? up_write+0x1b2/0x520
[  958.243894][T21544]  sysfs_slab_add+0x194/0x1f0
[  958.243926][T21544]  do_kmem_cache_create+0x5bb/0x740
[  958.243965][T21544]  __kmem_cache_create_args+0x202/0x3c0
[  958.244010][T21544]  mon_text_open+0x333/0x510
[  958.244049][T21544]  ? __pfx_mon_text_open+0x10/0x10
[  958.244088][T21544]  ? __pfx_mon_text_ctor+0x10/0x10
[  958.244124][T21544]  ? __pfx_apparmor_file_open+0x10/0x10
[  958.244166][T21544]  ? lockdown_is_locked_down+0x3f/0x130
[  958.244201][T21544]  ? bpf_lsm_locked_down+0x9/0x10
[  958.244241][T21544]  ? __pfx_mon_text_open+0x10/0x10
[  958.244275][T21544]  full_proxy_open_regular+0x1b9/0x360
[  958.244316][T21544]  do_dentry_open+0x982/0x1530
[  958.244347][T21544]  ? __pfx_full_proxy_open_regular+0x10/0x10
[  958.244392][T21544]  vfs_open+0x82/0x3f0
[  958.244432][T21544]  path_openat+0x1de4/0x2cb0
[  958.244475][T21544]  ? __pfx_path_openat+0x10/0x10
[  958.244510][T21544]  do_filp_open+0x20b/0x470
[  958.244537][T21544]  ? __pfx_do_filp_open+0x10/0x10
[  958.244591][T21544]  ? alloc_fd+0x471/0x7d0
[  958.244628][T21544]  do_sys_openat2+0x11b/0x1d0
[  958.244664][T21544]  ? __pfx_do_sys_openat2+0x10/0x10
[  958.244716][T21544]  __x64_sys_openat+0x174/0x210
[  958.244753][T21544]  ? __pfx___x64_sys_openat+0x10/0x10
[  958.244806][T21544]  do_syscall_64+0xcd/0xfa0
[  958.244839][T21544]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  958.244866][T21544] RIP: 0033:0x7f13e718eec9
[  958.244889][T21544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  958.244912][T21544] RSP: 002b:00007f13e8113038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  958.244938][T21544] RAX: ffffffffffffffda RBX: 00007f13e73e5fa0 RCX: 00007f13e718eec9
[  958.244957][T21544] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  958.244974][T21544] RBP: 00007f13e7211f91 R08: 0000000000000000 R09: 0000000000000000
[  958.244990][T21544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  958.245007][T21544] R13: 00007f13e73e6038 R14: 00007f13e73e5fa0 R15: 00007ffd6c2abe68
[  958.245046][T21544]  </TASK>
[  958.245058][T21544] kobject: can not set name properly!
[  958.567780][T21544] SLUB: Unable to add cache mon_text_ffff88805a46a400 to sysfs
[  958.837081][T13293] Bluetooth: hci1: unexpected event 0x3e length: 508 > 260
[  958.837118][T13293] Bluetooth: hci1: unexpected subevent 0x02 length: 507 > 260
[  958.853141][T13293] Bluetooth: hci1: Dropping invalid advertising data
[  958.862158][T13293] Bluetooth: hci1: unknown advertising packet type: 0xe9
[  958.862220][T13293] Bluetooth: hci1: Dropping invalid advertising data
[  958.876799][T13293] Bluetooth: hci1: Malformed LE Event: 0x02
[  959.172734][T21534] NFSD: Unable to initialize client recovery tracking! (-110)
[  959.180825][T21534] NFSD: Is nfsdcld running? If not, enable CONFIG_NFSD_LEGACY_CLIENT_TRACKING.
[  959.202529][T21534] NFSD: starting 90-second grace period (net f0000607)
[  961.317991][ T5836] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  961.341585][ T5836] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  961.391313][ T5836] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  961.406747][ T5836] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  961.421114][ T5836] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  962.011749][T21607] can: request_module (can-proto-5) failed.
[  962.214980][T21618] svc: failed to register nfsdv3 RPC service (errno 111).
[  962.228372][T21618] svc: failed to register nfsaclv3 RPC service (errno 111).
[  962.674880][   T30] audit: type=1804 audit(4294967402.274:38): pid=21624 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.3204" name="file0" dev="tmpfs" ino=2548 res=1 errno=0
[  962.778044][   T30] audit: type=1804 audit(4294967402.314:39): pid=21622 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.3204" name="file0" dev="tmpfs" ino=2548 res=1 errno=0
[  962.806658][T21626] netlink: 'syz.0.3204': attribute type 33 has an invalid length.
[  962.869223][T21596] chnl_net:caif_netlink_parms(): no params data found
[  963.442275][T21596] bridge0: port 1(bridge_slave_0) entered blocking state
[  963.456255][T21596] bridge0: port 1(bridge_slave_0) entered disabled state
[  963.478877][T21596] bridge_slave_0: entered allmulticast mode
[  963.488450][T21596] bridge_slave_0: entered promiscuous mode
[  963.490269][ T5836] Bluetooth: hci2: command tx timeout
[  963.500170][T21596] bridge0: port 2(bridge_slave_1) entered blocking state
[  963.507745][T21596] bridge0: port 2(bridge_slave_1) entered disabled state
[  963.535800][T21596] bridge_slave_1: entered allmulticast mode
[  963.554345][T21596] bridge_slave_1: entered promiscuous mode
[  963.754477][T21596] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  963.782310][T21596] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  963.942139][T21596] team0: Port device team_slave_0 added
[  963.980334][T21596] team0: Port device team_slave_1 added
[  964.026866][T21596] batman_adv: batadv0: Adding interface: batadv_slave_0
[  964.035517][T21596] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  964.067406][T21596] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  964.082508][T21596] batman_adv: batadv0: Adding interface: batadv_slave_1
[  964.089813][T21596] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  964.123371][T21596] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  964.187698][T21596] hsr_slave_0: entered promiscuous mode
[  964.194793][T21596] hsr_slave_1: entered promiscuous mode
[  964.203395][T21596] debugfs: 'hsr0' already exists in 'hsr'
[  964.209345][T21596] Cannot create hsr debugfs directory
[  964.345836][T21637] NFSD: Unable to initialize client recovery tracking! (-110)
[  964.353510][T21637] NFSD: Is nfsdcld running? If not, enable CONFIG_NFSD_LEGACY_CLIENT_TRACKING.
[  964.363151][T21637] NFSD: starting 90-second grace period (net f0000607)
[  964.430190][T21596] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  964.578613][T21596] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  964.690553][T21596] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  964.767503][T21596] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  964.839421][T21641] svc: failed to register nfsdv3 RPC service (errno 512).
[  964.850905][T21641] svc: failed to register nfsaclv3 RPC service (errno 512).
[  965.220288][T21596] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  965.371618][T21596] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  965.475611][T21596] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  965.539523][ T5836] Bluetooth: hci2: command tx timeout
[  965.565431][T21596] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  966.334619][T21596] 8021q: adding VLAN 0 to HW filter on device bond0
[  966.374737][T21596] 8021q: adding VLAN 0 to HW filter on device team0
[  966.413556][ T9790] bridge0: port 1(bridge_slave_0) entered blocking state
[  966.420861][ T9790] bridge0: port 1(bridge_slave_0) entered forwarding state
[  966.447429][ T9790] bridge0: port 2(bridge_slave_1) entered blocking state
[  966.454744][ T9790] bridge0: port 2(bridge_slave_1) entered forwarding state
[  966.535688][T21677] NFSD: Unable to initialize client recovery tracking! (-110)
[  966.543423][T21677] NFSD: Is nfsdcld running? If not, enable CONFIG_NFSD_LEGACY_CLIENT_TRACKING.
[  966.553168][T21677] NFSD: starting 90-second grace period (net f0000607)
[  966.912565][T21712] nfs: Unknown parameter 'w��`_�����I+;��	��HY� ������Lu�>>��uh�*��C<+����'
[  967.010390][T21596] 8021q: adding VLAN 0 to HW filter on device batadv0
[  967.126118][T21596] veth0_vlan: entered promiscuous mode
[  967.211610][T21596] veth1_vlan: entered promiscuous mode
[  967.418192][T21730] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3225'.
[  967.437699][T21730] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3225'.
[  967.467546][T21596] veth0_macvtap: entered promiscuous mode
[  967.488083][T21596] veth1_macvtap: entered promiscuous mode
[  967.530126][T21596] batman_adv: batadv0: Interface activated: batadv_slave_0
[  967.563292][T21596] batman_adv: batadv0: Interface activated: batadv_slave_1
[  967.587515][ T9790] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  967.597801][ T9790] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  967.614997][ T5836] Bluetooth: hci2: command tx timeout
[  967.630259][ T9790] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  967.640194][ T9790] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  967.713108][T12492] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  967.729686][T12492] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  967.760366][   T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  967.769163][   T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  968.008193][T21745] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3194'.
[  969.223025][T21771] hub 1-0:1.0: USB hub found
[  969.233590][T21771] hub 1-0:1.0: 1 port detected
[  969.711774][ T5836] Bluetooth: hci2: command tx timeout
[  971.432629][T13293] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  971.508936][T13293] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  971.523757][T13293] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  971.539712][T13293] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  971.576765][T13293] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  972.846974][ T9790] netdevsim netdevsim15 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  973.657553][ T5836] Bluetooth: hci3: command tx timeout
[  973.873711][T21842] kexec: Could not allocate control_code_buffer
[  974.174719][   T30] audit: type=1804 audit(4294967414.115:40): pid=21868 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3251" name="/newroot/355/file0" dev="tmpfs" ino=1893 res=1 errno=0
[  974.284231][   T30] audit: type=1804 audit(4294967414.226:41): pid=21880 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.3251" name="/newroot/355/file0" dev="tmpfs" ino=1893 res=1 errno=0
[  974.290137][T21877] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3252'.
[  975.726766][ T5836] Bluetooth: hci3: command tx timeout
[  976.115187][ T9790] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  976.127478][ T9790] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  976.137823][ T9790] bond0 (unregistering): Released all slaves
[  976.157828][T21868] netlink: 'syz.2.3251': attribute type 33 has an invalid length.
[  976.202983][T21829] chnl_net:caif_netlink_parms(): no params data found
[  976.366522][ T9790] tipc: Left network mode
[  976.567366][   T30] audit: type=1804 audit(4294967416.508:42): pid=21904 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.3254" name="/newroot/sys/kernel/debug/tracing/options/blk_cgroup" dev="tracefs" ino=206 res=1 errno=0
[  977.094520][T21829] bridge0: port 1(bridge_slave_0) entered blocking state
[  977.119564][T21829] bridge0: port 1(bridge_slave_0) entered disabled state
[  977.127071][T21829] bridge_slave_0: entered allmulticast mode
[  977.135554][T21829] bridge_slave_0: entered promiscuous mode
[  977.313814][T21829] bridge0: port 2(bridge_slave_1) entered blocking state
[  977.330575][T21829] bridge0: port 2(bridge_slave_1) entered disabled state
[  977.345085][T21829] bridge_slave_1: entered allmulticast mode
[  977.358757][T21829] bridge_slave_1: entered promiscuous mode
[  977.802761][ T5836] Bluetooth: hci3: command tx timeout
[  977.924533][T21829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  977.997647][T21829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  978.010775][T21927] 0x000200000001-0xa29656a63616329 : ""
[  978.021360][T21927] mtd: partition "" is out of reach -- disabled
[  978.048212][T21927] ftl_cs: FTL header not found.
[  978.348705][T21829] team0: Port device team_slave_0 added
[  978.450449][T21829] team0: Port device team_slave_1 added
[  978.638532][T21829] batman_adv: batadv0: Adding interface: batadv_slave_0
[  978.663953][T21829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  978.747408][T21954] cougar: G6 mapped to space
[  978.867160][T21829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  978.953052][T21829] batman_adv: batadv0: Adding interface: batadv_slave_1
[  978.960429][T21829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  979.056041][T21829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  979.245876][T21829] hsr_slave_0: entered promiscuous mode
[  979.284670][T21829] hsr_slave_1: entered promiscuous mode
[  979.291696][T21829] debugfs: 'hsr0' already exists in 'hsr'
[  979.300153][T21829] Cannot create hsr debugfs directory
[  979.430053][T21962] vhci_hcd: invalid port number 21
[  979.869163][ T5836] Bluetooth: hci3: command tx timeout
[  980.041979][ T9790] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  980.051417][ T9790] batman_adv: batadv0: Removing interface: batadv_slave_0
[  980.061606][ T9790] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  980.102287][ T9790] batman_adv: batadv0: Removing interface: batadv_slave_1
[  980.250705][ T9790] veth1_macvtap: left promiscuous mode
[  980.256914][ T9790] veth0_macvtap: left promiscuous mode
[  980.262809][ T9790] veth1_vlan: left promiscuous mode
[  980.269173][ T9790] veth0_vlan: left promiscuous mode
[  981.409215][ T9790] team0 (unregistering): Port device team_slave_0 removed
[  982.569645][T21829] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  982.718687][T21829] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  983.033993][T21829] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  983.236724][T22004] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3276'.
[  983.643152][T21829] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  984.424577][T21829] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  984.501857][T21829] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  984.548883][T21829] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  984.618999][T21829] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  985.097216][T21829] 8021q: adding VLAN 0 to HW filter on device bond0
[  985.125490][T21829] 8021q: adding VLAN 0 to HW filter on device team0
[  985.139941][ T9496] bridge0: port 1(bridge_slave_0) entered blocking state
[  985.147198][ T9496] bridge0: port 1(bridge_slave_0) entered forwarding state
[  985.173790][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[  985.181053][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[  985.197642][T22013] NFSD: Unable to initialize client recovery tracking! (-110)
[  985.205340][T22013] NFSD: Is nfsdcld running? If not, enable CONFIG_NFSD_LEGACY_CLIENT_TRACKING.
[  985.214842][T22013] NFSD: starting 90-second grace period (net f0000607)
[  985.397456][T22011] kexec: Could not allocate control_code_buffer
[  985.671576][T21829] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  986.947283][T21829] 8021q: adding VLAN 0 to HW filter on device batadv0
[  987.156200][T21829] veth0_vlan: entered promiscuous mode
[  987.205944][T21829] veth1_vlan: entered promiscuous mode
[  987.450056][T21829] veth0_macvtap: entered promiscuous mode
[  987.477701][T21829] veth1_macvtap: entered promiscuous mode
[  988.877997][T22082] delete_channel: no stack
[  989.108318][T21829] batman_adv: batadv0: Interface activated: batadv_slave_0
[  989.471304][T21829] batman_adv: batadv0: Interface activated: batadv_slave_1
[  989.538208][ T9790] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  989.567954][ T9790] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  989.619079][ T9790] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  989.645928][ T9790] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  989.979544][T22093] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3295'.
[  989.989441][ T9800] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  990.046245][ T9800] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  990.514986][ T9800] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  990.572919][ T9800] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  991.171213][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  991.178241][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  992.006362][T22126] FAULT_INJECTION: forcing a failure.
[  992.006362][T22126] name failslab, interval 1, probability 0, space 0, times 0
[  992.069749][T22126] CPU: 1 UID: 0 PID: 22126 Comm: syz.1.3302 Tainted: G          I         syzkaller #0 PREEMPT(full) 
[  992.069795][T22126] Tainted: [I]=FIRMWARE_WORKAROUND
[  992.069807][T22126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  992.069827][T22126] Call Trace:
[  992.069837][T22126]  <TASK>
[  992.069848][T22126]  dump_stack_lvl+0x16c/0x1f0
[  992.069886][T22126]  should_fail_ex+0x512/0x640
[  992.069919][T22126]  ? __kmalloc_cache_noprof+0x5f/0x780
[  992.069964][T22126]  should_failslab+0xc2/0x120
[  992.070000][T22126]  __kmalloc_cache_noprof+0x72/0x780
[  992.070044][T22126]  ? kvm_dev_ioctl+0xa8a/0x1a80
[  992.070090][T22126]  ? kvm_dev_ioctl+0xa8a/0x1a80
[  992.070128][T22126]  kvm_dev_ioctl+0xa8a/0x1a80
[  992.070171][T22126]  ? find_held_lock+0x2b/0x80
[  992.070198][T22126]  ? hook_file_ioctl_common+0x145/0x410
[  992.070240][T22126]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[  992.070282][T22126]  ? __fget_files+0x20e/0x3c0
[  992.070314][T22126]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[  992.070355][T22126]  __x64_sys_ioctl+0x18b/0x210
[  992.070395][T22126]  do_syscall_64+0xcd/0xfa0
[  992.070428][T22126]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  992.070454][T22126] RIP: 0033:0x7fa68458eec9
[  992.070475][T22126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  992.070501][T22126] RSP: 002b:00007fa685378038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  992.070527][T22126] RAX: ffffffffffffffda RBX: 00007fa6847e5fa0 RCX: 00007fa68458eec9
[  992.070547][T22126] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000007
[  992.070564][T22126] RBP: 00007fa684611f91 R08: 0000000000000000 R09: 0000000000000000
[  992.070582][T22126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  992.070599][T22126] R13: 00007fa6847e6038 R14: 00007fa6847e5fa0 R15: 00007ffc3cd33c98
[  992.070636][T22126]  </TASK>
[  992.351757][ T5836] Bluetooth: hci3: unexpected subevent 0x0c length: 118 > 5
[  993.330529][T22155] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3306'.
[  994.044425][T22164] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3307'.
[  994.247472][T22167] netlink: 194 bytes leftover after parsing attributes in process `syz.1.3308'.
[  998.203708][T22226] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input29
[  998.310340][T22227] sd 0:0:1:0: PR command failed: 1026
[  998.413548][T22227] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  998.607878][T22227] sd 0:0:1:0: Add. Sense: Invalid command operation code
[ 1000.070262][T22265] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3326'.
[ 1000.170152][T22268] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3327'.
[ 1000.572072][T22270] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3328'.
[ 1002.370746][T22305] uvcvideo: [Deprecated]: nodrop parameter will be eventually removed.
[ 1002.803008][T22316] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3340'.
[ 1002.813288][T22316] netlink: 'syz.2.3340': attribute type 1 has an invalid length.
[ 1002.821514][T22316] netlink: 13 bytes leftover after parsing attributes in process `syz.2.3340'.
[ 1004.296310][T22371] can: request_module (can-proto-0) failed.
[ 1004.708389][T22365] random: crng reseeded on system resumption
[ 1007.255725][T22427] FAULT_INJECTION: forcing a failure.
[ 1007.255725][T22427] name fail_futex, interval 1, probability 0, space 0, times 0
[ 1007.269364][T22427] CPU: 0 UID: 0 PID: 22427 Comm: syz.3.3361 Tainted: G          I         syzkaller #0 PREEMPT(full) 
[ 1007.269389][T22427] Tainted: [I]=FIRMWARE_WORKAROUND
[ 1007.269395][T22427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1007.269403][T22427] Call Trace:
[ 1007.269409][T22427]  <TASK>
[ 1007.269415][T22427]  dump_stack_lvl+0x16c/0x1f0
[ 1007.269437][T22427]  should_fail_ex+0x512/0x640
[ 1007.269458][T22427]  get_futex_key+0x1d0/0x1560
[ 1007.269479][T22427]  ? __pfx_get_futex_key+0x10/0x10
[ 1007.269496][T22427]  ? futex_private_hash_put+0x176/0x300
[ 1007.269520][T22427]  futex_wake+0xea/0x530
[ 1007.269543][T22427]  ? __pfx_futex_wake+0x10/0x10
[ 1007.269568][T22427]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1007.269589][T22427]  ? find_held_lock+0x2b/0x80
[ 1007.269606][T22427]  do_futex+0x1e3/0x350
[ 1007.269624][T22427]  ? __pfx_do_futex+0x10/0x10
[ 1007.269641][T22427]  ? _raw_spin_unlock_irq+0x2e/0x50
[ 1007.269655][T22427]  ? sigprocmask+0xef/0x330
[ 1007.269676][T22427]  ? __pfx_sigprocmask+0x10/0x10
[ 1007.269700][T22427]  __x64_sys_futex+0x1e0/0x4c0
[ 1007.269720][T22427]  ? __x64_sys_rt_sigprocmask+0x1fd/0x290
[ 1007.269734][T22427]  ? __pfx___x64_sys_futex+0x10/0x10
[ 1007.269753][T22427]  ? xfd_validate_state+0x61/0x180
[ 1007.269779][T22427]  do_syscall_64+0xcd/0xfa0
[ 1007.269796][T22427]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1007.269811][T22427] RIP: 0033:0x7f2e6bd8eec9
[ 1007.269823][T22427] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1007.269836][T22427] RSP: 002b:00007ffd231076b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1007.269850][T22427] RAX: ffffffffffffffda RBX: 00007f2e6bfe5fa8 RCX: 00007f2e6bd8eec9
[ 1007.269860][T22427] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2e6bfe5fa8
[ 1007.269869][T22427] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000001b231079af
[ 1007.269877][T22427] R10: 00007f2e6bfe5fa0 R11: 0000000000000246 R12: 00007f2e6bfe5fac
[ 1007.269886][T22427] R13: 00007f2e6bfe5fa0 R14: 0000000000000ffd R15: 0000000000000002
[ 1007.269909][T22427]  </TASK>
[ 1008.019735][T22446] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3363'.
[ 1009.050512][ T7284] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1009.068366][ T7284] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1009.123936][ T7284] bond0 (unregistering): Released all slaves
[ 1009.809981][T22489] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[ 1009.944341][T22489] kAFS: Invalid Command on /proc/fs/afs/cells file
[ 1010.086117][T22499] openvswitch: netlink: VXLAN extension 0 has unexpected len 4 expected 0
[ 1010.613340][ T5836] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[ 1010.621416][ T5836] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[ 1010.631254][ T5836] CPU: 1 UID: 0 PID: 5836 Comm: kworker/u9:3 Tainted: G          I         syzkaller #0 PREEMPT(full) 
[ 1010.631307][ T5836] Tainted: [I]=FIRMWARE_WORKAROUND
[ 1010.631318][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1010.631335][ T5836] Workqueue: hci0 hci_rx_work
[ 1010.631368][ T5836] Call Trace:
[ 1010.631377][ T5836]  <TASK>
[ 1010.631388][ T5836]  dump_stack_lvl+0x16c/0x1f0
[ 1010.631422][ T5836]  sysfs_warn_dup+0x7f/0xa0
[ 1010.631457][ T5836]  sysfs_create_dir_ns+0x24b/0x2b0
[ 1010.631489][ T5836]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1010.631520][ T5836]  ? find_held_lock+0x2b/0x80
[ 1010.631556][ T5836]  ? do_raw_spin_unlock+0x172/0x230
[ 1010.631599][ T5836]  kobject_add_internal+0x2c4/0x9b0
[ 1010.631639][ T5836]  kobject_add+0x16e/0x240
[ 1010.631672][ T5836]  ? __pfx_kobject_add+0x10/0x10
[ 1010.631707][ T5836]  ? do_raw_spin_unlock+0x172/0x230
[ 1010.631748][ T5836]  ? kobject_put+0xab/0x5a0
[ 1010.631791][ T5836]  device_add+0x288/0x1aa0
[ 1010.631825][ T5836]  ? __pfx_dev_set_name+0x10/0x10
[ 1010.631860][ T5836]  ? __pfx_device_add+0x10/0x10
[ 1010.631901][ T5836]  ? mgmt_send_event_skb+0x2fb/0x460
[ 1010.631940][ T5836]  hci_conn_add_sysfs+0x17e/0x230
[ 1010.631973][ T5836]  le_conn_complete_evt+0x1260/0x2150
[ 1010.632011][ T5836]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1010.632039][ T5836]  ? bt_warn+0xe4/0x120
[ 1010.632058][ T5836]  ? __pfx_bt_warn+0x10/0x10
[ 1010.632087][ T5836]  hci_le_conn_complete_evt+0x23c/0x370
[ 1010.632119][ T5836]  hci_le_meta_evt+0x354/0x5e0
[ 1010.632144][ T5836]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1010.632172][ T5836]  hci_event_packet+0x685/0x11c0
[ 1010.632200][ T5836]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1010.632230][ T5836]  ? __pfx_hci_event_packet+0x10/0x10
[ 1010.632262][ T5836]  ? kcov_remote_start+0x3c9/0x6d0
[ 1010.632287][ T5836]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1010.632326][ T5836]  hci_rx_work+0x2c5/0x16b0
[ 1010.632355][ T5836]  ? rcu_is_watching+0x12/0xc0
[ 1010.632388][ T5836]  process_one_work+0x9cf/0x1b70
[ 1010.632442][ T5836]  ? __pfx_process_one_work+0x10/0x10
[ 1010.632492][ T5836]  ? assign_work+0x1a0/0x250
[ 1010.632540][ T5836]  worker_thread+0x6c8/0xf10
[ 1010.632599][ T5836]  ? __pfx_worker_thread+0x10/0x10
[ 1010.632638][ T5836]  kthread+0x3c2/0x780
[ 1010.632676][ T5836]  ? __pfx_kthread+0x10/0x10
[ 1010.632716][ T5836]  ? rcu_is_watching+0x12/0xc0
[ 1010.632743][ T5836]  ? __pfx_kthread+0x10/0x10
[ 1010.632781][ T5836]  ret_from_fork+0x675/0x7d0
[ 1010.632816][ T5836]  ? __pfx_kthread+0x10/0x10
[ 1010.632853][ T5836]  ret_from_fork_asm+0x1a/0x30
[ 1010.632909][ T5836]  </TASK>
[ 1010.632942][ T5836] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1010.905556][ T5836] Bluetooth: hci0: failed to register connection device
[ 1011.437325][T22533] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3381'.
[ 1011.787344][T22542] bond0: option packets_per_slave: invalid value (X�n�p�)
[ 1011.802054][T22542] bond0: option packets_per_slave: allowed values 0 - 65535
[ 1012.094577][T22546] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3384'.
[ 1012.407512][T22543] zswap: compressor  not available
[ 1012.491307][T22555] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3382'.
[ 1012.973073][ T5836] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1013.551715][T22592] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16)
[ 1013.559999][T22592] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[ 1013.594367][ T7284] veth1_macvtap: left promiscuous mode
[ 1013.608038][ T7284] veth0_macvtap: left promiscuous mode
[ 1014.301672][ T7284] team0 (unregistering): Port device team_slave_1 removed
[ 1015.252448][T22619] MTRR 1 not used
[ 1015.266152][T22620] MTRR 1 not used
[ 1015.441920][T22628] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3400'.
[ 1016.811662][T22656] netlink: 189 bytes leftover after parsing attributes in process `syz.0.3405'.
[ 1016.821309][T22656] nbd: socks must be embedded in a SOCK_ITEM attr
[ 1017.181630][T21667] Process accounting resumed
[ 1017.477163][T22670] FAULT_INJECTION: forcing a failure.
[ 1017.477163][T22670] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1017.491111][T22670] CPU: 1 UID: 0 PID: 22670 Comm: syz.1.3409 Tainted: G          I         syzkaller #0 PREEMPT(full) 
[ 1017.491136][T22670] Tainted: [I]=FIRMWARE_WORKAROUND
[ 1017.491142][T22670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1017.491151][T22670] Call Trace:
[ 1017.491159][T22670]  <TASK>
[ 1017.491166][T22670]  dump_stack_lvl+0x16c/0x1f0
[ 1017.491188][T22670]  should_fail_ex+0x512/0x640
[ 1017.491210][T22670]  _copy_from_iter+0x29f/0x1720
[ 1017.491234][T22670]  ? __pfx__copy_from_iter+0x10/0x10
[ 1017.491256][T22670]  ? __pfx___might_resched+0x10/0x10
[ 1017.491276][T22670]  file_tty_write.constprop.0+0x487/0x9b0
[ 1017.491311][T22670]  redirected_tty_write+0x84/0x150
[ 1017.491332][T22670]  vfs_write+0x7d3/0x11d0
[ 1017.491349][T22670]  ? __pfx_redirected_tty_write+0x10/0x10
[ 1017.491372][T22670]  ? __pfx_vfs_write+0x10/0x10
[ 1017.491385][T22670]  ? find_held_lock+0x2b/0x80
[ 1017.491414][T22670]  ksys_write+0x12a/0x250
[ 1017.491429][T22670]  ? __pfx_ksys_write+0x10/0x10
[ 1017.491450][T22670]  do_syscall_64+0xcd/0xfa0
[ 1017.491469][T22670]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1017.491484][T22670] RIP: 0033:0x7fa68458eec9
[ 1017.491496][T22670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1017.491510][T22670] RSP: 002b:00007fa685357038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1017.491524][T22670] RAX: ffffffffffffffda RBX: 00007fa6847e6090 RCX: 00007fa68458eec9
[ 1017.491533][T22670] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003
[ 1017.491542][T22670] RBP: 00007fa684611f91 R08: 0000000000000000 R09: 0000000000000000
[ 1017.491550][T22670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1017.491559][T22670] R13: 00007fa6847e6128 R14: 00007fa6847e6090 R15: 00007ffc3cd33c98
[ 1017.491579][T22670]  </TASK>
[ 1017.962674][T22679] netlink: 25 bytes leftover after parsing attributes in process `syz.2.3412'.
[ 1018.027309][T22667] Process accounting resumed
[ 1018.163403][T22683] netlink: 108 bytes leftover after parsing attributes in process `syz.1.3414'.
[ 1018.178588][T22682] netlink: 108 bytes leftover after parsing attributes in process `syz.1.3414'.
[ 1018.178698][T22684] netlink: 206 bytes leftover after parsing attributes in process `syz.1.3414'.
[ 1018.423151][T22689] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[ 1018.434631][T22687] vivid-007: =================  START STATUS  =================
[ 1018.443166][T22687] vivid-007: Enable Output Cropping: true
[ 1018.451116][T22687] vivid-007: Enable Output Composing: true
[ 1018.457199][T22687] vivid-007: Enable Output Scaler: true
[ 1018.463117][T22687] vivid-007: Tx RGB Quantization Range: Automatic
[ 1018.470994][T22687] vivid-007: Transmit Mode: HDMI
[ 1018.482877][T22687] vivid-007: Hotplug Present: 0x00000000
[ 1018.495182][T22687] vivid-007: RxSense Present: 0x00000000
[ 1018.504193][T22687] vivid-007: EDID Present: 0x00000000
[ 1018.528788][T22687] vivid-007: ==================  END STATUS  ==================
[ 1021.155327][T22751] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3425'.
[ 1021.732701][T22796] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3435'.
[ 1021.743776][T22793] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3435'.
[ 1021.994027][T22804] binder: 22802:22804 ioctl c018620c 0 returned -14
[ 1023.552587][T22839] openvswitch: netlink: Flow actions attr not present in new flow.
[ 1024.094199][T22853] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3447'.
[ 1024.156655][T22854] netlink: 282 bytes leftover after parsing attributes in process `syz.2.3447'.
[ 1024.177629][T22853] netlink: 306 bytes leftover after parsing attributes in process `syz.2.3447'.
[ 1025.221420][T22893] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3454'.
[ 1025.281766][T22894] openvswitch: netlink: IP tunnel attribute has 4096 unknown bytes.
[ 1025.706477][T22906] usb usb36: usbfs: process 22906 (syz.1.3457) did not claim interface 0 before use
[ 1025.776477][T22906] FAULT_INJECTION: forcing a failure.
[ 1025.776477][T22906] name failslab, interval 1, probability 0, space 0, times 0
[ 1025.789617][T22906] CPU: 1 UID: 0 PID: 22906 Comm: syz.1.3457 Tainted: G          I         syzkaller #0 PREEMPT(full) 
[ 1025.789662][T22906] Tainted: [I]=FIRMWARE_WORKAROUND
[ 1025.789674][T22906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1025.789690][T22906] Call Trace:
[ 1025.789700][T22906]  <TASK>
[ 1025.789712][T22906]  dump_stack_lvl+0x16c/0x1f0
[ 1025.789748][T22906]  should_fail_ex+0x512/0x640
[ 1025.789779][T22906]  ? __kmalloc_node_track_caller_noprof+0xcb/0x8a0
[ 1025.789819][T22906]  should_failslab+0xc2/0x120
[ 1025.789853][T22906]  __kmalloc_node_track_caller_noprof+0xde/0x8a0
[ 1025.789886][T22906]  ? sysctl_route_net_init+0x42/0x2c0
[ 1025.789927][T22906]  ? __pfx_sysctl_route_net_init+0x10/0x10
[ 1025.789964][T22906]  ? kmemdup_noprof+0x29/0x60
[ 1025.789990][T22906]  kmemdup_noprof+0x29/0x60
[ 1025.790018][T22906]  sysctl_route_net_init+0x42/0x2c0
[ 1025.790055][T22906]  ? __pfx_sysctl_route_net_init+0x10/0x10
[ 1025.790089][T22906]  ops_init+0x1df/0x5f0
[ 1025.790124][T22906]  setup_net+0x100/0x390
[ 1025.790163][T22906]  ? __pfx_setup_net+0x10/0x10
[ 1025.790195][T22906]  ? debug_mutex_init+0x37/0x70
[ 1025.790227][T22906]  copy_net_ns+0x2f8/0x690
[ 1025.790264][T22906]  create_new_namespaces+0x3ea/0xa90
[ 1025.790303][T22906]  unshare_nsproxy_namespaces+0xc0/0x1f0
[ 1025.790337][T22906]  ksys_unshare+0x45b/0xa40
[ 1025.790371][T22906]  ? __pfx_ksys_unshare+0x10/0x10
[ 1025.790405][T22906]  ? xfd_validate_state+0x61/0x180
[ 1025.790451][T22906]  __x64_sys_unshare+0x31/0x40
[ 1025.790484][T22906]  do_syscall_64+0xcd/0xfa0
[ 1025.790517][T22906]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1025.790544][T22906] RIP: 0033:0x7fa68458eec9
[ 1025.790570][T22906] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1025.790598][T22906] RSP: 002b:00007fa685378038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[ 1025.790625][T22906] RAX: ffffffffffffffda RBX: 00007fa6847e5fa0 RCX: 00007fa68458eec9
[ 1025.790644][T22906] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[ 1025.790661][T22906] RBP: 00007fa684611f91 R08: 0000000000000000 R09: 0000000000000000
[ 1025.790679][T22906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1025.790696][T22906] R13: 00007fa6847e6038 R14: 00007fa6847e5fa0 R15: 00007ffc3cd33c98
[ 1025.790733][T22906]  </TASK>
[ 1026.024881][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1026.187024][T22911] __vm_enough_memory: pid: 22911, comm: syz.2.3458, bytes: 4398046511104 not enough memory for the allocation
[ 1030.017351][T23010] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3478'.
[ 1031.186409][T23042] netlink: 302 bytes leftover after parsing attributes in process `syz.0.3488'.
[ 1034.388813][T23149] __vm_enough_memory: pid: 23149, comm: syz.0.3510, bytes: 4398046511104 not enough memory for the allocation
[ 1034.505901][T23151] netlink: zone id is out of range
[ 1034.506813][T23153] netlink: zone id is out of range
[ 1034.575403][T23151] netlink: zone id is out of range
[ 1034.581094][T23151] netlink: zone id is out of range
[ 1034.584134][T23153] netlink: zone id is out of range
[ 1034.586328][T23151] netlink: zone id is out of range
[ 1034.596595][T23151] netlink: zone id is out of range
[ 1034.601827][T23151] netlink: zone id is out of range
[ 1034.606962][T23151] netlink: zone id is out of range
[ 1034.612427][T23151] netlink: zone id is out of range
[ 1035.196432][T23177] CIFS mount error: No usable UNC path provided in device string!
[ 1035.196432][T23177] 
[ 1035.225491][T23177] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1036.453791][T23194] ima: policy update failed
[ 1036.461992][   T30] audit: type=1802 audit(4294967332.498:43): pid=23194 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.3522" res=0 errno=0
[ 1039.226786][T13293] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1039.258602][T13293] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1039.268218][T13293] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1039.279876][T13293] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1039.289404][T13293] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1040.203495][T23291] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1040.209523][T23291] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1040.323910][T23291] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1040.352069][T23291] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1040.364037][T23291] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1040.378300][T23291] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1040.398098][T23291] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1040.398318][T23291] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1040.404892][T23291] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1040.406075][ T9496] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1040.483148][T23291] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1040.483265][T23291] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1040.488093][T23272] chnl_net:caif_netlink_parms(): no params data found
[ 1040.681623][ T9496] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1040.752052][T23291] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1040.868885][T23299] mkiss: ax0: crc mode is auto.
[ 1040.940737][ T9496] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1042.236761][ T9496] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1042.260634][ T5836] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1042.419952][ T5836] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1042.420053][T13293] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1042.500107][T13293] Bluetooth: hci1: command 0x041b tx timeout
[ 1042.516857][T23272] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1042.529561][T23272] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1042.549215][T23272] bridge_slave_0: entered allmulticast mode
[ 1042.579480][T23272] bridge_slave_0: entered promiscuous mode
[ 1042.591522][T23272] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1042.600597][T23272] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1042.607861][T23272] bridge_slave_1: entered allmulticast mode
[ 1042.619411][T23272] bridge_slave_1: entered promiscuous mode
[ 1043.756713][T23272] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1043.873925][T23272] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1044.330164][T13293] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1044.337246][T23272] team0: Port device team_slave_0 added
[ 1044.357662][T23272] team0: Port device team_slave_1 added
[ 1044.489371][T13293] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1044.489649][ T5836] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1044.568896][ T5836] Bluetooth: hci1: command 0x041b tx timeout
[ 1046.250894][ T9496]  (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1046.283088][ T9496]  (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1046.314604][ T9496]  (unregistering): Released all slaves
[ 1046.362049][T23272] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1046.386486][T23272] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1046.412702][ T5836] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1046.519995][T23272] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1046.560857][ T5836] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1046.567032][T13293] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1046.584449][T23272] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1046.598341][T23272] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1046.627903][T23272] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1046.647781][ T5836] Bluetooth: hci1: command 0x041b tx timeout
[ 1046.715456][ T9496] HfR: left promiscuous mode
[ 1046.774931][T23338] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12
[ 1046.805558][T23338] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12
[ 1046.836013][T23338] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[ 1047.052695][ T9496] tipc: Left network mode
[ 1047.216428][T23272] hsr_slave_0: entered promiscuous mode
[ 1047.233768][T23272] hsr_slave_1: entered promiscuous mode
[ 1047.249233][T23272] debugfs: 'hsr0' already exists in 'hsr'
[ 1047.258668][T23272] Cannot create hsr debugfs directory
[ 1048.529952][T23376] netlink: 186 bytes leftover after parsing attributes in process `syz.1.3546'.
[ 1048.711965][ T5836] Bluetooth: hci1: command 0x041b tx timeout
[ 1048.989359][T23376] Process accounting paused
[ 1049.808441][ T9496] hsr_slave_0: left promiscuous mode
[ 1049.851385][ T9496] hsr_slave_1: left promiscuous mode
[ 1049.866082][ T9496] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1049.894512][ T9496] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1049.935405][ T9496] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1049.943053][ T9496] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1049.990427][ T9496] veth1_macvtap: left promiscuous mode
[ 1049.996114][ T9496] veth0_macvtap: left promiscuous mode
[ 1050.011587][ T9496] veth1_vlan: left promiscuous mode
[ 1050.017012][ T9496] veth0_vlan: left promiscuous mode
[ 1050.776935][ T5836] Bluetooth: hci1: command 0x041b tx timeout
[ 1051.131285][ T9496] team0 (unregistering): Port device team_slave_1 removed
[ 1052.296565][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 1052.303300][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1052.844516][T23272] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1052.852887][ T5836] Bluetooth: hci1: command 0x041b tx timeout
[ 1052.969718][T23272] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1052.990826][T23272] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1053.143194][T23272] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1053.836517][T23272] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1053.956825][T23272] 8021q: adding VLAN 0 to HW filter on device team0
[ 1054.015954][ T9800] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1054.023132][ T9800] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1054.199438][ T9790] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1054.206756][ T9790] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1055.031166][T23478] random: crng reseeded on system resumption
[ 1056.067261][T23272] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1056.254494][T23272] veth0_vlan: entered promiscuous mode
[ 1056.472147][T23514] FAULT_INJECTION: forcing a failure.
[ 1056.472147][T23514] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1056.485641][T23514] CPU: 0 UID: 0 PID: 23514 Comm: syz.2.3570 Tainted: G          I         syzkaller #0 PREEMPT(full) 
[ 1056.485680][T23514] Tainted: [I]=FIRMWARE_WORKAROUND
[ 1056.485689][T23514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1056.485704][T23514] Call Trace:
[ 1056.485713][T23514]  <TASK>
[ 1056.485723][T23514]  dump_stack_lvl+0x16c/0x1f0
[ 1056.485757][T23514]  should_fail_ex+0x512/0x640
[ 1056.485792][T23514]  _copy_to_user+0x32/0xd0
[ 1056.485826][T23514]  poll_select_finish+0x339/0x6b0
[ 1056.485866][T23514]  ? __pfx_poll_select_finish+0x10/0x10
[ 1056.485907][T23514]  ? read_tsc+0x9/0x20
[ 1056.485933][T23514]  ? ktime_get_ts64+0x256/0x400
[ 1056.485975][T23514]  kern_select+0x16e/0x1e0
[ 1056.485998][T23514]  ? __pfx_kern_select+0x10/0x10
[ 1056.486026][T23514]  ? xfd_validate_state+0x61/0x180
[ 1056.486058][T23514]  ? __pfx_ksys_write+0x10/0x10
[ 1056.486090][T23514]  __x64_sys_select+0xbd/0x160
[ 1056.486112][T23514]  ? do_syscall_64+0x91/0xfa0
[ 1056.486138][T23514]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1056.486162][T23514]  do_syscall_64+0xcd/0xfa0
[ 1056.486191][T23514]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1056.486216][T23514] RIP: 0033:0x7f13e718eec9
[ 1056.486239][T23514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1056.486262][T23514] RSP: 002b:00007f13e8113038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017
[ 1056.486285][T23514] RAX: ffffffffffffffda RBX: 00007f13e73e5fa0 RCX: 00007f13e718eec9
[ 1056.486303][T23514] RDX: 00002000000005c0 RSI: 0000000000000000 RDI: 0000000000000005
[ 1056.486319][T23514] RBP: 00007f13e7211f91 R08: 00002000000001c0 R09: 0000000000000000
[ 1056.486335][T23514] R10: 00002000000006c0 R11: 0000000000000246 R12: 0000000000000000
[ 1056.486350][T23514] R13: 00007f13e73e6038 R14: 00007f13e73e5fa0 R15: 00007ffd6c2abe68
[ 1056.486386][T23514]  </TASK>
[ 1056.671869][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1056.941958][T23272] veth1_vlan: entered promiscuous mode
[ 1057.130597][T23272] veth0_macvtap: entered promiscuous mode
[ 1057.328054][T23272] veth1_macvtap: entered promiscuous mode
[ 1057.393352][T23535] db_root: not a directory: /dev/audio1
[ 1057.558319][   T30] audit: type=1800 audit(4294967353.536:44): pid=23535 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3574" name="dbroot" dev="configfs" ino=103348 res=0 errno=0
[ 1057.706492][T23272] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1057.843063][T23272] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1057.997819][ T9499] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1058.080423][ T9499] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1058.140259][ T9499] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1058.192712][ T9499] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1058.609512][T20082] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1058.631642][T20082] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1058.676551][ T9790] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1058.684606][ T9790] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1059.888289][T23590] FAULT_INJECTION: forcing a failure.
[ 1059.888289][T23590] name failslab, interval 1, probability 0, space 0, times 0
[ 1060.020682][T23568] kexec: Could not allocate control_code_buffer
[ 1060.157247][T23590] CPU: 0 UID: 0 PID: 23590 Comm: syz.3.3581 Tainted: G          I         syzkaller #0 PREEMPT(full) 
[ 1060.157288][T23590] Tainted: [I]=FIRMWARE_WORKAROUND
[ 1060.157299][T23590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1060.157313][T23590] Call Trace:
[ 1060.157321][T23590]  <TASK>
[ 1060.157331][T23590]  dump_stack_lvl+0x16c/0x1f0
[ 1060.157365][T23590]  should_fail_ex+0x512/0x640
[ 1060.157394][T23590]  ? __kmalloc_cache_noprof+0x5f/0x780
[ 1060.157430][T23590]  should_failslab+0xc2/0x120
[ 1060.157461][T23590]  __kmalloc_cache_noprof+0x72/0x780
[ 1060.157497][T23590]  ? __lock_acquire+0xb97/0x1ce0
[ 1060.157526][T23590]  ? tty_open+0x13e/0xf90
[ 1060.157567][T23590]  ? tty_open+0x13e/0xf90
[ 1060.157599][T23590]  ? nonseekable_open+0xd/0x50
[ 1060.157623][T23590]  ? __pfx_tty_open+0x10/0x10
[ 1060.157656][T23590]  tty_open+0x13e/0xf90
[ 1060.157698][T23590]  ? __pfx_tty_open+0x10/0x10
[ 1060.157741][T23590]  ? chrdev_open+0x10b/0x6a0
[ 1060.157775][T23590]  ? __pfx_tty_open+0x10/0x10
[ 1060.157809][T23590]  chrdev_open+0x234/0x6a0
[ 1060.157837][T23590]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1060.157870][T23590]  ? __pfx_chrdev_open+0x10/0x10
[ 1060.157901][T23590]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[ 1060.157936][T23590]  do_dentry_open+0x982/0x1530
[ 1060.157961][T23590]  ? __pfx_chrdev_open+0x10/0x10
[ 1060.157996][T23590]  vfs_open+0x82/0x3f0
[ 1060.158029][T23590]  path_openat+0x1de4/0x2cb0
[ 1060.158061][T23590]  ? __pfx_path_openat+0x10/0x10
[ 1060.158094][T23590]  do_filp_open+0x20b/0x470
[ 1060.158119][T23590]  ? __pfx_do_filp_open+0x10/0x10
[ 1060.158171][T23590]  ? alloc_fd+0x471/0x7d0
[ 1060.158205][T23590]  do_sys_openat2+0x11b/0x1d0
[ 1060.158237][T23590]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1060.158271][T23590]  ? rcu_is_watching+0x12/0xc0
[ 1060.158296][T23590]  ? __rseq_handle_notify_resume+0x66e/0x10c0
[ 1060.158322][T23590]  ? blkcg_maybe_throttle_current+0x650/0xf30
[ 1060.158353][T23590]  __x64_sys_openat+0x174/0x210
[ 1060.158387][T23590]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1060.158440][T23590]  do_syscall_64+0xcd/0xfa0
[ 1060.158486][T23590]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1060.158510][T23590] RIP: 0033:0x7f2e6bd8eec9
[ 1060.158531][T23590] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1060.158554][T23590] RSP: 002b:00007f2e6cc6e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1060.158578][T23590] RAX: ffffffffffffffda RBX: 00007f2e6bfe6090 RCX: 00007f2e6bd8eec9
[ 1060.158595][T23590] RDX: 0000000000000840 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1060.158611][T23590] RBP: 00007f2e6be11f91 R08: 0000000000000000 R09: 0000000000000000
[ 1060.158627][T23590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1060.158642][T23590] R13: 00007f2e6bfe6128 R14: 00007f2e6bfe6090 R15: 00007ffd23107558
[ 1060.158677][T23590]  </TASK>
[ 1060.438268][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1061.800454][T23615] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[ 1063.493410][T23644] netlink: 'syz.0.3594': attribute type 2 has an invalid length.
[ 1065.082903][T23678] random: crng reseeded on system resumption
[ 1066.137099][   T30] audit: type=1804 audit(4294967362.322:45): pid=23687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3600" name="/newroot/57/file0" dev="tmpfs" ino=316 res=1 errno=0
[ 1066.179106][T23686] netlink: 186 bytes leftover after parsing attributes in process `syz.3.3598'.
[ 1066.306241][   T30] audit: type=1804 audit(4294967362.352:46): pid=23687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.3600" name="/newroot/57/file0" dev="tmpfs" ino=316 res=1 errno=0
[ 1068.423187][T23729] FAULT_INJECTION: forcing a failure.
[ 1068.423187][T23729] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1068.436533][T23729] CPU: 0 UID: 0 PID: 23729 Comm: syz.2.3608 Tainted: G          I         syzkaller #0 PREEMPT(full) 
[ 1068.436577][T23729] Tainted: [I]=FIRMWARE_WORKAROUND
[ 1068.436587][T23729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1068.436603][T23729] Call Trace:
[ 1068.436613][T23729]  <TASK>
[ 1068.436623][T23729]  dump_stack_lvl+0x16c/0x1f0
[ 1068.436659][T23729]  should_fail_ex+0x512/0x640
[ 1068.436697][T23729]  _copy_from_user+0x2e/0xd0
[ 1068.436734][T23729]  copy_mount_options+0x76/0x190
[ 1068.436772][T23729]  __x64_sys_mount+0x1ab/0x310
[ 1068.436803][T23729]  ? __pfx___x64_sys_mount+0x10/0x10
[ 1068.436845][T23729]  do_syscall_64+0xcd/0xfa0
[ 1068.436877][T23729]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1068.436902][T23729] RIP: 0033:0x7f13e718eec9
[ 1068.436923][T23729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1068.436949][T23729] RSP: 002b:00007f13e8113038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1068.436974][T23729] RAX: ffffffffffffffda RBX: 00007f13e73e5fa0 RCX: 00007f13e718eec9
[ 1068.436993][T23729] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1068.437009][T23729] RBP: 00007f13e7211f91 R08: 00002000000001c0 R09: 0000000000000000
[ 1068.437027][T23729] R10: 0000000000000200 R11: 0000000000000246 R12: 0000000000000000
[ 1068.437043][T23729] R13: 00007f13e73e6038 R14: 00007f13e73e5fa0 R15: 00007ffd6c2abe68
[ 1068.437081][T23729]  </TASK>
[ 1068.591166][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1069.382814][T23746] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3612'.
[ 1069.503083][T23746] bridge_slave_1: left allmulticast mode
[ 1069.511222][T23746] bridge_slave_1: left promiscuous mode
[ 1069.530138][T23746] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1069.568809][T23746] bridge_slave_0: left allmulticast mode
[ 1069.574527][T23746] bridge_slave_0: left promiscuous mode
[ 1069.589619][T23746] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1070.347754][T23764] hub 1-0:1.0: USB hub found
[ 1070.414320][T23764] hub 1-0:1.0: 1 port detected
[ 1070.729527][T23765] FAULT_INJECTION: forcing a failure.
[ 1070.729527][T23765] name failslab, interval 1, probability 0, space 0, times 0
[ 1070.744097][T23765] CPU: 1 UID: 0 PID: 23765 Comm: syz.0.3618 Tainted: G          I         syzkaller #0 PREEMPT(full) 
[ 1070.744146][T23765] Tainted: [I]=FIRMWARE_WORKAROUND
[ 1070.744156][T23765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1070.744172][T23765] Call Trace:
[ 1070.744182][T23765]  <TASK>
[ 1070.744192][T23765]  dump_stack_lvl+0x16c/0x1f0
[ 1070.744230][T23765]  should_fail_ex+0x512/0x640
[ 1070.744260][T23765]  ? __kvmalloc_node_noprof+0x12e/0x9c0
[ 1070.744295][T23765]  should_failslab+0xc2/0x120
[ 1070.744329][T23765]  __kvmalloc_node_noprof+0x141/0x9c0
[ 1070.744360][T23765]  ? sk_alloc+0x566/0xc20
[ 1070.744387][T23765]  ? tap_open+0x38a/0x1170
[ 1070.744433][T23765]  ? tap_open+0x38a/0x1170
[ 1070.744469][T23765]  tap_open+0x38a/0x1170
[ 1070.744513][T23765]  ? __pfx_tap_open+0x10/0x10
[ 1070.744549][T23765]  chrdev_open+0x234/0x6a0
[ 1070.744582][T23765]  ? __pfx_chrdev_open+0x10/0x10
[ 1070.744614][T23765]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[ 1070.744650][T23765]  do_dentry_open+0x982/0x1530
[ 1070.744680][T23765]  ? __pfx_chrdev_open+0x10/0x10
[ 1070.744718][T23765]  vfs_open+0x82/0x3f0
[ 1070.744756][T23765]  path_openat+0x1de4/0x2cb0
[ 1070.744798][T23765]  ? __pfx_path_openat+0x10/0x10
[ 1070.744836][T23765]  do_filp_open+0x20b/0x470
[ 1070.744864][T23765]  ? __pfx_do_filp_open+0x10/0x10
[ 1070.744917][T23765]  ? alloc_fd+0x471/0x7d0
[ 1070.744954][T23765]  do_sys_openat2+0x11b/0x1d0
[ 1070.744999][T23765]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1070.745052][T23765]  __x64_sys_openat+0x174/0x210
[ 1070.745089][T23765]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1070.745142][T23765]  do_syscall_64+0xcd/0xfa0
[ 1070.745174][T23765]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1070.745201][T23765] RIP: 0033:0x7f767518eec9
[ 1070.745222][T23765] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1070.745252][T23765] RSP: 002b:00007f7675f81038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1070.745279][T23765] RAX: ffffffffffffffda RBX: 00007f76753e6090 RCX: 00007f767518eec9
[ 1070.745298][T23765] RDX: 0000000000002001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1070.745317][T23765] RBP: 00007f7675211f91 R08: 0000000000000000 R09: 0000000000000000
[ 1070.745334][T23765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1070.745349][T23765] R13: 00007f76753e6128 R14: 00007f76753e6090 R15: 00007ffc5089e5c8
[ 1070.745389][T23765]  </TASK>
[ 1072.035249][T23793] sd 0:0:1:0: PR command failed: 1026
[ 1072.045675][T23793] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[ 1072.052470][T23793] sd 0:0:1:0: Add. Sense: Invalid command operation code
[ 1072.663484][T23805] zswap: compressor  not available
[ 1074.084492][T23863] snd_virmidi snd_virmidi.0: control 5:9:1:IA��>/�[k<���mgx���<�5��+-C��Y��5:0 is already present
[ 1078.207693][T23939] Line length is too long: Should be less than 4094
[ 1078.519400][T23947] can: request_module (can-proto-3) failed.
[ 1079.002846][T23959] zswap: compressor  not available
[ 1079.084060][T23959] Process accounting resumed
[ 1079.817468][T23963] kexec: Could not allocate control_code_buffer
[ 1080.235355][T23980] FAULT_INJECTION: forcing a failure.
[ 1080.235355][T23980] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1080.309416][T23980] CPU: 0 UID: 0 PID: 23980 Comm: syz.1.3663 Tainted: G          I         syzkaller #0 PREEMPT(full) 
[ 1080.309441][T23980] Tainted: [I]=FIRMWARE_WORKAROUND
[ 1080.309446][T23980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1080.309454][T23980] Call Trace:
[ 1080.309460][T23980]  <TASK>
[ 1080.309466][T23980]  dump_stack_lvl+0x16c/0x1f0
[ 1080.309488][T23980]  should_fail_ex+0x512/0x640
[ 1080.309509][T23980]  _copy_to_user+0x32/0xd0
[ 1080.309529][T23980]  simple_read_from_buffer+0xcb/0x170
[ 1080.309554][T23980]  proc_fail_nth_read+0x197/0x240
[ 1080.309571][T23980]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1080.309587][T23980]  ? rw_verify_area+0xcf/0x6c0
[ 1080.309601][T23980]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1080.309615][T23980]  vfs_read+0x1e1/0xcf0
[ 1080.309633][T23980]  ? __pfx___mutex_lock+0x10/0x10
[ 1080.309651][T23980]  ? __pfx_vfs_read+0x10/0x10
[ 1080.309671][T23980]  ? __fget_files+0x20e/0x3c0
[ 1080.309684][T23980]  ? rcu_watching_snap_stopped_since+0xf0/0x110
[ 1080.309713][T23980]  ksys_read+0x12a/0x250
[ 1080.309727][T23980]  ? __pfx_ksys_read+0x10/0x10
[ 1080.309742][T23980]  ? arch_ptrace+0x6c/0x650
[ 1080.309771][T23980]  do_syscall_64+0xcd/0xfa0
[ 1080.309789][T23980]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1080.309804][T23980] RIP: 0033:0x7fa68458d8dc
[ 1080.309816][T23980] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1080.309829][T23980] RSP: 002b:00007fa685378030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1080.309844][T23980] RAX: ffffffffffffffda RBX: 00007fa6847e5fa0 RCX: 00007fa68458d8dc
[ 1080.309853][T23980] RDX: 000000000000000f RSI: 00007fa6853780a0 RDI: 0000000000000004
[ 1080.309862][T23980] RBP: 00007fa685378090 R08: 0000000000000000 R09: 0000000000000000
[ 1080.309870][T23980] R10: 000000000000004f R11: 0000000000000246 R12: 0000000000000001
[ 1080.309879][T23980] R13: 00007fa6847e6038 R14: 00007fa6847e5fa0 R15: 00007ffc3cd33c98
[ 1080.309899][T23980]  </TASK>
[ 1081.272558][T24001] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3668'.
[ 1083.290834][T24035] : entered promiscuous mode
[ 1085.848636][T24098] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(4)
[ 1088.063471][T24133] FAULT_INJECTION: forcing a failure.
[ 1088.063471][T24133] name failslab, interval 1, probability 0, space 0, times 0
[ 1088.102578][T24133] CPU: 0 UID: 0 PID: 24133 Comm: syz.0.3700 Tainted: G          I         syzkaller #0 PREEMPT(full) 
[ 1088.102606][T24133] Tainted: [I]=FIRMWARE_WORKAROUND
[ 1088.102613][T24133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1088.102622][T24133] Call Trace:
[ 1088.102627][T24133]  <TASK>
[ 1088.102634][T24133]  dump_stack_lvl+0x16c/0x1f0
[ 1088.102658][T24133]  should_fail_ex+0x512/0x640
[ 1088.102676][T24133]  ? __kmalloc_cache_noprof+0x5f/0x780
[ 1088.102702][T24133]  should_failslab+0xc2/0x120
[ 1088.102721][T24133]  __kmalloc_cache_noprof+0x72/0x780
[ 1088.102745][T24133]  ? kvm_dev_ioctl+0xa8a/0x1a80
[ 1088.102769][T24133]  ? kvm_dev_ioctl+0xa8a/0x1a80
[ 1088.102789][T24133]  kvm_dev_ioctl+0xa8a/0x1a80
[ 1088.102813][T24133]  ? find_held_lock+0x2b/0x80
[ 1088.102829][T24133]  ? hook_file_ioctl_common+0x145/0x410
[ 1088.102852][T24133]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[ 1088.102874][T24133]  ? __fget_files+0x20e/0x3c0
[ 1088.102892][T24133]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[ 1088.102914][T24133]  __x64_sys_ioctl+0x18b/0x210
[ 1088.102937][T24133]  do_syscall_64+0xcd/0xfa0
[ 1088.102957][T24133]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1088.102972][T24133] RIP: 0033:0x7f767518eec9
[ 1088.102985][T24133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1088.103002][T24133] RSP: 002b:00007f7675fa2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1088.103018][T24133] RAX: ffffffffffffffda RBX: 00007f76753e5fa0 RCX: 00007f767518eec9
[ 1088.103029][T24133] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000009
[ 1088.103038][T24133] RBP: 00007f7675211f91 R08: 0000000000000000 R09: 0000000000000000
[ 1088.103046][T24133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1088.103055][T24133] R13: 00007f76753e6038 R14: 00007f76753e5fa0 R15: 00007ffc5089e5c8
[ 1088.103075][T24133]  </TASK>
[ 1088.711220][T24136] netlink: 268 bytes leftover after parsing attributes in process `syz.2.3701'.
[ 1088.988632][T24136] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12
[ 1089.007560][T24136] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12
[ 1089.047360][T24136] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[ 1090.303507][T24191] program syz.1.3711 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1090.354145][T24190] program syz.1.3711 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1091.517585][T24220] nbd: socks must be embedded in a SOCK_ITEM attr
[ 1092.562857][T24242] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3716'.
[ 1094.498179][   T30] audit: type=1800 audit(4294967390.829:47): pid=24288 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3725" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0
[ 1098.867529][T24352] FAULT_INJECTION: forcing a failure.
[ 1098.867529][T24352] name failslab, interval 1, probability 0, space 0, times 0
[ 1098.880382][T24352] CPU: 1 UID: 0 PID: 24352 Comm: syz.0.3740 Tainted: G          I         syzkaller #0 PREEMPT(full) 
[ 1098.880413][T24352] Tainted: [I]=FIRMWARE_WORKAROUND
[ 1098.880419][T24352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1098.880429][T24352] Call Trace:
[ 1098.880435][T24352]  <TASK>
[ 1098.880441][T24352]  dump_stack_lvl+0x16c/0x1f0
[ 1098.880464][T24352]  should_fail_ex+0x512/0x640
[ 1098.880482][T24352]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[ 1098.880506][T24352]  should_failslab+0xc2/0x120
[ 1098.880526][T24352]  kmem_cache_alloc_noprof+0x75/0x6e0
[ 1098.880541][T24352]  ? pidfs_register_pid+0x97/0x1f0
[ 1098.880560][T24352]  ? pidfs_register_pid+0x97/0x1f0
[ 1098.880572][T24352]  pidfs_register_pid+0x97/0x1f0
[ 1098.880586][T24352]  unix_socketpair+0x126/0x860
[ 1098.880610][T24352]  ? unix_connect_peers+0x345/0x500
[ 1098.880630][T24352]  ? __pfx_unix_socketpair+0x10/0x10
[ 1098.880652][T24352]  ? apparmor_socket_socketpair+0x49b/0x700
[ 1098.880671][T24352]  __sys_socketpair+0x2f2/0x5a0
[ 1098.880695][T24352]  ? __pfx___sys_socketpair+0x10/0x10
[ 1098.880719][T24352]  ? xfd_validate_state+0x61/0x180
[ 1098.880744][T24352]  __x64_sys_socketpair+0x96/0x100
[ 1098.880765][T24352]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1098.880781][T24352]  do_syscall_64+0xcd/0xfa0
[ 1098.880799][T24352]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1098.880814][T24352] RIP: 0033:0x7f767518eec9
[ 1098.880827][T24352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1098.880842][T24352] RSP: 002b:00007f7675fa2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
[ 1098.880856][T24352] RAX: ffffffffffffffda RBX: 00007f76753e5fa0 RCX: 00007f767518eec9
[ 1098.880867][T24352] RDX: 8000000000000000 RSI: 0000000000000005 RDI: 0000000000000001
[ 1098.880877][T24352] RBP: 00007f7675211f91 R08: 0000000000000000 R09: 0000000000000000
[ 1098.880887][T24352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1098.880896][T24352] R13: 00007f76753e6038 R14: 00007f76753e5fa0 R15: 00007ffc5089e5c8
[ 1098.880917][T24352]  </TASK>
[ 1100.383528][T24371] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3746'.
[ 1101.159672][T24379] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1101.175136][T24379] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1101.181320][T24379] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1101.187851][T24379] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1101.549307][T24405] dyndbg: bad flag-op �, at start of �
[ 1101.561201][T24405] dyndbg: flags parse failed
[ 1102.587132][T13293] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1102.636129][T13293] Bluetooth: hci3: unexpected event 0x02 length: 726 > 260
[ 1103.235412][T13293] Bluetooth: hci1: command 0x041b tx timeout
[ 1103.235869][ T5836] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1103.242695][T13293] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1105.538094][T24497] __vm_enough_memory: pid: 24497, comm: syz.0.3764, bytes: 4398046511104 not enough memory for the allocation
[ 1106.449952][T24509] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[ 1108.895529][T24540] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3770'.
[ 1108.917659][T24540] HfR: entered promiscuous mode
[ 1109.647074][T24544] nfs: Bad value for 'source'
[ 1112.324344][T24575] openvswitch: HfR: Dropping previously announced user features
[ 1112.348707][T24576] openvswitch: HfR: Dropping previously announced user features
[ 1113.241291][T24588] vhci_hcd: vhci_device speed not set
[ 1113.428776][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 1113.438597][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1116.124883][T24455] syz.2.3756 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1116.397137][T24455] CPU: 1 UID: 0 PID: 24455 Comm: syz.2.3756 Tainted: G          I         syzkaller #0 PREEMPT(full) 
[ 1116.397180][T24455] Tainted: [I]=FIRMWARE_WORKAROUND
[ 1116.397189][T24455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1116.397204][T24455] Call Trace:
[ 1116.397214][T24455]  <TASK>
[ 1116.397224][T24455]  dump_stack_lvl+0x16c/0x1f0
[ 1116.397259][T24455]  dump_header+0x101/0x930
[ 1116.397303][T24455]  oom_kill_process+0x272/0xa40
[ 1116.397327][T24455]  ? __lock_acquire+0x62e/0x1ce0
[ 1116.397364][T24455]  out_of_memory+0x350/0x1700
[ 1116.397398][T24455]  ? __pfx_out_of_memory+0x10/0x10
[ 1116.397443][T24455]  mem_cgroup_out_of_memory+0x118/0x130
[ 1116.397479][T24455]  ? __pfx_mem_cgroup_out_of_memory+0x10/0x10
[ 1116.397523][T24455]  ? do_raw_spin_unlock+0x172/0x230
[ 1116.397567][T24455]  try_charge_memcg+0x687/0xd40
[ 1116.397605][T24455]  ? __pfx_try_charge_memcg+0x10/0x10
[ 1116.397636][T24455]  ? __print_lock_name+0x81/0xe0
[ 1116.397663][T24455]  ? rcu_read_unlock+0x17/0x60
[ 1116.397705][T24455]  charge_memcg+0x8a/0x230
[ 1116.397736][T24455]  __mem_cgroup_charge+0x2b/0x1e0
[ 1116.397771][T24455]  shmem_alloc_and_add_folio+0x514/0xc20
[ 1116.397821][T24455]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[ 1116.397864][T24455]  ? shmem_allowable_huge_orders+0xd4/0x3f0
[ 1116.397899][T24455]  shmem_get_folio_gfp+0x67f/0x1610
[ 1116.397933][T24455]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[ 1116.397958][T24455]  ? timestamp_truncate+0x21e/0x2d0
[ 1116.397993][T24455]  shmem_write_begin+0x160/0x300
[ 1116.398023][T24455]  ? __pfx_shmem_write_begin+0x10/0x10
[ 1116.398051][T24455]  ? inode_set_ctime_current+0x2a1/0x8f0
[ 1116.398083][T24455]  ? balance_dirty_pages_ratelimited_flags+0x92/0x1260
[ 1116.398123][T24455]  generic_perform_write+0x3c4/0x900
[ 1116.398172][T24455]  ? __pfx_generic_perform_write+0x10/0x10
[ 1116.398212][T24455]  ? __pfx_shmem_file_write_iter+0x10/0x10
[ 1116.398240][T24455]  ? generic_update_time+0xcf/0xf0
[ 1116.398269][T24455]  ? mnt_put_write_access_file+0x45/0xf0
[ 1116.398298][T24455]  ? __pfx_shmem_file_write_iter+0x10/0x10
[ 1116.398330][T24455]  shmem_file_write_iter+0x10e/0x140
[ 1116.398364][T24455]  __kernel_write_iter+0x31a/0xb10
[ 1116.398396][T24455]  ? __pfx___kernel_write_iter+0x10/0x10
[ 1116.398429][T24455]  ? __up_read+0x1f8/0x750
[ 1116.398469][T24455]  ? dump_user_range+0x756/0xb70
[ 1116.398492][T24455]  ? dump_user_range+0x54b/0xb70
[ 1116.398522][T24455]  dump_user_range+0x413/0xb70
[ 1116.398555][T24455]  ? __pfx_dump_user_range+0x10/0x10
[ 1116.398583][T24455]  ? elf_coredump_extra_notes_write+0xbd/0x4f0
[ 1116.398628][T24455]  ? __pfx_writenote+0x10/0x10
[ 1116.398666][T24455]  elf_core_dump+0x29c3/0x3c00
[ 1116.398714][T24455]  ? __pfx_elf_core_dump+0x10/0x10
[ 1116.398746][T24455]  ? trace_sched_exit_tp+0xd1/0x120
[ 1116.398792][T24455]  ? 0xffffffffff600000
[ 1116.398818][T24455]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1116.398855][T24455]  ? __pfx___schedule+0x10/0x10
[ 1116.398927][T24455]  ? vfs_coredump+0x2b9c/0x5670
[ 1116.398948][T24455]  vfs_coredump+0x2b9c/0x5670
[ 1116.398986][T24455]  ? __pfx_vfs_coredump+0x10/0x10
[ 1116.399011][T24455]  ? __lock_acquire+0x62e/0x1ce0
[ 1116.399059][T24455]  ? lock_acquire+0x179/0x350
[ 1116.399110][T24455]  ? is_bpf_text_address+0x8a/0x1a0
[ 1116.399144][T24455]  ? bpf_ksym_find+0x124/0x1c0
[ 1116.399182][T24455]  ? unwind_get_return_address+0x59/0xa0
[ 1116.399210][T24455]  ? arch_stack_walk+0xa6/0x100
[ 1116.399251][T24455]  ? stack_trace_save+0x8e/0xc0
[ 1116.399281][T24455]  ? __pfx_stack_trace_save+0x10/0x10
[ 1116.399310][T24455]  ? stack_depot_save_flags+0x29/0x9c0
[ 1116.399342][T24455]  ? __lock_acquire+0xb97/0x1ce0
[ 1116.399449][T24455]  ? proc_coredump_connector+0x2d1/0x4f0
[ 1116.399484][T24455]  ? __pfx_proc_coredump_connector+0x10/0x10
[ 1116.399526][T24455]  ? rcu_is_watching+0x12/0xc0
[ 1116.399558][T24455]  get_signal+0x22e1/0x26d0
[ 1116.399596][T24455]  ? force_sig_fault+0xc4/0x100
[ 1116.399626][T24455]  ? __pfx_get_signal+0x10/0x10
[ 1116.399666][T24455]  arch_do_signal_or_restart+0x8f/0x790
[ 1116.399697][T24455]  ? trace_irq_disable.constprop.0+0xd4/0x120
[ 1116.399725][T24455]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1116.399780][T24455]  irqentry_exit_to_user_mode+0x176/0x310
[ 1116.399812][T24455]  asm_exc_page_fault+0x26/0x30
[ 1116.399836][T24455] RIP: 0033:0x401000
[ 1116.399864][T24455] Code: Unable to access opcode bytes at 0x400fd6.
[ 1116.399876][T24455] RSP: 002b:000000000000000d EFLAGS: 00010206
[ 1116.399896][T24455] RAX: 0000000000000000 RBX: 00007f13e73e6270 RCX: 00007f13e718eec9
[ 1116.399914][T24455] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000020003b46
[ 1116.399929][T24455] RBP: 00007f13e7211f91 R08: 0000000000000002 R09: 0000000000000000
[ 1116.399945][T24455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1116.399960][T24455] R13: 00007f13e73e6308 R14: 00007f13e73e6270 R15: 00007ffd6c2abe68
[ 1116.399997][T24455]  </TASK>
[ 1117.258160][T24455] memory: usage 307200kB, limit 307200kB, failcnt 29475
[ 1117.330145][T24455] memory+swap: usage 432080kB, limit 9007199254740988kB, failcnt 0
[ 1117.338111][T24455] kmem: usage 5372kB, limit 9007199254740988kB, failcnt 0
[ 1117.401001][T24455] Memory cgroup stats for /syz2:
[ 1117.401181][T24455] cache 304734208
[ 1117.419694][T24455] rss 4333568
[ 1117.423031][T24455] rss_huge 0
[ 1117.426265][T24455] shmem 304717824
[ 1117.441979][T24455] mapped_file 0
[ 1117.446391][T24455] dirty 0
[ 1117.449355][T24455] writeback 0
[ 1117.460107][T24455] workingset_refault_anon 38607
[ 1117.465455][T24455] workingset_refault_file 20400
[ 1117.489321][T24455] swap 127877120
[ 1117.500972][T24455] swapcached 4096
[ 1117.509177][T24455] pgpgin 1605979
[ 1117.512781][T24455] pgpgout 1565806
[ 1117.516432][T24455] pgfault 1655164
[ 1117.529256][T24455] pgmajfault 7024
[ 1117.539339][T24455] inactive_anon 146993152
[ 1117.543720][T24455] active_anon 162062336
[ 1117.559357][T24455] inactive_file 16384
[ 1117.563400][T24455] active_file 0
[ 1117.566876][T24455] unevictable 0
[ 1117.589038][T24455] hierarchical_memory_limit 314572800
[ 1117.611020][T24455] hierarchical_memsw_limit 9223372036854771712
[ 1117.617247][T24455] total_cache 304734208
[ 1117.628999][T24455] total_rss 4333568
[ 1117.632864][T24455] total_rss_huge 0
[ 1117.636605][T24455] total_shmem 304717824
[ 1117.658529][T24455] total_mapped_file 0
[ 1117.662574][T24455] total_dirty 0
[ 1117.666048][T24455] total_writeback 0
[ 1117.678398][T24455] total_workingset_refault_anon 38607
[ 1117.683824][T24455] total_workingset_refault_file 20400
[ 1117.704428][T24455] total_swap 127877120
[ 1117.718677][T24455] total_swapcached 4096
[ 1117.722880][T24455] total_pgpgin 1605979
[ 1117.726949][T24455] total_pgpgout 1565806
[ 1117.748097][T24455] total_pgfault 1655164
[ 1117.753291][T24455] total_pgmajfault 7024
[ 1117.757484][T24455] total_inactive_anon 146993152
[ 1117.777922][T24455] total_active_anon 162062336
[ 1117.782740][T24455] total_inactive_file 16384
[ 1117.797905][T24455] total_active_file 0
[ 1117.804151][T24455] total_unevictable 0
[ 1117.808660][T24455] anon_cost 0
[ 1117.812415][T24455] file_cost 0
[ 1117.815710][T24455] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.3542,pid=23328,uid=0
[ 1117.858337][T24455] Memory cgroup out of memory: Killed process 23328 (syz.2.3542) total-vm:106120kB, anon-rss:1308kB, file-rss:20736kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[ 1118.001340][T24439] syz.2.3756 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1118.046424][T24439] CPU: 0 UID: 0 PID: 24439 Comm: syz.2.3756 Tainted: G          I         syzkaller #0 PREEMPT(full) 
[ 1118.046464][T24439] Tainted: [I]=FIRMWARE_WORKAROUND
[ 1118.046474][T24439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1118.046488][T24439] Call Trace:
[ 1118.046497][T24439]  <TASK>
[ 1118.046507][T24439]  dump_stack_lvl+0x16c/0x1f0
[ 1118.046542][T24439]  dump_header+0x101/0x930
[ 1118.046585][T24439]  oom_kill_process+0x272/0xa40
[ 1118.046616][T24439]  out_of_memory+0x350/0x1700
[ 1118.046649][T24439]  ? __pfx_out_of_memory+0x10/0x10
[ 1118.046686][T24439]  mem_cgroup_out_of_memory+0x118/0x130
[ 1118.046723][T24439]  ? __pfx_mem_cgroup_out_of_memory+0x10/0x10
[ 1118.046768][T24439]  ? do_raw_spin_unlock+0x172/0x230
[ 1118.046812][T24439]  try_charge_memcg+0x687/0xd40
[ 1118.046850][T24439]  ? __pfx_try_charge_memcg+0x10/0x10
[ 1118.046880][T24439]  ? __print_lock_name+0x80/0xe0
[ 1118.046908][T24439]  ? rcu_read_unlock+0x17/0x60
[ 1118.046948][T24439]  charge_memcg+0x8a/0x230
[ 1118.046979][T24439]  __mem_cgroup_charge+0x2b/0x1e0
[ 1118.047013][T24439]  shmem_alloc_and_add_folio+0x514/0xc20
[ 1118.047061][T24439]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[ 1118.047103][T24439]  ? shmem_allowable_huge_orders+0xd4/0x3f0
[ 1118.047138][T24439]  shmem_get_folio_gfp+0x67f/0x1610
[ 1118.047172][T24439]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[ 1118.047198][T24439]  ? timestamp_truncate+0x21e/0x2d0
[ 1118.047234][T24439]  shmem_write_begin+0x160/0x300
[ 1118.047270][T24439]  ? __pfx_shmem_write_begin+0x10/0x10
[ 1118.047293][T24439]  ? inode_set_ctime_current+0x2a1/0x8f0
[ 1118.047325][T24439]  ? balance_dirty_pages_ratelimited_flags+0x92/0x1260
[ 1118.047365][T24439]  generic_perform_write+0x3c4/0x900
[ 1118.047414][T24439]  ? __pfx_generic_perform_write+0x10/0x10
[ 1118.047454][T24439]  ? __pfx_shmem_file_write_iter+0x10/0x10
[ 1118.047482][T24439]  ? generic_update_time+0xcf/0xf0
[ 1118.047510][T24439]  ? mnt_put_write_access_file+0x45/0xf0
[ 1118.047539][T24439]  ? __pfx_shmem_file_write_iter+0x10/0x10
[ 1118.047567][T24439]  shmem_file_write_iter+0x10e/0x140
[ 1118.047599][T24439]  __kernel_write_iter+0x31a/0xb10
[ 1118.047631][T24439]  ? __pfx___kernel_write_iter+0x10/0x10
[ 1118.047657][T24439]  ? __up_read+0x1f8/0x750
[ 1118.047698][T24439]  ? dump_user_range+0x756/0xb70
[ 1118.047732][T24439]  dump_user_range+0x413/0xb70
[ 1118.047766][T24439]  ? __pfx_dump_user_range+0x10/0x10
[ 1118.047792][T24439]  ? elf_coredump_extra_notes_write+0xbd/0x4f0
[ 1118.047837][T24439]  ? __pfx_writenote+0x10/0x10
[ 1118.047873][T24439]  elf_core_dump+0x29c3/0x3c00
[ 1118.047947][T24439]  ? __pfx_elf_core_dump+0x10/0x10
[ 1118.047972][T24439]  ? kasan_save_stack+0x33/0x60
[ 1118.047998][T24439]  ? kasan_save_track+0x14/0x30
[ 1118.048023][T24439]  ? __kasan_kmalloc+0xaa/0xb0
[ 1118.048048][T24439]  ? __kvmalloc_node_noprof+0x3a3/0x9c0
[ 1118.048075][T24439]  ? vfs_coredump+0x1ddc/0x5670
[ 1118.048097][T24439]  ? arch_do_signal_or_restart+0x8f/0x790
[ 1118.048126][T24439]  ? irqentry_exit_to_user_mode+0x176/0x310
[ 1118.048154][T24439]  ? asm_exc_page_fault+0x26/0x30
[ 1118.048186][T24439]  ? 0xffffffffff600000
[ 1118.048315][T24439]  ? vfs_coredump+0x2b9c/0x5670
[ 1118.048336][T24439]  vfs_coredump+0x2b9c/0x5670
[ 1118.048375][T24439]  ? __pfx_vfs_coredump+0x10/0x10
[ 1118.048400][T24439]  ? __lock_acquire+0x62e/0x1ce0
[ 1118.048448][T24439]  ? lock_acquire+0x179/0x350
[ 1118.048498][T24439]  ? is_bpf_text_address+0x8a/0x1a0
[ 1118.048531][T24439]  ? bpf_ksym_find+0x124/0x1c0
[ 1118.048569][T24439]  ? unwind_get_return_address+0x59/0xa0
[ 1118.048596][T24439]  ? arch_stack_walk+0xa6/0x100
[ 1118.048637][T24439]  ? stack_trace_save+0x8e/0xc0
[ 1118.048665][T24439]  ? __pfx_stack_trace_save+0x10/0x10
[ 1118.048694][T24439]  ? stack_depot_save_flags+0x29/0x9c0
[ 1118.048726][T24439]  ? __lock_acquire+0xb97/0x1ce0
[ 1118.048825][T24439]  ? proc_coredump_connector+0x2d1/0x4f0
[ 1118.048860][T24439]  ? __pfx_proc_coredump_connector+0x10/0x10
[ 1118.048903][T24439]  ? rcu_is_watching+0x12/0xc0
[ 1118.048935][T24439]  get_signal+0x22e1/0x26d0
[ 1118.048972][T24439]  ? force_sig_fault+0xc4/0x100
[ 1118.049002][T24439]  ? __pfx_get_signal+0x10/0x10
[ 1118.049041][T24439]  arch_do_signal_or_restart+0x8f/0x790
[ 1118.049069][T24439]  ? trace_irq_disable.constprop.0+0xd4/0x120
[ 1118.049097][T24439]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1118.049150][T24439]  irqentry_exit_to_user_mode+0x176/0x310
[ 1118.049182][T24439]  asm_exc_page_fault+0x26/0x30
[ 1118.049205][T24439] RIP: 0033:0x400fff
[ 1118.049232][T24439] Code: Unable to access opcode bytes at 0x400fd5.
[ 1118.049243][T24439] RSP: 002b:0000000000000005 EFLAGS: 00010206
[ 1118.049269][T24439] RAX: 0000000000000000 RBX: 00007f13e73e6270 RCX: 00007f13e718eec9
[ 1118.049286][T24439] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000020003b46
[ 1118.049302][T24439] RBP: 00007f13e7211f91 R08: 0000000000000002 R09: 0000000000000000
[ 1118.049318][T24439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1118.049333][T24439] R13: 00007f13e73e6308 R14: 00007f13e73e6270 R15: 00007ffd6c2abe68
[ 1118.049372][T24439]  </TASK>
[ 1118.049382][T24439] memory: usage 307084kB, limit 307200kB, failcnt 29617
[ 1119.207902][T24439] memory+swap: usage 431916kB, limit 9007199254740988kB, failcnt 0
[ 1119.268539][T24439] kmem: usage 5200kB, limit 9007199254740988kB, failcnt 0
[ 1119.325810][T24439] Memory cgroup stats for /syz2:
[ 1119.326127][T24439] cache 306810880
[ 1119.356155][T24439] rss 2424832
[ 1119.362953][T24439] rss_huge 0
[ 1119.375588][T24439] shmem 306483200
[ 1119.397096][T24439] mapped_file 0
[ 1119.421569][T24439] dirty 0
[ 1119.429195][T24439] writeback 0
[ 1119.436372][T24439] workingset_refault_anon 38608
[ 1119.479114][T24439] workingset_refault_file 21169
[ 1119.492520][T24439] swap 127901696
[ 1119.512599][T24439] swapcached 12288
[ 1119.516386][T24439] pgpgin 1607793
[ 1119.518424][T24630] netlink: 146 bytes leftover after parsing attributes in process `syz.3.3787'.
[ 1119.547751][T24439] pgpgout 1567577
[ 1119.564019][T24439] pgfault 1655241
[ 1119.567710][T24439] pgmajfault 7033
[ 1119.625292][T24439] inactive_anon 302657536
[ 1119.669543][T24439] active_anon 6262784
[ 1119.697831][T24439] inactive_file 147456
[ 1119.722300][T24439] active_file 0
[ 1119.725860][T24439] unevictable 0
[ 1119.748106][T24439] hierarchical_memory_limit 314572800
[ 1119.766468][T24439] hierarchical_memsw_limit 9223372036854771712
[ 1119.774571][T24439] total_cache 306810880
[ 1119.796058][T24439] total_rss 2424832
[ 1119.803722][T24439] total_rss_huge 0
[ 1119.813163][T24439] total_shmem 306483200
[ 1119.833760][T24439] total_mapped_file 0
[ 1119.848805][T24439] total_dirty 0
[ 1119.862595][T24439] total_writeback 0
[ 1119.867243][T24439] total_workingset_refault_anon 38608
[ 1119.872646][T24439] total_workingset_refault_file 21169
[ 1119.878366][T24439] total_swap 127901696
[ 1119.882461][T24439] total_swapcached 12288
[ 1119.886711][T24439] total_pgpgin 1607793
[ 1119.891840][T24439] total_pgpgout 1567577
[ 1119.896079][T24439] total_pgfault 1655241
[ 1119.900324][T24439] total_pgmajfault 7033
[ 1119.904569][T24439] total_inactive_anon 302657536
[ 1119.910664][T24439] total_active_anon 6262784
[ 1119.915290][T24439] total_inactive_file 147456
[ 1119.920100][T24439] total_active_file 0
[ 1119.924091][T24439] total_unevictable 0
[ 1119.929181][T24439] anon_cost 0
[ 1119.932488][T24439] file_cost 0
[ 1119.935786][T24439] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.2567,pid=18559,uid=0
[ 1119.969498][T24439] Memory cgroup out of memory: Killed process 18559 (syz.2.2567) total-vm:98372kB, anon-rss:1144kB, file-rss:20736kB, shmem-rss:0kB, UID:0 pgtables:104kB oom_score_adj:1000
[ 1120.326572][T24440] syz.2.3756 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1120.440446][T24440] CPU: 1 UID: 0 PID: 24440 Comm: syz.2.3756 Tainted: G          I         syzkaller #0 PREEMPT(full) 
[ 1120.440488][T24440] Tainted: [I]=FIRMWARE_WORKAROUND
[ 1120.440498][T24440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1120.440513][T24440] Call Trace:
[ 1120.440521][T24440]  <TASK>
[ 1120.440532][T24440]  dump_stack_lvl+0x16c/0x1f0
[ 1120.440565][T24440]  dump_header+0x101/0x930
[ 1120.440609][T24440]  oom_kill_process+0x272/0xa40
[ 1120.440630][T24440]  ? __lock_acquire+0x62e/0x1ce0
[ 1120.440665][T24440]  out_of_memory+0x350/0x1700
[ 1120.440700][T24440]  ? __pfx_out_of_memory+0x10/0x10
[ 1120.440736][T24440]  mem_cgroup_out_of_memory+0x118/0x130
[ 1120.440773][T24440]  ? __pfx_mem_cgroup_out_of_memory+0x10/0x10
[ 1120.440819][T24440]  ? do_raw_spin_unlock+0x172/0x230
[ 1120.440862][T24440]  try_charge_memcg+0x687/0xd40
[ 1120.440900][T24440]  ? __pfx_try_charge_memcg+0x10/0x10
[ 1120.440930][T24440]  ? __print_lock_name+0x81/0xe0
[ 1120.440957][T24440]  ? rcu_read_unlock+0x17/0x60
[ 1120.440998][T24440]  charge_memcg+0x8a/0x230
[ 1120.441036][T24440]  __mem_cgroup_charge+0x2b/0x1e0
[ 1120.441071][T24440]  shmem_alloc_and_add_folio+0x514/0xc20
[ 1120.441120][T24440]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[ 1120.441162][T24440]  ? shmem_allowable_huge_orders+0xd4/0x3f0
[ 1120.441197][T24440]  shmem_get_folio_gfp+0x67f/0x1610
[ 1120.441233][T24440]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[ 1120.441262][T24440]  ? timestamp_truncate+0x21e/0x2d0
[ 1120.441299][T24440]  shmem_write_begin+0x160/0x300
[ 1120.441329][T24440]  ? __pfx_shmem_write_begin+0x10/0x10
[ 1120.441353][T24440]  ? inode_set_ctime_current+0x2a1/0x8f0
[ 1120.441384][T24440]  ? balance_dirty_pages_ratelimited_flags+0x92/0x1260
[ 1120.441422][T24440]  generic_perform_write+0x3c4/0x900
[ 1120.441468][T24440]  ? __pfx_generic_perform_write+0x10/0x10
[ 1120.441508][T24440]  ? __pfx_shmem_file_write_iter+0x10/0x10
[ 1120.441536][T24440]  ? generic_update_time+0xcf/0xf0
[ 1120.441561][T24440]  ? mnt_put_write_access_file+0x45/0xf0
[ 1120.441590][T24440]  ? __pfx_shmem_file_write_iter+0x10/0x10
[ 1120.441618][T24440]  shmem_file_write_iter+0x10e/0x140
[ 1120.441651][T24440]  __kernel_write_iter+0x31a/0xb10
[ 1120.441683][T24440]  ? __pfx___kernel_write_iter+0x10/0x10
[ 1120.441710][T24440]  ? __up_read+0x1f8/0x750
[ 1120.441751][T24440]  ? dump_user_range+0x756/0xb70
[ 1120.441774][T24440]  ? dump_user_range+0x2ee/0xb70
[ 1120.441804][T24440]  dump_user_range+0x413/0xb70
[ 1120.441837][T24440]  ? __pfx_dump_user_range+0x10/0x10
[ 1120.441865][T24440]  ? elf_coredump_extra_notes_write+0xbd/0x4f0
[ 1120.441910][T24440]  ? __pfx_writenote+0x10/0x10
[ 1120.441947][T24440]  elf_core_dump+0x29c3/0x3c00
[ 1120.441995][T24440]  ? __pfx_elf_core_dump+0x10/0x10
[ 1120.442028][T24440]  ? rcu_is_watching+0x12/0xc0
[ 1120.442055][T24440]  ? __pv_queued_spin_lock_slowpath+0x28d/0xcf0
[ 1120.442095][T24440]  ? 0xffffffffff600000
[ 1120.442183][T24440]  ? vfs_coredump+0x2b9c/0x5670
[ 1120.442205][T24440]  vfs_coredump+0x2b9c/0x5670
[ 1120.442244][T24440]  ? __pfx_vfs_coredump+0x10/0x10
[ 1120.442270][T24440]  ? __lock_acquire+0x62e/0x1ce0
[ 1120.442318][T24440]  ? lock_acquire+0x179/0x350
[ 1120.442360][T24440]  ? is_bpf_text_address+0x8a/0x1a0
[ 1120.442392][T24440]  ? bpf_ksym_find+0x124/0x1c0
[ 1120.442424][T24440]  ? unwind_get_return_address+0x59/0xa0
[ 1120.442452][T24440]  ? arch_stack_walk+0xa6/0x100
[ 1120.442491][T24440]  ? stack_trace_save+0x8e/0xc0
[ 1120.442516][T24440]  ? __pfx_stack_trace_save+0x10/0x10
[ 1120.442541][T24440]  ? stack_depot_save_flags+0x29/0x9c0
[ 1120.442568][T24440]  ? __lock_acquire+0xb97/0x1ce0
[ 1120.442661][T24440]  ? proc_coredump_connector+0x2d1/0x4f0
[ 1120.442694][T24440]  ? __pfx_proc_coredump_connector+0x10/0x10
[ 1120.442739][T24440]  ? rcu_is_watching+0x12/0xc0
[ 1120.442767][T24440]  get_signal+0x22e1/0x26d0
[ 1120.442803][T24440]  ? force_sig_fault+0xc4/0x100
[ 1120.442833][T24440]  ? __pfx_get_signal+0x10/0x10
[ 1120.442869][T24440]  arch_do_signal_or_restart+0x8f/0x790
[ 1120.442898][T24440]  ? trace_irq_disable.constprop.0+0xd4/0x120
[ 1120.442922][T24440]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1120.442974][T24440]  irqentry_exit_to_user_mode+0x176/0x310
[ 1120.443005][T24440]  asm_exc_page_fault+0x26/0x30
[ 1120.443036][T24440] RIP: 0033:0x400fff
[ 1120.443061][T24440] Code: Unable to access opcode bytes at 0x400fd5.
[ 1120.443072][T24440] RSP: 002b:0000000000000005 EFLAGS: 00010206
[ 1120.443091][T24440] RAX: 0000000000000000 RBX: 00007f13e73e6270 RCX: 00007f13e718eec9
[ 1120.443105][T24440] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000020003b46
[ 1120.443120][T24440] RBP: 00007f13e7211f91 R08: 0000000000000002 R09: 0000000000000000
[ 1120.443133][T24440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1120.443147][T24440] R13: 00007f13e73e6308 R14: 00007f13e73e6270 R15: 00007ffd6c2abe68
[ 1120.443183][T24440]  </TASK>
[ 1120.991694][T24440] memory: usage 306072kB, limit 307200kB, failcnt 31489
[ 1120.998742][T24440] memory+swap: usage 430744kB, limit 9007199254740988kB, failcnt 0
[ 1121.180680][T24440] kmem: usage 5008kB, limit 9007199254740988kB, failcnt 0
[ 1121.212047][T24440] Memory cgroup stats for /syz2:
[ 1121.212221][T24440] cache 307920896
[ 1121.309451][T24440] rss 1515520
[ 1121.392453][T24440] rss_huge 0
[ 1121.395715][T24440] shmem 307093504
[ 1121.399430][T24440] mapped_file 200704
[ 1121.403329][T24440] dirty 0
[ 1121.406273][T24440] writeback 0
[ 1121.409756][T24440] workingset_refault_anon 38608
[ 1121.414615][T24440] workingset_refault_file 21600
[ 1121.419575][T24440] swap 127664128
[ 1121.423121][T24440] swapcached 8192
[ 1121.426755][T24440] pgpgin 1608625
[ 1121.430390][T24440] pgpgout 1568361
[ 1121.434029][T24440] pgfault 1655578
[ 1121.437677][T24440] pgmajfault 7051
[ 1121.441727][T24440] inactive_anon 287494144
[ 1121.446068][T24440] active_anon 21123072
[ 1121.451594][T24440] inactive_file 823296
[ 1121.455683][T24440] active_file 0
[ 1121.459202][T24440] unevictable 0
[ 1121.462672][T24440] hierarchical_memory_limit 314572800
[ 1121.468470][T24440] hierarchical_memsw_limit 9223372036854771712
[ 1121.474712][T24440] total_cache 307920896
[ 1121.481904][T24440] total_rss 1515520
[ 1121.485735][T24440] total_rss_huge 0
[ 1121.489544][T24440] total_shmem 307093504
[ 1121.493711][T24440] total_mapped_file 200704
[ 1121.498131][T24440] total_dirty 0
[ 1121.501667][T24440] total_writeback 0
[ 1121.505476][T24440] total_workingset_refault_anon 38608
[ 1121.510928][T24440] total_workingset_refault_file 21600
[ 1121.516413][T24440] total_swap 127664128
[ 1121.523666][T24440] total_swapcached 8192
[ 1121.528089][T24440] total_pgpgin 1608625
[ 1121.548273][T24440] total_pgpgout 1568361
[ 1121.552656][T24440] total_pgfault 1655578
[ 1121.556834][T24440] total_pgmajfault 7051
[ 1121.583120][T24440] total_inactive_anon 287494144
[ 1121.596021][T24440] total_active_anon 21123072
[ 1121.611055][T24440] total_inactive_file 823296
[ 1121.615716][T24440] total_active_file 0
[ 1121.688270][T24440] total_unevictable 0
[ 1121.703408][T24440] anon_cost 0
[ 1121.767171][T24440] file_cost 0
[ 1121.789059][T24440] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.3756,pid=24455,uid=0
[ 1121.853734][T24440] Memory cgroup out of memory: Killed process 24455 (syz.2.3756) total-vm:102940kB, anon-rss:1672kB, file-rss:32540kB, shmem-rss:0kB, UID:0 pgtables:204kB oom_score_adj:0
[ 1124.196077][   T32] oom_reaper: reaped process 24455 (syz.2.3756), now anon-rss:76kB, file-rss:31380kB, shmem-rss:0kB
[ 1126.526760][T24737] nbd: nbd7 already in use
[ 1126.855495][T24750] tipc: Started in network mode
[ 1126.861064][T24750] tipc: Node identity fe820562, cluster identity 4711
[ 1126.871663][T24750] tipc: Node number set to 4269933922
[ 1128.290997][T24788] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[ 1128.525095][T24800] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3823'.
[ 1129.222273][T24802] netlink: 'syz.3.3825': attribute type 11 has an invalid length.
[ 1129.284886][T24802] netlink: 'syz.3.3825': attribute type 11 has an invalid length.
[ 1129.347727][T24802] netlink: 'syz.3.3825': attribute type 11 has an invalid length.
[ 1134.133849][T24868] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3838'.
[ 1135.294017][T24884] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3841'.
[ 1135.332308][T24884] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3841'.
[ 1136.104069][T24891] tipc: Started in network mode
[ 1136.109044][T24891] tipc: Node identity fe820562, cluster identity 4711
[ 1136.122497][T24891] tipc: Node number set to 4269933922
[ 1137.488678][T24922] input: f�
 as /devices/virtual/input/input30
[ 1137.660009][T24928] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3850'.
[ 1140.360530][T24978] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3865'.
[ 1144.909630][T25096] netlink: 'syz.0.3890': attribute type 64 has an invalid length.
[ 1144.917638][T25096] netlink: 74 bytes leftover after parsing attributes in process `syz.0.3890'.
[ 1146.605283][T25139] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3901'.
[ 1147.757026][   T30] audit: type=1800 audit(4294967310.846:48): pid=25155 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3906" name="dbroot" dev="configfs" ino=126925 res=0 errno=0
[ 1147.778736][T25155] db_root: not a directory: /dev/audio1
[ 1148.469291][T12771] Process accounting resumed
[ 1148.495525][T25171] FAULT_INJECTION: forcing a failure.
[ 1148.495525][T25171] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1148.522645][T25171] CPU: 1 UID: 0 PID: 25171 Comm: syz.0.3910 Tainted: G          I         syzkaller #0 PREEMPT(full) 
[ 1148.522689][T25171] Tainted: [I]=FIRMWARE_WORKAROUND
[ 1148.522699][T25171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1148.522716][T25171] Call Trace:
[ 1148.522726][T25171]  <TASK>
[ 1148.522736][T25171]  dump_stack_lvl+0x16c/0x1f0
[ 1148.522775][T25171]  should_fail_ex+0x512/0x640
[ 1148.522814][T25171]  should_fail_alloc_page+0xe7/0x130
[ 1148.522851][T25171]  prepare_alloc_pages+0x3c2/0x610
[ 1148.522886][T25171]  ? rcu_is_watching+0x12/0xc0
[ 1148.522918][T25171]  __alloc_frozen_pages_noprof+0x18b/0x2470
[ 1148.522945][T25171]  ? css_rstat_updated+0x1c2/0x510
[ 1148.522976][T25171]  ? __pfx_css_rstat_updated+0x10/0x10
[ 1148.523011][T25171]  ? __lock_acquire+0x62e/0x1ce0
[ 1148.523051][T25171]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1148.523095][T25171]  ? __lock_acquire+0x62e/0x1ce0
[ 1148.523132][T25171]  ? __lock_acquire+0x62e/0x1ce0
[ 1148.523163][T25171]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1148.523213][T25171]  ? policy_nodemask+0xea/0x4e0
[ 1148.523253][T25171]  alloc_pages_mpol+0x1fb/0x550
[ 1148.523294][T25171]  ? __pfx_alloc_pages_mpol+0x10/0x10
[ 1148.523331][T25171]  ? __lock_acquire+0x62e/0x1ce0
[ 1148.523369][T25171]  folio_alloc_mpol_noprof+0x36/0x2f0
[ 1148.523409][T25171]  vma_alloc_folio_noprof+0xed/0x1e0
[ 1148.523448][T25171]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 1148.523497][T25171]  do_pte_missing+0x2202/0x3ba0
[ 1148.523538][T25171]  ? find_held_lock+0x2b/0x80
[ 1148.523575][T25171]  __handle_mm_fault+0x1556/0x2aa0
[ 1148.523625][T25171]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1148.523667][T25171]  ? __pte_offset_map_lock+0x174/0x310
[ 1148.523699][T25171]  ? find_held_lock+0x2b/0x80
[ 1148.523739][T25171]  ? follow_page_pte+0x5cf/0x1390
[ 1148.523780][T25171]  handle_mm_fault+0x589/0xd10
[ 1148.523827][T25171]  __get_user_pages+0x54e/0x3530
[ 1148.523878][T25171]  ? __pfx___get_user_pages+0x10/0x10
[ 1148.523924][T25171]  populate_vma_page_range+0x267/0x3f0
[ 1148.523962][T25171]  ? __pfx_populate_vma_page_range+0x10/0x10
[ 1148.523996][T25171]  ? __pfx_find_vma_intersection+0x10/0x10
[ 1148.524032][T25171]  ? do_mmap+0x69c/0x1210
[ 1148.524068][T25171]  __mm_populate+0x1d8/0x380
[ 1148.524106][T25171]  ? __pfx___mm_populate+0x10/0x10
[ 1148.524144][T25171]  ? up_write+0x1b2/0x520
[ 1148.524186][T25171]  vm_mmap_pgoff+0x37f/0x470
[ 1148.524235][T25171]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 1148.524269][T25171]  ? find_held_lock+0x2b/0x80
[ 1148.524302][T25171]  ? __x64_sys_futex+0x1e0/0x4c0
[ 1148.524336][T25171]  ? __x64_sys_futex+0x1e9/0x4c0
[ 1148.524375][T25171]  ksys_mmap_pgoff+0x7d/0x5c0
[ 1148.524407][T25171]  ? xfd_validate_state+0x61/0x180
[ 1148.524449][T25171]  __x64_sys_mmap+0x125/0x190
[ 1148.524493][T25171]  do_syscall_64+0xcd/0xfa0
[ 1148.524526][T25171]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1148.524554][T25171] RIP: 0033:0x7f767518eec9
[ 1148.524576][T25171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1148.524602][T25171] RSP: 002b:00007f7675fa2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1148.524627][T25171] RAX: ffffffffffffffda RBX: 00007f76753e5fa0 RCX: 00007f767518eec9
[ 1148.524647][T25171] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000
[ 1148.524664][T25171] RBP: 00007f7675211f91 R08: 0000000000000002 R09: 0000000000008000
[ 1148.524681][T25171] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000
[ 1148.524698][T25171] R13: 00007f76753e6038 R14: 00007f76753e5fa0 R15: 00007ffc5089e5c8
[ 1148.524736][T25171]  </TASK>
[ 1150.918972][T25205] random: crng reseeded on system resumption
[ 1152.204010][T25207] workqueue: Failed to create a rescuer kthread for wq "nfc6_nci_rx_wq": -EINTR
[ 1154.572871][T25270] EXT4-fs error (device sda1): trigger_test_error:129: comm syz.3.3930: 7
[ 1155.354080][T25295] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3937'.
[ 1156.712395][T25315] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3943'.
[ 1156.729897][T25315] veth1_macvtap: left promiscuous mode
[ 1156.735736][T25315] macsec0: entered promiscuous mode
[ 1156.741059][T25315] macsec0: entered allmulticast mode
[ 1157.055935][T25321] netlink: 186 bytes leftover after parsing attributes in process `syz.2.3944'.
[ 1157.072997][T25321] netlink: 186 bytes leftover after parsing attributes in process `syz.2.3944'.
[ 1157.341213][T25325] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3945'.
[ 1157.884665][T25325] mac80211_hwsim hwsim69 wlan1: entered allmulticast mode
[ 1161.950320][T25386] netlink: 93 bytes leftover after parsing attributes in process `syz.0.3960'.
[ 1161.950320][T25387] netlink: 93 bytes leftover after parsing attributes in process `syz.0.3960'.
[ 1161.976729][T25373] EXT4-fs error (device sda1): ext4_discard_preallocations:5681: comm syz.1.3957: Error -117 reading block bitmap for 2
[ 1163.070176][T25409] can: request_module (can-proto-5) failed.
[ 1163.511666][T25428] nfs: Unknown parameter '���ީi��ʟ�b�y�7J� �؀��V�{�
[ 1163.511666][T25428] �\����9-*;#r��RcF��GL��֍*�(�ܦ)5�&yAl�j Lp��%�Z�w�}�GSι�k�'
[ 1169.701598][T25530] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3992'.
[ 1170.273970][T24199] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1170.348800][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1170.360713][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1170.370919][ T5838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1170.397860][ T5838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1170.412367][ T5838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1170.433019][T24199] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1170.559092][T24199] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1170.653071][T24199] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1172.331252][T25551] chnl_net:caif_netlink_parms(): no params data found
[ 1172.468964][T24199] HfR: left promiscuous mode
[ 1172.474060][T24431] Bluetooth: hci0: command tx timeout
[ 1172.555400][T24199] : left promiscuous mode
[ 1172.753852][T24199] tipc: Left network mode
[ 1172.755645][T25551] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1172.774956][T25551] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1172.777242][T25591] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4003'.
[ 1172.858234][T25551] bridge_slave_0: entered allmulticast mode
[ 1172.939635][T25602] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4004'.
[ 1172.970816][T25551] bridge_slave_0: entered promiscuous mode
[ 1173.058146][T25591] ipvlan0: entered promiscuous mode
[ 1173.066240][T25591] ipvlan0: entered allmulticast mode
[ 1173.072263][T25591] veth0_vlan: entered allmulticast mode
[ 1173.098228][T25551] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1173.106074][T25599] openvswitch: HfR: Dropping previously announced user features
[ 1173.160017][T25551] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1173.177928][T25551] bridge_slave_1: entered allmulticast mode
[ 1173.191171][T25551] bridge_slave_1: entered promiscuous mode
[ 1173.634519][T25551] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1173.741105][T25617] ptrace attach of "./syz-executor exec"[21596] was attempted by ""[25617]
[ 1173.812449][T25551] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1174.388368][T25551] team0: Port device team_slave_0 added
[ 1174.539294][T25644] netlink: 268 bytes leftover after parsing attributes in process `syz.0.4010'.
[ 1174.539294][T25645] netlink: 268 bytes leftover after parsing attributes in process `syz.0.4010'.
[ 1174.540135][T24431] Bluetooth: hci0: command tx timeout
[ 1174.557339][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 1174.570767][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1174.592067][T25551] team0: Port device team_slave_1 added
[ 1174.671019][T24199] hsr_slave_0: left promiscuous mode
[ 1174.684767][T24199] hsr_slave_1: left promiscuous mode
[ 1174.707826][T24199] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1174.727087][T24199] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1174.743388][T24199] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1174.764181][T24199] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1174.827741][T24199] veth0_macvtap: left promiscuous mode
[ 1175.625060][T24199] team0 (unregistering): Port device team_slave_0 removed
[ 1176.107563][T25645] faux_driver regulatory: loading /lib/firmware/regulatory.db.p7s failed with error -4
[ 1176.117612][T25645] faux_driver regulatory: Direct firmware load for regulatory.db.p7s failed with error -4
[ 1176.133251][T25645] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db.p7s
[ 1176.191676][T25551] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1176.210164][T25551] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1176.252325][T25551] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1176.307087][T25551] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1176.316380][T25551] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1176.348106][T25551] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1176.602297][T24431] Bluetooth: hci0: command tx timeout
[ 1176.718791][T25551] hsr_slave_0: entered promiscuous mode
[ 1176.743053][T25551] hsr_slave_1: entered promiscuous mode
[ 1176.905945][T25677] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4018'.
[ 1178.074664][T25710] cougar: G6 mapped to space
[ 1178.636180][T25706] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4022'.
[ 1178.673599][T24431] Bluetooth: hci0: command tx timeout
[ 1179.518853][T25551] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1179.573590][T25551] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1179.612452][T25551] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1179.642034][T25551] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1180.380383][T25551] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1180.455341][T25551] 8021q: adding VLAN 0 to HW filter on device team0
[ 1180.469687][ T7280] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1180.477006][ T7280] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1180.562577][T24199] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1180.569780][T24199] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1181.144623][T25768] netlink: 186 bytes leftover after parsing attributes in process `syz.1.4033'.
[ 1182.837829][T25551] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1182.910463][T25551] veth0_vlan: entered promiscuous mode
[ 1183.035460][T25551] veth1_vlan: entered promiscuous mode
[ 1183.286184][T25551] veth0_macvtap: entered promiscuous mode
[ 1183.561450][T25551] veth1_macvtap: entered promiscuous mode
[ 1183.725289][T25551] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1183.759858][T25551] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1183.800299][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1183.819153][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1183.865906][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1183.891039][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1184.282310][ T9798] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1184.306003][ T9798] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1184.405095][ T9798] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1184.477634][ T9798] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1185.833675][T25887] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[ 1185.980029][T25895] netlink: 260 bytes leftover after parsing attributes in process `syz.0.4054'.
[ 1186.644384][T25923] can: request_module (can-proto-5) failed.
[ 1189.097554][T25973] FAULT_INJECTION: forcing a failure.
[ 1189.097554][T25973] name failslab, interval 1, probability 0, space 0, times 0
[ 1189.137803][T25973] CPU: 0 UID: 0 PID: 25973 Comm: syz.3.4073 Tainted: G          I         syzkaller #0 PREEMPT(full) 
[ 1189.137843][T25973] Tainted: [I]=FIRMWARE_WORKAROUND
[ 1189.137853][T25973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1189.137868][T25973] Call Trace:
[ 1189.137877][T25973]  <TASK>
[ 1189.137887][T25973]  dump_stack_lvl+0x16c/0x1f0
[ 1189.137922][T25973]  should_fail_ex+0x512/0x640
[ 1189.137952][T25973]  ? fs_reclaim_acquire+0xae/0x150
[ 1189.137987][T25973]  should_failslab+0xc2/0x120
[ 1189.138019][T25973]  __kmalloc_noprof+0xdd/0x880
[ 1189.138055][T25973]  ? kfree+0x252/0x6d0
[ 1189.138088][T25973]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1189.138129][T25973]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1189.138155][T25973]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1189.138192][T25973]  tomoyo_check_open_permission+0x2ab/0x3c0
[ 1189.138230][T25973]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[ 1189.138304][T25973]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1189.138354][T25973]  tomoyo_file_open+0x6b/0x90
[ 1189.138386][T25973]  security_file_open+0x84/0x1e0
[ 1189.138412][T25973]  do_dentry_open+0x596/0x1530
[ 1189.138452][T25973]  vfs_open+0x82/0x3f0
[ 1189.138489][T25973]  path_openat+0x1de4/0x2cb0
[ 1189.138529][T25973]  ? __pfx_path_openat+0x10/0x10
[ 1189.138566][T25973]  do_filp_open+0x20b/0x470
[ 1189.138594][T25973]  ? __pfx_do_filp_open+0x10/0x10
[ 1189.138647][T25973]  ? alloc_fd+0x471/0x7d0
[ 1189.138682][T25973]  do_sys_openat2+0x11b/0x1d0
[ 1189.138717][T25973]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1189.138765][T25973]  __x64_sys_openat+0x174/0x210
[ 1189.138800][T25973]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1189.138848][T25973]  do_syscall_64+0xcd/0xfa0
[ 1189.138879][T25973]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1189.138904][T25973] RIP: 0033:0x7f2e6bd8eec9
[ 1189.138925][T25973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1189.138948][T25973] RSP: 002b:00007f2e6cc2c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1189.138972][T25973] RAX: ffffffffffffffda RBX: 00007f2e6bfe6270 RCX: 00007f2e6bd8eec9
[ 1189.138989][T25973] RDX: 0000000000008901 RSI: 0000200000000040 RDI: ffffffffffffff9c
[ 1189.139005][T25973] RBP: 00007f2e6be11f91 R08: 0000000000000000 R09: 0000000000000000
[ 1189.139020][T25973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1189.139035][T25973] R13: 00007f2e6bfe6308 R14: 00007f2e6bfe6270 R15: 00007ffd23107558
[ 1189.139072][T25973]  </TASK>
[ 1189.427003][T25973] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1191.486067][T26048] netlink: 'syz.2.4089': attribute type 1 has an invalid length.
[ 1192.119413][T26063] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4091'.
[ 1192.790237][   T30] audit: type=1800 audit(4294967297.784:49): pid=26074 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4095" name="trace_pipe" dev="tracefs" ino=145 res=0 errno=0
[ 1194.221612][T26073] kexec: Could not allocate control_code_buffer
[ 1194.652175][T26114] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4100'.
[ 1194.835256][T26126] netlink: 108 bytes leftover after parsing attributes in process `syz.0.4103'.
[ 1194.902312][T26131] FAULT_INJECTION: forcing a failure.
[ 1194.902312][T26131] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1194.924854][T26131] CPU: 0 UID: 0 PID: 26131 Comm: syz.2.4104 Tainted: G          I         syzkaller #0 PREEMPT(full) 
[ 1194.924894][T26131] Tainted: [I]=FIRMWARE_WORKAROUND
[ 1194.924904][T26131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1194.924917][T26131] Call Trace:
[ 1194.924925][T26131]  <TASK>
[ 1194.924935][T26131]  dump_stack_lvl+0x16c/0x1f0
[ 1194.924969][T26131]  should_fail_ex+0x512/0x640
[ 1194.925003][T26131]  should_fail_alloc_page+0xe7/0x130
[ 1194.925035][T26131]  prepare_alloc_pages+0x3c2/0x610
[ 1194.925067][T26131]  __alloc_frozen_pages_noprof+0x18b/0x2470
[ 1194.925097][T26131]  ? __lock_acquire+0x62e/0x1ce0
[ 1194.925133][T26131]  ? __lock_acquire+0x62e/0x1ce0
[ 1194.925161][T26131]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1194.925202][T26131]  ? find_held_lock+0x2b/0x80
[ 1194.925227][T26131]  ? is_bpf_text_address+0x8a/0x1a0
[ 1194.925257][T26131]  ? bpf_ksym_find+0x124/0x1c0
[ 1194.925279][T26131]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1194.925316][T26131]  ? policy_nodemask+0xea/0x4e0
[ 1194.925348][T26131]  alloc_pages_mpol+0x1fb/0x550
[ 1194.925388][T26131]  ? __pfx_alloc_pages_mpol+0x10/0x10
[ 1194.925429][T26131]  folio_alloc_mpol_noprof+0x36/0x2f0
[ 1194.925465][T26131]  shmem_alloc_folio+0x135/0x160
[ 1194.925497][T26131]  shmem_alloc_and_add_folio+0x499/0xc20
[ 1194.925539][T26131]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[ 1194.925577][T26131]  ? shmem_allowable_huge_orders+0xd4/0x3f0
[ 1194.925609][T26131]  shmem_get_folio_gfp+0x67f/0x1610
[ 1194.925640][T26131]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[ 1194.925664][T26131]  ? filemap_map_pages+0xe01/0x1b70
[ 1194.925692][T26131]  shmem_fault+0x1fe/0xa30
[ 1194.925720][T26131]  ? __pfx_shmem_fault+0x10/0x10
[ 1194.925748][T26131]  ? rcu_is_watching+0x12/0xc0
[ 1194.925774][T26131]  ? __pfx_filemap_map_pages+0x10/0x10
[ 1194.925802][T26131]  ? __pfx_filemap_map_pages+0x10/0x10
[ 1194.925828][T26131]  __do_fault+0x10a/0x490
[ 1194.925853][T26131]  ? __pfx_filemap_map_pages+0x10/0x10
[ 1194.925872][T26131]  do_pte_missing+0xf4a/0x3ba0
[ 1194.925905][T26131]  ? __thp_vma_allowable_orders+0x1c8/0xcd0
[ 1194.925942][T26131]  ? __pmd_alloc+0x64f/0x8b0
[ 1194.925977][T26131]  __handle_mm_fault+0x1556/0x2aa0
[ 1194.926018][T26131]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1194.926046][T26131]  ? __pfx_walk_pgd_range+0x10/0x10
[ 1194.926101][T26131]  handle_mm_fault+0x589/0xd10
[ 1194.926144][T26131]  __get_user_pages+0x54e/0x3530
[ 1194.926192][T26131]  ? __pfx___get_user_pages+0x10/0x10
[ 1194.926235][T26131]  populate_vma_page_range+0x267/0x3f0
[ 1194.926270][T26131]  ? __pfx_populate_vma_page_range+0x10/0x10
[ 1194.926302][T26131]  ? __pfx_find_vma_intersection+0x10/0x10
[ 1194.926349][T26131]  ? __pfx_apply_vma_lock_flags+0x10/0x10
[ 1194.926387][T26131]  __mm_populate+0x1d8/0x380
[ 1194.926422][T26131]  ? __pfx___mm_populate+0x10/0x10
[ 1194.926455][T26131]  ? up_write+0x1b2/0x520
[ 1194.926490][T26131]  do_mlock+0x441/0x800
[ 1194.926510][T26131]  ? handle_mm_fault+0x2ab/0xd10
[ 1194.926547][T26131]  ? __pfx_do_mlock+0x10/0x10
[ 1194.926565][T26131]  ? __x64_sys_futex+0x1e0/0x4c0
[ 1194.926593][T26131]  ? __x64_sys_futex+0x1e9/0x4c0
[ 1194.926623][T26131]  ? __x64_sys_openat+0x174/0x210
[ 1194.926659][T26131]  ? xfd_validate_state+0x61/0x180
[ 1194.926702][T26131]  __x64_sys_mlock+0x59/0x80
[ 1194.926727][T26131]  do_syscall_64+0xcd/0xfa0
[ 1194.926757][T26131]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1194.926781][T26131] RIP: 0033:0x7fa0c3f8eec9
[ 1194.926802][T26131] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1194.926826][T26131] RSP: 002b:00007fa0c4de0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[ 1194.926850][T26131] RAX: ffffffffffffffda RBX: 00007fa0c41e6180 RCX: 00007fa0c3f8eec9
[ 1194.926867][T26131] RDX: 0000000000000000 RSI: fffffffffffffffe RDI: 000000000000002a
[ 1194.926882][T26131] RBP: 00007fa0c4011f91 R08: 0000000000000000 R09: 0000000000000000
[ 1194.926898][T26131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1194.926912][T26131] R13: 00007fa0c41e6218 R14: 00007fa0c41e6180 R15: 00007ffe940cf8c8
[ 1194.926950][T26131]  </TASK>
[ 1195.408116][T26122] netlink: 206 bytes leftover after parsing attributes in process `syz.0.4103'.
[ 1195.585950][T26135] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4105'.
[ 1197.738317][T26189] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4115'.
[ 1198.964930][T26232] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4124'.
[ 1199.498620][T26252] PM: Enabling pm_trace changes system date and time during resume.
[ 1199.498620][T26252] PM: Correct system time has to be restored manually after resume.
[ 1200.616264][T26103] Bluetooth: hci3: ACL packet for unknown connection handle 0
[ 1200.737374][T26103] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[ 1201.958881][T26318] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4140'.
[ 1202.110863][T26328] FAULT_INJECTION: forcing a failure.
[ 1202.110863][T26328] name failslab, interval 1, probability 0, space 0, times 0
[ 1202.132592][T26328] CPU: 0 UID: 0 PID: 26328 Comm: syz.2.4142 Tainted: G          I         syzkaller #0 PREEMPT(full) 
[ 1202.132648][T26328] Tainted: [I]=FIRMWARE_WORKAROUND
[ 1202.132659][T26328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1202.132674][T26328] Call Trace:
[ 1202.132684][T26328]  <TASK>
[ 1202.132696][T26328]  dump_stack_lvl+0x16c/0x1f0
[ 1202.132734][T26328]  should_fail_ex+0x512/0x640
[ 1202.132765][T26328]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[ 1202.132798][T26328]  should_failslab+0xc2/0x120
[ 1202.132832][T26328]  kmem_cache_alloc_noprof+0x75/0x6e0
[ 1202.132859][T26328]  ? vm_area_dup+0x27/0x8d0
[ 1202.132904][T26328]  ? vm_area_dup+0x27/0x8d0
[ 1202.132938][T26328]  vm_area_dup+0x27/0x8d0
[ 1202.132978][T26328]  copy_vma+0x4ef/0xa90
[ 1202.133010][T26328]  ? __pfx_copy_vma+0x10/0x10
[ 1202.133044][T26328]  ? register_lock_class+0x41/0x4c0
[ 1202.133097][T26328]  ? rcu_is_watching+0x12/0xc0
[ 1202.133129][T26328]  ? finish_task_switch.isra.0+0x221/0xc10
[ 1202.133164][T26328]  copy_vma_and_data+0x1cf/0x790
[ 1202.133196][T26328]  ? __pfx_copy_vma_and_data+0x10/0x10
[ 1202.133231][T26328]  ? __vma_enter_locked+0x163/0x3f0
[ 1202.133270][T26328]  ? find_held_lock+0x2b/0x80
[ 1202.133295][T26328]  ? move_vma+0x52e/0x1770
[ 1202.133326][T26328]  move_vma+0x540/0x1770
[ 1202.133358][T26328]  ? __pfx_move_vma+0x10/0x10
[ 1202.133389][T26328]  ? mm_get_unmapped_area_vmflags+0x97/0xe0
[ 1202.133419][T26328]  ? cap_mmap_addr+0x4b/0x120
[ 1202.133451][T26328]  ? bpf_lsm_mmap_addr+0x9/0x10
[ 1202.133478][T26328]  ? security_mmap_addr+0x6c/0x1e0
[ 1202.133503][T26328]  ? __get_unmapped_area+0x267/0x440
[ 1202.133537][T26328]  ? vrm_set_new_addr+0x208/0x290
[ 1202.133562][T26328]  mremap_to+0x1b7/0x450
[ 1202.133589][T26328]  do_mremap+0x13a8/0x2020
[ 1202.133615][T26328]  ? futex_private_hash_put+0xf0/0x300
[ 1202.133668][T26328]  ? __pfx_do_mremap+0x10/0x10
[ 1202.133702][T26328]  ? ksys_write+0x190/0x250
[ 1202.133738][T26328]  __do_sys_mremap+0x119/0x170
[ 1202.133763][T26328]  ? __pfx___do_sys_mremap+0x10/0x10
[ 1202.133788][T26328]  ? cap_task_prctl+0x2af/0xa80
[ 1202.133827][T26328]  ? __x64_sys_futex+0x1e0/0x4c0
[ 1202.133879][T26328]  do_syscall_64+0xcd/0xfa0
[ 1202.133910][T26328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1202.133936][T26328] RIP: 0033:0x7fa0c3f8eec9
[ 1202.133957][T26328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1202.133983][T26328] RSP: 002b:00007fa0c4e22038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[ 1202.134007][T26328] RAX: ffffffffffffffda RBX: 00007fa0c41e5fa0 RCX: 00007fa0c3f8eec9
[ 1202.134026][T26328] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200001000000
[ 1202.134042][T26328] RBP: 00007fa0c4011f91 R08: 0000000100000000 R09: 0000000000000000
[ 1202.134060][T26328] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
[ 1202.134075][T26328] R13: 00007fa0c41e6038 R14: 00007fa0c41e5fa0 R15: 00007ffe940cf8c8
[ 1202.134112][T26328]  </TASK>
[ 1202.555761][T26333] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4143'.
[ 1202.790625][T26090] Bluetooth: hci0: command tx timeout
[ 1202.840935][T26090] Bluetooth: hci0: Unable to find connection for big 0xd2
[ 1203.185094][T26367] net_ratelimit: 1027 callbacks suppressed
[ 1203.185116][T26367] netlink: zone id is out of range
[ 1203.386483][T26367] netlink: del zone limit has 4 unknown bytes
[ 1203.395786][T26363] netlink: set zone limit has 8 unknown bytes
[ 1203.600708][T26372] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4148'.
[ 1204.001225][T26383] sock: sock_timestamping_bind_phc: sock not bind to device
[ 1204.632303][T26479] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4158'.
[ 1205.369531][T26488] ------------[ cut here ]------------
[ 1205.375565][T26488] memcpy: detected field-spanning write (size 6) of single field "&entry->id" at kernel/trace/trace.c:7458 (size 4)
[ 1205.387942][T26488] WARNING: CPU: 1 PID: 26488 at kernel/trace/trace.c:7458 write_raw_marker_to_buffer.isra.0+0x2d4/0x330
[ 1205.399271][T26488] Modules linked in:
[ 1205.404266][T26488] CPU: 1 UID: 0 PID: 26488 Comm: syz.2.4160 Tainted: G          I         syzkaller #0 PREEMPT(full) 
[ 1205.415573][T26488] Tainted: [I]=FIRMWARE_WORKAROUND
[ 1205.420921][T26488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1205.431384][T26488] RIP: 0010:write_raw_marker_to_buffer.isra.0+0x2d4/0x330
[ 1205.438814][T26488] Code: ff e8 30 74 fa ff c6 05 b4 7e aa 0e 01 90 b9 04 00 00 00 48 c7 c2 e0 1e 93 8b 4c 89 e6 48 c7 c7 40 1f 93 8b e8 6d fc b8 ff 90 <0f> 0b 90 90 e9 d7 fe ff ff e8 6e 04 62 00 e9 da fd ff ff e8 64 04
[ 1205.458545][T26488] RSP: 0018:ffffc9000b7e7b98 EFLAGS: 00010286
[ 1205.464823][T26488] RAX: 0000000000000000 RBX: ffff88806b400014 RCX: ffffc9001767d000
[ 1205.472850][T26488] RDX: 0000000000080000 RSI: ffffffff817a5e65 RDI: 0000000000000001
[ 1205.480916][T26488] RBP: ffff88806b400010 R08: 0000000000000001 R09: 0000000000000000
[ 1205.488934][T26488] R10: 0000000000000000 R11: ffffffffffff66b0 R12: 0000000000000006
[ 1205.496961][T26488] R13: ffff88813ff18c00 R14: 0000000000000000 R15: 0000000000000000
[ 1205.505003][T26488] FS:  00007fa0c4e226c0(0000) GS:ffff888124ae6000(0000) knlGS:0000000000000000
[ 1205.514370][T26488] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1205.520999][T26488] CR2: 0000001b2fb1bff8 CR3: 000000001210a000 CR4: 00000000003526f0
[ 1205.529270][T26488] Call Trace:
[ 1205.532627][T26488]  <TASK>
[ 1205.535582][T26488]  tracing_mark_raw_write+0x2da/0x4a0
[ 1205.540984][T26488]  ? __pfx_tracing_mark_raw_write+0x10/0x10
[ 1205.546949][T26488]  ? __pfx_tracing_mark_raw_write+0x10/0x10
[ 1205.552943][T26488]  vfs_writev+0x5dc/0xde0
[ 1205.557464][T26488]  ? __pfx_vfs_writev+0x10/0x10
[ 1205.562438][T26488]  ? __fget_files+0x20e/0x3c0
[ 1205.567130][T26488]  ? do_writev+0x28c/0x340
[ 1205.571686][T26488]  do_writev+0x28c/0x340
[ 1205.575952][T26488]  ? __pfx_do_writev+0x10/0x10
[ 1205.580755][T26488]  do_syscall_64+0xcd/0xfa0
[ 1205.585355][T26488]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1205.591349][T26488] RIP: 0033:0x7fa0c3f8eec9
[ 1205.595779][T26488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1205.615767][T26488] RSP: 002b:00007fa0c4e22038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1205.624504][T26488] RAX: ffffffffffffffda RBX: 00007fa0c41e5fa0 RCX: 00007fa0c3f8eec9
[ 1205.632536][T26488] RDX: 0000000000000004 RSI: 0000200000000140 RDI: 0000000000000003
[ 1205.640587][T26488] RBP: 00007fa0c4011f91 R08: 0000000000000000 R09: 0000000000000000
[ 1205.648752][T26488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1205.656844][T26488] R13: 00007fa0c41e6038 R14: 00007fa0c41e5fa0 R15: 00007ffe940cf8c8
[ 1205.665027][T26488]  </TASK>
[ 1205.668077][T26488] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1205.675363][T26488] CPU: 1 UID: 0 PID: 26488 Comm: syz.2.4160 Tainted: G          I         syzkaller #0 PREEMPT(full) 
[ 1205.686310][T26488] Tainted: [I]=FIRMWARE_WORKAROUND
[ 1205.691423][T26488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1205.701508][T26488] Call Trace:
[ 1205.704792][T26488]  <TASK>
[ 1205.707714][T26488]  dump_stack_lvl+0x3d/0x1f0
[ 1205.712488][T26488]  vpanic+0x640/0x6f0
[ 1205.716483][T26488]  ? write_raw_marker_to_buffer.isra.0+0x2d4/0x330
[ 1205.723009][T26488]  panic+0xca/0xd0
[ 1205.726825][T26488]  ? __pfx_panic+0x10/0x10
[ 1205.731333][T26488]  check_panic_on_warn+0xab/0xb0
[ 1205.736268][T26488]  __warn+0xf6/0x3c0
[ 1205.740271][T26488]  ? write_raw_marker_to_buffer.isra.0+0x2d4/0x330
[ 1205.747107][T26488]  report_bug+0x3c3/0x580
[ 1205.751441][T26488]  ? write_raw_marker_to_buffer.isra.0+0x2d4/0x330
[ 1205.757972][T26488]  handle_bug+0x184/0x210
[ 1205.762327][T26488]  exc_invalid_op+0x17/0x50
[ 1205.766927][T26488]  asm_exc_invalid_op+0x1a/0x20
[ 1205.771861][T26488] RIP: 0010:write_raw_marker_to_buffer.isra.0+0x2d4/0x330
[ 1205.778995][T26488] Code: ff e8 30 74 fa ff c6 05 b4 7e aa 0e 01 90 b9 04 00 00 00 48 c7 c2 e0 1e 93 8b 4c 89 e6 48 c7 c7 40 1f 93 8b e8 6d fc b8 ff 90 <0f> 0b 90 90 e9 d7 fe ff ff e8 6e 04 62 00 e9 da fd ff ff e8 64 04
[ 1205.798698][T26488] RSP: 0018:ffffc9000b7e7b98 EFLAGS: 00010286
[ 1205.805293][T26488] RAX: 0000000000000000 RBX: ffff88806b400014 RCX: ffffc9001767d000
[ 1205.813360][T26488] RDX: 0000000000080000 RSI: ffffffff817a5e65 RDI: 0000000000000001
[ 1205.821347][T26488] RBP: ffff88806b400010 R08: 0000000000000001 R09: 0000000000000000
[ 1205.829439][T26488] R10: 0000000000000000 R11: ffffffffffff66b0 R12: 0000000000000006
[ 1205.837534][T26488] R13: ffff88813ff18c00 R14: 0000000000000000 R15: 0000000000000000
[ 1205.845552][T26488]  ? __warn_printk+0x1a5/0x350
[ 1205.850328][T26488]  ? write_raw_marker_to_buffer.isra.0+0x2d3/0x330
[ 1205.856871][T26488]  tracing_mark_raw_write+0x2da/0x4a0
[ 1205.862251][T26488]  ? __pfx_tracing_mark_raw_write+0x10/0x10
[ 1205.868156][T26488]  ? __pfx_tracing_mark_raw_write+0x10/0x10
[ 1205.874045][T26488]  vfs_writev+0x5dc/0xde0
[ 1205.878377][T26488]  ? __pfx_vfs_writev+0x10/0x10
[ 1205.883308][T26488]  ? __fget_files+0x20e/0x3c0
[ 1205.887984][T26488]  ? do_writev+0x28c/0x340
[ 1205.892386][T26488]  do_writev+0x28c/0x340
[ 1205.896623][T26488]  ? __pfx_do_writev+0x10/0x10
[ 1205.901398][T26488]  do_syscall_64+0xcd/0xfa0
[ 1205.905912][T26488]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1205.911806][T26488] RIP: 0033:0x7fa0c3f8eec9
[ 1205.916233][T26488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1205.936301][T26488] RSP: 002b:00007fa0c4e22038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1205.944732][T26488] RAX: ffffffffffffffda RBX: 00007fa0c41e5fa0 RCX: 00007fa0c3f8eec9
[ 1205.952877][T26488] RDX: 0000000000000004 RSI: 0000200000000140 RDI: 0000000000000003
[ 1205.961109][T26488] RBP: 00007fa0c4011f91 R08: 0000000000000000 R09: 0000000000000000
[ 1205.969088][T26488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1205.977071][T26488] R13: 00007fa0c41e6038 R14: 00007fa0c41e5fa0 R15: 00007ffe940cf8c8
[ 1205.985156][T26488]  </TASK>
[ 1205.988520][T26488] Kernel Offset: disabled
[ 1205.992850][T26488] Rebooting in 86400 seconds..