last executing test programs:

1m7.870281339s ago: executing program 0 (id=1821):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/bus/most/drivers/most_core/components\x00', 0x100, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000010c0)=""/4096, 0x1000)
mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2002, 0x0)
socket(0x29, 0x2, 0x0)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r2 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000200)='/dev/mtd0\x00', 0x48000, 0x0)
ioctl$auto_MEMGETINFO(r2, 0x80204d01, &(0x7f0000000240)={0x40, 0xfffffff0, 0x4, 0x5, 0x3, 0x9})
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x0, 0xd, 0x2, 0x948b, 0x3, 0x15f4da0a, 0x1, 0x3, 0x62, 0x80000001, 0x4, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffa]}, 0x0)
write$auto(r1, &(0x7f0000000400)='\x00\x00\x00\x00', 0x100000a3d9)
select$auto(0x9, 0x0, 0x0, &(0x7f0000000200)={[0x8001ff, 0x7, 0xd, 0x8fd6, 0x948d, 0x3, 0x80, 0x3, 0x6, 0x8000000000000001, 0x7, 0x2, 0xd, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto_lockdown_ops_lockdown(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80802, 0x0)
r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0)
write$auto(0x3, 0x0, 0xfdef)
ioctl$auto_SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000100)="000004")
write$auto(r3, 0x0, 0x41ec)

1m4.223540402s ago: executing program 0 (id=1829):
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
close_range$auto(0x2, 0x8, 0x0)
r1 = socket(0x2, 0x1, 0x84)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xa4e00, 0x0)
sendmsg$auto_MAC802154_HWSIM_CMD_NEW_EDGE(r1, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x81)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x100000007)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20b42, 0x0)
writev$auto(r2, &(0x7f0000000080)={0x0, 0x7}, 0x1)
io_uring_setup$auto(0x2, &(0x7f0000000140)={0x0, 0xd61d, 0x7fff, 0xffffe000, 0x709, 0x8, r0, [0xaa, 0x3, 0x6], {0x8, 0x7ff, 0x5, 0x9, 0x2, 0x0, 0x0, 0x7ff}, {0x1000, 0x477, 0xe, 0x5, 0x6, 0x3, 0x80000000, 0x4, 0x8}})
io_uring_register$auto_IORING_REGISTER_FILES_UPDATE(r1, 0x6, &(0x7f0000000240)="04adc501000000000000005f1e9700000000dcd6a66989d861ccca7c5e0304ed909d2bc75fe953b9b8444347263ee49c1928f0d0cca2db6e3e005cca026656145ad1d96a5d194e79075d6a30f618bcc016bc198062be95e52cccfa32d6e2771aa6dd653b37370bf4dcf121d59e48a709688232404c66678c74aed008920afcf6a57957b3ae24871b3167c040293f353060713d8b332530a29782e48fdff32bde2e6da8779a0ca51d", 0x7fffffff)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000080))
getdents$auto(r3, 0x0, 0x3f1)
close_range$auto(0x2, 0xa, 0x0)
openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000080)='/dev/binderfs/binder1\x00', 0x80001, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0)

57.972169597s ago: executing program 0 (id=1836):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
writev$auto(0x3, 0x0, 0x8009)
syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$auto_OVS_FLOW_CMD_DEL(0xffffffffffffffff, 0x0, 0x800)
mmap$auto(0x1000, 0x4, 0x4000000000df, 0x40eb2, 0xffffffffffffffff, 0x300000000000)
r0 = openat$auto_udf_dir_operations_udfdecl(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/bluetooth/hci4\x00', 0x2000, 0x0)
mmap$auto(0x1, 0x400008, 0xe0, 0x9b72, r0, 0x0)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(0xffffffffffffffff, &(0x7f0000000240)='//ev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
mmap$auto(0x0, 0x8, 0x9, 0x18, 0x2, 0x8000)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x0, 0x0)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000004c0)='/sys/class/firmware/timeout\x00', 0x1a1942, 0x0)
write$auto(r2, &(0x7f0000000180)='o\x00d1^\xa1/[\x00\x00\x00\x00\x00\xdc\xbf\x05V\x12\x00\x00\x00\x00\x00\x00\xf3\xa8)', 0x4)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x1, 0x0)
syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000100), r1)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x2020009, 0x40000003, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0xa, 0x3, 0x3a)
setsockopt$auto(0x400000000000003, 0x29, 0xcc, 0x0, 0x567)
setsockopt$auto(0x400000000000003, 0x29, 0xcd, 0x0, 0x567)

57.414775488s ago: executing program 0 (id=1838):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0x2, 0x3, 0xa)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
mmap$auto(0x0, 0x10000000400008, 0xdf, 0x9b72, 0x2, 0x40000008000)
write$auto_fuse_dev_operations_fuse_i(0xffffffffffffffff, &(0x7f0000000440)="11000000", 0x4)
socket(0xf, 0x3, 0x2)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
io_uring_setup$auto(0x1, 0x0)
futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001)
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0)
sendfile$auto(r0, r1, 0x0, 0x1000200)
mmap$auto(0x0, 0x9, 0x49f, 0x9b72, 0x2, 0x8000000000008000)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x26142, 0x4b)
write$auto(r2, 0x0, 0x100082)
pwrite64$auto(r2, 0x0, 0x8, 0x200000000000003)

53.247440887s ago: executing program 0 (id=1853):
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
close_range$auto(0x2, 0x8, 0x0)
r1 = socket(0x2, 0x1, 0x84)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xa4e00, 0x0)
sendmsg$auto_MAC802154_HWSIM_CMD_NEW_EDGE(r1, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x81)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x100000007)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20b42, 0x0)
writev$auto(r2, &(0x7f0000000080)={0x0, 0x7}, 0x1)
io_uring_setup$auto(0x2, &(0x7f0000000140)={0x0, 0xd61d, 0x7fff, 0xffffe000, 0x709, 0x8, r0, [0xaa, 0x3, 0x6], {0x8, 0x7ff, 0x5, 0x9, 0x2, 0x0, 0x0, 0x7ff}, {0x1000, 0x477, 0xe, 0x5, 0x6, 0x3, 0x80000000, 0x4, 0x8}})
io_uring_register$auto_IORING_REGISTER_FILES_UPDATE(r1, 0x6, &(0x7f0000000240)="04adc501000000000000005f1e9700000000dcd6a66989d861ccca7c5e0304ed909d2bc75fe953b9b8444347263ee49c1928f0d0cca2db6e3e005cca026656145ad1d96a5d194e79075d6a30f618bcc016bc198062be95e52cccfa32d6e2771aa6dd653b37370bf4dcf121d59e48a709688232404c66678c74aed008920afcf6a57957b3ae24871b3167c040293f353060713d8b332530a29782e48fdff32bde2e6da8779a0ca51d", 0x7fffffff)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000080))
getdents$auto(r3, 0x0, 0x3f1)
close_range$auto(0x2, 0xa, 0x0)
openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000080)='/dev/binderfs/binder1\x00', 0x80001, 0x0)
ioctl$auto(0x3, 0x4020565a, 0x38)

50.3341693s ago: executing program 3 (id=1849):
close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
rseq$auto(&(0x7f0000000200)={0x3, 0x40000000, 0x5e, 0x4, 0xe, 0x5, "1c28677d72da6a8ce5fbbee4222728b2bb2199ff2cefdf7406ea62ac49c5bc0492ed7e27bb8d16de56c35696848d571b5eeb3889a4faab59285215c3ff965381a218964e8964adc985ecc8b81f5e9a912f9af6062a8651e33be1129114401e1f3c2f7bb05c3ebbad09fb6ff509f0ec3ee9c780d5e9169571fdacd7265d7c6053fff56a355cfc30f841cc5fffcbb218bc7d618b6060e3dc09686349d42af2c73eb63dc284f415aa11ac6244ec66adf4e432adbf4ef12e35d5a5f44a9d6dec2a60"}, 0x21b, 0x8, 0x0)
mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000)
close_range$auto(0x2, 0x8, 0x0)
acct$auto(&(0x7f0000000000)='/dev/sg0\x00')

50.15741636s ago: executing program 3 (id=1850):
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
close_range$auto(0x2, 0x8, 0x0)
r1 = socket(0x2, 0x1, 0x84)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xa4e00, 0x0)
sendmsg$auto_MAC802154_HWSIM_CMD_NEW_EDGE(r1, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x81)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x100000007)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20b42, 0x0)
writev$auto(r2, &(0x7f0000000080)={0x0, 0x7}, 0x1)
io_uring_setup$auto(0x2, &(0x7f0000000140)={0x0, 0xd61d, 0x7fff, 0xffffe000, 0x709, 0x8, r0, [0xaa, 0x3, 0x6], {0x8, 0x7ff, 0x5, 0x9, 0x2, 0x0, 0x0, 0x7ff}, {0x1000, 0x477, 0xe, 0x5, 0x6, 0x3, 0x80000000, 0x4, 0x8}})
io_uring_register$auto_IORING_REGISTER_FILES_UPDATE(r1, 0x6, &(0x7f0000000240)="04adc501000000000000005f1e9700000000dcd6a66989d861ccca7c5e0304ed909d2bc75fe953b9b8444347263ee49c1928f0d0cca2db6e3e005cca026656145ad1d96a5d194e79075d6a30f618bcc016bc198062be95e52cccfa32d6e2771aa6dd653b37370bf4dcf121d59e48a709688232404c66678c74aed008920afcf6a57957b3ae24871b3167c040293f353060713d8b332530a29782e48fdff32bde2e6da8779a0ca51d", 0x7fffffff)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000080))
getdents$auto(r3, 0x0, 0x3f1)
close_range$auto(0x2, 0xa, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0)
ioctl$auto(0x3, 0x4020565a, 0x38)

46.574968833s ago: executing program 0 (id=1859):
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r0, 0x0, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
r1 = getsockopt$auto(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f0000000100)=0x3b)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
kexec_load$auto(0x9, 0x0, 0x0, 0x1003e0000)
sendmsg$auto_NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000002180)={&(0x7f0000001000)={0x2cc, 0x0, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@NL80211_ATTR_AUTH_DATA={0x2b5, 0x9c, "fc249a3d1983089419ac78b69b94682099722346c59fad3cdc9da3f35f0935fd49f5a27676cc078edd7ee670c4046c1e48367b6a0b2d890ada0964c3c3e948f4d5de26534ae49006dadcd647aa8a892d444731813733e9273c81993530c9c8a304b4db9b563a4440f22f1c24f64f5210ee4a004a266fe34f498b3c10dd487312f7cf2d3949b2972a5df8edc3d049b1987a968b01ac3ae39449a0e164909f086d7336a2d15c3b010e20d8fd2c8b2e36bcb2ef56c0c321e101109fb275d0830dc6bc1ddd23138670bcf87a1947dbbe754a4baeea1247d2ff73fd137d4fd5412b5859488e896c39a7c5346fd6ce05e533f75ca962105e728e459c2f0f4f1fd514107cfabff58e4fe4865669a18699c92a8c8a929f79d6c2e23cedcf112966d6ec658a693bbd089312ac7acf2b23999413c68708bf9a378dd5e5d4185a11e46073b2ee9d32fff6aa3c4d3d740f836efa310f9b28bec9a35d8c066105837c893279086e4b9f32e906424f9925e5c5a9edc8b7e9f23d24d387a616d84f1bf8e6fb854c9a32c4ccd7d883493bdfa1e65001891eca1c8093363400e382b9a4fc55c66e546eee1bd98529e76615e0817a39613b11d4f6a1f60a3463bcb221a35a8d2f7e3dd9bd65140bdc42a3c51a0aa790dd12125a9b73bff95bb7e0fdb23978189f91db596fe5adaf1485941e3767a22c937825aafbeb5b541966dd9e530410107e0c5ce78da6ffcd255ed8748cfbb4b30b90717c139814c7c7b0b3826bf8d866279452578da9396725ffb301d80aff89b581bbc71e64de25c5fbf71fee75e1d9af08759a2691e858761985c0abb94fdd9ed70d8d32a64db88480673d14d6af0f2b322e333566d74cacf2a6b2dabc1f11f253127b929164d297431fed3c1845cfdeeb11ad8b68b3f0db168494bfbfdffd521ace82169dcffa60e35e539fa365cf99f65ffcf170cb78c73adac059014e87dff3b39c"}]}, 0x2cc}, 0x1, 0x0, 0x0, 0x48845}, 0x0)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0)
write$auto_tty_fops_tty_io(r2, &(0x7f0000000580)="7fd0a917413f68eb6b28d5eea7d1553f6595c094f1f855eb8d8776e6bd8f81c440da3fe3433f8243402fc2752caac5da7a03bbb5adf685740635a6bc231c6cf093b7cf0e4dd07f10b2dc12791aa3ebded3cfe2e4befc0e02d2e064b1db3adc8b2ec1c0378efff268086d6cb998b8dedfb7f20d06b7b091e974de1c1a4ce3d378d91b7639d914ba86b1f18337bb06e3619af99e68dfac380ab153fc75a2159d8efbbf7436752c964490346cf1558249979fc61ee71509560d14bdd0922e50904f3a4b2ae1bfc4f6bb9e08f16afd6baa53cf87077be5bcca2829dd4133da071a6fd072ed5568670a5d171e3deee5576bf571a016c162ca369182f202dbe49839df8d4c438dacdd6cdd67c21e2ed9be20baeff5e5019313d5e6e5a0e93eab61be5dec2c7e144cf9d73fd945c25ff11d5d5aa26bf8ab2e06098b8aeb05c1f29c1a30d268d82768b3350c3efcdac39334de0f6406a1aed635e0c55412ff73b0222d67be6bdd185478d502b492c41696ce6f88609795409aa0841dbc7cb222f0cb239b19d9499fdc45988f0290af0666c37b93f047d45b17cbe7c9332c63ad46c6aa871e4b351efa4fbfb88cfa0281f465d1a970939c2d6c45c50ade06f0bb98ed66623b887de325c0f42ab530b649ea29757af9464c18dea186a0bbc62ce209a3be8e86e8f710323cb899d806caf575cb73a419c0804afd4c8a329a2afaebb87291e9fdfd2ca0edebfc4fb7b1e281fa3e6ac387aebfc92107f4251aa8c96a4c6d7599933c2c489a7696e8e42d88b572fa46bead2c96f619030ab70026f14f91bbf0a4c1b3ed74c564d6ae3eefeef94d37e19701513ff7713a52ebfd8f251dc303455de00d1ee3ed3e204bed2901a644056193fc7e00ce10aa6463892a7881a51893af629f7bd8801ce4c44c7ff2decdb6a69d9ed48ff79661ba9ec4a84dd222d3b40e4abf56222b97db9aa646a67e5031a57d570030f41b09529298f1acddbcd1f0ff6a30cb2a2d5eaecd774bbf897477cc1e55488f3493b6aa6908d24b032cbda24f956f7f262d992838923efde7e8ed0558872451d7bd6a4769ecd47c6d0a125a6e638df6f67793901a67071c506d010930b01ce541aa43f9110d874311d18a8ea50fb1907e8d17c3932e0c12c7d6f7c145209ab81105649fc0c5266063bd8c6a16319a82ff5d236122d53e15d6a7fcb16245d7754f3ffbf659a141cbd29286176fe445deebd5dd18baae1bbdfedbe4bd3453c50fb2f6c22505ecd768ad0703624ebf7b924dc7e8e93ea94c8a6a9f0372351b5a4aaadf89a86faf5241e47be7e6790676fbf8abcc6ef89b9f6ce10600e21815ec6d2c580b5c30ada6b956a07d9964e93419856df00b06245d0743ac2b595097007165cbb17c6a492a6eb0559712e5f89ee86b7a2c46acf9b8d8b2c7a85092966aca97f114635c64f6eb44ad927423a3bc434b267c23d364ee5671d3dcbcca02ffbb633b", 0x415)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x1, 0x2020009, 0x3c, 0xf9, 0xfffffffffffffffa, 0x407ffe)
madvise$auto(0x0, 0x2000040080000004, 0xe)
unshare$auto(0x40000080)
sendmsg$auto_NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000048c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x890)
ioctl$auto_VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000040)={0x8})
r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/ip6_vti0/stable_secret\x00', 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000600), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
sendmsg$auto_ETHTOOL_MSG_MODULE_FW_FLASH_ACT(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x1000000}, 0x400c080)
pwrite64$auto(r3, 0x0, 0x1, 0x27)

46.106845307s ago: executing program 3 (id=1861):
r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/036/001\x00', 0xa901, 0x0)
mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000)
sendmmsg$auto(0xffffffffffffffff, 0x0, 0x5, 0x311)
ioctl$auto(0x3, 0x8108551b, 0x1)
ioctl$auto_USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000240)={0x1, 0x81, 0x5b, 0x4, &(0x7f0000000000), 0x9, 0xeb90, 0x2, @stream_id=0x102, 0x7, 0x476, 0x0})
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
process_vm_readv$auto(0x0, &(0x7f0000000200)={0x0, 0xfff}, 0x0, &(0x7f0000000280)={&(0x7f0000000300)="1138f4bff347ce668eca0a893000d4b6228272771f0708bfd770573ee574f8ebcd04de3df6f402ebde1a4cbee55f9037676ef3c76763da", 0x400000fffffffe}, 0xa, 0x3b9f)
timer_create$auto_CLOCK_REALTIME(0x0, &(0x7f0000000040)={@sival_int=0x6, @inferred=r1}, &(0x7f0000000080)=0x2)
openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x119040, 0x0)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
socket(0xa, 0x2, 0x0)
r2 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/devices\x00', 0x0, 0x0)
preadv$auto(r2, &(0x7f0000009180)={0x0, 0x7}, 0x26, 0x800000000080, 0x5)

43.592512781s ago: executing program 3 (id=1864):
openat$auto_nsim_dev_trap_fa_cookie_fops_dev(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/netdevsim/netdevsim3/trap_flow_action_cookie\x00', 0x2002, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000400)='/dev/sequencer2\x00', 0x0, 0x0)
epoll_create$auto(0x3e)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd4/integrity/read_verify\x00', 0x20a800, 0x0)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x101000, 0x0)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, 0x0, 0x22641, 0x0)
open(0x0, 0xcd1e23e41b02d660, 0x154)
socket(0x10, 0x2, 0x0)
open(0x0, 0x161342, 0x0)
socket(0x2, 0x5, 0x0)
socketpair$auto(0x0, 0x3, 0x0, 0x0)
semctl$auto(0x204, 0xfffffffe, 0x3, 0x4)
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0)
write$auto(r0, 0x0, 0xc3)

42.492110563s ago: executing program 3 (id=1870):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x200000000eb1, 0xffffffffffffffff, 0x8000)
r0 = socket(0x10, 0x2, 0x0)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_MODULE_EEPROM_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="cb5b2cbd7000ffdbdf251f800000"], 0x14}, 0x1, 0x0, 0x0, 0x84}, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
bpf$auto(0x12, &(0x7f00000006c0)=@batch={0x0, 0x4800000, 0x9, 0xb, 0x2, 0xffffffffffffffff, 0x7, 0x56}, 0x26)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/asound/card1/pcm1p/sub5/sw_params\x00', 0x8f3b7a51b8360c21, 0x0)
mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0x401, 0xfffffffffffffffb)
r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/default/forwarding\x00', 0x141241, 0x0)
r3 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/ieee80211/phy1/rc/name\x00', 0x2, 0x0)
read$auto_debugfs_full_proxy_file_operations_internal(r3, 0x0, 0x0)
readahead$auto(r2, 0x4, 0x4)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
init_module$auto(0x0, 0xffff9, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x8000000000000000, 0x15)
recvmmsg$auto(0xffffffffffffffff, &(0x7f00000001c0)={{0x0, 0x5, &(0x7f00000000c0)={0x0, 0x8001}, 0x400000000000002, 0x0, 0x5, 0x80000001}}, 0x3, 0x1, 0x0)
semtimedop$auto(0x0, &(0x7f0000000140)={0x7, 0x81, 0x70}, 0x1f4, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty34\x00', 0x620880, 0x0)
recvmmsg$auto(r0, 0x0, 0x7, 0x6, 0x0)

41.725855095s ago: executing program 3 (id=1871):
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0)
read$auto(r0, 0x0, 0x20)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080)
unshare$auto(0x40000080)
clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x5)
alarm$auto(0x3)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
sysfs$auto(0xfffffff5, 0x800000000007, 0x100000)
close_range$auto(0x2, 0x8000, 0x0)
socket(0x2, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r2)
ioctl$auto_KVM_CREATE_VM(r1, 0x4188aea7, 0x0)

31.522941059s ago: executing program 32 (id=1859):
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r0, 0x0, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
r1 = getsockopt$auto(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f0000000100)=0x3b)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
kexec_load$auto(0x9, 0x0, 0x0, 0x1003e0000)
sendmsg$auto_NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000002180)={&(0x7f0000001000)={0x2cc, 0x0, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@NL80211_ATTR_AUTH_DATA={0x2b5, 0x9c, "fc249a3d1983089419ac78b69b94682099722346c59fad3cdc9da3f35f0935fd49f5a27676cc078edd7ee670c4046c1e48367b6a0b2d890ada0964c3c3e948f4d5de26534ae49006dadcd647aa8a892d444731813733e9273c81993530c9c8a304b4db9b563a4440f22f1c24f64f5210ee4a004a266fe34f498b3c10dd487312f7cf2d3949b2972a5df8edc3d049b1987a968b01ac3ae39449a0e164909f086d7336a2d15c3b010e20d8fd2c8b2e36bcb2ef56c0c321e101109fb275d0830dc6bc1ddd23138670bcf87a1947dbbe754a4baeea1247d2ff73fd137d4fd5412b5859488e896c39a7c5346fd6ce05e533f75ca962105e728e459c2f0f4f1fd514107cfabff58e4fe4865669a18699c92a8c8a929f79d6c2e23cedcf112966d6ec658a693bbd089312ac7acf2b23999413c68708bf9a378dd5e5d4185a11e46073b2ee9d32fff6aa3c4d3d740f836efa310f9b28bec9a35d8c066105837c893279086e4b9f32e906424f9925e5c5a9edc8b7e9f23d24d387a616d84f1bf8e6fb854c9a32c4ccd7d883493bdfa1e65001891eca1c8093363400e382b9a4fc55c66e546eee1bd98529e76615e0817a39613b11d4f6a1f60a3463bcb221a35a8d2f7e3dd9bd65140bdc42a3c51a0aa790dd12125a9b73bff95bb7e0fdb23978189f91db596fe5adaf1485941e3767a22c937825aafbeb5b541966dd9e530410107e0c5ce78da6ffcd255ed8748cfbb4b30b90717c139814c7c7b0b3826bf8d866279452578da9396725ffb301d80aff89b581bbc71e64de25c5fbf71fee75e1d9af08759a2691e858761985c0abb94fdd9ed70d8d32a64db88480673d14d6af0f2b322e333566d74cacf2a6b2dabc1f11f253127b929164d297431fed3c1845cfdeeb11ad8b68b3f0db168494bfbfdffd521ace82169dcffa60e35e539fa365cf99f65ffcf170cb78c73adac059014e87dff3b39c"}]}, 0x2cc}, 0x1, 0x0, 0x0, 0x48845}, 0x0)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0)
write$auto_tty_fops_tty_io(r2, &(0x7f0000000580)="7fd0a917413f68eb6b28d5eea7d1553f6595c094f1f855eb8d8776e6bd8f81c440da3fe3433f8243402fc2752caac5da7a03bbb5adf685740635a6bc231c6cf093b7cf0e4dd07f10b2dc12791aa3ebded3cfe2e4befc0e02d2e064b1db3adc8b2ec1c0378efff268086d6cb998b8dedfb7f20d06b7b091e974de1c1a4ce3d378d91b7639d914ba86b1f18337bb06e3619af99e68dfac380ab153fc75a2159d8efbbf7436752c964490346cf1558249979fc61ee71509560d14bdd0922e50904f3a4b2ae1bfc4f6bb9e08f16afd6baa53cf87077be5bcca2829dd4133da071a6fd072ed5568670a5d171e3deee5576bf571a016c162ca369182f202dbe49839df8d4c438dacdd6cdd67c21e2ed9be20baeff5e5019313d5e6e5a0e93eab61be5dec2c7e144cf9d73fd945c25ff11d5d5aa26bf8ab2e06098b8aeb05c1f29c1a30d268d82768b3350c3efcdac39334de0f6406a1aed635e0c55412ff73b0222d67be6bdd185478d502b492c41696ce6f88609795409aa0841dbc7cb222f0cb239b19d9499fdc45988f0290af0666c37b93f047d45b17cbe7c9332c63ad46c6aa871e4b351efa4fbfb88cfa0281f465d1a970939c2d6c45c50ade06f0bb98ed66623b887de325c0f42ab530b649ea29757af9464c18dea186a0bbc62ce209a3be8e86e8f710323cb899d806caf575cb73a419c0804afd4c8a329a2afaebb87291e9fdfd2ca0edebfc4fb7b1e281fa3e6ac387aebfc92107f4251aa8c96a4c6d7599933c2c489a7696e8e42d88b572fa46bead2c96f619030ab70026f14f91bbf0a4c1b3ed74c564d6ae3eefeef94d37e19701513ff7713a52ebfd8f251dc303455de00d1ee3ed3e204bed2901a644056193fc7e00ce10aa6463892a7881a51893af629f7bd8801ce4c44c7ff2decdb6a69d9ed48ff79661ba9ec4a84dd222d3b40e4abf56222b97db9aa646a67e5031a57d570030f41b09529298f1acddbcd1f0ff6a30cb2a2d5eaecd774bbf897477cc1e55488f3493b6aa6908d24b032cbda24f956f7f262d992838923efde7e8ed0558872451d7bd6a4769ecd47c6d0a125a6e638df6f67793901a67071c506d010930b01ce541aa43f9110d874311d18a8ea50fb1907e8d17c3932e0c12c7d6f7c145209ab81105649fc0c5266063bd8c6a16319a82ff5d236122d53e15d6a7fcb16245d7754f3ffbf659a141cbd29286176fe445deebd5dd18baae1bbdfedbe4bd3453c50fb2f6c22505ecd768ad0703624ebf7b924dc7e8e93ea94c8a6a9f0372351b5a4aaadf89a86faf5241e47be7e6790676fbf8abcc6ef89b9f6ce10600e21815ec6d2c580b5c30ada6b956a07d9964e93419856df00b06245d0743ac2b595097007165cbb17c6a492a6eb0559712e5f89ee86b7a2c46acf9b8d8b2c7a85092966aca97f114635c64f6eb44ad927423a3bc434b267c23d364ee5671d3dcbcca02ffbb633b", 0x415)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x1, 0x2020009, 0x3c, 0xf9, 0xfffffffffffffffa, 0x407ffe)
madvise$auto(0x0, 0x2000040080000004, 0xe)
unshare$auto(0x40000080)
sendmsg$auto_NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000048c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x890)
ioctl$auto_VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000040)={0x8})
r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/ip6_vti0/stable_secret\x00', 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000600), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
sendmsg$auto_ETHTOOL_MSG_MODULE_FW_FLASH_ACT(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x1000000}, 0x400c080)
pwrite64$auto(r3, 0x0, 0x1, 0x27)

26.314869636s ago: executing program 33 (id=1871):
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0)
read$auto(r0, 0x0, 0x20)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080)
unshare$auto(0x40000080)
clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x5)
alarm$auto(0x3)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
sysfs$auto(0xfffffff5, 0x800000000007, 0x100000)
close_range$auto(0x2, 0x8000, 0x0)
socket(0x2, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r2)
ioctl$auto_KVM_CREATE_VM(r1, 0x4188aea7, 0x0)

4.732485164s ago: executing program 4 (id=1877):
acct$auto(&(0x7f0000000000)='/dev/sg0\x00')

4.025869945s ago: executing program 4 (id=1907):
r0 = socket(0x10, 0x3, 0x6)
r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_GET_MESH_CONFIG(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100"], 0x28}, 0x1, 0x0, 0x0, 0x4080}, 0x48d0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
socket(0x1e, 0x1, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0xd, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder1\x00', 0x1, 0x0)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x55)
socket(0x2, 0x3, 0xa)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8)
connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000)
write$auto(0x3, 0x0, 0x800)
mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000)
getpid()

3.364082466s ago: executing program 2 (id=1909):
mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8003)
mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0)
r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/iomem\x00', 0x1c9a02, 0x0)
pread64$auto(r0, &(0x7f0000000040)='/proc/scsi/sg/devices\x00', 0x100000001, 0x100)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = prctl$auto(0x1000000003b, 0x3, 0x4, 0x5, 0x7)
r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x60800, 0x0)
r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0)
ioctl$auto_USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f0000000240)={0x23, 0x3, 0x2, 0x2, 0x8, 0x7fb, &(0x7f0000000100)})
ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(r2, 0xc4c85513, &(0x7f0000000840)={{@raw=0x8, 0x7, 0xba28, 0x0, "708c58271a7985a7f5ed0dd58af8d149fc53d81fd4a7553c2ff48b48a8a57689adcc1ca6d2cbfa93b50590c9", @raw=0xd}, 0x0, @bytes=@data="5d29f0ff6c66da3c8d62e8f6a2d4d6190eb2a0bbb3c176faaad23caeb55f27ef7a2e9b9f7e49b11925d33aea2094c0dcc3dadfdd6832a3f720c28eab70a927730ed2d2b21950da0c88c6324fcdf01c7de6422a24593aa05b868299926883690ae0d17f54a2670e87978f049c39c7252db666a3d5253948f6f27676017827eee8cfff1cfe902ab7ebdce6c091aa2ecbae3bc1a43296c74d0df6c7ad02109c6b24af67cfe5e8d583895c31668c6b5bf138574b71bcf68cc021e9c742cb020689061fa2579fd1659f0d75d6ca04e4bda7108da59fa513b0976ede7ebc87f5f9c66574f93e9629171c487085f23fc7cf3991ce264714903f5c83c2a199717f8dd62404add28aea76c977fee9481cd70f03d445d5d21a41b390fc1543d947f62347fef920a304a9227fd71201da2572539effbb2b9f8ba6adb28c586bac6eaafdb522ffd990a70761bd67428afc7488bdd303ff354fde37412c549af73a8a2b8ef44ae2ba59cbf8c016f1c5f043879aff54749fb99713f0459a1b16333e337c4347601a3070a1f885bd42472340feca71030e014ebe88096e3c6379fff202017e06cff06babb272374799da26a46ad623953231bcd75c3e10f0fc0e0326539a41e6ea0aa148c4951661677726f637574aaf2f7da85023bb77386a08088bd094ad7f8982d03131e9a8aeb7962e95be195c3777b6f220efa6b76e5a432703d83548a8d3", "fa491e08108961dd5708680f1134935851612a52d629535f54f3832490fc4e7f79daef312b3df3307044713a4801d409aefe3f932f78fc311771094e769c0095f94ee6d74f2517f34a0bbbf502bf3392ac4d93bde5f733ba936c0890312cf035bc44117db9b683eedc5e02a703fc82750d8d6ebac0c3019ef8e6c1eecea33a59"})
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x8, 0x1, 0x13, 0x3, 0x110000000)
syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r1)
setsockopt$auto_SO_ERROR(r3, 0x81, 0x4, &(0x7f00000002c0)='nfsd\x00', 0x2)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000001680)='/sys/kernel/tracing/uprobe_events\x00', 0x2, 0x0)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x2584, 0x0)
ioctl$auto(0x3, 0x40045542, 0xb551)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/midi2\x00', 0x201, 0x0)
close_range$auto(0x2, 0x8000, 0x0)

3.061919424s ago: executing program 2 (id=1911):
close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
rseq$auto(&(0x7f0000000200)={0x3, 0x40000000, 0x5e, 0x4, 0xe, 0x5, "1c28677d72da6a8ce5fbbee4222728b2bb2199ff2cefdf7406ea62ac49c5bc0492ed7e27bb8d16de56c35696848d571b5eeb3889a4faab59285215c3ff965381a218964e8964adc985ecc8b81f5e9a912f9af6062a8651e33be1129114401e1f3c2f7bb05c3ebbad09fb6ff509f0ec3ee9c780d5e9169571fdacd7265d7c6053fff56a355cfc30f841cc5fffcbb218bc7d618b6060e3dc09686349d42af2c73eb63dc284f415aa11ac6244ec66adf4e432adbf4ef12e35d5a5f44a9d6dec2a60"}, 0x21b, 0x8, 0x0)
mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000)
close_range$auto(0x2, 0x8, 0x0)
acct$auto(&(0x7f0000000000)='/dev/sg0\x00')
socket(0x10, 0x2, 0x4)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x82802, 0x0)
fsconfig$auto_SHMEM_HUGE_NEVER(0xffffffffffffffff, 0x5, &(0x7f0000000180)='+\x00_\xe8\xdb\xff\x0f\\X\xc9#\xa0\xdc\x04\x0f\x99v\xbc\xc3\xf2\x03\xe2T\b\x9c\xe7J\xcd\x00\x00\x00\x00\x00\x00\x00\x00c\x00\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
shmctl$auto_SHM_UNLOCK(0x6, 0xc, &(0x7f0000000380)={{0x2, 0xee01, 0xee00, 0x3, 0x5, 0xd4bc, 0x8258}, 0x9, 0x8, 0x400, 0x3f, @raw=0x1480, @raw, 0x5f9d, 0x0, &(0x7f0000000300)="6f901dc769405580060d7cd179766f792661783b48cbec50f2780aca0015970e98fa2e673f8405d463fa7635a095b1624ecf5ae0d65731d4fb5b17f6503dab9b1bbeb30a9398120fd3ad95a0f8b1de8e0f6290c9", &(0x7f00000000c0)})
ioctl$auto_KVM_GET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r0, 0x6, 0x5, &(0x7f0000000080)='*\x00', 0xe6)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80480, 0x0)
select$auto(0x9, &(0x7f0000000440)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x6, 0x3, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, 0x0)

2.126577273s ago: executing program 2 (id=1913):
semtimedop$auto(0x9, &(0x7f0000000340)={0x2, 0x0, 0xb}, 0x2, &(0x7f0000000280)={0x1000000004, 0x7})
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = socket(0x11, 0x3, 0x9)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48})
sendmmsg$auto(r0, &(0x7f0000000640)={{&(0x7f0000000000), 0x5ae, &(0x7f0000000100)={0x0, 0x49}, 0x5, 0x0, 0x5, 0x1}, 0x1}, 0x1a000, 0x100)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x45, 0x0)
fsopen$auto(0x0, 0x1)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
sendmsg$auto_NL802154_CMD_GET_SEC_DEV(0xffffffffffffffff, 0x0, 0x0)
read$auto(r1, 0x0, 0x1f40)
r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/msg_next_id\x00', 0xc0082, 0x0)
bpf$auto(0x80000000, 0x0, 0x6f3)
r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/kernel/sched_rt_period_us\x00', 0x101202, 0x0)
sendfile$auto(r3, r3, 0x0, 0x4)
io_uring_register$auto(0xffffffffffffffff, 0x23, 0x0, 0x1)
openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000200), 0x101802, 0x0)

2.126026234s ago: executing program 1 (id=1921):
acct$auto(&(0x7f0000000000)='/dev/sg0\x00')

2.028400239s ago: executing program 1 (id=1914):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x200000000eb1, 0xffffffffffffffff, 0x8000)
r0 = socket(0x10, 0x2, 0x0)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_MODULE_EEPROM_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="cb5b2cbd7000ffdbdf251f800000"], 0x14}, 0x1, 0x0, 0x0, 0x84}, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
bpf$auto(0x12, &(0x7f00000006c0)=@batch={0x0, 0x4800000, 0x9, 0xb, 0x2, 0xffffffffffffffff, 0x7, 0x56}, 0x26)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/asound/card1/pcm1p/sub5/sw_params\x00', 0x8f3b7a51b8360c21, 0x0)
mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0x401, 0xfffffffffffffffb)
r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/default/forwarding\x00', 0x141241, 0x0)
r3 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/ieee80211/phy1/rc/name\x00', 0x2, 0x0)
read$auto_debugfs_full_proxy_file_operations_internal(r3, 0x0, 0x0)
readahead$auto(r2, 0x4, 0x4)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
init_module$auto(0x0, 0xffff9, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
recvmmsg$auto(0xffffffffffffffff, &(0x7f00000001c0)={{0x0, 0x5, &(0x7f00000000c0)={0x0, 0x8001}, 0x400000000000002, 0x0, 0x5, 0x80000001}}, 0x3, 0x1, 0x0)
semtimedop$auto(0x0, &(0x7f0000000140)={0x7, 0x81, 0x70}, 0x1f4, 0x0)
mmap$auto(0x0, 0x1020009, 0x20004000000000df, 0xeb1, 0xffffffffffffffff, 0x8000)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty34\x00', 0x620880, 0x0)
recvmmsg$auto(r0, 0x0, 0x7, 0x6, 0x0)

1.498082126s ago: executing program 2 (id=1916):
adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0xffffffffffffff7f, 0x368e, 0x2, {0xffffffff, 0x20000000010000}, 0x5, 0x6, 0xfffffffffffffffd, 0x7, 0x0, 0x9, 0x81, 0xffffffffffff628e, 0xa747, 0xdead, 0x804})
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x141300, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
ioctl$auto_XFS_IOC_ALLOCSP(0xffffffffffffffff, 0x4030580a, &(0x7f0000000440)={0xfff, 0x1, 0x1, 0x2, 0x7, 0xffffffffffffffff})
inotify_init1$auto(0x0)
syz_clone3(0x0, 0x0)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[], 0x78}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004)
syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card0/oss_mixer\x00', 0x121002, 0x0)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/if_inet6\x00', 0x440, 0x0)
pread64$auto(r1, 0x0, 0x10001, 0x830)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/phonet\x00', 0x42000, 0x0)
bpf$auto(0x1, &(0x7f0000000100)=@link_detach, 0x6f4)
write$auto(r0, 0x0, 0x100)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x1d, 0xa, 0xa76)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
clock_settime$auto(0x0, &(0x7f0000000000)={0x100000004, 0x8})
adjtimex$auto(&(0x7f0000000280)={0xf, 0x0, 0x8, 0x100000004, 0x7f, 0x0, 0x2, 0x0, 0x6, 0x1, 0x2, {0xc, 0x57}, 0x7ffffffffffffffe, 0x3a9d, 0x5, 0xf, 0x0, 0x5, 0x2, 0x8000000b, 0x101, 0x2, 0x1015c8})
adjtimex$auto(0x0)
read$auto(0x3, 0x0, 0x80)

1.478902786s ago: executing program 1 (id=1924):
acct$auto(&(0x7f0000000000)='/dev/sg0\x00')

1.396287938s ago: executing program 1 (id=1917):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = socket(0xa, 0x1, 0x84)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0x4)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r1 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
pipe$auto(0x0)
setsockopt$auto(0x3, 0x1, 0x10, 0x0, 0x9)
recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0xbb, 0x0, 0x8, &(0x7f0000000040), 0x81, 0x9}, 0xfffffffb}, 0x5, 0x6586, 0x0)
clock_gettime$auto(0x3, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)

406.478561ms ago: executing program 1 (id=1918):
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x200, 0x0)
ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0)
ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6)
ioctl$auto_IOCTL_VMCI_DATAGRAM_RECEIVE(r0, 0x7ac, 0x0)
socket(0x2, 0x3, 0x4)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/arch_status\x00', 0x40000, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/power/resume\x00', 0x189002, 0x0)
openat$auto_l2cap_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x101b02, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x22, 0x3, 0x0)
openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, 0x0, 0x8042, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xa8080, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0)
ioctl$auto_FBIOPUT_VSCREENINFO(r1, 0x4601, 0x0)

267.647799ms ago: executing program 2 (id=1919):
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0)
writev$auto(0xffffffffffffffff, 0x0, 0x3)
epoll_ctl$auto(0xffffffffffffffff, 0x1, 0x8000000000000000, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x1, 0x940, 0x1ffde, 0x4, 0x2000000000000006, 0x2, 0x9, 0x5, 0x2, 0x1000000000000007, 0xac, 0x7, 0x2, 0x3, 0x5, 0x7, 0x0, 0x6, 0x0, 0x0, 0x20000000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, [0x8, 0x7, 0x1, 0x2, 0x0, 0x8, 0x8c2, 0x0, 0x253, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffffffffffff, 0x3, 0x0, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x8, 0x2a543f9, 0x0, 0x400004, 0x20, 0x0, 0x100000000]}, 0x1fe, 0x81)
r0 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x4044}, 0xc800)
r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000140), r0)
sendmsg$auto_NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000380)={0x1c, r1, 0x300, 0x70bd2d, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x20000800)
fcntl$auto(0x3, 0x4, 0xa553)
write$auto(0x3, 0x0, 0x100082)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x80582, 0x0)
io_uring_setup$auto(0x59, 0x0)
socket(0xa, 0x2, 0x0)
openat$auto_fops_u32_ro_(0xffffffffffffff9c, &(0x7f0000000640)='/sys/kernel/debug/netdevsim/netdevsim0/ports/3/bpf_offloaded_id\x00', 0x264101, 0x0)
r2 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000002340)='/dev/binderfs/binder1\x00', 0x0, 0x0)
r3 = dup$auto(r2)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001780)='/sys/kernel/mm/hugepages/hugepages-1048576kB/demote\x00', 0xa901, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0)
ioctl$auto_BINDER_THREAD_EXIT(r3, 0x40046208, 0x0)

124.792531ms ago: executing program 2 (id=1920):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0)
ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0)
keyctl$auto(0x4, 0xfffffffe, 0xffffffffffffffff, 0xffffffffffffffff, 0x8000000e)
lseek$auto(0x3, 0x7fffffffffffffff, 0x1)
ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x20800, 0x0)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
unshare$auto(0x40000080)
openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, 0x0, 0x101500, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/midiC2D2\x00', 0x80980, 0x0)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001180)='/sys/devices/virtual/block/zram0/compact\x00', 0x20001, 0x0)
write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000000)="b2", 0x1)
r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0)
sendfile$auto(r0, r3, 0x0, 0x1)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000000000), r4)
setsockopt$auto(0x3, 0x1, 0x48, 0x0, 0x9)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x181881, 0x0)

0s ago: executing program 1 (id=1922):
close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
rseq$auto(&(0x7f0000000200)={0x3, 0x40000000, 0x5e, 0x4, 0xe, 0x5, "1c28677d72da6a8ce5fbbee4222728b2bb2199ff2cefdf7406ea62ac49c5bc0492ed7e27bb8d16de56c35696848d571b5eeb3889a4faab59285215c3ff965381a218964e8964adc985ecc8b81f5e9a912f9af6062a8651e33be1129114401e1f3c2f7bb05c3ebbad09fb6ff509f0ec3ee9c780d5e9169571fdacd7265d7c6053fff56a355cfc30f841cc5fffcbb218bc7d618b6060e3dc09686349d42af2c73eb63dc284f415aa11ac6244ec66adf4e432adbf4ef12e35d5a5f44a9d6dec2a60"}, 0x21b, 0x8, 0x0)
mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000)
close_range$auto(0x2, 0x8, 0x0)
acct$auto(&(0x7f0000000000)='/dev/sg0\x00')
socket(0x10, 0x2, 0x4)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x82802, 0x0)
fsconfig$auto_SHMEM_HUGE_NEVER(0xffffffffffffffff, 0x5, &(0x7f0000000180)='+\x00_\xe8\xdb\xff\x0f\\X\xc9#\xa0\xdc\x04\x0f\x99v\xbc\xc3\xf2\x03\xe2T\b\x9c\xe7J\xcd\x00\x00\x00\x00\x00\x00\x00\x00c\x00\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
shmctl$auto_SHM_UNLOCK(0x6, 0xc, &(0x7f0000000380)={{0x2, 0xee01, 0xee00, 0x3, 0x5, 0xd4bc, 0x8258}, 0x9, 0x8, 0x400, 0x3f, @raw=0x1480, @raw, 0x5f9d, 0x0, &(0x7f0000000300)="6f901dc769405580060d7cd179766f792661783b48cbec50f2780aca0015970e98fa2e673f8405d463fa7635a095b1624ecf5ae0d65731d4fb5b17f6503dab9b1bbeb30a9398120fd3ad95a0f8b1de8e0f6290c9", &(0x7f00000000c0)})
ioctl$auto_KVM_GET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r0, 0x6, 0x5, &(0x7f0000000080)='*\x00', 0xe6)
socket$nl_generic(0x10, 0x3, 0x10)
select$auto(0x9, &(0x7f0000000440)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x6, 0x3, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):


	





	

		

		

		

			



	
	





	


	



	


	
		
		

	
	
		
		


	
		
		








	










		










	











	








	







		










	

	
		
	

	
		
	

	
		


	


	



	

	

	
		


	




	

	

	
	

	
	

	
	

	
	

	
	

	

	
	

	
		
	


		
	
	
	


		
	
	
	
	
	
	
	
	
		
	




	

	
		
	

	
		
	
	

	
	
	
	

	
	
	
	

	

	
				
	
		


	
	

	
		




		

	




	
				
	




	
				
	
	
		
		

	

	
		

	
		

	


	
	

		
	
		
	
	



			








	






	










			
		

			


			
			
		


		

















	











	








	







		









	
	


	
		

	


	
	

		
	
		
	
	



			








	






	






			
	

			


			
			
		


		

















	











	








	







		










[  598.071823][T11921] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1424'.

syzkaller
syzkaller login: [  601.156456][T11960] ima: policy update failed
[  601.208038][   T31] audit: type=1802 audit(4294969526.988:13): pid=11960 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.1433" res=0 errno=0
[  601.246981][T11960] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1433'.
[  601.820918][T11955] Process accounting paused
[  602.212584][T11971] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  602.452499][T11971] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  602.787926][T11971] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  603.405127][T11996] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1441'.
[  603.426543][T11996] hsr_slave_0: left promiscuous mode
[  603.437284][T11996] hsr_slave_1: left promiscuous mode
[  604.242555][ T9200] Bluetooth: hci0: command 0x0c1a tx timeout
[  604.481143][ T9200] Bluetooth: hci2: command 0x0c1a tx timeout
[  604.799944][ T9200] Bluetooth: hci3: command 0x0c1a tx timeout
[  607.365477][T12053] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma?
[  607.741890][T12062] netlink: 186 bytes leftover after parsing attributes in process `syz.1.1455'.
[  607.841948][ T9200] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  609.603275][T12089] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1460'.
[  612.012904][T12116] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1466'.
[  612.236217][ T9200] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  613.789503][T12132] FAULT_INJECTION: forcing a failure.
[  613.789503][T12132] name failslab, interval 1, probability 0, space 0, times 0
[  613.953892][T12132] CPU: 0 UID: 0 PID: 12132 Comm: syz.3.1471 Not tainted syzkaller #0 PREEMPT(full) 
[  613.953926][T12132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  613.953940][T12132] Call Trace:
[  613.953947][T12132]  <TASK>
[  613.953956][T12132]  dump_stack_lvl+0x16c/0x1f0
[  613.953986][T12132]  should_fail_ex+0x512/0x640
[  613.954021][T12132]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  613.954048][T12132]  should_failslab+0xc2/0x120
[  613.954079][T12132]  kmem_cache_alloc_noprof+0x75/0x6e0
[  613.954102][T12132]  ? __kernfs_new_node+0xd2/0x8e0
[  613.954137][T12132]  ? __kernfs_new_node+0xd2/0x8e0
[  613.954164][T12132]  __kernfs_new_node+0xd2/0x8e0
[  613.954197][T12132]  ? __pfx___kernfs_new_node+0x10/0x10
[  613.954234][T12132]  ? find_held_lock+0x2b/0x80
[  613.954259][T12132]  ? kernfs_root+0xee/0x2a0
[  613.954294][T12132]  kernfs_new_node+0x13c/0x1e0
[  613.954332][T12132]  __kernfs_create_file+0x53/0x350
[  613.954359][T12132]  sysfs_add_file_mode_ns+0x207/0x3c0
[  613.954403][T12132]  internal_create_group+0x578/0xf30
[  613.954440][T12132]  ? sysfs_create_file_ns+0x154/0x1d0
[  613.954468][T12132]  ? __pfx_internal_create_group+0x10/0x10
[  613.954499][T12132]  ? __pfx_sysfs_create_file_ns+0x10/0x10
[  613.954530][T12132]  ? down_read+0x13d/0x480
[  613.954564][T12132]  ? acpi_device_notify+0x351/0x480
[  613.954596][T12132]  ? lockdep_init_map_type+0x5c/0x280
[  613.954634][T12132]  internal_create_groups+0x9d/0x150
[  613.954669][T12132]  device_add+0x77f/0x1aa0
[  613.954710][T12132]  ? __pfx_device_add+0x10/0x10
[  613.954747][T12132]  ? mark_held_locks+0x49/0x80
[  613.954787][T12132]  usb_set_configuration+0x1187/0x1e20
[  613.954846][T12132]  bConfigurationValue_store+0x100/0x180
[  613.954871][T12132]  ? __pfx_bConfigurationValue_store+0x10/0x10
[  613.954914][T12132]  ? find_held_lock+0x2b/0x80
[  613.954939][T12132]  ? sysfs_file_kobj+0xe4/0x290
[  613.954967][T12132]  ? __pfx_bConfigurationValue_store+0x10/0x10
[  613.954991][T12132]  dev_attr_store+0x58/0x80
[  613.955026][T12132]  ? __pfx_dev_attr_store+0x10/0x10
[  613.955068][T12132]  sysfs_kf_write+0xf2/0x150
[  613.955097][T12132]  kernfs_fop_write_iter+0x3af/0x570
[  613.955137][T12132]  ? __pfx_sysfs_kf_write+0x10/0x10
[  613.955167][T12132]  iter_file_splice_write+0xa24/0x12e0
[  613.955211][T12132]  ? __pfx_iter_file_splice_write+0x10/0x10
[  613.955243][T12132]  ? __pfx_copy_splice_read+0x10/0x10
[  613.955300][T12132]  ? __pfx_iter_file_splice_write+0x10/0x10
[  613.955328][T12132]  direct_splice_actor+0x192/0x6c0
[  613.955356][T12132]  splice_direct_to_actor+0x345/0xa30
[  613.955389][T12132]  ? __pfx_direct_splice_actor+0x10/0x10
[  613.955419][T12132]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  613.955453][T12132]  do_splice_direct+0x174/0x240
[  613.955477][T12132]  ? __pfx_do_splice_direct+0x10/0x10
[  613.955502][T12132]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  613.955549][T12132]  ? rw_verify_area+0xcf/0x6c0
[  613.955575][T12132]  do_sendfile+0xb06/0xe50
[  613.955605][T12132]  ? __pfx_do_sendfile+0x10/0x10
[  613.955635][T12132]  ? __x64_sys_futex+0x1e0/0x4c0
[  613.955668][T12132]  ? __x64_sys_futex+0x1e9/0x4c0
[  613.955704][T12132]  __x64_sys_sendfile64+0x1d8/0x220
[  613.955738][T12132]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[  613.955781][T12132]  do_syscall_64+0xcd/0xfa0
[  613.955812][T12132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  613.955837][T12132] RIP: 0033:0x7fda9058f6c9
[  613.955857][T12132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  613.955880][T12132] RSP: 002b:00007fda913aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  613.955903][T12132] RAX: ffffffffffffffda RBX: 00007fda907e5fa0 RCX: 00007fda9058f6c9
[  613.955919][T12132] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000007
[  613.955934][T12132] RBP: 00007fda90611f91 R08: 0000000000000000 R09: 0000000000000000
[  613.955949][T12132] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  613.955963][T12132] R13: 00007fda907e6038 R14: 00007fda907e5fa0 R15: 00007fff1c0e04e8
[  613.955996][T12132]  </TASK>
[  614.370903][T12132] usb usb1: device_add(1-0:1.0) --> -12
[  614.608340][T12146] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1473'.
[  614.674110][T12149] random: crng reseeded on system resumption
[  615.196552][T12158] size and base must be multiples of 4 kiB
[  615.288137][   T10] usb usb38-port5: attempt power cycle
[  615.401942][T12158] CPU: 0 UID: 0 PID: 12158 Comm: syz.0.1475 Not tainted syzkaller #0 PREEMPT(full) 
[  615.401976][T12158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  615.401991][T12158] Call Trace:
[  615.402003][T12158]  <TASK>
[  615.402012][T12158]  dump_stack_lvl+0x16c/0x1f0
[  615.402044][T12158]  mtrr_del+0xd1/0x110
[  615.402078][T12158]  mtrr_ioctl+0x922/0xcf0
[  615.402113][T12158]  ? __pfx_mtrr_ioctl+0x10/0x10
[  615.402152][T12158]  ? find_held_lock+0x2b/0x80
[  615.402185][T12158]  ? __fget_files+0x20e/0x3c0
[  615.402210][T12158]  ? __pfx_mtrr_ioctl+0x10/0x10
[  615.402243][T12158]  proc_reg_unlocked_ioctl+0x229/0x320
[  615.402277][T12158]  ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10
[  615.402314][T12158]  __x64_sys_ioctl+0x18e/0x210
[  615.402353][T12158]  do_syscall_64+0xcd/0xfa0
[  615.402383][T12158]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  615.402408][T12158] RIP: 0033:0x7f2d8678f6c9
[  615.402427][T12158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  615.402451][T12158] RSP: 002b:00007f2d87677038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  615.402473][T12158] RAX: ffffffffffffffda RBX: 00007f2d869e6180 RCX: 00007f2d8678f6c9
[  615.402490][T12158] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003
[  615.402504][T12158] RBP: 00007f2d86811f91 R08: 0000000000000000 R09: 0000000000000000
[  615.402525][T12158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  615.402540][T12158] R13: 00007f2d869e6218 R14: 00007f2d869e6180 R15: 00007ffd79489508
[  615.402571][T12158]  </TASK>
[  616.002480][T12166] vhci_hcd: default hub control req: 0000 v0000 i0000 l0
[  616.155358][T12167] futex_wake_op: syz.1.1486 tries to shift op by -9; fix this program
[  616.230665][   T10] usb usb38-port5: unable to enumerate USB device
[  618.806454][T12191] kexec: Could not allocate control_code_buffer
[  619.106902][T12199] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1487'.
[  619.125909][T12199] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1487'.
[  619.352834][T12206] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1489'.
[  619.366417][T12206] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1489'.
[  620.368598][T12216] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1491'.
[  620.489454][T12220] sysfs_service_op_show: Client not running :-5:
[  620.707025][T12225] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1490'.
[  620.831915][ T9200] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  623.476133][T12232] kexec: Could not allocate control_code_buffer
[  624.246572][T12277] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1502'.
[  624.631067][T12282] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input33
[  624.839530][T12287] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1505'.
[  625.921866][T12288] zswap: compressor  not available
[  626.297174][T12283] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input34
[  626.750157][T12302] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1509'.
[  628.158105][T12321] size and base must be multiples of 4 kiB
[  628.179371][T12321] CPU: 0 UID: 0 PID: 12321 Comm: syz.1.1511 Not tainted syzkaller #0 PREEMPT(full) 
[  628.179417][T12321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  628.179433][T12321] Call Trace:
[  628.179441][T12321]  <TASK>
[  628.179450][T12321]  dump_stack_lvl+0x16c/0x1f0
[  628.179482][T12321]  mtrr_del+0xd1/0x110
[  628.179517][T12321]  mtrr_ioctl+0x922/0xcf0
[  628.179551][T12321]  ? __pfx_mtrr_ioctl+0x10/0x10
[  628.179591][T12321]  ? find_held_lock+0x2b/0x80
[  628.179625][T12321]  ? __fget_files+0x20e/0x3c0
[  628.179650][T12321]  ? __pfx_mtrr_ioctl+0x10/0x10
[  628.179684][T12321]  proc_reg_unlocked_ioctl+0x229/0x320
[  628.179718][T12321]  ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10
[  628.179756][T12321]  __x64_sys_ioctl+0x18e/0x210
[  628.179794][T12321]  do_syscall_64+0xcd/0xfa0
[  628.179824][T12321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  628.179849][T12321] RIP: 0033:0x7fbdae18f6c9
[  628.179868][T12321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  628.179892][T12321] RSP: 002b:00007fbdaefef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  628.179915][T12321] RAX: ffffffffffffffda RBX: 00007fbdae3e6090 RCX: 00007fbdae18f6c9
[  628.179932][T12321] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003
[  628.179946][T12321] RBP: 00007fbdae211f91 R08: 0000000000000000 R09: 0000000000000000
[  628.179961][T12321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  628.179976][T12321] R13: 00007fbdae3e6128 R14: 00007fbdae3e6090 R15: 00007fff63c00118
[  628.180008][T12321]  </TASK>
[  630.224829][T12352] random: crng reseeded on system resumption
[  630.447401][T12351] smc: net device dummy0 applied user defined pnetid DUMMY0
[  631.480925][T12367] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(173544298.2314043776.706666779), cmd(6)
[  633.048960][T12395] ptp ptp0: guarantee physical clock free running
[  634.172658][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  634.178985][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  635.007792][T12376] Process accounting resumed
[  635.366232][T12418] mkiss: ax0: crc mode is auto.
[  635.458865][T12420] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1535'.
[  636.143294][T12441] FAULT_INJECTION: forcing a failure.
[  636.143294][T12441] name failslab, interval 1, probability 0, space 0, times 0
[  636.273867][T12441] CPU: 0 UID: 0 PID: 12441 Comm: syz.2.1531 Not tainted syzkaller #0 PREEMPT(full) 
[  636.273907][T12441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  636.273922][T12441] Call Trace:
[  636.273929][T12441]  <TASK>
[  636.273938][T12441]  dump_stack_lvl+0x16c/0x1f0
[  636.273969][T12441]  should_fail_ex+0x512/0x640
[  636.274007][T12441]  ? __kmalloc_noprof+0xca/0x880
[  636.274050][T12441]  should_failslab+0xc2/0x120
[  636.274083][T12441]  __kmalloc_noprof+0xdd/0x880
[  636.274122][T12441]  ? process_preds+0x46c/0x1c50
[  636.274161][T12441]  ? process_preds+0x46c/0x1c50
[  636.274193][T12441]  process_preds+0x46c/0x1c50
[  636.274244][T12441]  ? create_filter_start.constprop.0+0x56/0x300
[  636.274282][T12441]  create_filter+0x140/0x210
[  636.274316][T12441]  ? __pfx_create_filter+0x10/0x10
[  636.274351][T12441]  ? __pfx___mutex_lock+0x10/0x10
[  636.274379][T12441]  ? find_held_lock+0x2b/0x80
[  636.274406][T12441]  apply_event_filter+0x220/0x500
[  636.274459][T12441]  ? __pfx_apply_event_filter+0x10/0x10
[  636.274504][T12441]  event_filter_write+0x16d/0x290
[  636.274530][T12441]  ? __pfx_event_filter_write+0x10/0x10
[  636.274554][T12441]  vfs_write+0x2a0/0x11d0
[  636.274585][T12441]  ? __pfx___mutex_lock+0x10/0x10
[  636.274614][T12441]  ? __pfx_vfs_write+0x10/0x10
[  636.274649][T12441]  ? __fget_files+0x20e/0x3c0
[  636.274682][T12441]  ksys_write+0x12a/0x250
[  636.274708][T12441]  ? __pfx_ksys_write+0x10/0x10
[  636.274743][T12441]  do_syscall_64+0xcd/0xfa0
[  636.274773][T12441]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  636.274797][T12441] RIP: 0033:0x7f9dc2d8f6c9
[  636.274816][T12441] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  636.274840][T12441] RSP: 002b:00007f9dc3c3a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  636.274862][T12441] RAX: ffffffffffffffda RBX: 00007f9dc2fe5fa0 RCX: 00007f9dc2d8f6c9
[  636.274878][T12441] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003
[  636.274898][T12441] RBP: 00007f9dc2e11f91 R08: 0000000000000000 R09: 0000000000000000
[  636.274913][T12441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  636.274927][T12441] R13: 00007f9dc2fe6038 R14: 00007f9dc2fe5fa0 R15: 00007fffdfbff428
[  636.274959][T12441]  </TASK>
[  639.552196][T12481] erspan0: entered allmulticast mode
[  639.729340][T12429] kexec: Could not allocate control_code_buffer
[  640.853678][T12499] can0: slcan on ttyS2.
[  641.056414][T12500] can0 (unregistered): slcan off ttyS2.
[  643.975684][T12547] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1550'.
[  644.481310][T12549] mkiss: ax0: crc mode is auto.
[  645.469322][T12575] binder: 12574:12575 ioctl c018620c 0 returned -22
[  645.724312][T12584] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma?
[  647.846577][   T31] audit: type=1804 audit(4294969360.016:14): pid=12606 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1558" name="/newroot/385/file0" dev="tmpfs" ino=2030 res=1 errno=0
[  648.388593][T12615] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  649.397652][T12627] Invalid ELF header magic: != ELF
[  651.502648][T12654] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  651.511928][T12654] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  651.557010][T12654] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  651.577250][T12654] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  651.624357][T12654] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  651.631495][T12654] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  652.442171][T12660] FAULT_INJECTION: forcing a failure.
[  652.442171][T12660] name failslab, interval 1, probability 0, space 0, times 0
[  652.471971][T12660] CPU: 0 UID: 0 PID: 12660 Comm: syz.2.1572 Not tainted syzkaller #0 PREEMPT(full) 
[  652.472005][T12660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  652.472020][T12660] Call Trace:
[  652.472027][T12660]  <TASK>
[  652.472036][T12660]  dump_stack_lvl+0x16c/0x1f0
[  652.472069][T12660]  should_fail_ex+0x512/0x640
[  652.472106][T12660]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  652.472135][T12660]  should_failslab+0xc2/0x120
[  652.472169][T12660]  kmem_cache_alloc_noprof+0x75/0x6e0
[  652.472193][T12660]  ? vm_area_dup+0x27/0x8d0
[  652.472237][T12660]  ? vm_area_dup+0x27/0x8d0
[  652.472274][T12660]  vm_area_dup+0x27/0x8d0
[  652.472315][T12660]  dup_mmap+0x86f/0x2280
[  652.472359][T12660]  ? __pfx_dup_mmap+0x10/0x10
[  652.472413][T12660]  copy_process+0x3f0c/0x76a0
[  652.472444][T12660]  ? __pfx___futex_wait+0x10/0x10
[  652.472482][T12660]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  652.472519][T12660]  ? __pfx_copy_process+0x10/0x10
[  652.472549][T12660]  ? futex_private_hash_put+0x176/0x300
[  652.472584][T12660]  ? futex_private_hash_put+0x18a/0x300
[  652.472621][T12660]  kernel_clone+0xfc/0x930
[  652.472653][T12660]  ? __pfx_kernel_clone+0x10/0x10
[  652.472701][T12660]  __do_sys_clone+0xce/0x120
[  652.472732][T12660]  ? __pfx___do_sys_clone+0x10/0x10
[  652.472776][T12660]  ? xfd_validate_state+0x61/0x180
[  652.472810][T12660]  ? __pfx_do_writev+0x10/0x10
[  652.472851][T12660]  do_syscall_64+0xcd/0xfa0
[  652.472882][T12660]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.472906][T12660] RIP: 0033:0x7f9dc2d8f6c9
[  652.472926][T12660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  652.472950][T12660] RSP: 002b:00007f9dc3c39fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  652.472975][T12660] RAX: ffffffffffffffda RBX: 00007f9dc2fe5fa0 RCX: 00007f9dc2d8f6c9
[  652.472992][T12660] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411
[  652.473007][T12660] RBP: 00007f9dc2e11f91 R08: 0000000000000000 R09: 0000000000000000
[  652.473022][T12660] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  652.473038][T12660] R13: 00007f9dc2fe6038 R14: 00007f9dc2fe5fa0 R15: 00007fffdfbff428
[  652.473070][T12660]  </TASK>
[  653.583125][ T8971] Bluetooth: hci2: command 0x0c1a tx timeout
[  653.599995][ T8971] Bluetooth: hci0: command 0x0c1a tx timeout
[  653.723319][ T9200] Bluetooth: hci3: command 0x0c1a tx timeout
[  655.637425][ T9200] Bluetooth: hci0: command 0x0c1a tx timeout
[  655.643602][ T8971] Bluetooth: hci2: command 0x0c1a tx timeout
[  655.798863][ T9200] Bluetooth: hci3: command 0x0c1a tx timeout
[  657.003817][T12713] vivid-007: =================  START STATUS  =================
[  657.019445][T12713] vivid-007: Generate PTS: true
[  657.027449][T12713] vivid-007: Generate SCR: true
[  657.033680][T12713] tpg source WxH: 320x240 (Y'CbCr)
[  657.040734][T12713] tpg field: 1
[  657.046930][T12713] tpg crop: (0,0)/320x240
[  657.051754][T12713] tpg compose: (0,0)/320x240
[  657.060433][T12713] tpg colorspace: 8
[  657.064625][T12713] tpg transfer function: 0/0
[  657.079350][T12713] tpg Y'CbCr encoding: 0/0
[  657.083809][T12713] tpg quantization: 0/0
[  657.099156][T12713] tpg RGB range: 0/2
[  657.103091][T12713] vivid-007: ==================  END STATUS  ==================
[  657.582822][T12720] Invalid ELF header magic: != ELF

	
	
		
		




	

	

	
		
	

	

	

	
		

	


	
		
	
	
	

		




	

	

	
		
	

	
		
	

	
		

	

	

	
	

	
	

	
	

	
	

	
		
			

	
	
	



	

			

	
	
	



	

			



	

	
	

	
	


	
		

	


	
	

		
	
		
	
	



			








	




	













	


	













			
			
		


		

















	











	





	





		







	
		

	


	
	

		
	
		
	
	



			








	




	




	


	


	


	
		

	
		
		


		

















	











	






	






		









	
		

	


	
	

		
	
		
	
	



			








	

	






		
		
		

			
	

	

	

	
	
	

	

	

	
				
				
		

		

	
	


	
	



		

		
		
	

	
	

	




	


	



	
	
	



	

		

		
	


	
	
	
	

	




	
		

	
	
	
	
	
	
	


	
	
	
	







	





	





		







					

	
		

	


	
	

		
	
		
	
	



			








	




	








	




	

	
	


	



	
	


	



	

		

		
	


	


		
		
	

	

			
			
		
	
		
		


		

















	











	




	





		






	

	
		
					
		
	

	
	

	
	

	
	

	
		

	
		

	


	
	

		
	
		
	
	



			








	






	






	


	



	

	




		


		
		


		

















	











	




	





		






	
	
	
	

	

	
		


	
		

	

	
	

	
	

	
	
		
		


	

	
	
	
	
	
	
	

	


	

	
		
	
		
		

	

	
		
	

	
		

	



	

	
		
	

	
		
	

	
		

	


	
	

		
	
		
	
	



			








	




	



	

	

	

	

	

	

	




			
			
		


		

















	











	





	





		






	

	
		

	
		

	


		

		
	
		
	
	



			








	


	






	



	
	
	












	





	






		







	
	

	

	
				
	
		


	
	

	
		
	


		
	
	
	


		
	
	



	
		
	
	

	
		
	

	
		

	
		

	


	

	

		
	
		
	
	



			








	

	









	
	



	



	





	


	



		
	
	





































































	


















	
	

	
	
	
	
	
	







	








	







		










	

	
	
	
	

		
	
	



			



































	


















	
	

	
	
	
	
	
	







	








	







		









	

	
	
	
	



			
			
	
	
		



	


	








	
	




	
	
	

			
			
	

		
		
		









	



	
	
	

			
			
	

		
		
		









	



			
		
	
	
	
	

			
			
		







			
		
	
	
	
	

			
			
		







			
		
	
	
	
	

			
			
		







			
		
	
	
	
	

			
			
		
















	
	
	


	
	
	
	
	
	
	
	
	
	
	


	
	











	
	
	
	
	
	
	
	

	
	





	





	





	





	






	











	






	
	

	




	

	


		
	
	
	


		
	
	
	
	

	


	

	
	

	

	
	

	

	

	
		

	
		

	


	
	

		
	
		
	
	



			








	




	





















	
	

	
	
	
	
	
	







	




	





		









	

	
	

	




	

	

	
		
	
	

	

	
				
	
		


	
	
	

	




	

	
	

	
	

	
	

	
	

	
	

	
		

	


		
	
	



			









	






	




	












	





	

	



	

	
		

	


	
	


	
		
		

	

	

				
		
		


	
			
			
		


		


















	










	




	




		






		
	


		
	

		
	








	
	
	

	


	
	





	







	
	


	

	
		

		
	

	
	
		
	
	
		











	

	

	


	



	
	








	











	
	



	


	
		


		

	



	
	
	
	
	


		
		

		



	




	
				
	




	
				
	
	
	
	
	
	
		

	
	


		
	
	



			









	






	




	




	
	










	
	

	













	

	

	





	





	


	


	


	


	


	


	

	











	

	
	
	























	
	







	







		







		
	


		
	

		
	








	
	
	

	


	
	





	







	
	


	

	
		

		
	

	
	
		
	
	
		











	

	

	


	



	
	








	











	
	



	


	
		


		

	



	
	
	
	
	


		
		

		



	
	

	

		

	
	


		
	
	



			









	






	




	




	
	










	
	

	













	

	

	





	





	


	


	


	


	


	


	

	











	

	
	
	























	
	







	








		








		
	


		
	

		
	








	
	
	

	


	
	





	







	
	


	

	
		

		
	

	
	
		
	
	
		











	

	

	


	



	
	








	











	
	



	


	
		


		

	



	
	
	
	
	


		
		

		



	
	

	


	
	
	


	
		

	


		

		
	
		
	
	



			








	



		
	

		
	

	



	


	
		
	
		

	
		
		





	
	
		
	
		
	
	
	

	







	








	







		









	


	
				
	

	

			




		
	
				
	

	

			



		
	
				
	

	

			



		
	
				
	

	

			


		

	
		



		

	

	




	
	

	



syzkaller
syzkaller login: [  772.918469][ T8974] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 965 with max blocks 5 with error 117
[  772.998319][ T8974] EXT4-fs (sda1): This should not happen!! Data will be lost
[  772.998319][ T8974] 
[  773.622600][ T9005] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 964 with max blocks 2 with error 117
[  773.839684][ T9005] EXT4-fs (sda1): This should not happen!! Data will be lost
[  773.839684][ T9005] 
[  773.937505][T13940] nbd: socks must be embedded in a SOCK_ITEM attr
[  775.951745][T13962] random: crng reseeded on system resumption
[  776.888218][T13972] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1865'.
[  776.913721][T13972] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1865'.
[  777.006170][T13974] Invalid ELF header magic: != ELF
[  778.061423][T13984] Invalid ELF header magic: != ELF
[  788.842708][T14028] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137
[  788.997155][T14028] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138
[  789.126381][T14028] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum
[  789.408438][T14030] syz.2.1878 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=2, oom_score_adj=1000
[  789.466612][T14030] CPU: 0 UID: 0 PID: 14030 Comm: syz.2.1878 Not tainted syzkaller #0 PREEMPT(full) 
[  789.466646][T14030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  789.466661][T14030] Call Trace:
[  789.466668][T14030]  <TASK>
[  789.466678][T14030]  dump_stack_lvl+0x16c/0x1f0
[  789.466710][T14030]  dump_header+0x101/0x930
[  789.466738][T14030]  oom_kill_process+0x272/0xa40
[  789.466766][T14030]  out_of_memory+0x350/0x1700
[  789.466797][T14030]  ? __pfx_out_of_memory+0x10/0x10
[  789.466830][T14030]  mem_cgroup_out_of_memory+0x118/0x130
[  789.466870][T14030]  ? __pfx_mem_cgroup_out_of_memory+0x10/0x10
[  789.466916][T14030]  ? do_raw_spin_unlock+0x172/0x230
[  789.466962][T14030]  try_charge_memcg+0x695/0xd30
[  789.467005][T14030]  ? __pfx_try_charge_memcg+0x10/0x10
[  789.467036][T14030]  ? find_held_lock+0x2b/0x80
[  789.467062][T14030]  ? rcu_read_unlock+0x17/0x60
[  789.467102][T14030]  obj_cgroup_charge_account+0x292/0x500
[  789.467140][T14030]  __memcg_slab_post_alloc_hook+0x2ea/0x940
[  789.467179][T14030]  ? kasan_unpoison+0x27/0x60
[  789.467208][T14030]  __kmalloc_cache_noprof+0x593/0x780
[  789.467250][T14030]  ? ipv6_add_dev+0x6af/0x15f0
[  789.467284][T14030]  ? ipv6_add_dev+0x6af/0x15f0
[  789.467310][T14030]  ipv6_add_dev+0x6af/0x15f0
[  789.467344][T14030]  addrconf_notify+0x53e/0x19e0
[  789.467380][T14030]  ? ip6mr_device_event+0x1bc/0x230
[  789.467425][T14030]  notifier_call_chain+0xbc/0x410
[  789.467457][T14030]  ? __pfx_addrconf_notify+0x10/0x10
[  789.467500][T14030]  call_netdevice_notifiers_info+0xbe/0x140
[  789.467536][T14030]  register_netdevice+0x182e/0x2270
[  789.467569][T14030]  ? __pfx_register_netdevice+0x10/0x10
[  789.467599][T14030]  ? alloc_netdev_mqs+0xe17/0x1550
[  789.467628][T14030]  register_netdev+0x34/0x50
[  789.467654][T14030]  ip6gre_init_net+0x2bd/0x440
[  789.467690][T14030]  ? __pfx_ip6gre_init_net+0x10/0x10
[  789.467726][T14030]  ops_init+0x1e2/0x5f0
[  789.467754][T14030]  setup_net+0x100/0x390
[  789.467778][T14030]  ? __pfx_setup_net+0x10/0x10
[  789.467804][T14030]  ? debug_mutex_init+0x37/0x70
[  789.467831][T14030]  copy_net_ns+0x2f8/0x690
[  789.467860][T14030]  create_new_namespaces+0x3ea/0xa90
[  789.467894][T14030]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  789.467924][T14030]  ksys_unshare+0x45b/0xa40
[  789.467956][T14030]  ? __pfx_ksys_unshare+0x10/0x10
[  789.467993][T14030]  ? xfd_validate_state+0x61/0x180
[  789.468038][T14030]  __x64_sys_unshare+0x31/0x40
[  789.468071][T14030]  do_syscall_64+0xcd/0xfa0
[  789.468101][T14030]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  789.468127][T14030] RIP: 0033:0x7f9dc2d8f6c9
[  789.468146][T14030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  789.468171][T14030] RSP: 002b:00007f9dc3c3a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  789.468194][T14030] RAX: ffffffffffffffda RBX: 00007f9dc2fe5fa0 RCX: 00007f9dc2d8f6c9
[  789.468210][T14030] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  789.468225][T14030] RBP: 00007f9dc2e11f91 R08: 0000000000000000 R09: 0000000000000000
[  789.468240][T14030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  789.468255][T14030] R13: 00007f9dc2fe6038 R14: 00007f9dc2fe5fa0 R15: 00007fffdfbff428
[  789.468287][T14030]  </TASK>
[  789.468296][T14030] memory: usage 3072kB, limit 3072kB, failcnt 18187
[  789.800183][T14032] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 1: bad block bitmap checksum
[  789.925565][T14030] memory+swap: usage 7420kB, limit 9007199254740988kB, failcnt 0
[  789.936185][T14030] kmem: usage 3020kB, limit 9007199254740988kB, failcnt 0
[  789.943869][T14030] Memory cgroup stats for /syz2:
[  789.947095][T14030] cache 0
[  789.965074][T14030] rss 0
[  789.967892][T14030] rss_huge 0
[  789.971098][T14030] shmem 0
[  789.974692][T14030] mapped_file 0
[  789.978179][T14030] dirty 0
[  789.981136][T14030] writeback 0
[  789.993796][T14030] workingset_refault_anon 9251
[  789.998611][T14030] workingset_refault_file 8681
[  790.003388][T14030] swap 4452352
[  790.007416][T14030] swapcached 53248
[  790.011154][T14030] pgpgin 669089
[  790.016094][T14030] pgpgout 674860
[  790.019661][T14030] pgfault 635156
[  790.023218][T14030] pgmajfault 2732
[  790.033561][T14030] inactive_anon 53248
[  790.037570][T14030] active_anon 0
[  790.041026][T14030] inactive_file 0
[  790.045336][T14030] active_file 0
[  790.048843][T14030] unevictable 0
[  790.052318][T14030] hierarchical_memory_limit 3145728
[  790.063712][T14030] hierarchical_memsw_limit 9223372036854771712
[  790.069903][T14030] total_cache 0
[  790.074644][T14030] total_rss 0
[  790.077998][T14030] total_rss_huge 0
[  790.081722][T14030] total_shmem 0
[  790.103204][T14030] total_mapped_file 0
[  790.107224][T14030] total_dirty 0
[  790.110687][T14030] total_writeback 0
[  790.114572][T14030] total_workingset_refault_anon 9251
[  790.121543][T14030] total_workingset_refault_file 8681
[  790.128107][T14030] total_swap 4452352
[  790.132014][T14030] total_swapcached 53248
[  790.136658][T14030] total_pgpgin 669089
[  790.140655][T14030] total_pgpgout 674860
[  790.152979][T14030] total_pgfault 635156
[  790.157068][T14030] total_pgmajfault 2732
[  790.161217][T14030] total_inactive_anon 53248
[  790.172872][T14030] total_active_anon 0
[  790.176906][T14030] total_inactive_file 0
[  790.181071][T14030] total_active_file 0
[  790.186368][T14030] total_unevictable 0
[  790.190369][T14030] anon_cost 0
[  790.194218][T14030] file_cost 0
[  790.197601][T14030] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.1878,pid=14029,uid=0
[  790.222846][T14030] Memory cgroup out of memory: Killed process 14029 (syz.2.1878) total-vm:169868kB, anon-rss:1268kB, file-rss:22860kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000
[  790.650372][ T9200] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  790.660808][ T9200] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  790.669443][ T9200] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  790.677747][ T9200] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  790.685617][ T9200] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  791.105190][T14035] chnl_net:caif_netlink_parms(): no params data found
[  791.552491][T14042] Invalid ELF header magic: != ELF
[  792.425507][   T33] oom_reaper: reaped process 14029 (syz.2.1878), now anon-rss:16kB, file-rss:21760kB, shmem-rss:0kB
[  792.749554][ T9200] Bluetooth: hci4: command tx timeout
[  793.297347][T14052] FAULT_INJECTION: forcing a failure.
[  793.297347][T14052] name failslab, interval 1, probability 0, space 0, times 0
[  793.326452][T14052] CPU: 0 UID: 0 PID: 14052 Comm: syz.2.1882 Not tainted syzkaller #0 PREEMPT(full) 
[  793.326492][T14052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  793.326507][T14052] Call Trace:
[  793.326515][T14052]  <TASK>
[  793.326524][T14052]  dump_stack_lvl+0x16c/0x1f0
[  793.326555][T14052]  should_fail_ex+0x512/0x640
[  793.326591][T14052]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  793.326619][T14052]  should_failslab+0xc2/0x120
[  793.326651][T14052]  kmem_cache_alloc_noprof+0x75/0x6e0
[  793.326676][T14052]  ? __proc_create+0x2ce/0x8e0
[  793.326716][T14052]  ? __proc_create+0x2ce/0x8e0
[  793.326749][T14052]  __proc_create+0x2ce/0x8e0
[  793.326784][T14052]  ? __pfx___proc_create+0x10/0x10
[  793.326819][T14052]  ? pcpu_chunk_relocate+0x126/0x190
[  793.326843][T14052]  ? find_held_lock+0x2b/0x80
[  793.326873][T14052]  proc_create_reg+0x7d/0x180
[  793.326910][T14052]  ? __pfx_tls_statistics_seq_show+0x10/0x10
[  793.326943][T14052]  proc_create_net_single+0x86/0x180
[  793.326980][T14052]  ? __pfx_proc_create_net_single+0x10/0x10
[  793.327025][T14052]  ? __pfx_tls_init_net+0x10/0x10
[  793.327047][T14052]  tls_proc_init+0x4d/0x70
[  793.327077][T14052]  tls_init_net+0x65/0xf0
[  793.327100][T14052]  ops_init+0x1e2/0x5f0
[  793.327128][T14052]  setup_net+0x100/0x390
[  793.327152][T14052]  ? __pfx_setup_net+0x10/0x10
[  793.327177][T14052]  ? debug_mutex_init+0x37/0x70
[  793.327204][T14052]  copy_net_ns+0x2f8/0x690
[  793.327234][T14052]  create_new_namespaces+0x3ea/0xa90
[  793.327268][T14052]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  793.327298][T14052]  ksys_unshare+0x45b/0xa40
[  793.327329][T14052]  ? __pfx_ksys_unshare+0x10/0x10
[  793.327362][T14052]  ? xfd_validate_state+0x61/0x180
[  793.327405][T14052]  __x64_sys_unshare+0x31/0x40
[  793.327436][T14052]  do_syscall_64+0xcd/0xfa0
[  793.327480][T14052]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  793.327505][T14052] RIP: 0033:0x7f9dc2d8f6c9
[  793.327524][T14052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  793.327548][T14052] RSP: 002b:00007f9dc3c3a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  793.327572][T14052] RAX: ffffffffffffffda RBX: 00007f9dc2fe5fa0 RCX: 00007f9dc2d8f6c9
[  793.327588][T14052] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  793.327602][T14052] RBP: 00007f9dc2e11f91 R08: 0000000000000000 R09: 0000000000000000
[  793.327617][T14052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  793.327631][T14052] R13: 00007f9dc2fe6038 R14: 00007f9dc2fe5fa0 R15: 00007fffdfbff428
[  793.327663][T14052]  </TASK>
[  794.596083][T14035] bridge0: port 1(bridge_slave_0) entered blocking state
[  794.608026][T14059] Invalid ELF header magic: != ELF
[  794.669551][T14035] bridge0: port 1(bridge_slave_0) entered disabled state
[  794.749217][T14035] bridge_slave_0: entered allmulticast mode
[  794.790916][T14035] bridge_slave_0: entered promiscuous mode
[  794.819440][ T9200] Bluetooth: hci4: command tx timeout
[  795.003542][T14064] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1888'.
[  795.501086][ T9005] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  795.703268][T14035] bridge0: port 2(bridge_slave_1) entered blocking state
[  795.822302][T14035] bridge0: port 2(bridge_slave_1) entered disabled state
[  795.920461][T14035] bridge_slave_1: entered allmulticast mode
[  796.058308][T14035] bridge_slave_1: entered promiscuous mode
[  796.267454][ T9005] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  796.344115][T13070] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  796.355962][T13070] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  796.364128][T13070] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  796.372282][T13070] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  796.390121][T13070] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  796.673594][ T9005] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  796.826326][T14035] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  796.889022][T13070] Bluetooth: hci4: command tx timeout
[  797.026626][T14035] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  797.646415][T14085] Invalid ELF header magic: != ELF
[  797.854494][T14035] team0: Port device team_slave_0 added
[  797.920557][T14035] team0: Port device team_slave_1 added
[  798.104917][T14035] batman_adv: batadv0: Adding interface: batadv_slave_0
[  798.113883][T14035] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  798.140717][T14035] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  798.218075][T14035] batman_adv: batadv0: Adding interface: batadv_slave_1
[  798.225653][T14035] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  798.252884][T14035] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  798.480238][T13070] Bluetooth: hci3: command tx timeout
[  798.542933][T14035] hsr_slave_0: entered promiscuous mode
[  798.550731][T14035] hsr_slave_1: entered promiscuous mode
[  798.592876][ T9005] netdevsim netdevsim15 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  798.724694][T14095] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1896'.
[  798.957233][T13070] Bluetooth: hci4: command tx timeout
[  800.089182][T14110] Invalid ELF header magic: != ELF
[  800.487409][T14070] chnl_net:caif_netlink_parms(): no params data found
[  800.551520][T13070] Bluetooth: hci3: command tx timeout
[  800.608770][ T9005] gretap0: left allmulticast mode
[  800.701984][ T9005] gretap0: left promiscuous mode
[  800.709518][ T9005] bridge0: port 3(gretap0) entered disabled state
[  800.897081][ T9005] bridge_slave_1: left allmulticast mode
[  800.902788][ T9005] bridge_slave_1: left promiscuous mode
[  800.997460][ T9005] bridge0: port 2(bridge_slave_1) entered disabled state
[  801.099400][ T9005] bridge_slave_0: left allmulticast mode
[  801.196290][ T9005] bridge_slave_0: left promiscuous mode
[  801.202069][ T9005] bridge0: port 1(bridge_slave_0) entered disabled state
[  801.338470][T14123] vhci_hcd: default hub control req: 0000 v0000 i0000 l0
[  801.507284][T14128] futex_wake_op: syz.2.1899 tries to shift op by -9; fix this program
[  802.618717][T13070] Bluetooth: hci3: command tx timeout
[  802.803363][ T9005] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  802.816685][ T9005] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  802.829161][ T9005] bond0 (unregistering): Released all slaves
[  802.932305][T14135] FAULT_INJECTION: forcing a failure.
[  802.932305][T14135] name failslab, interval 1, probability 0, space 0, times 0
[  802.959494][T14135] CPU: 0 UID: 0 PID: 14135 Comm: syz.2.1901 Not tainted syzkaller #0 PREEMPT(full) 
[  802.959528][T14135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  802.959544][T14135] Call Trace:
[  802.959551][T14135]  <TASK>
[  802.959560][T14135]  dump_stack_lvl+0x16c/0x1f0
[  802.959591][T14135]  should_fail_ex+0x512/0x640
[  802.959629][T14135]  ? __kmalloc_node_track_caller_noprof+0xcb/0x8a0
[  802.959664][T14135]  should_failslab+0xc2/0x120
[  802.959697][T14135]  __kmalloc_node_track_caller_noprof+0xde/0x8a0
[  802.959729][T14135]  ? __ip_vs_sctp_init+0x37/0x80
[  802.959769][T14135]  ? kmemdup_noprof+0x29/0x60
[  802.959793][T14135]  kmemdup_noprof+0x29/0x60
[  802.959819][T14135]  ? __pfx___ip_vs_sctp_init+0x10/0x10
[  802.959860][T14135]  __ip_vs_sctp_init+0x37/0x80
[  802.959895][T14135]  ip_vs_protocol_net_init+0x194/0x300
[  802.959931][T14135]  __ip_vs_init+0x239/0x520
[  802.959970][T14135]  ? __pfx___ip_vs_init+0x10/0x10
[  802.960008][T14135]  ops_init+0x1e2/0x5f0
[  802.960035][T14135]  setup_net+0x100/0x390
[  802.960060][T14135]  ? __pfx_setup_net+0x10/0x10
[  802.960087][T14135]  ? debug_mutex_init+0x37/0x70
[  802.960116][T14135]  copy_net_ns+0x2f8/0x690
[  802.960147][T14135]  create_new_namespaces+0x3ea/0xa90
[  802.960182][T14135]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  802.960212][T14135]  ksys_unshare+0x45b/0xa40
[  802.960245][T14135]  ? __pfx_ksys_unshare+0x10/0x10
[  802.960279][T14135]  ? xfd_validate_state+0x61/0x180
[  802.960323][T14135]  __x64_sys_unshare+0x31/0x40
[  802.960355][T14135]  do_syscall_64+0xcd/0xfa0
[  802.960385][T14135]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  802.960409][T14135] RIP: 0033:0x7f9dc2d8f6c9
[  802.960429][T14135] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  802.960453][T14135] RSP: 002b:00007f9dc3c3a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  802.960476][T14135] RAX: ffffffffffffffda RBX: 00007f9dc2fe5fa0 RCX: 00007f9dc2d8f6c9
[  802.960495][T14135] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  802.960510][T14135] RBP: 00007f9dc2e11f91 R08: 0000000000000000 R09: 0000000000000000
[  802.960525][T14135] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  802.960540][T14135] R13: 00007f9dc2fe6038 R14: 00007f9dc2fe5fa0 R15: 00007fffdfbff428
[  802.960572][T14135]  </TASK>
[  803.303369][T14035] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  803.328511][ T9005] HfR: left promiscuous mode
[  803.379932][T14035] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  803.435121][T14035] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  803.556294][T14035] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  803.701983][T14070] bridge0: port 1(bridge_slave_0) entered blocking state
[  803.710680][T14070] bridge0: port 1(bridge_slave_0) entered disabled state
[  803.721841][T14070] bridge_slave_0: entered allmulticast mode
[  803.729765][T14070] bridge_slave_0: entered promiscuous mode
[  803.859413][T14070] bridge0: port 2(bridge_slave_1) entered blocking state
[  803.878109][T14070] bridge0: port 2(bridge_slave_1) entered disabled state
[  803.885868][T14070] bridge_slave_1: entered allmulticast mode
[  803.898895][T14070] bridge_slave_1: entered promiscuous mode
[  804.078350][T14070] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  804.143369][T14070] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  804.312951][T14070] team0: Port device team_slave_0 added
[  804.343041][T14070] team0: Port device team_slave_1 added
[  804.688134][T13070] Bluetooth: hci3: command tx timeout
[  805.074437][T14070] batman_adv: batadv0: Adding interface: batadv_slave_0
[  805.196424][T14070] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  805.444707][T14070] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  805.511019][T14070] batman_adv: batadv0: Adding interface: batadv_slave_1
[  805.596308][T14070] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  805.701698][T14070] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  805.757293][ T9005] hsr_slave_0: left promiscuous mode
[  805.768000][ T9005] hsr_slave_1: left promiscuous mode
[  805.787715][ T9005] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  805.807861][ T9005] batman_adv: batadv0: Removing interface: batadv_slave_0
[  805.828939][ T9005] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  805.848137][ T9005] batman_adv: batadv0: Removing interface: batadv_slave_1
[  805.906417][ T9005] veth1_macvtap: left promiscuous mode
[  805.920805][ T9005] veth0_macvtap: left promiscuous mode
[  805.931606][ T9005] veth1_vlan: left promiscuous mode
[  805.947358][ T9005] veth0_vlan: left promiscuous mode
[  806.404410][ T9005] team0 (unregistering): Port device team_slave_1 removed
[  806.452639][ T9005] team0 (unregistering): Port device team_slave_0 removed
[  807.012027][T14035] 8021q: adding VLAN 0 to HW filter on device bond0
[  807.187599][T14070] hsr_slave_0: entered promiscuous mode
[  807.267375][T14185] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1904'.
[  807.283663][T14070] hsr_slave_1: entered promiscuous mode
[  807.289853][T14070] debugfs: 'hsr0' already exists in 'hsr'
[  807.491556][T14070] Cannot create hsr debugfs directory
[  807.524542][T14035] 8021q: adding VLAN 0 to HW filter on device team0
[  808.265137][ T8974] bridge0: port 1(bridge_slave_0) entered blocking state
[  808.272385][ T8974] bridge0: port 1(bridge_slave_0) entered forwarding state
[  808.447663][ T8974] bridge0: port 2(bridge_slave_1) entered blocking state
[  808.454947][ T8974] bridge0: port 2(bridge_slave_1) entered forwarding state
[  809.128202][ T5836] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[  809.148382][ T5836] CPU: 0 UID: 0 PID: 5836 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  809.148441][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  809.148456][ T5836] Call Trace:
[  809.148464][ T5836]  <TASK>
[  809.148472][ T5836]  dump_stack_lvl+0x16c/0x1f0
[  809.148503][ T5836]  dump_header+0x101/0x930
[  809.148529][ T5836]  oom_kill_process+0x272/0xa40
[  809.148556][ T5836]  out_of_memory+0x350/0x1700
[  809.148585][ T5836]  ? __pfx_out_of_memory+0x10/0x10
[  809.148617][ T5836]  mem_cgroup_out_of_memory+0x118/0x130
[  809.148658][ T5836]  ? __pfx_mem_cgroup_out_of_memory+0x10/0x10
[  809.148703][ T5836]  ? do_raw_spin_unlock+0x172/0x230
[  809.148750][ T5836]  try_charge_memcg+0x695/0xd30
[  809.148785][ T5836]  ? __pfx_try_charge_memcg+0x10/0x10
[  809.148822][ T5836]  ? find_held_lock+0x2b/0x80
[  809.148850][ T5836]  charge_memcg+0x8a/0x230
[  809.148880][ T5836]  mem_cgroup_swapin_charge_folio+0xbb/0x440
[  809.148918][ T5836]  __read_swap_cache_async+0x397/0x500
[  809.148947][ T5836]  ? __pfx___read_swap_cache_async+0x10/0x10
[  809.148973][ T5836]  ? mlock_drain_local+0x210/0x4f0
[  809.149006][ T5836]  swap_cluster_readahead+0x528/0x770
[  809.149029][ T5836]  ? do_raw_spin_lock+0x12c/0x2b0
[  809.149072][ T5836]  ? __pfx_swap_cluster_readahead+0x10/0x10
[  809.149100][ T5836]  ? css_rstat_updated+0x1c2/0x510
[  809.149140][ T5836]  ? __lock_acquire+0x622/0x1c90
[  809.149170][ T5836]  ? get_vma_policy+0x242/0x3c0
[  809.149207][ T5836]  swapin_readahead+0x13a/0xd60
[  809.149240][ T5836]  ? __pfx_swapin_readahead+0x10/0x10
[  809.149262][ T5836]  ? swap_cache_get_folio+0x267/0x8e0
[  809.149284][ T5836]  ? swap_cache_get_folio+0x267/0x8e0
[  809.149304][ T5836]  ? swap_cache_get_folio+0x267/0x8e0
[  809.149329][ T5836]  ? swap_cache_get_folio+0x267/0x8e0
[  809.149351][ T5836]  ? swap_cache_get_folio+0x1f/0x8e0
[  809.149371][ T5836]  ? swap_cache_get_folio+0x293/0x8e0
[  809.149399][ T5836]  ? __pfx_swap_cache_get_folio+0x10/0x10
[  809.149421][ T5836]  ? __pfx_get_swap_device+0x10/0x10
[  809.149457][ T5836]  ? do_swap_page+0x125/0x6340
[  809.149493][ T5836]  do_swap_page+0x86c/0x6340
[  809.149539][ T5836]  ? __pfx_do_swap_page+0x10/0x10
[  809.149573][ T5836]  ? __pfx_default_wake_function+0x10/0x10
[  809.149600][ T5836]  ? __lock_acquire+0x622/0x1c90
[  809.149634][ T5836]  ? rcu_is_watching+0x12/0xc0
[  809.149659][ T5836]  ? ___pte_offset_map+0x2ad/0x4f0
[  809.149694][ T5836]  __handle_mm_fault+0x17d1/0x2aa0
[  809.149740][ T5836]  ? __pfx___handle_mm_fault+0x10/0x10
[  809.149782][ T5836]  ? lock_vma_under_rcu+0x176/0x530
[  809.149828][ T5836]  ? __pfx_lock_vma_under_rcu+0x10/0x10
[  809.149874][ T5836]  handle_mm_fault+0x589/0xd10
[  809.149912][ T5836]  ? __pkru_allows_pkey+0x11/0xb0
[  809.149952][ T5836]  do_user_addr_fault+0x60c/0x1370
[  809.149977][ T5836]  ? rcu_is_watching+0x12/0xc0
[  809.150005][ T5836]  exc_page_fault+0x64/0xc0
[  809.150033][ T5836]  asm_exc_page_fault+0x26/0x30
[  809.150056][ T5836] RIP: 0033:0x7f9dc2d8f66a
[  809.150075][ T5836] Code: c1 e8 32 89 c1 69 c0 40 42 0f 00 48 89 0c 24 29 c7 48 69 ff e8 03 00 00 48 89 7c 24 08 48 89 e7 e8 7b 62 ff ff 48 8b 54 24 18 <64> 48 2b 14 25 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 32 00 00 90
[  809.150098][ T5836] RSP: 002b:00007fffdfbff780 EFLAGS: 00010206
[  809.150117][ T5836] RAX: 0000000000000000 RBX: 0000000000000750 RCX: 0000000000000000
[  809.150131][ T5836] RDX: d54a5bf5a278eb00 RSI: 0000000000000000 RDI: 000055558a054808
[  809.150147][ T5836] RBP: 00007fffdfbff7ec R08: 0000000000000000 R09: 0000000000000000
[  809.150162][ T5836] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000001388
[  809.150176][ T5836] R13: 00000000000927c0 R14: 00000000000c599b R15: 00007fffdfbff840
[  809.150207][ T5836]  </TASK>
[  809.505266][ T5836] memory: usage 3072kB, limit 3072kB, failcnt 21421
[  809.512409][ T5836] memory+swap: usage 6408kB, limit 9007199254740988kB, failcnt 0
[  809.520281][ T5836] kmem: usage 1992kB, limit 9007199254740988kB, failcnt 0
[  809.527392][ T5836] Memory cgroup stats for /syz2:
[  809.527557][ T5836] cache 4096
[  809.535701][ T5836] rss 983040
[  809.538895][ T5836] rss_huge 0
[  809.542384][ T5836] shmem 0
[  809.545320][ T5836] mapped_file 0
[  809.548776][ T5836] dirty 0
[  809.551755][ T5836] writeback 0
[  809.555054][ T5836] workingset_refault_anon 10287
[  809.559934][ T5836] workingset_refault_file 8855
[  809.564695][ T5836] swap 3416064
[  809.568064][ T5836] swapcached 118784
[  809.572200][ T5836] pgpgin 674451
[  809.575663][ T5836] pgpgout 679965
[  809.579207][ T5836] pgfault 653193
[  809.582825][ T5836] pgmajfault 3101
[  809.586455][ T5836] inactive_anon 1101824
[  809.590632][ T5836] active_anon 0
[  809.594087][ T5836] inactive_file 4096
[  809.597977][ T5836] active_file 0
[  809.601481][ T5836] unevictable 0
[  809.604936][ T5836] hierarchical_memory_limit 3145728
[  809.610174][ T5836] hierarchical_memsw_limit 9223372036854771712
[  809.616322][ T5836] total_cache 4096
[  809.620395][ T5836] total_rss 983040
[  809.624127][ T5836] total_rss_huge 0
[  809.627840][ T5836] total_shmem 0
[  809.631329][ T5836] total_mapped_file 0
[  809.635307][ T5836] total_dirty 0
[  809.638760][ T5836] total_writeback 0
[  809.642626][ T5836] total_workingset_refault_anon 10287
[  809.648154][ T5836] total_workingset_refault_file 8855
[  809.653673][ T5836] total_swap 3416064
[  809.657565][ T5836] total_swapcached 118784
[  809.661946][ T5836] total_pgpgin 674451
[  809.665935][ T5836] total_pgpgout 679965
[  809.670133][ T5836] total_pgfault 653193
[  809.674530][ T5836] total_pgmajfault 3101
[  809.678714][ T5836] total_inactive_anon 1101824
[  809.683469][ T5836] total_active_anon 0
[  809.687491][ T5836] total_inactive_file 4096
[  809.691954][ T5836] total_active_file 0
[  809.695945][ T5836] total_unevictable 0
[  809.700329][ T5836] anon_cost 0
[  809.703621][ T5836] file_cost 0
[  809.707015][ T5836] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.1906,pid=14188,uid=0
[  809.722171][ T5836] Memory cgroup out of memory: Killed process 14188 (syz.2.1906) total-vm:114780kB, anon-rss:2036kB, file-rss:27004kB, shmem-rss:0kB, UID:0 pgtables:168kB oom_score_adj:1000
[  810.221575][ T8974] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  810.359400][ T8974] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  810.476224][ T8974] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  810.626039][ T8974] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  810.967059][T14070] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  811.039404][T14070] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  811.105825][T14035] 8021q: adding VLAN 0 to HW filter on device batadv0
[  811.134982][T14070] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  811.183065][T14070] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  811.248693][ T8974] bridge_slave_1: left allmulticast mode
[  811.260262][ T8974] bridge_slave_1: left promiscuous mode
[  811.266999][ T8974] bridge0: port 2(bridge_slave_1) entered disabled state
[  811.341300][ T8974] bridge_slave_0: left allmulticast mode
[  811.347072][ T8974] bridge_slave_0: left promiscuous mode
[  811.370502][ T8974] bridge0: port 1(bridge_slave_0) entered disabled state
[  812.068836][ T8974]  (unregistering): (slave bond_slave_0): Releasing backup interface
[  812.080447][ T8974]  (unregistering): (slave bond_slave_1): Releasing backup interface
[  812.091109][ T8974]  (unregistering): Released all slaves
[  812.300242][ T8974] ovs_ÿþÿþ: left promiscuous mode
[  812.364683][ T8974] HfR: left promiscuous mode
[  812.401771][T14070] 8021q: adding VLAN 0 to HW filter on device bond0
[  812.571531][T14070] 8021q: adding VLAN 0 to HW filter on device team0
[  812.699713][T12525] bridge0: port 1(bridge_slave_0) entered blocking state
[  812.706900][T12525] bridge0: port 1(bridge_slave_0) entered forwarding state
[  812.788003][ T9005] bridge0: port 2(bridge_slave_1) entered blocking state
[  812.795199][ T9005] bridge0: port 2(bridge_slave_1) entered forwarding state
[  812.849714][T14035] veth0_vlan: entered promiscuous mode
[  812.914728][T14035] veth1_vlan: entered promiscuous mode
[  813.128792][ T8974] hsr_slave_0: left promiscuous mode
[  813.151538][ T8974] hsr_slave_1: left promiscuous mode
[  813.157485][ T8974] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  813.177531][ T8974] batman_adv: batadv0: Removing interface: batadv_slave_0
[  813.237300][ T8974] veth1_macvtap: left promiscuous mode
[  813.259767][ T8974] veth1_vlan: left promiscuous mode
[  813.265238][ T8974] veth0_vlan: left promiscuous mode
[  813.862897][ T8974] team0 (unregistering): Port device team_slave_0 removed
[  814.355262][T14035] veth0_macvtap: entered promiscuous mode
[  814.443894][T14035] veth1_macvtap: entered promiscuous mode
[  814.520223][T14035] batman_adv: batadv0: Interface activated: batadv_slave_0
[  814.574179][T14035] batman_adv: batadv0: Interface activated: batadv_slave_1
[  814.652734][ T9005] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  814.705850][ T9005] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  814.760210][ T9005] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  814.827731][ T9005] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  815.055209][ T8974] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  815.070087][T14070] 8021q: adding VLAN 0 to HW filter on device batadv0
[  815.097263][ T8974] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  815.208487][ T9289] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  815.229882][ T9289] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  816.808455][T14289] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1907'.
[  817.354186][T14070] veth0_vlan: entered promiscuous mode
[  817.500560][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  817.507067][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  817.767735][T14070] veth1_vlan: entered promiscuous mode
[  817.933760][T14070] veth0_macvtap: entered promiscuous mode
[  817.969297][T14070] veth1_macvtap: entered promiscuous mode
[  818.079799][T14070] batman_adv: batadv0: Interface activated: batadv_slave_0
[  818.283154][T14308] Invalid ELF header magic: != ELF
[  818.301928][T14070] batman_adv: batadv0: Interface activated: batadv_slave_1
[  818.554375][ T8969] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  818.635527][ T8969] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  818.865846][ T8969] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  819.059082][ T8969] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  819.772526][T14315] ALSA: mixer_oss: invalid OSS volume ''
[  820.213720][T14332] Console: switching to colour VGA+ 80x25
[  820.360252][T14070] ieee80211 phy33: Selected rate control algorithm 'minstrel_ht'
[  820.402875][T14335] ==================================================================
[  820.402892][T14335] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0xa03/0xc70
[  820.402936][T14335] Read of size 2 at addr ffff888078056712 by task syz.2.1920/14335
[  820.402962][T14335] 
[  820.402974][T14335] CPU: 0 UID: 0 PID: 14335 Comm: syz.2.1920 Not tainted syzkaller #0 PREEMPT(full) 
[  820.403003][T14335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  820.403018][T14335] Call Trace:
[  820.403026][T14335]  <TASK>
[  820.403035][T14335]  dump_stack_lvl+0x116/0x1f0
[  820.403064][T14335]  print_report+0xcd/0x630
[  820.403096][T14335]  ? __virt_addr_valid+0x81/0x610
[  820.403128][T14335]  ? __phys_addr+0xe8/0x180
[  820.403160][T14335]  ? fbcon_prepare_logo+0xa03/0xc70
[  820.403195][T14335]  kasan_report+0xe0/0x110
[  820.403228][T14335]  ? fbcon_prepare_logo+0xa03/0xc70
[  820.403268][T14335]  kasan_check_range+0x100/0x1b0
[  820.403306][T14335]  __asan_memcpy+0x23/0x60
[  820.403330][T14335]  fbcon_prepare_logo+0xa03/0xc70
[  820.403373][T14335]  fbcon_init+0xd77/0x1900
[  820.403409][T14335]  ? __pfx_drm_fb_helper_set_par+0x10/0x10
[  820.403448][T14335]  visual_init+0x320/0x620
[  820.403485][T14335]  do_bind_con_driver.isra.0+0x57a/0xbf0
[  820.403515][T14335]  store_bind+0x61d/0x760
[  820.403540][T14335]  ? sysfs_file_kobj+0xe4/0x290
[  820.403567][T14335]  ? __pfx_store_bind+0x10/0x10
[  820.403590][T14335]  dev_attr_store+0x58/0x80
[  820.403625][T14335]  ? __pfx_dev_attr_store+0x10/0x10
[  820.403661][T14335]  sysfs_kf_write+0xf2/0x150
[  820.403687][T14335]  kernfs_fop_write_iter+0x3af/0x570
[  820.403727][T14335]  ? __pfx_sysfs_kf_write+0x10/0x10
[  820.403755][T14335]  iter_file_splice_write+0xa24/0x12e0
[  820.403789][T14335]  ? __pfx_iter_file_splice_write+0x10/0x10
[  820.403817][T14335]  ? __pfx_copy_splice_read+0x10/0x10
[  820.403865][T14335]  ? __pfx_iter_file_splice_write+0x10/0x10
[  820.403891][T14335]  direct_splice_actor+0x192/0x6c0
[  820.403916][T14335]  splice_direct_to_actor+0x345/0xa30
[  820.403948][T14335]  ? __pfx_direct_splice_actor+0x10/0x10
[  820.403975][T14335]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  820.404003][T14335]  do_splice_direct+0x174/0x240
[  820.404027][T14335]  ? __pfx_do_splice_direct+0x10/0x10
[  820.404050][T14335]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  820.404093][T14335]  ? rw_verify_area+0xcf/0x6c0
[  820.404116][T14335]  do_sendfile+0xb06/0xe50
[  820.404143][T14335]  ? __pfx_do_sendfile+0x10/0x10
[  820.404169][T14335]  ? __x64_sys_futex+0x1e0/0x4c0
[  820.404202][T14335]  ? __x64_sys_futex+0x1e9/0x4c0
[  820.404237][T14335]  __x64_sys_sendfile64+0x1d8/0x220
[  820.404270][T14335]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[  820.404307][T14335]  do_syscall_64+0xcd/0xfa0
[  820.404335][T14335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  820.404360][T14335] RIP: 0033:0x7f9dc2d8f6c9
[  820.404378][T14335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  820.404403][T14335] RSP: 002b:00007f9dc3bd7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  820.404426][T14335] RAX: ffffffffffffffda RBX: 00007f9dc2fe6270 RCX: 00007f9dc2d8f6c9
[  820.404443][T14335] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003
[  820.404458][T14335] RBP: 00007f9dc2e11f91 R08: 0000000000000000 R09: 0000000000000000
[  820.404473][T14335] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[  820.404489][T14335] R13: 00007f9dc2fe6308 R14: 00007f9dc2fe6270 R15: 00007fffdfbff428
[  820.404514][T14335]  </TASK>
[  820.404522][T14335] 
[  820.404528][T14335] Allocated by task 14070:
[  820.404540][T14335]  kasan_save_stack+0x33/0x60
[  820.404566][T14335]  kasan_save_track+0x14/0x30
[  820.404592][T14335]  __kasan_kmalloc+0xaa/0xb0
[  820.404618][T14335]  __kmalloc_node_track_caller_noprof+0x345/0x8a0
[  820.404649][T14335]  kstrdup+0x53/0x100
[  820.404671][T14335]  kstrdup_const+0x63/0x80
[  820.404695][T14335]  __kernfs_new_node+0x9b/0x8e0
[  820.404723][T14335]  kernfs_new_node+0x13c/0x1e0
[  820.404756][T14335]  kernfs_create_dir_ns+0x4c/0x1a0
[  820.404791][T14335]  sysfs_create_dir_ns+0x13a/0x2b0
[  820.404818][T14335]  kobject_add_internal+0x2c4/0x9b0
[  820.404848][T14335]  kobject_init_and_add+0x11b/0x190
[  820.404879][T14335]  netdev_queue_update_kobjects+0x32d/0x720
[  820.404908][T14335]  netdev_register_kobject+0x2b3/0x3d0
[  820.404936][T14335]  register_netdevice+0x13dc/0x2270
[  820.404969][T14335]  bond_newlink+0x6a/0x100
[  820.405000][T14335]  rtnl_newlink+0xc45/0x2000
[  820.405024][T14335]  rtnetlink_rcv_msg+0x95e/0xe90
[  820.405047][T14335]  netlink_rcv_skb+0x158/0x420
[  820.405071][T14335]  netlink_unicast+0x5aa/0x870
[  820.405094][T14335]  netlink_sendmsg+0x8c8/0xdd0
[  820.405116][T14335]  __sys_sendto+0x4a3/0x520
[  820.405150][T14335]  __x64_sys_sendto+0xe0/0x1c0
[  820.405185][T14335]  do_syscall_64+0xcd/0xfa0
[  820.405209][T14335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  820.405232][T14335] 
[  820.405237][T14335] The buggy address belongs to the object at ffff888078056700
[  820.405237][T14335]  which belongs to the cache kmalloc-8 of size 8
[  820.405256][T14335] The buggy address is located 13 bytes to the right of
[  820.405256][T14335]  allocated 5-byte region [ffff888078056700, ffff888078056705)
[  820.405281][T14335] 
[  820.405287][T14335] The buggy address belongs to the physical page:
[  820.405304][T14335] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78056
[  820.405326][T14335] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  820.405345][T14335] page_type: f5(slab)
[  820.405366][T14335] raw: 00fff00000000000 ffff88813ffa6500 dead000000000100 dead000000000122
[  820.405387][T14335] raw: 0000000000000000 0000000000800080 00000000f5000000 0000000000000000
[  820.405401][T14335] page dumped because: kasan: bad access detected
[  820.405416][T14335] page_owner tracks the page as allocated
[  820.405424][T14335] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 9715, tgid 9713 (syz.1.947), ts 418445000446, free_ts 418363820269
[  820.405465][T14335]  post_alloc_hook+0x1c0/0x230
[  820.405501][T14335]  get_page_from_freelist+0x10a3/0x3a30
[  820.405524][T14335]  __alloc_frozen_pages_noprof+0x25f/0x2470
[  820.405547][T14335]  alloc_pages_mpol+0x1fb/0x550
[  820.405577][T14335]  new_slab+0x24a/0x360
[  820.405611][T14335]  ___slab_alloc+0xdae/0x1a60
[  820.405646][T14335]  __slab_alloc.constprop.0+0x63/0x110
[  820.405684][T14335]  __kvmalloc_node_noprof+0x5aa/0x9c0
[  820.405710][T14335]  proc_sys_call_handler+0x286/0x570
[  820.405742][T14335]  iter_file_splice_write+0xa24/0x12e0
[  820.405765][T14335]  direct_splice_actor+0x192/0x6c0
[  820.405786][T14335]  splice_direct_to_actor+0x345/0xa30
[  820.405808][T14335]  do_splice_direct+0x174/0x240
[  820.405828][T14335]  do_sendfile+0xb06/0xe50
[  820.405849][T14335]  __x64_sys_sendfile64+0x1d8/0x220
[  820.405879][T14335]  do_syscall_64+0xcd/0xfa0
[  820.405904][T14335] page last free pid 15 tgid 15 stack trace:
[  820.405916][T14335]  __free_frozen_pages+0x7df/0x1160
[  820.405956][T14335]  tlb_remove_table_rcu+0x121/0x320
[  820.405991][T14335]  rcu_core+0x79c/0x1530
[  820.406010][T14335]  handle_softirqs+0x219/0x8e0
[  820.406036][T14335]  __irq_exit_rcu+0x109/0x170
[  820.406061][T14335]  irq_exit_rcu+0x9/0x30
[  820.406085][T14335]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  820.406109][T14335]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  820.406135][T14335] 
[  820.406140][T14335] Memory state around the buggy address:
[  820.406151][T14335]  ffff888078056600: 06 fc fc fc 05 fc fc fc 05 fc fc fc 06 fc fc fc
[  820.406168][T14335]  ffff888078056680: 00 fc fc fc 05 fc fc fc 05 fc fc fc fa fc fc fc
[  820.406185][T14335] >ffff888078056700: 05 fc fc fc 05 fc fc fc 06 fc fc fc 06 fc fc fc
[  820.406199][T14335]                          ^
[  820.406211][T14335]  ffff888078056780: 02 fc fc fc 05 fc fc fc 05 fc fc fc 00 fc fc fc
[  820.406227][T14335]  ffff888078056800: 06 fc fc fc fa fc fc fc 00 fc fc fc 05 fc fc fc
[  820.406241][T14335] ==================================================================
[  820.406255][T14335] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  820.406270][T14335] CPU: 0 UID: 0 PID: 14335 Comm: syz.2.1920 Not tainted syzkaller #0 PREEMPT(full) 
[  820.406299][T14335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  820.406314][T14335] Call Trace:
[  820.406321][T14335]  <TASK>
[  820.406330][T14335]  dump_stack_lvl+0x3d/0x1f0
[  820.406357][T14335]  vpanic+0x640/0x6f0
[  820.406392][T14335]  panic+0xca/0xd0
[  820.406426][T14335]  ? __pfx_panic+0x10/0x10
[  820.406467][T14335]  check_panic_on_warn+0xab/0xb0
[  820.406504][T14335]  end_report+0x107/0x170
[  820.406535][T14335]  kasan_report+0xee/0x110
[  820.406567][T14335]  ? fbcon_prepare_logo+0xa03/0xc70
[  820.406607][T14335]  kasan_check_range+0x100/0x1b0
[  820.406645][T14335]  __asan_memcpy+0x23/0x60
[  820.406669][T14335]  fbcon_prepare_logo+0xa03/0xc70
[  820.406711][T14335]  fbcon_init+0xd77/0x1900
[  820.406747][T14335]  ? __pfx_drm_fb_helper_set_par+0x10/0x10
[  820.406785][T14335]  visual_init+0x320/0x620
[  820.406822][T14335]  do_bind_con_driver.isra.0+0x57a/0xbf0
[  820.406852][T14335]  store_bind+0x61d/0x760
[  820.406877][T14335]  ? sysfs_file_kobj+0xe4/0x290
[  820.406903][T14335]  ? __pfx_store_bind+0x10/0x10
[  820.406926][T14335]  dev_attr_store+0x58/0x80
[  820.406968][T14335]  ? __pfx_dev_attr_store+0x10/0x10
[  820.407004][T14335]  sysfs_kf_write+0xf2/0x150
[  820.407030][T14335]  kernfs_fop_write_iter+0x3af/0x570
[  820.407070][T14335]  ? __pfx_sysfs_kf_write+0x10/0x10
[  820.407098][T14335]  iter_file_splice_write+0xa24/0x12e0
[  820.407132][T14335]  ? __pfx_iter_file_splice_write+0x10/0x10
[  820.407161][T14335]  ? __pfx_copy_splice_read+0x10/0x10
[  820.407209][T14335]  ? __pfx_iter_file_splice_write+0x10/0x10
[  820.407235][T14335]  direct_splice_actor+0x192/0x6c0
[  820.407261][T14335]  splice_direct_to_actor+0x345/0xa30
[  820.407286][T14335]  ? __pfx_direct_splice_actor+0x10/0x10
[  820.407313][T14335]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  820.407342][T14335]  do_splice_direct+0x174/0x240
[  820.407366][T14335]  ? __pfx_do_splice_direct+0x10/0x10
[  820.407389][T14335]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  820.407435][T14335]  ? rw_verify_area+0xcf/0x6c0
[  820.407458][T14335]  do_sendfile+0xb06/0xe50
[  820.407484][T14335]  ? __pfx_do_sendfile+0x10/0x10
[  820.407511][T14335]  ? __x64_sys_futex+0x1e0/0x4c0
[  820.407544][T14335]  ? __x64_sys_futex+0x1e9/0x4c0
[  820.407580][T14335]  __x64_sys_sendfile64+0x1d8/0x220
[  820.407612][T14335]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[  820.407650][T14335]  do_syscall_64+0xcd/0xfa0
[  820.407699][T14335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  820.407725][T14335] RIP: 0033:0x7f9dc2d8f6c9
[  820.407743][T14335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  820.407768][T14335] RSP: 002b:00007f9dc3bd7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  820.407791][T14335] RAX: ffffffffffffffda RBX: 00007f9dc2fe6270 RCX: 00007f9dc2d8f6c9
[  820.407809][T14335] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003
[  820.407824][T14335] RBP: 00007f9dc2e11f91 R08: 0000000000000000 R09: 0000000000000000
[  820.407840][T14335] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[  820.407855][T14335] R13: 00007f9dc2fe6308 R14: 00007f9dc2fe6270 R15: 00007fffdfbff428
[  820.407880][T14335]  </TASK>
[  820.407961][T14335] Kernel Offset: disabled