last executing test programs:

11.166588985s ago: executing program 1 (id=278):
unshare$auto(0x40000080)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000)
recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
madvise$auto(0x1, 0xffffffff, 0x6)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/fcloop/ctl/add_local_port\x00', 0xa001, 0x0)
write$auto(0x3, 0x0, 0x7fffffff)
socket(0x23, 0x80805, 0x0)
sendto$auto(0x3, 0x0, 0x2000f, 0x101, 0x0, 0x1c)
setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9)
write$auto(0x3, 0x0, 0xfffffdef)
connect$auto(0x3, 0x0, 0x55)

11.032138245s ago: executing program 2 (id=279):
seccomp$auto(0x0, 0x2, 0x0)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/mcfilter\x00', 0x101000, 0x0)
pread64$auto(r0, 0x0, 0x8, 0x5)

10.955520862s ago: executing program 0 (id=280):
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
timerfd_create$auto(0x9, 0x0)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/pagemap\x00', 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0)
r2 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$auto__ctl_fops_dm_ioctl(r2, 0x9c7, &(0x7f0000000140)="2121fc7619b76a0d579b7b274c8fcf54c0d0d88293e138ec12334b63c7a2b2eb39ba140cca645e569fdbe7e994117be717c69f825b98760c1ef61c64a56010ff2d2e1c11fa88fc36b5a6c3ac20bf22b0c6d3876283e91e62fbf7f86bcde588ac8af6107b569620bc2cf82a9678f6b270c4050f93a22fbfc1397404fb3a50f8cd20e7ca48817b4ee7bc6fa1796c7047e27ef5f48041f80eb49d10e3ceb8bfb5d35d0c1c09e6c1bf30ad8cbaeeded35c13d5ece8e5fd7f52ae6ed7f66a4248281bec9b1f7d3c41599f0c9522fc54e8d6ae3a5d42b57ace18ff64a10b5296c37951479b56cb6a294dfc7b75c3469b08d59bbbc50247d8")
ioctl$auto(0x3, 0xc018aec0, r0)
setresuid$auto(0x2, 0x7, 0x8080)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/nbd14/make-it-fail\x00', 0x501087, 0x0)
write$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000040)='\t', 0x1)
timerfd_settime$auto(0x2, 0x1, 0x0, 0xfffffffffffffffc)

10.645564481s ago: executing program 2 (id=281):
socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
timerfd_settime$auto(0xffffffffffffffff, 0x1, &(0x7f00000005c0)={{0x34260632, 0x9}, {0xfffffffffffffffb, 0x3}}, 0x0)
nanosleep$auto(&(0x7f0000000180)={0x0, 0x44d4}, 0x0)
getpid()
clock_nanosleep$auto(0x9, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0xe97f, 0xdf, 0xeb1, 0x402, 0x8000)
r0 = socket(0xa, 0x3, 0x4)
getsockopt$auto(r0, 0xff, 0x7, 0x0, 0x0)
keyctl$auto(0x7, 0xfffffffb, 0x2, 0x0, 0x8)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0xf, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
mmap$auto(0x0, 0x2020009, 0x6, 0xeb0, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0xffffffffffffffff, 0x8)
socket(0xa, 0x2, 0x0)
r2 = socket(0x22, 0x3, 0x1)
connect$auto(r2, 0x0, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)

10.39406871s ago: executing program 1 (id=282):
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x5, 0x0)
socket(0x2, 0x801, 0x100)
socket(0x25, 0x1, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/block/parameters/events_dfl_poll_msecs\x00', 0x80002, 0x0)
mmap$auto(0x0, 0x4000b, 0x7, 0x9b72, 0x7, 0x28000)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
inotify_init1$auto(0x3000000000000)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x25, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x15, 0x5, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/cgroup\x00', 0x100382, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x2, 0x0)
inotify_init1$auto(0x3000000000000)
socket(0xa, 0x2, 0x3a)
r0 = io_uring_setup$auto(0x4, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, r0, 0x0)
open(0x0, 0x22240, 0x55)
openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$auto(0x3, 0x40106f52, r1)

10.039930102s ago: executing program 0 (id=283):
mmap$auto(0x0, 0x8, 0x4000000000df, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty53\x00', 0x200, 0x0)
syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000000), 0xffffffffffffffff)
r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0x7, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x2, 0x3, 0x95f4da0a, 0xefffffffffffffff, 0x3, 0x62, 0x80000001, 0x10000000000004, 0x6d40, 0x1, 0x2, 0xfffffffffffffffe]}, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r1 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(r1, 0x40104d14, r1)
ioctl$auto(0xffffffffffffffff, 0x5522, 0xf15)
ioctl$auto_VHOST_SET_VRING_NUM(r0, 0x4008af10, &(0x7f0000000280)={0x9, 0x81})
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
msgctl$auto_MSG_STAT_ANY(0x10000, 0xd, &(0x7f0000000340)={{0xa0, 0xee01, 0xee01, 0x7, 0x3, 0x5, 0x9dc4}, &(0x7f00000000c0)=0x4, 0x0, 0x1, 0x5dd8, 0x7fff, 0xb12, 0x2, 0x8000, 0x4, 0xac0, @inferred, @inferred=0xffffffffffffffff})
setfsuid$auto(0xee00)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/arp_validate\x00', 0x20042, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x202, 0x0)
mmap$auto(0x0, 0x7, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000)
write$auto(0xca, 0x0, 0x1ff)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv6/neigh/bond_slave_1/proxy_qlen\x00', 0x40001, 0x0)
mmap$auto(0x9, 0x20007, 0xffffffffffff7fff, 0xeb1, 0xfffffffffffffffd, 0x40000007ffe)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8094}, 0x40000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
r2 = socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54)
fsconfig$auto_HIDEPID_OFF(r2, 0x3ff, &(0x7f0000000280)='/sys/devices/virtual/net/nr12/address\x00', &(0x7f0000000380)="d06dcecd5b21824cba9e7ba66a3bc2fb9a1edf72dd77bb162f6c2df60e4417e2a9d33deb35d03f15a78958adc02a2a57bda02db8f9e74d", 0x0)

9.369808244s ago: executing program 3 (id=284):
openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000)
recvfrom$auto(0x3, 0x0, 0x800000000e, 0x102, 0x0, 0xfffffffffffffffd)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0)
connect$auto(0x3, 0x0, 0x55)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x4000, 0x2003f0, 0x15)
r2 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000200), 0x101802, 0x0)
ioctl$auto_SNDRV_TIMER_IOCTL_NEXT_DEVICE(r2, 0xc0145401, &(0x7f0000000080)={0x3, 0x1, 0x800000ff, 0x6, 0x10000})
madvise$auto(0x0, 0x200007, 0x19)

9.269842941s ago: executing program 1 (id=285):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000)
close_range$auto(0x0, 0xffffeffe, 0x2)
pipe$auto(0x0)
socket$nl_generic(0x10, 0x3, 0x10)
io_uring_setup$auto(0x2, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
socket(0x2, 0x2, 0x0)
bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@generic={0x6, "474d384764a1de716214edc23615"}, 0x54)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000080)=""/19, 0x13)
close_range$auto(0x2, 0x8, 0x0)
socket(0x21, 0x2, 0x2)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x6a200, 0x0)
mmap$auto(0x6000000, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
madvise$auto(0x110c230000, 0x1, 0x9)
preadv$auto(0x40000000000003, 0x0, 0x6, 0x8, 0x5)
flock$auto(0xffffffffffffffff, 0x2)
flock$auto(0xffffffffffffffff, 0x2)
bind$auto(0x3, 0x0, 0x406a)
bind$auto(0x3, 0x0, 0x6a)
madvise$auto(0x0, 0x200007, 0x19)
move_pages$auto(0x0, 0xd0, 0x0, 0x0, 0x0, 0x2)
socketpair$auto(0x8, 0x2, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8000, 0x0)

8.758608729s ago: executing program 2 (id=286):
openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0x7ffffffff000, 0x8004, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0x1a, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0x7f, 0xeb1, 0x401, 0x8000)
socketpair$auto(0xa, 0x2, 0x8000000000000000, 0x0)
r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0)
ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x4, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/pci0000:00/waiting_for_supplier\x00', 0x80800, 0x0)
bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_4={0x1e, 0x4, 0x3, 0x8}, 0x6f4)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x400000000001ff, 0x7, 0x9, 0x1, 0x4, 0x3, 0x9, 0x5, 0x3, 0x62, 0x8002001f, 0x79d, 0x6d3e, 0xc, 0x6, 0x9]}, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80802, 0x0)
socket(0x2b, 0x1, 0x0)
mbind$auto(0x2000, 0x100000004, 0x5, 0x0, 0xffffffffffffff39, 0xffffffff)

8.27267334s ago: executing program 3 (id=287):
openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x2, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x2, 0x1, 0x106)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55)
syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000080), r0)
mmap$auto(0x10000000000, 0x7, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000)
write$auto(0xffffffffffffffff, 0x0, 0x8)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv6/neigh/bond_slave_1/proxy_qlen\x00', 0x40001, 0x0)
mmap$auto(0x9, 0x20007, 0xffffffffffff7fff, 0xeb1, 0xfffffffffffffffd, 0x40000007ffe)
mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, r1, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8094}, 0x40000)
close_range$auto(0x2, 0x8, 0x0)
socket(0xf, 0x80002, 0xf3)
r2 = socket(0x22, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000140)=@vsock={0x28, 0x0, 0x2710, @local}, 0x4)
r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
ioctl$auto_BLKFLSBUF(r3, 0x1261, 0x0)
read$auto(0x3, 0x0, 0x7ffffffff000)
connect$auto(r3, &(0x7f0000000100)=@vsock={0x28, 0x0, 0xffffffff, @host}, 0x54)
fsconfig$auto_HIDEPID_OFF(r2, 0x3ff, &(0x7f0000000540)='/sys/devices/virt.0\xa6\x98\x1b\xa4\xfa\xcd\xd0\x9ee\x00\x02\x00\x00al/n?<\x04*c\xbb\x7fQ2M#g\xbc\x17W\x19r7\x19vD\x0f\xa8\x82ho{c0\xc1\x0f&\xf5\xfeSQ\x16\x10W3\xe6\xf6\xee|\xdf\xbe^\xf1\xb4h\x1aR\xcbc\xff\x03\t\xe3CT\xfe\xd8\xe4\xda`9\x9f\xa2l\x17{\xa5) ^R\xe6\xe5N\xdd$\xe11\xe9R\x8f\xbf\xfc\"\x01\x17O\xbdU\xae\xe21^L\xb5\xf9\x1c\xdb\x13}B\x9ez6q\xf8\a\x00\x00\x00\x00\x00\x00w\xe8\xcd\x87\v\x13[p\xf4\xf6p_\xbd\x9f\xa8A\'\xdcA\x03\x19\x82oI\xab[c\xe4\xf5\x01\x06\x18\x7fH-6\x04\xbb\x16\x1a\xae\xd6BG2\xf5\xbaO\xb5\xd25\x06V\xc0oS\x172\xc7&\"mYV\x1b$\x9b\xb5\xf4ALi\xb5\xf9\xddJb\xfa\x1cZo\xe6\xc5[\xb8', &(0x7f0000000380)="d06dcecd5b21824cba9e7ba66a3bc2fb9a1edf72c47707002f6c2df60c44ea172ef3ec28486405e7d21f17e20300000000000000000058adc02a", 0x0)
io_uring_setup$auto(0x5, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv4/conf/macvlan1/shared_media\x00', 0x50b780, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x274401, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vhci_hcd.8/usb25/25-0:1.0/ep_81/power/runtime_suspended_time\x00', 0x101800, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x9)
socket(0x2, 0x801, 0x100)

7.749524992s ago: executing program 0 (id=288):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x0, 0x4000005, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
r0 = socket(0x10, 0x2, 0x3)
r1 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000280), 0xffffffffffffffff)
io_submit$auto(0x2, 0x0, &(0x7f0000000040)=&(0x7f0000000000)={0x7fff, 0xb, 0x80008, 0x3, 0x4, 0x3b, 0x2, 0x2, 0x1002, 0x0, 0x7})
writev$auto(0xc8, &(0x7f00000028c0)={&(0x7f0000000000), 0x200}, 0x9)
sendmsg$auto_SEG6_CMD_SETHMAC(r0, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f00000008c0)={0x28, r1, 0xf1b, 0x70bd2a, 0x25dfdbff, {}, [@SEG6_ATTR_DST={0x14, 0x1, @remote}]}, 0x28}, 0x1, 0x0, 0x0, 0x44040}, 0x8040)
mlockall$auto(0x5)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)

7.668848226s ago: executing program 1 (id=289):
syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), 0xffffffffffffffff)
rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0x200007, 0x19)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/softnet_stat\x00', 0x40102, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080)
r0 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0)
readv$auto(r0, &(0x7f0000000680)={0x0, 0x40200}, 0x3)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000)
mmap$auto(0x0, 0x40009, 0x3, 0x38, 0xffffffffffffffff, 0x28000)
unshare$auto(0x8)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/kvm_amd/parameters/pause_filter_thresh\x00', 0x200, 0x0)
read$auto(r1, 0x0, 0x1)
close_range$auto(0x2, 0x8, 0x0)
r2 = landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0)
read$auto_proc_pid_maps_operations_internal(r2, &(0x7f00000001c0)=""/204, 0xcc)
openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x20040, 0x0)
openat$auto_trace_options_core_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/options/latency-format\x00', 0x121082, 0x0)
writev$auto(0x4, &(0x7f0000000080)={0x0, 0x8}, 0x1)
mmap$auto(0x0, 0x202000c, 0x126, 0xf8, 0xffffffffffffffff, 0x208000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0)
openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, 0x0, 0x100, 0x0)
mmap$auto(0x3, 0x20009, 0x2b, 0xeb1, r0, 0xd1a)
r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ptyz4\x00', 0x0, 0x0)
ioctl$auto_TIOCSTI2(r3, 0x5412, &(0x7f0000000000))
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000)
read$auto(0x3, 0x0, 0x80)

7.051418137s ago: executing program 3 (id=290):
unshare$auto(0x40000080)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000)
recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
madvise$auto(0x1, 0xffffffff, 0x6)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/fcloop/ctl/add_local_port\x00', 0xa001, 0x0)
write$auto(0x3, 0x0, 0x7fffffff)
socket(0x23, 0x80805, 0x0)
sendto$auto(0x3, 0x0, 0x2000f, 0x101, 0x0, 0x1c)
setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9)
write$auto(0x3, 0x0, 0xfffffdef)
connect$auto(0x3, 0x0, 0x55)

6.702049571s ago: executing program 0 (id=291):
write$auto(0xffffffffffffffff, 0x0, 0x81)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x82002, 0x0)
mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
write$auto(0x3, 0x0, 0x7fffffff)
openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/pcmC1D0c\x00', 0x80080, 0x0)
write$auto(0x1, 0x0, 0x80000000)
preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5)
newfstatat$auto(0xffffffffffffffff, 0x0, &(0x7f0000000380)={0x8, 0x6, 0xa9, 0x0, 0x0, 0xee01, 0x0, 0x2000000006, 0x20000000000003, 0x0, 0x7, 0x8, 0x5, 0x1000000001, 0x4, 0x1, 0x53}, 0x1)
ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, 0x0, 0x8)
socket(0x21, 0x80000, 0x3)
prctl$auto(0x21, 0x0, 0x1, 0x0, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop0\x00', 0x60742, 0x0)
write$auto(0x3, 0x0, 0x7fffffff)
lseek$auto(0x3, 0x0, 0x1)
socket(0x2, 0x3, 0x2)
mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000)
r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC2\x00', 0x101e01, 0x0)
ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x6)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/kernel/bpf_stats_enabled\x00', 0x20200, 0x0)
preadv$auto(r1, &(0x7f0000000240)={0x0, 0x9}, 0xc, 0x9, 0x400)
unshare$auto(0x40000080)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)

6.64009242s ago: executing program 2 (id=292):
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYBLOB="6a0051b1"], 0x1ac}, 0x1, 0x0, 0x0, 0x40814}, 0x2004c0c4)
mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000)
r1 = openat$auto_ecryptfs_dir_fops_ecryptfs_kernel(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/mac80211_hwsim/hwsim15\x00', 0x30040, 0x0)
read$auto_ecryptfs_dir_fops_ecryptfs_kernel(r1, &(0x7f0000000140)=""/23, 0x17)
r2 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r5 = openat$auto_force_suspend_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/bluetooth/hci2/force_suspend\x00', 0x201, 0x0)
write$auto_force_suspend_fops_hci_vhci(r5, &(0x7f0000000280)="59912e286d", 0x5)
sendmsg$auto_NL80211_CMD_SET_TID_TO_LINK_MAPPING(r3, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000300)={&(0x7f0000000580)=ANY=[@ANYBLOB="18010000", @ANYRES16=r4, @ANYBLOB="010028bd7000fbdbdf259b00000004010e8004000100f300020008d64e11e2e2a96cf7b3f6d10ef675ffd6d03c03fae96dddc5f8c9777e829d9adb716ad40e737196c455127020c5d40c2f40731720630ed61af536debc0731772fafa853323d5381702d84451fa2b5212b393ed86483526df62548d0b7adcd30f5e266e84bcd2a9aa7ff340bbad15921b45609e8689a9539663dac0729003ef99d2a47d02330049f4c4de253230bfd747a5cd2ade082f616cadd6c3b4d619b8679c47528031aa3c1460c5dd570d8ad796bd6444ce5be4eea7aa987c79333200b17b1132887f4b550e5795092678026a0ef791739485ef35bfe08fdb6714942bb9692ad10d3c221f894bf9e6d6fd8950004000100040001002a8eac01b8d3ee4423def07270f098b4b5c168dd24d57100e26bc67f12bb604014fc348f8e7c11f88f75da3d2dc66a99d6061072570bd16b5f92f583f65be8ab88"], 0x118}, 0x1, 0x0, 0x0, 0x20040800}, 0xc0)
ioctl$auto_XFS_IOC_ERROR_INJECTION(r2, 0x40085874, &(0x7f0000000180)={r3, 0xfff})
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
syz_clone3(&(0x7f00000004c0)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/neigh/veth0_virt_wifi/base_reachable_time\x00', 0x0, 0x0)
socket(0x2, 0x1, 0x0)
epoll_create$auto(0x4)
epoll_wait$auto(0x5, 0x0, 0x2, 0xfffffffd)
mlock$auto(0xfbe8, 0x1000000000000004)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
mmap$auto(0x0, 0x1004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
getsid$auto(0xffffffffffffffff)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)

5.854475184s ago: executing program 3 (id=293):
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/i8042/serio1/power/wakeup_last_time_ms\x00', 0x1a1842, 0x0)
unshare$auto(0x40000080)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = open(0x0, 0x44, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20b42, 0x0)
read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000280)=""/65, 0x41)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2)
syz_clone3(&(0x7f0000000140)={0x11850100, 0x0, 0x0, 0x0, {0x100034}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58)
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ppoll$auto(0x0, 0x9, 0x0, 0x0, 0x8)
madvise$auto(0x0, 0x200007, 0x19)
syz_clone3(0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
futex_wait$auto(0x0, 0x0, 0x7f, 0x2, 0x0, 0x1)
futex_wake$auto(0x0, 0x6, 0xfffffffa, 0x6)
sysfs$auto(0x2, 0x23, 0x0)
r1 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0)
write$auto(r1, 0x0, 0x4)
mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x4006, 0x2)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_VERSION_SET(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000001}, 0x4010)
openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
unshare$auto(0x40000080)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x62c00, 0x0)
close_range$auto(0x2, 0xa, 0x0)

4.465126862s ago: executing program 3 (id=294):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000340)='/proc/thread-self/net/dev_mcast\x00', 0x404080, 0x0)
write$auto(r0, 0x0, 0x7ef)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/mac80211_hwsim/hwsim1/net/wlan1/type\x00', 0x0, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000040)=""/116, 0x74)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0)
socket(0x1, 0x3, 0x100)
modify_ldt$auto(0x1, 0x0, 0x10)
pread64$auto(0xffffffffffffffff, 0x0, 0x7ff, 0x400)
r2 = socket(0x2, 0x1, 0x0)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0)
write$auto(r3, &(0x7f0000000440)='/Eev/audio1\x00VI\xa3\xaa\xb1\x05\x00\x00\x00\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\x89C:\xc3\xcbx*=\x12\xb4q\xeeC\x81\n\\_\x04D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\x9e\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00', 0x100000a3d9)
syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000100), r2)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x6, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x8cec, 0x6]}, 0x0)
r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0)
sendfile$auto(r4, r4, 0x0, 0x0)
mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x80400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0xffffffffffffbfff)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
madvise$auto(0x0, 0x200007, 0x19)
openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
close_range$auto(0x2, 0x8, 0x0)

4.336988591s ago: executing program 1 (id=295):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
ioprio_get$auto_IOPRIO_WHO_PROCESS(0x1, 0x0)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
mmap$auto(0x0, 0x20009, 0x7, 0xeb1, 0x405, 0x8000)
connect$auto(0x3, 0x0, 0x55)
ioprio_set$auto(0x1, 0x0, 0x0)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x4, 0x0)
r4 = socket(0x1e, 0x4, 0x0)
get_robust_list$auto(0x0, 0x0, 0x0)
setsockopt$auto(r4, 0x10f, 0x87, 0x0, 0x14)
setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14)
sendto$auto(0x4, 0x0, 0xff, 0x6, 0x0, 0xe)
close_range$auto(0x2, 0x8, 0x0)
ioprio_get$auto(0x3, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
open(0x0, 0x7ffd, 0x12)
kexec_load$auto(0x9, 0x0, 0x0, 0x1003e0000)
close_range$auto(0x2, 0x8, 0x0)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0)
close_range$auto(0x2, 0x8, 0x0)
close_range$auto(r2, r0, 0x8)
sendmsg$auto_NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)={0xb, r1, 0x1, 0x70bd27, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4000801}, 0x4004010)

4.312351227s ago: executing program 0 (id=296):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/audio\x00', 0x0, 0x0)
ioctl$auto_SNDCTL_DSP_RESET(r0, 0x5000, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x4000000eb1, 0x401, 0x8000)
socketpair$auto(0x1e, 0x1, 0xffffffff, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
sysfs$auto(0x2, 0x41, 0x0)
fsconfig$auto(0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0)
ioctl$auto_TIOCNXCL2(0xffffffffffffffff, 0x540d, &(0x7f0000000500))
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0}, 0x8000)
r1 = io_uring_setup$auto(0x6, 0x0)
r2 = socket(0x2, 0x3, 0xa)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x2000000, 0xe981, 0x3, 0x80eb3, r1, 0x7fff)
recvmmsg$auto(r2, 0x0, 0x400fffd, 0x80000001, 0x0)
sendmmsg$auto(0x3, 0x0, 0x10000007, 0x2)
ioperm$auto(0x400, 0x7f, 0xd)
semctl$auto(0x0, 0xe3, 0x0, 0x5)
lsm_set_self_attr$auto(0x1, 0x0, 0x7, 0x6)
openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket(0xd45a78b599bc539, 0x2, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_HWSIM_CMD_DEL_RADIO(r3, 0x0, 0x10)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x5)
unshare$auto(0x40000080)

1.853367791s ago: executing program 2 (id=297):
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x129800, 0x0)
r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) (async)
mmap$auto(0x6, 0x400009, 0x10000000000c, 0x9b70, 0x2, 0x9)
clock_getres$auto(0x2, 0x0) (async)
openat$auto_severities_coverage_fops_severity(0xffffffffffffff9c, &(0x7f0000000080), 0x18141, 0x0) (async)
unshare$auto(0x400)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon13\x00', 0x2702, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
select$auto(0xd, 0x0, &(0x7f0000000100)={[0x20000000000d, 0x203, 0x0, 0xc, 0x5, 0x3, 0xff, 0x2000000000000002, 0x9, 0xfffffffffffff761, 0x103, 0xa, 0x4, 0x7fff, 0x5, 0x4006]}, 0x0, 0x0)
pidfd_open$auto(0x1, 0x0) (async)
ioctl$auto(0x3, 0x80000541b, 0xffffffffffffffff)

768.166471ms ago: executing program 1 (id=298):
mmap$auto(0x0, 0x20008, 0x4000000000df, 0x40000000000eb1, 0x401, 0x7fff)
socket(0x2, 0x2, 0x0)
bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
recvmsg$auto(0x4, 0x0, 0x33c)
close_range$auto(0x2, 0x8, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000001f00), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000006c0)={0x2c, r1, 0x1, 0x70bd2c, 0x25dfdc01, {}, [@SMC_PNETID_ETHNAME={0xc, 0x2, '+o*#\x90\x80\x8b\x00'}, @SMC_PNETID_NAME={0xb, 0x1, 'netdev\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x840}, 0x40d0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000080)=""/19, 0x13)
close_range$auto(0x2, 0x8, 0x0)
socket(0x21, 0x2, 0x2)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x6a200, 0x0)
mmap$auto(0x6000000, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
r2 = socket(0x2b, 0x1, 0x1)
setsockopt$auto(r2, 0x29, 0x20, 0x0, 0x1f)
madvise$auto(0x118c230000, 0x1, 0x2)
preadv$auto(0x40000000000003, 0x0, 0x6, 0x8, 0x5)
flock$auto(0xffffffffffffffff, 0x2)
flock$auto(0xffffffffffffffff, 0x2)
bind$auto(0x3, 0x0, 0x406a)
bind$auto(0x3, 0x0, 0x6a)

473.51797ms ago: executing program 2 (id=299):
r0 = set_tid_address$auto(0x0)
ioprio_get$auto_IOPRIO_WHO_PROCESS(0x1, r0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(0xffffffffffffffff, &(0x7f0000000180)='/:$]\x00', 0x0)
r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
open(0x0, 0x7ffd, 0x12)
kexec_load$auto(0xb, 0x0, 0x0, 0x9)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0x2000040080000004, 0xe)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mount$auto(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f0000000100)='nfsd\x00\xee\x1a\x8fg\x1b\x04\xad>\x96\xe9IG\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\t\xf8p\xc6\x00\x00\x00\x00\xb9\xac\xde\x0e\x90\x18\xf1\x13I\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd\x14\x81\xbe\xab\xed\xd5MI\x830_\xc2\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xees\xf0\xc2\xad\xae\x99\xeb\xc5\xf0\"\x92\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14\x94o\x1b[\xa8]\x9b\x03\x95\xc3\xad\xad\x1d#oi|\x04\x93N\xfa\x17\xf3b\xf6', 0x4, 0x0)
getcwd$auto(0x0, 0xffffffffffffffff)
fspick$auto(r2, 0x0, 0x6)
madvise$auto(0xffffffffffffffff, 0x7fffffffffffffff, 0xa)
unshare$auto(0x20000080)
unshare$auto(0x40000080)
tgkill$auto(r0, r0, 0x3)
r3 = openat$auto_usbfs_devices_fops_usb(0xffffffffffffff9c, &(0x7f00000000c0), 0x109002, 0x0)
pread64$auto(r3, &(0x7f0000000240)='/dev/ubi_ctrl\x00', 0x9, 0x8)
r4 = io_uring_setup$auto(0x4c2, 0x0)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0)
r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/ip6_vti0/stable_secret\x00', 0x2, 0x0)
pwrite64$auto(r5, 0x0, 0x1, 0x27)
statmount$auto(0x0, &(0x7f0000000480)={0x8, 0x10000001, 0x1ff, 0x1, 0x1f, 0xfffffffffffffffc, 0x1ffde, 0x7, 0x1, 0x9, 0x9, 0x3, 0x4, 0x8, 0xb4, 0x4, 0x8, 0x10003, 0x80, 0x4, 0x0, 0xa, 0x22000, 0x20000200, 0x0, 0x3ff, 0x45f, 0x0, 0x17, 0x0, 0x6, [0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5, 0x0, 0x2, 0x0, 0x0, 0x1000000000000, 0x9, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x1, 0x8], "9564ab9dd611c59045bd2680593c0ce3b848923f852adc3a8ae46a6776560ed9c2f4aa4bb78712fd8506a3b8886b53bd546110a5b40d4e4a80c0c3e0e8c7ebfbaa4260ecab2dca14897d1c701e78330a25094459afa1ada15cd06f2238ad1e703d307621759b5c591cf52617700c8a01b111337abccfc61ff827c71bfccd49f96fd7ba4512c0a8e7977969607fbf05075291328fc04fe46ad09a0f4fc467b80ecea243359a97bbc3d000036175ed896b0c25405dc84564eb856b3c71c5ce07da1773"}, 0x6, 0x3)
ioctl$auto_TIOCVHANGUP2(r4, 0x5437, &(0x7f0000000380)="1dc62ab277eab7df57164f084de709ab1e2ec7f622f02bfe88fa8344a8a6b0e1f132d1434b895ed32a921068094bf01f3d13067f7c41f15cd41fa5687d155791c6162471ec21bdd0312a83d20976b65df3d7d0257497fabdfd5a189dc39a2e9162479c40f6584cf95a9df2c6c29df0d47181a6cbb1dd749f837101b6ab22753376ef69f3717b19af8d875feaa86598a37c74e654ed130aa4015733edc10fe3d12cb5cce848fa1814e4845e59581f2118f5e44ffc3892d6f3995ddb9c34679ce249fa")
mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000)

205.81912ms ago: executing program 3 (id=300):
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/mcfilter\x00', 0x101000, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd10/queue/nr_requests\x00', 0x82942, 0x0)
sendfile$auto(r1, r1, 0x0, 0x200)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x3498c2, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r4 = ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r3)
ioctl$auto_KVM_GET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)={0x2, 0x0, [{0x4b564d06, 0xe3, 0x100000007f}]})
openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/audit\x00', 0x40, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000002e40), 0xffffffffffffffff)
sendmsg$auto_SEG6_CMD_SET_TUNSRC(r5, &(0x7f0000002f00)={0x0, 0x0, &(0x7f0000002ec0)={&(0x7f0000002e80)={0x14, r6, 0x1, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4048c40}, 0x4)
sendmsg$auto_SEG6_CMD_DUMPHMAC(r4, &(0x7f0000000240)={&(0x7f0000000180), 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x2c, r6, 0x300, 0x70bd2d, 0x25dfdbfc, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xaa85}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x7f}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x4000040)
pselect6$auto(0x5, &(0x7f0000000400)={[0x8, 0x5, 0x0, 0x5, 0x8001, 0x6, 0xac, 0x2000009, 0x3, 0xffffffff, 0x7fffffffffffffff, 0x0, 0x1000, 0x2, 0x8, 0x3ff]}, 0x0, 0x0, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0)
r8 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f00000001c0), 0x200, 0x0)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000001440), 0xffffffffffffffff)
r9 = syz_genetlink_get_family_id$auto_nfc(&(0x7f00000015c0), 0xffffffffffffffff)
sendmsg$auto_NFC_CMD_STOP_POLL(0xffffffffffffffff, &(0x7f0000002680)={0x0, 0x0, &(0x7f0000002640)={&(0x7f0000001600)={0x14, r9, 0x1, 0x70bd28, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x40008d5}, 0x4010)
sendmsg$auto_NFC_CMD_ENABLE_SE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x2c, r9, 0x6, 0x70bd28, 0x25dfdbfc, {}, [@NFC_ATTR_FIRMWARE_NAME={0x5, 0x14, '.'}, @NFC_ATTR_COMM_MODE={0x5, 0xa, 0x9}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x80)
ioctl$auto_RNDGETENTCNT2(r8, 0x80045200, &(0x7f0000000200)=0x6)
landlock_restrict_self$auto(r7, 0x0)
execve$auto(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=&(0x7f0000000080)=',{\x00', &(0x7f0000000140)=&(0x7f0000000100)='}.\x00')
move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000)
pread64$auto(r0, 0x0, 0x8, 0x5)

0s ago: executing program 0 (id=301):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x7464c0, 0x0)
pidfd_open$auto(0x1, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/net/bond0/napi_defer_hard_irqs\x00', 0xc2481, 0x0)
futex$auto(&(0x7f00000003c0)=0x58, 0x5, 0x3, 0x0, 0x0, 0x2000005)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/51, 0x33)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6)
fadvise64$auto(0xffffffffffffffff, 0x8, 0x400000000000006, 0x4)
r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x40e00, 0x0)
pread64$auto(r2, 0x0, 0x3, 0x5ef6)
syz_genetlink_get_family_id$auto_netdev(&(0x7f0000001700), r1)
close_range$auto(0x2, 0xa, 0x0)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f)
r3 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, 0x0, 0x401, 0x0)
write$auto_proc_mem_operations_base(r3, 0x0, 0x0)
sendmsg$auto_ETHTOOL_MSG_PHY_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2404c092}, 0x80)
setsockopt$auto(0xffffffffffffffff, 0x9, 0x5, &(0x7f0000000280)='e\xde', 0x8)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/devices/platform/vhci_hcd.1/usb12/12-0:1.0/usb12-port6/power/runtime_status\x00', 0x80000, 0x0)
write$auto(0xca, &(0x7f00000000c0)='\x04>\x00\x02\x18\x00\x00\xd3b\x01\xbd\x9b@\xb0\x00\x00\x00\x84\xa2\\\x15\xc4>\xa9\x82,\xf9y\xc7p\xf1w\xbe\xde\xe8\xc3\x01#\xcc\tF\xb6\x95\xeeH\xf8}v\xb3\xcb(\xa90Abe\xc3\x8c\xcc\xe7\xb8\x00F\x89#\xb4\xf0F\xa1\xd5\x1e\x8f\t\x9dZ~\xea\xa3\x93\xc2\x04\xe1;b\x99\x85\x00\x00\x00\xe2E\x00\x00-a\xb6n\xbc\xb4=\xf8\xce\x01\x1f]\x85|\xce\xd7\xff\xff\xd3lb\xc5\xee\xdb\xcb\xbb\xd8\x00\x80\x00\x00\xe9e\xe5\x80\x1c\x02\"\xa7&8U\xfd\xdc\x15\xae\xfa5\xb8}\x0e\xb4:\x91\xbb5\xd3{\xb2\xd0\xc0\x93=\xf8E\xceO\x1e\xd5\x8f\xdf\xaa\x1c\xfd\xb0h\xd8\xbc\xecA\xa6\xde\xd1=\xfd)d\x8f\vk\x1c+\xf7, \xf8]\xb3\xe9B\x02\f\'\xcf0\x06', 0x1ff)
listmount$auto(0x0, 0x0, 0xf4240, 0x1)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
shmctl$auto_SHM_STAT_ANY(0x7, 0xf, &(0x7f0000000300)={{0x3fe, 0xee00, 0xffffffffffffffff, 0x9, 0xc53a, 0x29, 0xe}, 0x4, 0xffffffffffffffff, 0xff, 0x81, @raw=0x1, @inferred, 0x0, 0x0, 0x0, 0x0})
r4 = setfsgid$auto(0xee00)
fchown$auto(0xffffffffffffffff, 0xee00, r4)
mmap$auto(0x0, 0x10018, 0xdf, 0xeb1, 0x40000000000a5, 0x808000)
r5 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0)
ioctl$auto_UBI_IOCATT(r5, 0x40186f40, 0x0)
ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0)
fsconfig$auto(0xffffffffffffffff, 0x6, 0x0, 0x0, r4)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.187' (ED25519) to the list of known hosts.
[   98.653478][ T5834] cgroup: Unknown subsys name 'net'
[   98.792042][ T5834] cgroup: Unknown subsys name 'cpuset'
[   98.801759][ T5834] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  100.677412][ T5834] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  102.379831][ T1209] cfg80211: failed to load regulatory.db
[  102.880349][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  102.889366][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  102.907784][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  102.916252][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  102.924534][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  103.041652][ T5848] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  103.054895][ T5853] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  103.063935][ T5853] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  103.073270][ T5853] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  103.081862][ T5853] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  103.098656][ T5853] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  103.106623][ T5853] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  103.120780][ T5857] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  103.138947][ T5857] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  103.149165][ T5857] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  103.163608][   T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  103.172105][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  103.204248][ T5859] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  103.218651][ T5859] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  103.226890][ T5859] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  103.628369][ T5846] chnl_net:caif_netlink_parms(): no params data found
[  103.901644][ T5851] chnl_net:caif_netlink_parms(): no params data found
[  103.914617][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.922820][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.930567][ T5846] bridge_slave_0: entered allmulticast mode
[  103.938760][ T5846] bridge_slave_0: entered promiscuous mode
[  104.011955][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.019295][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.026510][ T5846] bridge_slave_1: entered allmulticast mode
[  104.036377][ T5846] bridge_slave_1: entered promiscuous mode
[  104.051701][ T5850] chnl_net:caif_netlink_parms(): no params data found
[  104.120657][ T5852] chnl_net:caif_netlink_parms(): no params data found
[  104.136543][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  104.160349][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  104.284508][ T5846] team0: Port device team_slave_0 added
[  104.306269][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.314457][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.324272][ T5851] bridge_slave_0: entered allmulticast mode
[  104.332083][ T5851] bridge_slave_0: entered promiscuous mode
[  104.365866][ T5846] team0: Port device team_slave_1 added
[  104.385528][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.393052][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.400532][ T5851] bridge_slave_1: entered allmulticast mode
[  104.408132][ T5851] bridge_slave_1: entered promiscuous mode
[  104.463560][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.471124][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.478549][ T5850] bridge_slave_0: entered allmulticast mode
[  104.485942][ T5850] bridge_slave_0: entered promiscuous mode
[  104.554484][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.561873][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.570885][ T5850] bridge_slave_1: entered allmulticast mode
[  104.578489][ T5850] bridge_slave_1: entered promiscuous mode
[  104.586836][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0
[  104.594513][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.620970][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.633488][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.640869][ T5852] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.648290][ T5852] bridge_slave_0: entered allmulticast mode
[  104.655836][ T5852] bridge_slave_0: entered promiscuous mode
[  104.672396][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  104.686415][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  104.714358][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.721458][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.749127][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.761089][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.768940][ T5852] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.776665][ T5852] bridge_slave_1: entered allmulticast mode
[  104.786062][ T5852] bridge_slave_1: entered promiscuous mode
[  104.870954][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  104.902441][ T5852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  104.914951][ T5851] team0: Port device team_slave_0 added
[  104.925217][ T5851] team0: Port device team_slave_1 added
[  104.934180][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  104.966760][ T5852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  105.018981][ T5859] Bluetooth: hci0: command tx timeout
[  105.077096][ T5846] hsr_slave_0: entered promiscuous mode
[  105.086535][ T5846] hsr_slave_1: entered promiscuous mode
[  105.097016][ T5850] team0: Port device team_slave_0 added
[  105.121976][ T5852] team0: Port device team_slave_0 added
[  105.129705][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0
[  105.136793][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.165237][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  105.178482][ T5859] Bluetooth: hci2: command tx timeout
[  105.187972][ T5850] team0: Port device team_slave_1 added
[  105.196742][ T5852] team0: Port device team_slave_1 added
[  105.236241][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1
[  105.244691][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.271031][ T5167] Bluetooth: hci3: command tx timeout
[  105.271436][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  105.276979][ T5859] Bluetooth: hci1: command tx timeout
[  105.345022][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_0
[  105.352127][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.378441][ T5852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  105.391594][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_1
[  105.399503][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.426062][ T5852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  105.459032][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0
[  105.466049][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.492157][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  105.539857][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1
[  105.546889][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.574167][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  105.628122][ T5851] hsr_slave_0: entered promiscuous mode
[  105.634680][ T5851] hsr_slave_1: entered promiscuous mode
[  105.641230][ T5851] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  105.649163][ T5851] Cannot create hsr debugfs directory
[  105.767135][ T5850] hsr_slave_0: entered promiscuous mode
[  105.773845][ T5850] hsr_slave_1: entered promiscuous mode
[  105.781064][ T5850] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  105.788888][ T5850] Cannot create hsr debugfs directory
[  105.842761][ T5852] hsr_slave_0: entered promiscuous mode
[  105.850442][ T5852] hsr_slave_1: entered promiscuous mode
[  105.856700][ T5852] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  105.864498][ T5852] Cannot create hsr debugfs directory
[  106.278334][ T5846] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  106.319399][ T5846] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  106.338412][ T5846] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  106.362276][ T5846] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  106.415397][ T5851] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  106.429307][ T5851] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  106.441083][ T5851] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  106.469972][ T5851] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  106.535786][ T5850] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  106.565740][ T5850] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  106.581870][ T5850] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  106.597577][ T5850] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  106.745204][ T5852] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  106.761990][ T5852] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  106.773858][ T5852] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  106.796048][ T5852] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  106.906939][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.973388][ T5851] 8021q: adding VLAN 0 to HW filter on device team0
[  106.996523][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0
[  107.009598][ T4603] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.017000][ T4603] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.037128][ T1150] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.044413][ T1150] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.097452][ T5859] Bluetooth: hci0: command tx timeout
[  107.112565][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0
[  107.148395][ T5846] 8021q: adding VLAN 0 to HW filter on device team0
[  107.181428][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.188696][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.207918][ T5850] 8021q: adding VLAN 0 to HW filter on device team0
[  107.243712][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.251261][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.262181][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.262260][ T5859] Bluetooth: hci2: command tx timeout
[  107.269421][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.292972][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.300182][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.320393][ T5852] 8021q: adding VLAN 0 to HW filter on device bond0
[  107.338007][ T5859] Bluetooth: hci1: command tx timeout
[  107.342420][ T5167] Bluetooth: hci3: command tx timeout
[  107.376941][ T5852] 8021q: adding VLAN 0 to HW filter on device team0
[  107.425256][   T73] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.432664][   T73] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.487132][   T73] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.494415][   T73] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.925490][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.044621][ T5851] veth0_vlan: entered promiscuous mode
[  108.072337][ T5851] veth1_vlan: entered promiscuous mode
[  108.189129][ T5851] veth0_macvtap: entered promiscuous mode
[  108.237009][ T5851] veth1_macvtap: entered promiscuous mode
[  108.265376][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.306421][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.320239][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1
[  108.335047][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.352786][ T5852] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.362917][ T5851] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.372161][ T5851] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.382942][ T5851] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.392137][ T5851] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.545380][ T5852] veth0_vlan: entered promiscuous mode
[  108.604930][ T5850] veth0_vlan: entered promiscuous mode
[  108.620910][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.628850][ T5852] veth1_vlan: entered promiscuous mode
[  108.644039][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.653527][ T5850] veth1_vlan: entered promiscuous mode
[  108.702729][ T5846] veth0_vlan: entered promiscuous mode
[  108.730139][   T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.747756][   T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.760984][ T5846] veth1_vlan: entered promiscuous mode
[  108.810463][ T5852] veth0_macvtap: entered promiscuous mode
[  108.832501][ T5852] veth1_macvtap: entered promiscuous mode
[  108.870718][ T5850] veth0_macvtap: entered promiscuous mode
[  108.899156][ T5851] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  108.932287][ T5850] veth1_macvtap: entered promiscuous mode
[  108.954340][ T5846] veth0_macvtap: entered promiscuous mode
[  108.982253][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.015719][ T5846] veth1_macvtap: entered promiscuous mode
[  109.033238][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.063030][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.090799][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.102794][ T5852] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.113549][ T5852] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.123055][ T5852] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.132629][ T5852] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.152736][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.164629][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.178841][ T5167] Bluetooth: hci0: command tx timeout
[  109.193615][ T5850] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.203666][ T5850] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.213032][ T5850] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.222778][ T5850] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.235376][ T5846] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.244829][ T5846] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.253671][ T5846] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.264185][ T5846] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.337876][ T5167] Bluetooth: hci2: command tx timeout
[  109.417357][ T5167] Bluetooth: hci3: command tx timeout
[  109.428559][ T5167] Bluetooth: hci1: command tx timeout
[  109.485380][   T73] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.494827][   T73] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.539889][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.560017][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.603624][ T4603] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.616150][ T4603] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.694512][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.715356][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.753318][ T4603] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.762495][ T4603] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.814167][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.841056][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.339569][ T5953] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5
[  110.477564][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  110.587262][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  110.710450][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  110.947703][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  110.949473][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  110.949686][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  110.950839][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  110.957034][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  110.978012][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  110.979026][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  111.039737][ T5958] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6
[  111.257688][ T5167] Bluetooth: hci0: command tx timeout
[  111.430951][ T5167] Bluetooth: hci2: command tx timeout
[  111.497671][ T5167] Bluetooth: hci1: command tx timeout
[  111.497722][ T5167] Bluetooth: hci3: command tx timeout
[  111.761802][ T5962] tty tty53: ldisc open failed (-12), clearing slot 52
[  113.120046][ T5984] kafs: addr_prefs: Invalid Command
[  114.893330][ T6019] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  114.908887][ T6019] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  115.743721][ T6033] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  116.013226][ T6037] netlink: 28 bytes leftover after parsing attributes in process `syz.0.18'.
[  116.039033][ T6037] Zero length message leads to an empty skb
[  116.101334][ T6037] netlink: 28 bytes leftover after parsing attributes in process `syz.0.18'.
[  116.882252][ T6058] process 'syz.0.21' launched '/dev/fd/9' with NULL argv: empty string added
[  117.069926][ T6058] FAULT_INJECTION: forcing a failure.
[  117.069926][ T6058] name failslab, interval 1, probability 0, space 0, times 1
[  117.087456][ T6058] CPU: 1 UID: 0 PID: 6058 Comm: syz.0.21 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  117.087506][ T6058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  117.087530][ T6058] Call Trace:
[  117.087541][ T6058]  <TASK>
[  117.087558][ T6058]  dump_stack_lvl+0x16c/0x1f0
[  117.087622][ T6058]  should_fail_ex+0x512/0x640
[  117.087671][ T6058]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  117.087728][ T6058]  should_failslab+0xc2/0x120
[  117.087761][ T6058]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  117.087810][ T6058]  ? __proc_create+0xc3/0x8c0
[  117.087862][ T6058]  ? __proc_create+0x2ce/0x8c0
[  117.087936][ T6058]  __proc_create+0x2ce/0x8c0
[  117.087992][ T6058]  ? __pfx___proc_create+0x10/0x10
[  117.088065][ T6058]  proc_mkdir+0x81/0x170
[  117.088096][ T6058]  ? __pfx_proc_mkdir+0x10/0x10
[  117.088131][ T6058]  ? __pfx_hashlimit_net_init+0x10/0x10
[  117.088177][ T6058]  ? __pfx_hashlimit_net_init+0x10/0x10
[  117.088218][ T6058]  hashlimit_net_init+0x8a/0x1c0
[  117.088262][ T6058]  ops_init+0x1e2/0x5f0
[  117.088321][ T6058]  setup_net+0x1ff/0x510
[  117.088371][ T6058]  ? lockdep_init_map_type+0x5c/0x280
[  117.088421][ T6058]  ? __pfx_setup_net+0x10/0x10
[  117.088478][ T6058]  ? debug_mutex_init+0x37/0x70
[  117.088517][ T6058]  copy_net_ns+0x2a6/0x5f0
[  117.088556][ T6058]  create_new_namespaces+0x3ea/0xa90
[  117.088607][ T6058]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  117.088650][ T6058]  ksys_unshare+0x45b/0xa40
[  117.088698][ T6058]  ? __pfx_ksys_unshare+0x10/0x10
[  117.088748][ T6058]  ? xfd_validate_state+0x61/0x180
[  117.088807][ T6058]  __x64_sys_unshare+0x31/0x40
[  117.088854][ T6058]  do_syscall_64+0xcd/0x490
[  117.088919][ T6058]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.088954][ T6058] RIP: 0033:0x7f9aa3d8e929
[  117.088981][ T6058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  117.089014][ T6058] RSP: 002b:00007f9aa4c86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  117.089046][ T6058] RAX: ffffffffffffffda RBX: 00007f9aa3fb5fa0 RCX: 00007f9aa3d8e929
[  117.089067][ T6058] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  117.089087][ T6058] RBP: 00007f9aa3e10b39 R08: 0000000000000000 R09: 0000000000000000
[  117.089107][ T6058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  117.089126][ T6058] R13: 0000000000000000 R14: 00007f9aa3fb5fa0 R15: 00007fff85af6148
[  117.089171][ T6058]  </TASK>
[  119.163305][ T6074] ovs_ÿÃ: entered promiscuous mode
[  119.170412][ T6077] binder: 6076:6077 unknown command 4294967282
[  119.176705][ T6077] binder: 6076:6077 ioctl c0306201 2000000000c0 returned -22
[  120.592846][ T6096] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  121.616775][ T6103] FAULT_INJECTION: forcing a failure.
[  121.616775][ T6103] name failslab, interval 1, probability 0, space 0, times 0
[  121.679400][ T6103] CPU: 1 UID: 0 PID: 6103 Comm: syz.3.31 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  121.679456][ T6103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  121.679478][ T6103] Call Trace:
[  121.679489][ T6103]  <TASK>
[  121.679504][ T6103]  dump_stack_lvl+0x16c/0x1f0
[  121.679575][ T6103]  should_fail_ex+0x512/0x640
[  121.679626][ T6103]  ? __kmalloc_noprof+0xbf/0x510
[  121.679681][ T6103]  ? ops_init+0x77/0x5f0
[  121.679740][ T6103]  should_failslab+0xc2/0x120
[  121.679775][ T6103]  __kmalloc_noprof+0xd2/0x510
[  121.679828][ T6103]  ? __raw_spin_lock_init+0x3a/0x110
[  121.679892][ T6103]  ops_init+0x77/0x5f0
[  121.679951][ T6103]  setup_net+0x1ff/0x510
[  121.680003][ T6103]  ? lockdep_init_map_type+0x5c/0x280
[  121.680052][ T6103]  ? __pfx_setup_net+0x10/0x10
[  121.680110][ T6103]  ? debug_mutex_init+0x37/0x70
[  121.680151][ T6103]  copy_net_ns+0x2a6/0x5f0
[  121.680190][ T6103]  create_new_namespaces+0x3ea/0xa90
[  121.680241][ T6103]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  121.680286][ T6103]  ksys_unshare+0x45b/0xa40
[  121.680335][ T6103]  ? __pfx_ksys_unshare+0x10/0x10
[  121.680385][ T6103]  ? xfd_validate_state+0x61/0x180
[  121.680446][ T6103]  __x64_sys_unshare+0x31/0x40
[  121.680492][ T6103]  do_syscall_64+0xcd/0x490
[  121.680548][ T6103]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.680583][ T6103] RIP: 0033:0x7fb9ecb8e929
[  121.680610][ T6103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  121.680649][ T6103] RSP: 002b:00007fb9eda94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  121.680687][ T6103] RAX: ffffffffffffffda RBX: 00007fb9ecdb5fa0 RCX: 00007fb9ecb8e929
[  121.680716][ T6103] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  121.680736][ T6103] RBP: 00007fb9ecc10b39 R08: 0000000000000000 R09: 0000000000000000
[  121.680757][ T6103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  121.680776][ T6103] R13: 0000000000000000 R14: 00007fb9ecdb5fa0 R15: 00007fffa0c05368
[  121.680821][ T6103]  </TASK>
[  122.438147][ T6114] random: crng reseeded on system resumption
[  125.894994][   T30] audit: type=1804 audit(1752221392.497:2): pid=6142 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.40" name="/newroot/10/file0" dev="tmpfs" ino=72 res=1 errno=0
[  126.026730][   T30] audit: type=1800 audit(1752221392.507:3): pid=6142 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.40" name="file0" dev="tmpfs" ino=72 res=0 errno=0
[  126.516041][ T6153] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  127.151134][ T6154] mmap: syz.2.43 (6154) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  128.183978][ T6176] ubi0: attaching mtd0
[  128.232636][ T6176] ubi0: scanning is finished
[  128.293553][ T6176] ubi0: empty MTD device detected
[  129.027628][ T6176] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  129.027668][ T6176] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  129.027688][ T6176] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  129.027707][ T6176] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  129.027727][ T6176] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  129.027745][ T6176] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  129.027764][ T6176] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 377859366
[  129.027787][ T6176] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  129.029641][ T6186] ubi0: background thread "ubi_bgt0d" started, PID 6186
[  129.360441][ T6177] tty tty12: ldisc open failed (-12), clearing slot 11
[  129.372559][ T6174] tty tty1: ldisc open failed (-12), clearing slot 0
[  130.026600][ T6203] random: crng reseeded on system resumption
[  130.989673][ T6212] 
[  133.503950][ T6257] random: crng reseeded on system resumption
[  133.990915][ T6253] FAULT_INJECTION: forcing a failure.
[  133.990915][ T6253] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  134.036679][ T6253] CPU: 0 UID: 0 PID: 6253 Comm: syz.1.62 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  134.036728][ T6253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  134.036747][ T6253] Call Trace:
[  134.036758][ T6253]  <TASK>
[  134.036770][ T6253]  dump_stack_lvl+0x16c/0x1f0
[  134.036828][ T6253]  should_fail_ex+0x512/0x640
[  134.036892][ T6253]  should_fail_alloc_page+0xe7/0x130
[  134.036929][ T6253]  prepare_alloc_pages+0x3c2/0x610
[  134.036969][ T6253]  ? rcu_is_watching+0x12/0xc0
[  134.037010][ T6253]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  134.037065][ T6253]  ? kasan_save_stack+0x42/0x60
[  134.037118][ T6253]  ? css_rstat_updated+0x9d/0xd30
[  134.037171][ T6253]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  134.037220][ T6253]  ? __lock_acquire+0x622/0x1c90
[  134.037282][ T6253]  ? __lock_acquire+0x622/0x1c90
[  134.037333][ T6253]  ? __lock_acquire+0x622/0x1c90
[  134.037397][ T6253]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  134.037453][ T6253]  ? policy_nodemask+0xea/0x4e0
[  134.037491][ T6253]  alloc_pages_mpol+0x1fb/0x550
[  134.037526][ T6253]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  134.037648][ T6253]  folio_alloc_mpol_noprof+0x36/0x2f0
[  134.037693][ T6253]  vma_alloc_folio_noprof+0xed/0x1e0
[  134.037734][ T6253]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  134.037771][ T6253]  ? find_held_lock+0x2b/0x80
[  134.037808][ T6253]  ? __handle_mm_fault+0x1092/0x5490
[  134.037863][ T6253]  __handle_mm_fault+0x2f21/0x5490
[  134.037921][ T6253]  ? __pfx___handle_mm_fault+0x10/0x10
[  134.037970][ T6253]  ? __pte_offset_map_lock+0x174/0x310
[  134.038007][ T6253]  ? find_held_lock+0x2b/0x80
[  134.038040][ T6253]  ? find_held_lock+0x2b/0x80
[  134.038087][ T6253]  ? follow_page_pte+0x3af/0x14c0
[  134.038154][ T6253]  handle_mm_fault+0x589/0xd10
[  134.038211][ T6253]  __get_user_pages+0x589/0x3b80
[  134.038265][ T6253]  ? __pfx_mt_find+0x10/0x10
[  134.038299][ T6253]  ? __pfx___get_user_pages+0x10/0x10
[  134.038359][ T6253]  populate_vma_page_range+0x278/0x3a0
[  134.038406][ T6253]  ? __pfx_populate_vma_page_range+0x10/0x10
[  134.038448][ T6253]  ? __pfx_find_vma_intersection+0x10/0x10
[  134.038493][ T6253]  ? do_mmap+0x69c/0x1210
[  134.038549][ T6253]  __mm_populate+0x1d8/0x380
[  134.038597][ T6253]  ? __pfx___mm_populate+0x10/0x10
[  134.038644][ T6253]  ? up_write+0x1b2/0x520
[  134.038703][ T6253]  vm_mmap_pgoff+0x362/0x450
[  134.038741][ T6253]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  134.038772][ T6253]  ? map_id_range_up+0x2ce/0x3b0
[  134.038834][ T6253]  ? __x64_sys_futex+0x1e0/0x4c0
[  134.038876][ T6253]  ? __x64_sys_futex+0x1e9/0x4c0
[  134.038913][ T6253]  ksys_mmap_pgoff+0x7d/0x5c0
[  134.038940][ T6253]  ? xfd_validate_state+0x61/0x180
[  134.038980][ T6253]  __x64_sys_mmap+0x125/0x190
[  134.039019][ T6253]  do_syscall_64+0xcd/0x490
[  134.039059][ T6253]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.039085][ T6253] RIP: 0033:0x7f625158e929
[  134.039105][ T6253] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  134.039128][ T6253] RSP: 002b:00007f6252342038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  134.039150][ T6253] RAX: ffffffffffffffda RBX: 00007f62517b5fa0 RCX: 00007f625158e929
[  134.039166][ T6253] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000
[  134.039180][ T6253] RBP: 00007f6251610b39 R08: 0000000000000002 R09: 0000000000008000
[  134.039194][ T6253] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000
[  134.039209][ T6253] R13: 0000000000000000 R14: 00007f62517b5fa0 R15: 00007ffca7dd80a8
[  134.039239][ T6253]  </TASK>
[  134.388823][    C0] vkms_vblank_simulate: vblank timer overrun
[  134.461741][ T6265] capability: warning: `syz.0.63' uses 32-bit capabilities (legacy support in use)
[  135.278500][ T6280] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7
[  135.955298][ T6289] ima: policy update failed
[  135.961007][   T30] audit: type=1802 audit(1752221402.597:4): pid=6289 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.68" res=0 errno=0
[  135.999285][ T6289] netlink: 25 bytes leftover after parsing attributes in process `syz.1.68'.
[  138.708049][ T6332] kernel read not supported for file /¾ò‚çgµîMQ¢_g¿	úò_N°{ùµ7vîGÙl¿†q w–Ùé¨áðÇÄĉuƒè}½O‘ÁUVW.¶­uw.ì`OÁç:ÉKÍdY•Ñ®Á›–ŸajÒüü7¯ÊnöÀwKÎçQ®ÉHg
ïÚ[壣%'�Ï–X:DktÞ€
ÝX‘ˆ¡	Ãñþ[“$O8 b´’ô¼Å¹˜9üFìÜ@ÝÚeMàUÈ;õç$Q8Ò‡ÝÅ�Åèµµ¸ßDÐètŠSª¾ªºž^0øYõJpuº˜ (pid: 6332 comm: syz.2.75)
[  138.751551][ T6329] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  138.775279][   T30] audit: type=1800 audit(1752221405.407:5): pid=6332 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.75" name=BEF282E71467B5EE4D5113A25F67BF09FAF25F4EB07BF9B53776EE47D96CBF8671207796D9E9A8E1F0C71F1EC4C4897583E87DBD7F4F91C15556572EB6AD047502772EEC604FC10E15E73AC91B4BCD64590395D1AEC19B969F616AD2FCFC1F37AFCA6EF6C0774BCEE751AEC9486701EFDA5BE5A3A325278FCF96583A04446B747FDE8001DD589188A109C3F1FE5B93244F382062B492F4BCC5B99839FC46ECDC40DDDA654DE055C83BF5E7245138D287DDC59DC5E8B5B5B8DF44D0E8748A53AABEAABA9E5E301AF859F54A700875BA98 dev="mqueue" ino=8027 res=0 errno=0
[  139.625858][ T5859] Bluetooth: hci3: Unable to find connection for big 0xd2
[  143.442767][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  143.449866][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  145.921709][ T6397] netlink: 4 bytes leftover after parsing attributes in process `syz.0.85'.
[  147.070559][ T6409] [U] 
[  147.073662][ T6409] [U] 
[  147.076459][ T6409] [U] 
[  147.079234][ T6409] [U] 
[  147.198099][ T6411] [U] 
[  148.932465][ T6422] netlink: 4 bytes leftover after parsing attributes in process `syz.2.89'.
[  148.943605][ T6422] netlink: 4 bytes leftover after parsing attributes in process `syz.2.89'.
[  153.054509][ T6458] vhci_hcd: invalid port number 16
[  153.083301][ T6458] vhci_hcd: invalid port number 16
[  155.558216][ T6467] random: crng reseeded on system resumption
[  157.386591][ T6482] vivid-003: =================  START STATUS  =================
[  157.416694][ T6482] vivid-003: Radio HW Seek Mode: Bounded
[  157.440057][ T6482] vivid-003: Radio Programmable HW Seek: false
[  157.447386][ T6482] vivid-003: RDS Rx I/O Mode: Block I/O
[  157.455812][ T6482] vivid-003: Generate RBDS Instead of RDS: false
[  157.474768][ T6482] vivid-003: RDS Reception: true
[  157.487904][ T6482] vivid-003: RDS Program Type: 0 inactive
[  157.495032][ T6482] vivid-003: RDS PS Name:  inactive
[  157.526536][ T6482] vivid-003: RDS Radio Text:  inactive
[  157.542087][ T6482] vivid-003: RDS Traffic Announcement: false inactive
[  157.549427][ T6482] vivid-003: RDS Traffic Program: false inactive
[  157.556982][ T6482] vivid-003: RDS Music: false inactive
[  157.563135][ T6482] vivid-003: ==================  END STATUS  ==================
[  158.177644][ T6498] nvme_fcloop: unknown parameter or missing value '^/]'
[  162.566634][ T6522] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.833501][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.040344][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.324681][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.424176][ T5167] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  165.433364][ T5167] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  165.442166][ T5167] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  165.456850][ T5167] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  165.477819][ T5167] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  165.905635][ T6555] syz.3.117 (6555) used greatest stack depth: 17640 bytes left
[  166.238010][   T13] bridge_slave_1: left allmulticast mode
[  166.245228][   T13] bridge_slave_1: left promiscuous mode
[  166.258731][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  166.352713][   T13] bridge_slave_0: left allmulticast mode
[  166.397567][   T13] bridge_slave_0: left promiscuous mode
[  166.404230][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  166.836655][ T6576] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(4069786224.53.2147549196), cmd(5)
[  167.580353][ T5167] Bluetooth: hci3: command tx timeout
[  169.657446][ T5167] Bluetooth: hci3: command tx timeout
[  169.688063][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  169.771351][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  169.814229][   T13] bond0 (unregistering): Released all slaves
[  170.636623][ T6557] chnl_net:caif_netlink_parms(): no params data found
[  171.114641][   T13] hsr_slave_0: left promiscuous mode
[  171.145320][   T13] hsr_slave_1: left promiscuous mode
[  171.162649][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  171.170625][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  171.187436][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  171.200125][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  171.266681][   T13] veth1_macvtap: left promiscuous mode
[  171.287559][   T13] veth0_macvtap: left promiscuous mode
[  171.293778][   T13] veth1_vlan: left promiscuous mode
[  171.300122][   T13] veth0_vlan: left promiscuous mode
[  171.737380][ T5167] Bluetooth: hci3: command tx timeout
[  171.946384][ T6640] syz.1.126 uses obsolete (PF_INET,SOCK_PACKET)
[  172.426594][   T13] team0 (unregistering): Port device team_slave_1 removed
[  172.523439][   T13] team0 (unregistering): Port device team_slave_0 removed
[  173.474028][ T6557] bridge0: port 1(bridge_slave_0) entered blocking state
[  173.494068][ T6557] bridge0: port 1(bridge_slave_0) entered disabled state
[  173.517773][ T6557] bridge_slave_0: entered allmulticast mode
[  173.541126][ T6557] bridge_slave_0: entered promiscuous mode
[  173.576199][ T6557] bridge0: port 2(bridge_slave_1) entered blocking state
[  173.596674][ T6557] bridge0: port 2(bridge_slave_1) entered disabled state
[  173.616302][ T6557] bridge_slave_1: entered allmulticast mode
[  173.624961][ T6557] bridge_slave_1: entered promiscuous mode
[  173.793045][ T6557] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  173.821805][ T5167] Bluetooth: hci3: command tx timeout
[  173.931082][ T6557] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  174.355845][ T6557] team0: Port device team_slave_0 added
[  174.362960][ T6658] can: request_module (can-proto-3) failed.
[  175.099938][ T6557] team0: Port device team_slave_1 added
[  175.863109][ T6557] batman_adv: batadv0: Adding interface: batadv_slave_0
[  175.891217][ T6557] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  175.931502][ T6557] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  175.965772][ T6557] batman_adv: batadv0: Adding interface: batadv_slave_1
[  175.972915][ T6557] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  175.999224][ T6557] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  176.324675][ T6557] hsr_slave_0: entered promiscuous mode
[  176.373043][ T6557] hsr_slave_1: entered promiscuous mode
[  176.402287][ T6557] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  176.421091][ T6557] Cannot create hsr debugfs directory
[  179.850324][ T6733] FAULT_INJECTION: forcing a failure.
[  179.850324][ T6733] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  179.917267][ T6733] CPU: 0 UID: 0 PID: 6733 Comm: syz.3.139 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  179.917313][ T6733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  179.917343][ T6733] Call Trace:
[  179.917354][ T6733]  <TASK>
[  179.917367][ T6733]  dump_stack_lvl+0x16c/0x1f0
[  179.917431][ T6733]  should_fail_ex+0x512/0x640
[  179.917492][ T6733]  should_fail_alloc_page+0xe7/0x130
[  179.917530][ T6733]  prepare_alloc_pages+0x3c2/0x610
[  179.917580][ T6733]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  179.917640][ T6733]  ? rcu_is_watching+0x12/0xc0
[  179.917677][ T6733]  ? trace_mm_page_alloc+0x11f/0x1a0
[  179.917717][ T6733]  ? __alloc_frozen_pages_noprof+0x294/0x23f0
[  179.917776][ T6733]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  179.917834][ T6733]  ? is_bpf_text_address+0x8a/0x1a0
[  179.917882][ T6733]  ? bpf_ksym_find+0x124/0x1c0
[  179.917923][ T6733]  ? is_bpf_text_address+0x94/0x1a0
[  179.917974][ T6733]  ? __kernel_text_address+0xd/0x40
[  179.918005][ T6733]  ? unwind_get_return_address+0x59/0xa0
[  179.918077][ T6733]  alloc_pages_bulk_noprof+0x71c/0x1410
[  179.918129][ T6733]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  179.918184][ T6733]  ? policy_nodemask+0xea/0x4e0
[  179.918222][ T6733]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[  179.918277][ T6733]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  179.918341][ T6733]  kasan_populate_vmalloc+0xf1/0x1f0
[  179.918402][ T6733]  alloc_vmap_area+0x959/0x29c0
[  179.918459][ T6733]  ? __pfx_alloc_vmap_area+0x10/0x10
[  179.918510][ T6733]  __get_vm_area_node+0x1ca/0x330
[  179.918561][ T6733]  __vmalloc_node_range_noprof+0x271/0x14b0
[  179.918607][ T6733]  ? kernel_read_file+0x6ff/0x910
[  179.918639][ T6733]  ? lockdep_hardirqs_on+0x7c/0x110
[  179.918698][ T6733]  ? __lock_acquire+0x622/0x1c90
[  179.918745][ T6733]  ? kernel_read_file+0x6ff/0x910
[  179.918790][ T6733]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  179.918841][ T6733]  ? ima_read_file+0x142/0x1a0
[  179.918892][ T6733]  ? __pfx_ima_read_file+0x10/0x10
[  179.918948][ T6733]  ? kernel_read_file+0x6ff/0x910
[  179.918980][ T6733]  __vmalloc_node_noprof+0xad/0xf0
[  179.919023][ T6733]  ? kernel_read_file+0x6ff/0x910
[  179.919062][ T6733]  kernel_read_file+0x6ff/0x910
[  179.919102][ T6733]  ? __pfx_kernel_read_file+0x10/0x10
[  179.919150][ T6733]  kernel_read_file_from_path_initns+0x1cf/0x260
[  179.919194][ T6733]  ? __pfx_kernel_read_file_from_path_initns+0x10/0x10
[  179.919248][ T6733]  _request_firmware+0x744/0x1470
[  179.919312][ T6733]  ? __pfx__request_firmware+0x10/0x10
[  179.919386][ T6733]  request_firmware+0x35/0x50
[  179.919433][ T6733]  valid_regdb+0x188/0x590
[  179.919466][ T6733]  ? __pfx___mutex_lock+0x10/0x10
[  179.919521][ T6733]  ? __pfx_valid_regdb+0x10/0x10
[  179.919566][ T6733]  reg_reload_regdb+0x11e/0x460
[  179.919608][ T6733]  ? __pfx_reg_reload_regdb+0x10/0x10
[  179.919650][ T6733]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  179.919699][ T6733]  ? nl80211_pre_doit+0x1b0/0xb10
[  179.919755][ T6733]  genl_family_rcv_msg_doit+0x206/0x2f0
[  179.919802][ T6733]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  179.919843][ T6733]  ? rcu_is_watching+0x12/0xc0
[  179.919896][ T6733]  ? bpf_lsm_capable+0x9/0x10
[  179.919938][ T6733]  ? security_capable+0x7e/0x260
[  179.919981][ T6733]  genl_rcv_msg+0x55c/0x800
[  179.920027][ T6733]  ? __pfx_genl_rcv_msg+0x10/0x10
[  179.920069][ T6733]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  179.920117][ T6733]  ? __pfx_nl80211_reload_regdb+0x10/0x10
[  179.920153][ T6733]  ? __pfx_nl80211_post_doit+0x10/0x10
[  179.920219][ T6733]  netlink_rcv_skb+0x155/0x420
[  179.920255][ T6733]  ? __pfx_genl_rcv_msg+0x10/0x10
[  179.920297][ T6733]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  179.920360][ T6733]  ? netlink_deliver_tap+0x1ae/0xd30
[  179.920426][ T6733]  genl_rcv+0x28/0x40
[  179.920460][ T6733]  netlink_unicast+0x58d/0x850
[  179.920503][ T6733]  ? __pfx_netlink_unicast+0x10/0x10
[  179.920550][ T6733]  netlink_sendmsg+0x8d1/0xdd0
[  179.920592][ T6733]  ? __pfx_netlink_sendmsg+0x10/0x10
[  179.920643][ T6733]  ____sys_sendmsg+0xa95/0xc70
[  179.920682][ T6733]  ? copy_msghdr_from_user+0x10a/0x160
[  179.920731][ T6733]  ? __pfx_____sys_sendmsg+0x10/0x10
[  179.920777][ T6733]  ? try_to_wake_up+0xa2f/0x1680
[  179.920819][ T6733]  ___sys_sendmsg+0x134/0x1d0
[  179.920873][ T6733]  ? __pfx____sys_sendmsg+0x10/0x10
[  179.920919][ T6733]  ? __lock_acquire+0x622/0x1c90
[  179.921020][ T6733]  __sys_sendmsg+0x16d/0x220
[  179.921070][ T6733]  ? __pfx___sys_sendmsg+0x10/0x10
[  179.921119][ T6733]  ? __x64_sys_futex+0x1e0/0x4c0
[  179.921188][ T6733]  do_syscall_64+0xcd/0x490
[  179.921242][ T6733]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.921275][ T6733] RIP: 0033:0x7fb9ecb8e929
[  179.921302][ T6733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  179.921340][ T6733] RSP: 002b:00007fb9eda94038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  179.921372][ T6733] RAX: ffffffffffffffda RBX: 00007fb9ecdb5fa0 RCX: 00007fb9ecb8e929
[  179.921393][ T6733] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000007
[  179.921413][ T6733] RBP: 00007fb9ecc10b39 R08: 0000000000000000 R09: 0000000000000000
[  179.921431][ T6733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  179.921449][ T6733] R13: 0000000000000000 R14: 00007fb9ecdb5fa0 R15: 00007fffa0c05368
[  179.921491][ T6733]  </TASK>
[  180.502249][ T6733] syz.3.139: vmalloc error: size 1085, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1
[  180.581233][ T6733] CPU: 1 UID: 0 PID: 6733 Comm: syz.3.139 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  180.581300][ T6733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  180.581328][ T6733] Call Trace:
[  180.581340][ T6733]  <TASK>
[  180.581352][ T6733]  dump_stack_lvl+0x16c/0x1f0
[  180.581432][ T6733]  warn_alloc+0x248/0x3a0
[  180.581512][ T6733]  ? __pfx_warn_alloc+0x10/0x10
[  180.581597][ T6733]  ? kfree+0x2b4/0x4d0
[  180.581662][ T6733]  ? __get_vm_area_node+0x208/0x330
[  180.581732][ T6733]  __vmalloc_node_range_noprof+0xb2d/0x14b0
[  180.581787][ T6733]  ? lockdep_hardirqs_on+0x7c/0x110
[  180.581869][ T6733]  ? __lock_acquire+0x622/0x1c90
[  180.581940][ T6733]  ? kernel_read_file+0x6ff/0x910
[  180.582000][ T6733]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  180.582071][ T6733]  ? ima_read_file+0x142/0x1a0
[  180.582124][ T6733]  ? __pfx_ima_read_file+0x10/0x10
[  180.582188][ T6733]  ? kernel_read_file+0x6ff/0x910
[  180.582220][ T6733]  __vmalloc_node_noprof+0xad/0xf0
[  180.582263][ T6733]  ? kernel_read_file+0x6ff/0x910
[  180.582309][ T6733]  kernel_read_file+0x6ff/0x910
[  180.582354][ T6733]  ? __pfx_kernel_read_file+0x10/0x10
[  180.582401][ T6733]  kernel_read_file_from_path_initns+0x1cf/0x260
[  180.582444][ T6733]  ? __pfx_kernel_read_file_from_path_initns+0x10/0x10
[  180.582497][ T6733]  _request_firmware+0x744/0x1470
[  180.582561][ T6733]  ? __pfx__request_firmware+0x10/0x10
[  180.582626][ T6733]  request_firmware+0x35/0x50
[  180.582673][ T6733]  valid_regdb+0x188/0x590
[  180.582706][ T6733]  ? __pfx___mutex_lock+0x10/0x10
[  180.582760][ T6733]  ? __pfx_valid_regdb+0x10/0x10
[  180.582805][ T6733]  reg_reload_regdb+0x11e/0x460
[  180.582846][ T6733]  ? __pfx_reg_reload_regdb+0x10/0x10
[  180.582888][ T6733]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  180.582936][ T6733]  ? nl80211_pre_doit+0x1b0/0xb10
[  180.582992][ T6733]  genl_family_rcv_msg_doit+0x206/0x2f0
[  180.583048][ T6733]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  180.583089][ T6733]  ? rcu_is_watching+0x12/0xc0
[  180.583141][ T6733]  ? bpf_lsm_capable+0x9/0x10
[  180.583184][ T6733]  ? security_capable+0x7e/0x260
[  180.583227][ T6733]  genl_rcv_msg+0x55c/0x800
[  180.583273][ T6733]  ? __pfx_genl_rcv_msg+0x10/0x10
[  180.583314][ T6733]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  180.583361][ T6733]  ? __pfx_nl80211_reload_regdb+0x10/0x10
[  180.583397][ T6733]  ? __pfx_nl80211_post_doit+0x10/0x10
[  180.583463][ T6733]  netlink_rcv_skb+0x155/0x420
[  180.583498][ T6733]  ? __pfx_genl_rcv_msg+0x10/0x10
[  180.583542][ T6733]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  180.583596][ T6733]  ? netlink_deliver_tap+0x1ae/0xd30
[  180.583659][ T6733]  genl_rcv+0x28/0x40
[  180.583694][ T6733]  netlink_unicast+0x58d/0x850
[  180.583736][ T6733]  ? __pfx_netlink_unicast+0x10/0x10
[  180.583784][ T6733]  netlink_sendmsg+0x8d1/0xdd0
[  180.583827][ T6733]  ? __pfx_netlink_sendmsg+0x10/0x10
[  180.583880][ T6733]  ____sys_sendmsg+0xa95/0xc70
[  180.583919][ T6733]  ? copy_msghdr_from_user+0x10a/0x160
[  180.583969][ T6733]  ? __pfx_____sys_sendmsg+0x10/0x10
[  180.584017][ T6733]  ? try_to_wake_up+0xa2f/0x1680
[  180.584068][ T6733]  ___sys_sendmsg+0x134/0x1d0
[  180.584123][ T6733]  ? __pfx____sys_sendmsg+0x10/0x10
[  180.584170][ T6733]  ? __lock_acquire+0x622/0x1c90
[  180.584273][ T6733]  __sys_sendmsg+0x16d/0x220
[  180.584325][ T6733]  ? __pfx___sys_sendmsg+0x10/0x10
[  180.584375][ T6733]  ? __x64_sys_futex+0x1e0/0x4c0
[  180.584446][ T6733]  do_syscall_64+0xcd/0x490
[  180.584502][ T6733]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.584535][ T6733] RIP: 0033:0x7fb9ecb8e929
[  180.584562][ T6733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  180.584595][ T6733] RSP: 002b:00007fb9eda94038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  180.584626][ T6733] RAX: ffffffffffffffda RBX: 00007fb9ecdb5fa0 RCX: 00007fb9ecb8e929
[  180.584648][ T6733] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000007
[  180.584668][ T6733] RBP: 00007fb9ecc10b39 R08: 0000000000000000 R09: 0000000000000000
[  180.584687][ T6733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  180.584706][ T6733] R13: 0000000000000000 R14: 00007fb9ecdb5fa0 R15: 00007fffa0c05368
[  180.584749][ T6733]  </TASK>
[  180.584833][ T6733] Mem-Info:
[  181.067376][ T6733] active_anon:20410 inactive_anon:0 isolated_anon:0
[  181.067376][ T6733]  active_file:9631 inactive_file:40451 isolated_file:0
[  181.067376][ T6733]  unevictable:768 dirty:478 writeback:0
[  181.067376][ T6733]  slab_reclaimable:10145 slab_unreclaimable:91717
[  181.067376][ T6733]  mapped:34553 shmem:11694 pagetables:1373
[  181.067376][ T6733]  sec_pagetables:0 bounce:0
[  181.067376][ T6733]  kernel_misc_reclaimable:0
[  181.067376][ T6733]  free:1321348 free_pcp:14300 free_cma:0
[  181.125513][ T6733] Node 0 active_anon:79552kB inactive_anon:0kB active_file:38324kB inactive_file:161596kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:135608kB dirty:1808kB writeback:0kB shmem:43292kB shmem_thp:2048kB shmem_pmdmapped:2048kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11444kB pagetables:5352kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  181.288790][ T6733] Node 1 active_anon:2188kB inactive_anon:0kB active_file:200kB inactive_file:208kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:204kB dirty:104kB writeback:0kB shmem:3584kB shmem_thp:2048kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  181.374382][ T6733] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  181.439628][ T6557] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  181.542618][ T6733] lowmem_reserve[]: 0 2480 2482 2482 2482
[  181.548889][ T6733] Node 0 DMA32 free:1372340kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:81204kB inactive_anon:0kB active_file:38324kB inactive_file:160268kB unevictable:1536kB writepending:1804kB present:3129332kB managed:2540348kB mlocked:0kB bounce:0kB free_pcp:36988kB local_pcp:13732kB free_cma:0kB
[  181.558007][ T6557] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  181.599024][ T6733] lowmem_reserve[]: 0 0 1 1 1
[  181.604128][ T6733] Node 0 Normal free:0kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1328kB unevictable:0kB writepending:4kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:8kB free_cma:0kB
[  181.669243][ T6757] FAULT_INJECTION: forcing a failure.
[  181.669243][ T6757] name failslab, interval 1, probability 0, space 0, times 0
[  181.685831][ T6557] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  181.717236][ T6733] lowmem_reserve[]: 0 0 0 0 0
[  181.722203][ T6733] Node 1 Normal free:3892992kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:2188kB inactive_anon:0kB active_file:200kB inactive_file:208kB unevictable:1536kB writepending:104kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:24592kB local_pcp:14884kB free_cma:0kB
[  181.769719][ T6557] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  181.786993][ T6757] CPU: 0 UID: 0 PID: 6757 Comm: syz.2.141 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  181.787048][ T6757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  181.787067][ T6757] Call Trace:
[  181.787078][ T6757]  <TASK>
[  181.787095][ T6757]  dump_stack_lvl+0x16c/0x1f0
[  181.787158][ T6757]  should_fail_ex+0x512/0x640
[  181.787208][ T6757]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  181.787281][ T6757]  should_failslab+0xc2/0x120
[  181.787317][ T6757]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  181.787379][ T6757]  ? find_held_lock+0x2b/0x80
[  181.787415][ T6757]  ? fib_rules_register+0x30/0x500
[  181.787473][ T6757]  ? __pfx_ipmr_net_init+0x10/0x10
[  181.787511][ T6757]  kmemdup_noprof+0x29/0x60
[  181.787566][ T6757]  fib_rules_register+0x30/0x500
[  181.787618][ T6757]  ? fib_notifier_ops_register+0x123/0x270
[  181.787674][ T6757]  ? __pfx_ipmr_net_init+0x10/0x10
[  181.787709][ T6757]  ipmr_net_init+0xb8/0x4e0
[  181.787744][ T6757]  ? __pfx_ipmr_net_init+0x10/0x10
[  181.787780][ T6757]  ops_init+0x1e2/0x5f0
[  181.787842][ T6757]  setup_net+0x1ff/0x510
[  181.787895][ T6757]  ? lockdep_init_map_type+0x5c/0x280
[  181.787945][ T6757]  ? __pfx_setup_net+0x10/0x10
[  181.788005][ T6757]  ? debug_mutex_init+0x37/0x70
[  181.788045][ T6757]  copy_net_ns+0x2a6/0x5f0
[  181.788085][ T6757]  create_new_namespaces+0x3ea/0xa90
[  181.788137][ T6757]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  181.788183][ T6757]  ksys_unshare+0x45b/0xa40
[  181.788233][ T6757]  ? __pfx_ksys_unshare+0x10/0x10
[  181.788287][ T6757]  ? xfd_validate_state+0x61/0x180
[  181.788350][ T6757]  __x64_sys_unshare+0x31/0x40
[  181.788400][ T6757]  do_syscall_64+0xcd/0x490
[  181.788457][ T6757]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  181.788493][ T6757] RIP: 0033:0x7f1bdf38e929
[  181.788522][ T6757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  181.788556][ T6757] RSP: 002b:00007f1be02c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  181.788590][ T6757] RAX: ffffffffffffffda RBX: 00007f1bdf5b5fa0 RCX: 00007f1bdf38e929
[  181.788613][ T6757] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  181.788634][ T6757] RBP: 00007f1bdf410b39 R08: 0000000000000000 R09: 0000000000000000
[  181.788655][ T6757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  181.788676][ T6757] R13: 0000000000000000 R14: 00007f1bdf5b5fa0 R15: 00007fff3a48c978
[  181.788719][ T6757]  </TASK>
[  181.807498][ T6733] lowmem_reserve[]: 0 0 0 0 0
[  182.075172][ T6733] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  182.089358][ T6733] Node 0 DMA32: 24*4kB (UME) 12*8kB (UME) 16*16kB (UME) 303*32kB (UME) 197*64kB (UME) 231*128kB (UME) 149*256kB (UME) 64*512kB (UM) 35*1024kB (UM) 12*2048kB (UME) 289*4096kB (UM) = 1367392kB
[  182.307409][ T6733] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  182.334079][ T6733] Node 1 Normal: 214*4kB (UE) 51*8kB (UME) 33*16kB (UME) 124*32kB (UE) 36*64kB (UE) 7*128kB (UE) 4*256kB (UME) 2*512kB (UM) 3*1024kB (UME) 2*2048kB (UE) 946*4096kB (M) = 3892992kB
[  182.397957][ T6733] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  182.449179][ T6733] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  182.459014][ T6769] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8
[  182.607738][ T6733] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  182.707325][ T6733] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  182.727311][ T6733] 65941 total pagecache pages
[  182.784046][ T6733] 0 pages in swap cache
[  182.826654][ T6733] Free swap  = 124996kB
[  182.847417][ T6733] Total swap = 124996kB
[  182.857551][ T6733] 2097051 pages RAM
[  182.861904][ T6733] 0 pages HighMem/MovableOnly
[  182.866990][ T6733] 429986 pages reserved
[  182.926968][ T6733] 0 pages cma reserved
[  182.941644][ T6733] platform regulatory.0: loading /lib/firmware/regulatory.db.p7s failed with error -12
[  183.004344][ T6733] platform regulatory.0: Direct firmware load for regulatory.db.p7s failed with error -12
[  183.084327][ T6733] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db.p7s
[  183.295359][ T6557] 8021q: adding VLAN 0 to HW filter on device bond0
[  183.621514][ T6557] 8021q: adding VLAN 0 to HW filter on device team0
[  183.680572][ T6772] ovs_ÿþ: entered promiscuous mode
[  183.722544][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.730000][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  183.854124][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.862365][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  185.272483][ T6786] ima: policy update failed
[  185.333062][ T6557] 8021q: adding VLAN 0 to HW filter on device batadv0
[  185.341319][   T30] audit: type=1802 audit(1752221451.957:6): pid=6786 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.143" res=0 errno=0
[  185.813660][ T6557] veth0_vlan: entered promiscuous mode
[  185.988702][ T6557] veth1_vlan: entered promiscuous mode
[  186.196809][ T6818] FAULT_INJECTION: forcing a failure.
[  186.196809][ T6818] name failslab, interval 1, probability 0, space 0, times 0
[  186.244441][ T6818] CPU: 1 UID: 0 PID: 6818 Comm: syz.1.147 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  186.244612][ T6818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  186.244631][ T6818] Call Trace:
[  186.244643][ T6818]  <TASK>
[  186.244656][ T6818]  dump_stack_lvl+0x16c/0x1f0
[  186.244711][ T6818]  should_fail_ex+0x512/0x640
[  186.244765][ T6818]  should_failslab+0xc2/0x120
[  186.244796][ T6818]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  186.244854][ T6818]  ? skb_clone+0x190/0x3f0
[  186.244922][ T6818]  skb_clone+0x190/0x3f0
[  186.244973][ T6818]  netlink_deliver_tap+0xabd/0xd30
[  186.245036][ T6818]  netlink_unicast+0x62f/0x850
[  186.245076][ T6818]  ? __pfx_netlink_unicast+0x10/0x10
[  186.245121][ T6818]  netlink_sendmsg+0x8d1/0xdd0
[  186.245162][ T6818]  ? __pfx_netlink_sendmsg+0x10/0x10
[  186.245214][ T6818]  ____sys_sendmsg+0xa95/0xc70
[  186.245251][ T6818]  ? copy_msghdr_from_user+0x10a/0x160
[  186.245300][ T6818]  ? __pfx_____sys_sendmsg+0x10/0x10
[  186.245343][ T6818]  ? kfree+0x24f/0x4d0
[  186.245378][ T6818]  ? __pfx__kstrtoull+0x10/0x10
[  186.245426][ T6818]  ___sys_sendmsg+0x134/0x1d0
[  186.245472][ T6818]  ? __pfx____sys_sendmsg+0x10/0x10
[  186.245554][ T6818]  ? __pfx___might_resched+0x10/0x10
[  186.245597][ T6818]  __sys_sendmmsg+0x200/0x420
[  186.245651][ T6818]  ? __pfx___sys_sendmmsg+0x10/0x10
[  186.245706][ T6818]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  186.245759][ T6818]  ? fput+0x70/0xf0
[  186.245782][ T6818]  ? ksys_write+0x1ac/0x250
[  186.245814][ T6818]  ? __pfx_ksys_write+0x10/0x10
[  186.245852][ T6818]  __x64_sys_sendmmsg+0x9c/0x100
[  186.245893][ T6818]  ? lockdep_hardirqs_on+0x7c/0x110
[  186.245926][ T6818]  do_syscall_64+0xcd/0x490
[  186.245964][ T6818]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.245989][ T6818] RIP: 0033:0x7f625158e929
[  186.246016][ T6818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  186.246046][ T6818] RSP: 002b:00007f624f3f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  186.246074][ T6818] RAX: ffffffffffffffda RBX: 00007f62517b6160 RCX: 00007f625158e929
[  186.246095][ T6818] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003
[  186.246114][ T6818] RBP: 00007f624f3f6090 R08: 0000000000000000 R09: 0000000000000000
[  186.246135][ T6818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  186.246154][ T6818] R13: 0000000000000000 R14: 00007f62517b6160 R15: 00007ffca7dd80a8
[  186.246196][ T6818]  </TASK>
[  187.012351][ T6557] veth0_macvtap: entered promiscuous mode
[  187.056762][ T6557] veth1_macvtap: entered promiscuous mode
[  187.140348][ T6557] batman_adv: batadv0: Interface activated: batadv_slave_0
[  187.171169][ T6557] batman_adv: batadv0: Interface activated: batadv_slave_1
[  187.242438][ T6557] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  187.308994][ T6557] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  187.330242][ T6557] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  187.358309][ T6557] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  187.553194][ T6833] vivid-007: =================  START STATUS  =================
[  187.590652][ T6833] vivid-007: Generate PTS: true
[  187.632642][ T6833] vivid-007: Generate SCR: true
[  187.641037][ T6833] tpg source WxH: 320x240 (Y'CbCr)
[  187.669555][ T6833] tpg field: 1
[  187.680774][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  187.692360][ T6833] tpg crop: (0,0)/320x240
[  187.719396][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  187.735411][ T6833] tpg compose: (0,0)/320x240
[  187.767542][ T6833] tpg colorspace: 8
[  187.803403][ T6833] tpg transfer function: 0/0
[  187.813423][ T6833] tpg Y'CbCr encoding: 0/0
[  187.826396][ T6833] tpg quantization: 0/0
[  187.831231][ T6833] tpg RGB range: 0/2
[  187.835285][ T6833] vivid-007: ==================  END STATUS  ==================
[  187.919906][   T73] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  187.930679][   T73] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  189.321104][ T6869] netlink: 8 bytes leftover after parsing attributes in process `syz.2.154'.
[  189.599402][ T6841] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  189.750586][ T6841] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  189.806797][ T6841] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  189.931191][ T6841] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  189.993197][ T6841] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  190.275787][   T30] audit: type=1804 audit(1752221456.907:7): pid=6888 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.155" name="/newroot/42/file0" dev="tmpfs" ino=236 res=1 errno=0
[  190.327293][ T6841] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  190.413341][   T30] audit: type=1800 audit(1752221456.907:8): pid=6888 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.155" name="file0" dev="tmpfs" ino=236 res=0 errno=0
[  190.496510][ T6841] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  190.546030][ T6841] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  190.732645][ T6841] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  190.803747][ T6841] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  190.812333][ T6892] sg_write: process 9 (syz.0.156) changed security contexts after opening file descriptor, this is not allowed.
[  190.826310][ T6841] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  190.997792][ T6841] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  191.657354][ T5167] Bluetooth: hci0: command 0x0c1a tx timeout
[  191.907205][ T5167] Bluetooth: hci1: command 0x0c1a tx timeout
[  192.394597][ T6921] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.538080][ T5167] Bluetooth: hci2: command 0x0c1a tx timeout
[  192.867477][ T5167] Bluetooth: hci3: command 0x0c1a tx timeout
[  193.110625][ T6916] Invalid ELF header magic: != ELF
[  193.737295][ T5167] Bluetooth: hci0: command 0x0c1a tx timeout
[  193.977530][ T5167] Bluetooth: hci1: command 0x0c1a tx timeout
[  194.617302][ T5167] Bluetooth: hci2: command 0x0c1a tx timeout
[  194.937469][ T5167] Bluetooth: hci3: command 0x0c1a tx timeout
[  195.817601][ T5167] Bluetooth: hci0: command 0x0c1a tx timeout
[  196.057412][ T5167] Bluetooth: hci1: command 0x0c1a tx timeout
[  196.684633][   T30] audit: type=1806 audit(1752221463.317:9): xattr="." res=0
[  196.707478][ T5167] Bluetooth: hci2: command 0x0c1a tx timeout
[  197.017430][ T5167] Bluetooth: hci3: command 0x0c1a tx timeout
[  198.936067][ T6989] netlink: 8 bytes leftover after parsing attributes in process `syz.2.169'.
[  204.781147][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  204.787598][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  204.815464][ T7020] __vm_enough_memory: pid: 7020, comm: syz.3.176, bytes: 4398046511104 not enough memory for the allocation
[  208.591991][ T7058] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  208.882356][ T7056] netlink: 28 bytes leftover after parsing attributes in process `syz.3.183'.
[  211.523076][ T7074] random: crng reseeded on system resumption
[  212.075275][ T7082] usb usb6: usbfs: process 7082 (syz.1.189) did not claim interface 0 before use
[  214.789183][ T7110] hub 8-0:1.0: USB hub found
[  214.798457][ T7110] hub 8-0:1.0: 1 port detected
[  215.868708][ T7106] netlink: 12 bytes leftover after parsing attributes in process `syz.2.193'.
[  216.435527][ T7128] random: crng reseeded on system resumption
[  216.913947][ T7120] ptp ptp0: only physical clock in use now
[  218.357081][ T7146] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  218.360205][ T7147] netlink: 8 bytes leftover after parsing attributes in process `syz.2.201'.
[  218.605570][ T7152] vhci_hcd: default hub control req: 0000 v0000 i0000 l0
[  219.789286][ T7160] random: crng reseeded on system resumption
[  220.553068][ T7174] ubi: mtd0 is already attached to ubi0
[  221.451719][ T7159] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[  226.461366][ T7215] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[  229.726240][ T7253] random: crng reseeded on system resumption
[  232.284223][ T7277] FAULT_INJECTION: forcing a failure.
[  232.284223][ T7277] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  232.359112][ T7277] CPU: 0 UID: 0 PID: 7277 Comm: syz.1.227 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  232.359167][ T7277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  232.359186][ T7277] Call Trace:
[  232.359197][ T7277]  <TASK>
[  232.359210][ T7277]  dump_stack_lvl+0x16c/0x1f0
[  232.359266][ T7277]  should_fail_ex+0x512/0x640
[  232.359320][ T7277]  _copy_to_user+0x32/0xd0
[  232.359376][ T7277]  simple_read_from_buffer+0xcb/0x170
[  232.359424][ T7277]  proc_fail_nth_read+0x197/0x270
[  232.359464][ T7277]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  232.359507][ T7277]  ? rw_verify_area+0xcf/0x680
[  232.359548][ T7277]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  232.359586][ T7277]  vfs_read+0x1e1/0xc60
[  232.359639][ T7277]  ? __pfx___mutex_lock+0x10/0x10
[  232.359690][ T7277]  ? __pfx_vfs_read+0x10/0x10
[  232.359748][ T7277]  ? __fget_files+0x20e/0x3c0
[  232.359806][ T7277]  ksys_read+0x12a/0x250
[  232.359853][ T7277]  ? __pfx_ksys_read+0x10/0x10
[  232.359910][ T7277]  do_syscall_64+0xcd/0x490
[  232.359953][ T7277]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.359975][ T7277] RIP: 0033:0x7f625158d33c
[  232.359993][ T7277] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  232.360013][ T7277] RSP: 002b:00007f6252342030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  232.360034][ T7277] RAX: ffffffffffffffda RBX: 00007f62517b5fa0 RCX: 00007f625158d33c
[  232.360049][ T7277] RDX: 000000000000000f RSI: 00007f62523420a0 RDI: 0000000000000004
[  232.360062][ T7277] RBP: 00007f6252342090 R08: 0000000000000000 R09: 0000000000000000
[  232.360075][ T7277] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000001
[  232.360088][ T7277] R13: 0000000000000000 R14: 00007f62517b5fa0 R15: 00007ffca7dd80a8
[  232.360116][ T7277]  </TASK>
[  235.045161][ T7294] FAULT_INJECTION: forcing a failure.
[  235.045161][ T7294] name failslab, interval 1, probability 0, space 0, times 0
[  235.067439][ T7294] CPU: 0 UID: 0 PID: 7294 Comm: syz.0.231 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  235.067474][ T7294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  235.067489][ T7294] Call Trace:
[  235.067497][ T7294]  <TASK>
[  235.067506][ T7294]  dump_stack_lvl+0x16c/0x1f0
[  235.067547][ T7294]  should_fail_ex+0x512/0x640
[  235.067583][ T7294]  ? fs_reclaim_acquire+0xae/0x150
[  235.067613][ T7294]  ? tomoyo_encode2+0x100/0x3e0
[  235.067645][ T7294]  should_failslab+0xc2/0x120
[  235.067668][ T7294]  __kmalloc_noprof+0xd2/0x510
[  235.067704][ T7294]  ? d_absolute_path+0x136/0x1a0
[  235.067733][ T7294]  tomoyo_encode2+0x100/0x3e0
[  235.067770][ T7294]  tomoyo_encode+0x29/0x50
[  235.067806][ T7294]  tomoyo_realpath_from_path+0x18f/0x6e0
[  235.067865][ T7294]  tomoyo_path_number_perm+0x245/0x580
[  235.067894][ T7294]  ? tomoyo_path_number_perm+0x237/0x580
[  235.067922][ T7294]  ? do_raw_spin_unlock+0xe4/0x230
[  235.067954][ T7294]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  235.068014][ T7294]  ? find_held_lock+0x2b/0x80
[  235.068039][ T7294]  ? hook_file_ioctl_common+0x145/0x410
[  235.068071][ T7294]  ? __fget_files+0x20e/0x3c0
[  235.068112][ T7294]  security_file_ioctl+0x9b/0x240
[  235.068143][ T7294]  __x64_sys_ioctl+0xb7/0x210
[  235.068174][ T7294]  do_syscall_64+0xcd/0x490
[  235.068214][ T7294]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  235.068238][ T7294] RIP: 0033:0x7fb45198e929
[  235.068257][ T7294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  235.068280][ T7294] RSP: 002b:00007fb45287d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  235.068302][ T7294] RAX: ffffffffffffffda RBX: 00007fb451bb5fa0 RCX: 00007fb45198e929
[  235.068318][ T7294] RDX: 0000000000000004 RSI: 000000000000540a RDI: 0000000000000008
[  235.068331][ T7294] RBP: 00007fb451a10b39 R08: 0000000000000000 R09: 0000000000000000
[  235.068345][ T7294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  235.068359][ T7294] R13: 0000000000000000 R14: 00007fb451bb5fa0 R15: 00007ffd36405c98
[  235.068388][ T7294]  </TASK>
[  235.068412][ T7294] ERROR: Out of memory at tomoyo_realpath_from_path.
[  235.620571][ T7300] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  237.673403][ T7323] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  242.761332][ T7378] nbd: couldn't find device at index 33904
[  246.229517][ T7411] random: crng reseeded on system resumption
[  246.485207][ T7414] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  247.193734][ T7422] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  247.223265][ T7422] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  247.268272][ T7422] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  247.288701][ T7422] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  249.194240][ T7444] netlink: 326 bytes leftover after parsing attributes in process `syz.2.260'.
[  249.259104][ T5167] Bluetooth: hci1: command 0x0c1a tx timeout
[  249.265342][ T5167] Bluetooth: hci0: command 0x0c1a tx timeout
[  249.340221][ T5167] Bluetooth: hci3: command 0x0c1a tx timeout
[  249.340231][ T5859] Bluetooth: hci2: command 0x0c1a tx timeout
[  254.129124][ T7492] random: crng reseeded on system resumption
[  254.756176][ T7490] FAULT_INJECTION: forcing a failure.
[  254.756176][ T7490] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  254.838981][ T7490] CPU: 0 UID: 0 PID: 7490 Comm: syz.1.269 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  254.839034][ T7490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  254.839072][ T7490] Call Trace:
[  254.839084][ T7490]  <TASK>
[  254.839098][ T7490]  dump_stack_lvl+0x16c/0x1f0
[  254.839160][ T7490]  should_fail_ex+0x512/0x640
[  254.839217][ T7490]  should_fail_alloc_page+0xe7/0x130
[  254.839256][ T7490]  prepare_alloc_pages+0x3c2/0x610
[  254.839298][ T7490]  ? rcu_is_watching+0x12/0xc0
[  254.839348][ T7490]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  254.839410][ T7490]  ? rcu_is_watching+0x12/0xc0
[  254.839447][ T7490]  ? trace_mm_page_alloc+0x11f/0x1a0
[  254.839488][ T7490]  ? __alloc_frozen_pages_noprof+0x294/0x23f0
[  254.839551][ T7490]  ? stack_trace_save+0x8e/0xc0
[  254.839593][ T7490]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  254.839663][ T7490]  ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[  254.839716][ T7490]  ? __get_vm_area_node+0x1ca/0x330
[  254.839755][ T7490]  ? vmap+0x135/0x320
[  254.839789][ T7490]  ? relay_open_buf.part.0+0x445/0xc80
[  254.839831][ T7490]  ? relay_open+0x653/0xad0
[  254.839871][ T7490]  ? do_blk_trace_setup+0x503/0xb50
[  254.839904][ T7490]  ? blk_trace_setup+0xed/0x1b0
[  254.839937][ T7490]  ? blk_trace_ioctl+0x146/0x280
[  254.839974][ T7490]  ? blkdev_ioctl+0x108/0x6d0
[  254.840029][ T7490]  alloc_pages_bulk_noprof+0x71c/0x1410
[  254.840082][ T7490]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  254.840137][ T7490]  ? policy_nodemask+0xea/0x4e0
[  254.840175][ T7490]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[  254.840232][ T7490]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  254.840287][ T7490]  kasan_populate_vmalloc+0xf1/0x1f0
[  254.840346][ T7490]  alloc_vmap_area+0x959/0x29c0
[  254.840404][ T7490]  ? __pfx_alloc_vmap_area+0x10/0x10
[  254.840455][ T7490]  __get_vm_area_node+0x1ca/0x330
[  254.840502][ T7490]  ? relay_open_buf.part.0+0x445/0xc80
[  254.840557][ T7490]  get_vm_area_caller+0x71/0xa0
[  254.840598][ T7490]  ? relay_open_buf.part.0+0x445/0xc80
[  254.840646][ T7490]  vmap+0x135/0x320
[  254.840686][ T7490]  ? __pfx_vmap+0x10/0x10
[  254.840722][ T7490]  ? trace_kmalloc+0x2b/0xd0
[  254.840756][ T7490]  ? relay_open_buf.part.0+0x194/0xc80
[  254.840811][ T7490]  relay_open_buf.part.0+0x445/0xc80
[  254.840875][ T7490]  relay_open+0x653/0xad0
[  254.840920][ T7490]  ? debugfs_create_file_full+0x41/0x60
[  254.840971][ T7490]  do_blk_trace_setup+0x503/0xb50
[  254.841016][ T7490]  blk_trace_setup+0xed/0x1b0
[  254.841056][ T7490]  ? __pfx_blk_trace_setup+0x10/0x10
[  254.841094][ T7490]  ? __pfx_snprintf+0x10/0x10
[  254.841166][ T7490]  blk_trace_ioctl+0x146/0x280
[  254.841225][ T7490]  ? __pfx_blk_trace_ioctl+0x10/0x10
[  254.841272][ T7490]  ? find_held_lock+0x2b/0x80
[  254.841307][ T7490]  ? hook_file_ioctl_common+0x145/0x410
[  254.841351][ T7490]  blkdev_ioctl+0x108/0x6d0
[  254.841391][ T7490]  ? __pfx_blkdev_ioctl+0x10/0x10
[  254.841438][ T7490]  ? __pfx_blkdev_ioctl+0x10/0x10
[  254.841480][ T7490]  __x64_sys_ioctl+0x18e/0x210
[  254.841533][ T7490]  do_syscall_64+0xcd/0x490
[  254.841590][ T7490]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  254.841626][ T7490] RIP: 0033:0x7f625158e929
[  254.841655][ T7490] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  254.841690][ T7490] RSP: 002b:00007f6252342038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  254.841723][ T7490] RAX: ffffffffffffffda RBX: 00007f62517b5fa0 RCX: 00007f625158e929
[  254.841746][ T7490] RDX: 00002000000000c0 RSI: 00000000c0481273 RDI: 0000000000000007
[  254.841767][ T7490] RBP: 00007f6251610b39 R08: 0000000000000000 R09: 0000000000000000
[  254.841787][ T7490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  254.841808][ T7490] R13: 0000000000000000 R14: 00007f62517b5fa0 R15: 00007ffca7dd80a8
[  254.841854][ T7490]  </TASK>
[  258.818317][ T7549] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  262.524760][ T7594] zswap: compressor  not available
[  263.137444][ T7603] zswap: compressor  not available
[  265.417682][ T5167] Bluetooth: hci2: command 0x0c1a tx timeout
[  265.421682][ T5896] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  265.716996][ T7626] random: crng reseeded on system resumption
[  265.767347][ T7602] netlink: 244 bytes leftover after parsing attributes in process `syz.2.292'.
[  266.230477][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  266.243201][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  267.404869][ T7638] FAULT_INJECTION: forcing a failure.
[  267.404869][ T7638] name fail_futex, interval 1, probability 0, space 0, times 1
[  267.446744][ T7638] CPU: 1 UID: 0 PID: 7638 Comm: syz.2.297 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  267.446798][ T7638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  267.446819][ T7638] Call Trace:
[  267.446830][ T7638]  <TASK>
[  267.446844][ T7638]  dump_stack_lvl+0x16c/0x1f0
[  267.446905][ T7638]  should_fail_ex+0x512/0x640
[  267.446965][ T7638]  get_futex_key+0x1d0/0x1540
[  267.447022][ T7638]  ? __pfx_get_futex_key+0x10/0x10
[  267.447060][ T7638]  ? find_held_lock+0x2b/0x80
[  267.447099][ T7638]  ? get_pid_task+0xfc/0x250
[  267.447149][ T7638]  ? __futex_hash.constprop.0+0x1e9/0x440
[  267.447196][ T7638]  futex_wake+0xe7/0x4e0
[  267.447252][ T7638]  ? __pfx_futex_wake+0x10/0x10
[  267.447313][ T7638]  ? __lock_acquire+0x622/0x1c90
[  267.447399][ T7638]  do_futex+0x1e3/0x350
[  267.447445][ T7638]  ? __pfx_do_futex+0x10/0x10
[  267.447504][ T7638]  ? find_held_lock+0x2b/0x80
[  267.447546][ T7638]  __x64_sys_futex+0x1e0/0x4c0
[  267.447595][ T7638]  ? __x64_sys_openat+0x174/0x210
[  267.447638][ T7638]  ? __pfx___x64_sys_futex+0x10/0x10
[  267.447703][ T7638]  do_syscall_64+0xcd/0x490
[  267.447762][ T7638]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.447799][ T7638] RIP: 0033:0x7f1bdf38e929
[  267.447827][ T7638] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  267.447860][ T7638] RSP: 002b:00007f1be02c00e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  267.447893][ T7638] RAX: ffffffffffffffda RBX: 00007f1bdf5b5fa8 RCX: 00007f1bdf38e929
[  267.447916][ T7638] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1bdf5b5fac
[  267.447937][ T7638] RBP: 00007f1bdf5b5fa0 R08: 00007f1be02c1000 R09: 0000000000000000
[  267.447958][ T7638] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f1bdf5b5fac
[  267.447980][ T7638] R13: 0000000000000000 R14: 00007fff3a48c890 R15: 00007fff3a48c978
[  267.448026][ T7638]  </TASK>
[  268.957190][ T7650] 
[  268.959588][ T7650] ======================================================
[  268.966637][ T7650] WARNING: possible circular locking dependency detected
[  268.973743][ T7650] 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 Not tainted
[  268.980878][ T7650] ------------------------------------------------------
[  268.987912][ T7650] syz.3.300/7650 is trying to acquire lock:
[  268.993831][ T7650] ffff888143bd85e0 (&q->elevator_lock){+.+.}-{4:4}, at: queue_requests_store+0x1c7/0x310
[  269.003832][ T7650] 
[  269.003832][ T7650] but task is already holding lock:
[  269.011241][ T7650] ffff888143bd80a8 (&q->q_usage_counter(io)#59){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  269.022534][ T7650] 
[  269.022534][ T7650] which lock already depends on the new lock.
[  269.022534][ T7650] 
[  269.032971][ T7650] 
[  269.032971][ T7650] the existing dependency chain (in reverse order) is:
[  269.042031][ T7650] 
[  269.042031][ T7650] -> #3 (&q->q_usage_counter(io)#59){++++}-{0:0}:
[  269.050712][ T7650]        blk_alloc_queue+0x619/0x760
[  269.056051][ T7650]        blk_mq_alloc_queue+0x175/0x290
[  269.061654][ T7650]        __blk_mq_alloc_disk+0x29/0x120
[  269.067278][ T7650]        nbd_dev_add+0x4a0/0xbc0
[  269.072313][ T7650]        nbd_init+0x181/0x320
[  269.077078][ T7650]        do_one_initcall+0x120/0x6e0
[  269.082510][ T7650]        kernel_init_freeable+0x5c2/0x900
[  269.088295][ T7650]        kernel_init+0x1c/0x2b0
[  269.093219][ T7650]        ret_from_fork+0x5d7/0x6f0
[  269.098400][ T7650]        ret_from_fork_asm+0x1a/0x30
[  269.103748][ T7650] 
[  269.103748][ T7650] -> #2 (fs_reclaim){+.+.}-{0:0}:
[  269.111045][ T7650]        fs_reclaim_acquire+0x102/0x150
[  269.116649][ T7650]        prepare_alloc_pages+0x162/0x610
[  269.122337][ T7650]        __alloc_frozen_pages_noprof+0x18b/0x23f0
[  269.128812][ T7650]        __alloc_pages_noprof+0xb/0x1b0
[  269.134511][ T7650]        pcpu_populate_chunk+0x110/0xb00
[  269.140213][ T7650]        pcpu_alloc_noprof+0x86a/0x1470
[  269.145819][ T7650]        xt_percpu_counter_alloc+0x13e/0x1b0
[  269.151853][ T7650]        find_check_entry.constprop.0+0xbf/0xa20
[  269.158234][ T7650]        translate_table+0xd0b/0x17b0
[  269.163666][ T7650]        ip6t_register_table+0x102/0x430
[  269.169356][ T7650]        ip6table_nat_table_init+0x4b/0x250
[  269.175306][ T7650]        xt_find_table_lock+0x2e1/0x520
[  269.180915][ T7650]        xt_request_find_table_lock+0x28/0xf0
[  269.187085][ T7650]        get_info+0x190/0x620
[  269.191821][ T7650]        do_ip6t_get_ctl+0x169/0xa50
[  269.197154][ T7650]        nf_getsockopt+0x7c/0xe0
[  269.202131][ T7650]        ipv6_getsockopt+0x1f7/0x280
[  269.207491][ T7650]        tcp_getsockopt+0x9e/0x100
[  269.212842][ T7650]        do_sock_getsockopt+0x3fc/0x800
[  269.218454][ T7650]        __sys_getsockopt+0x123/0x1b0
[  269.223893][ T7650]        __x64_sys_getsockopt+0xbd/0x160
[  269.229602][ T7650]        do_syscall_64+0xcd/0x490
[  269.234716][ T7650]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.241181][ T7650] 
[  269.241181][ T7650] -> #1 (pcpu_alloc_mutex){+.+.}-{4:4}:
[  269.249075][ T7650]        __mutex_lock+0x199/0xb90
[  269.254161][ T7650]        pcpu_alloc_noprof+0xb4c/0x1470
[  269.259758][ T7650]        sbitmap_init_node+0x2fd/0x770
[  269.265311][ T7650]        sbitmap_queue_init_node+0x41/0x560
[  269.271250][ T7650]        blk_mq_init_tags+0x12d/0x2b0
[  269.276683][ T7650]        blk_mq_alloc_map_and_rqs+0x237/0xf60
[  269.282803][ T7650]        blk_mq_init_sched+0x30c/0x610
[  269.288301][ T7650]        elevator_switch+0x1e1/0x7f0
[  269.293627][ T7650]        elevator_change+0x2ac/0x400
[  269.298954][ T7650]        elevator_set_default+0x292/0x320
[  269.304894][ T7650]        blk_register_queue+0x393/0x4f0
[  269.310537][ T7650]        __add_disk+0x74a/0xf00
[  269.315457][ T7650]        add_disk_fwnode+0x13f/0x5d0
[  269.320813][ T7650]        nbd_dev_add+0x791/0xbc0
[  269.325807][ T7650]        nbd_init+0x181/0x320
[  269.330533][ T7650]        do_one_initcall+0x120/0x6e0
[  269.335859][ T7650]        kernel_init_freeable+0x5c2/0x900
[  269.341634][ T7650]        kernel_init+0x1c/0x2b0
[  269.346551][ T7650]        ret_from_fork+0x5d7/0x6f0
[  269.351716][ T7650]        ret_from_fork_asm+0x1a/0x30
[  269.357047][ T7650] 
[  269.357047][ T7650] -> #0 (&q->elevator_lock){+.+.}-{4:4}:
[  269.364928][ T7650]        __lock_acquire+0x126f/0x1c90
[  269.370355][ T7650]        lock_acquire+0x179/0x350
[  269.375456][ T7650]        __mutex_lock+0x199/0xb90
[  269.380573][ T7650]        queue_requests_store+0x1c7/0x310
[  269.386407][ T7650]        queue_attr_store+0x276/0x320
[  269.391836][ T7650]        sysfs_kf_write+0xef/0x150
[  269.396990][ T7650]        kernfs_fop_write_iter+0x354/0x510
[  269.402835][ T7650]        iter_file_splice_write+0x91f/0x1150
[  269.408870][ T7650]        direct_splice_actor+0x192/0x6c0
[  269.414565][ T7650]        splice_direct_to_actor+0x342/0xa30
[  269.420516][ T7650]        do_splice_direct+0x174/0x240
[  269.425938][ T7650]        do_sendfile+0xb06/0xe50
[  269.430933][ T7650]        __x64_sys_sendfile64+0x1d8/0x220
[  269.436701][ T7650]        do_syscall_64+0xcd/0x490
[  269.441799][ T7650]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.448259][ T7650] 
[  269.448259][ T7650] other info that might help us debug this:
[  269.448259][ T7650] 
[  269.458512][ T7650] Chain exists of:
[  269.458512][ T7650]   &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#59
[  269.458512][ T7650] 
[  269.472410][ T7650]  Possible unsafe locking scenario:
[  269.472410][ T7650] 
[  269.479888][ T7650]        CPU0                    CPU1
[  269.485280][ T7650]        ----                    ----
[  269.490674][ T7650]   lock(&q->q_usage_counter(io)#59);
[  269.496097][ T7650]                                lock(fs_reclaim);
[  269.502748][ T7650]                                lock(&q->q_usage_counter(io)#59);
[  269.510715][ T7650]   lock(&q->elevator_lock);
[  269.515364][ T7650] 
[  269.515364][ T7650]  *** DEADLOCK ***
[  269.515364][ T7650] 
[  269.523541][ T7650] 5 locks held by syz.3.300/7650:
[  269.528630][ T7650]  #0: ffff8880253ae428 (sb_writers#7){.+.+}-{0:0}, at: splice_direct_to_actor+0x342/0xa30
[  269.538732][ T7650]  #1: ffff88805999dc88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  269.548574][ T7650]  #2: ffff888142bc7008 (kn->active#120){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[  269.558750][ T7650]  #3: ffff888143bd80a8 (&q->q_usage_counter(io)#59){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  269.570503][ T7650]  #4: ffff888143bd80e0 (&q->q_usage_counter(queue)#11){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  269.582511][ T7650] 
[  269.582511][ T7650] stack backtrace:
[  269.588437][ T7650] CPU: 0 UID: 0 PID: 7650 Comm: syz.3.300 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  269.588472][ T7650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  269.588489][ T7650] Call Trace:
[  269.588500][ T7650]  <TASK>
[  269.588511][ T7650]  dump_stack_lvl+0x116/0x1f0
[  269.588556][ T7650]  print_circular_bug+0x275/0x350
[  269.588595][ T7650]  check_noncircular+0x14c/0x170
[  269.588637][ T7650]  __lock_acquire+0x126f/0x1c90
[  269.588679][ T7650]  ? __lock_acquire+0xb8a/0x1c90
[  269.588719][ T7650]  lock_acquire+0x179/0x350
[  269.588756][ T7650]  ? queue_requests_store+0x1c7/0x310
[  269.588807][ T7650]  ? __pfx___might_resched+0x10/0x10
[  269.588838][ T7650]  ? do_raw_spin_lock+0x12c/0x2b0
[  269.588884][ T7650]  __mutex_lock+0x199/0xb90
[  269.588926][ T7650]  ? queue_requests_store+0x1c7/0x310
[  269.588972][ T7650]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  269.589010][ T7650]  ? queue_requests_store+0x1c7/0x310
[  269.589054][ T7650]  ? lockdep_hardirqs_on+0x7c/0x110
[  269.589095][ T7650]  ? __pfx___mutex_lock+0x10/0x10
[  269.589141][ T7650]  ? __pfx_autoremove_wake_function+0x10/0x10
[  269.589181][ T7650]  ? queue_requests_store+0x1c7/0x310
[  269.589226][ T7650]  queue_requests_store+0x1c7/0x310
[  269.589272][ T7650]  ? __pfx_queue_requests_store+0x10/0x10
[  269.589321][ T7650]  ? __mutex_trylock_common+0xe9/0x250
[  269.589361][ T7650]  ? __pfx_queue_requests_store+0x10/0x10
[  269.589408][ T7650]  queue_attr_store+0x276/0x320
[  269.589460][ T7650]  ? __pfx_queue_attr_store+0x10/0x10
[  269.589501][ T7650]  ? __lock_acquire+0x622/0x1c90
[  269.589548][ T7650]  ? find_held_lock+0x2b/0x80
[  269.589576][ T7650]  ? sysfs_file_kobj+0xe4/0x290
[  269.589611][ T7650]  ? __pfx_queue_attr_store+0x10/0x10
[  269.589654][ T7650]  sysfs_kf_write+0xef/0x150
[  269.589688][ T7650]  kernfs_fop_write_iter+0x354/0x510
[  269.589717][ T7650]  ? __pfx_sysfs_kf_write+0x10/0x10
[  269.589751][ T7650]  iter_file_splice_write+0x91f/0x1150
[  269.589804][ T7650]  ? __pfx_iter_file_splice_write+0x10/0x10
[  269.589845][ T7650]  ? __pfx_copy_splice_read+0x10/0x10
[  269.589889][ T7650]  ? __pfx_iter_file_splice_write+0x10/0x10
[  269.589929][ T7650]  direct_splice_actor+0x192/0x6c0
[  269.589967][ T7650]  splice_direct_to_actor+0x342/0xa30
[  269.590004][ T7650]  ? __pfx_direct_splice_actor+0x10/0x10
[  269.590044][ T7650]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  269.590086][ T7650]  do_splice_direct+0x174/0x240
[  269.590121][ T7650]  ? __pfx_do_splice_direct+0x10/0x10
[  269.590157][ T7650]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  269.590195][ T7650]  ? rw_verify_area+0xcf/0x680
[  269.590232][ T7650]  do_sendfile+0xb06/0xe50
[  269.590272][ T7650]  ? __pfx_do_sendfile+0x10/0x10
[  269.590309][ T7650]  ? handle_mm_fault+0x2ab/0xd10
[  269.590347][ T7650]  ? __x64_sys_futex+0x1e0/0x4c0
[  269.590381][ T7650]  ? __x64_sys_futex+0x1e9/0x4c0
[  269.590423][ T7650]  __x64_sys_sendfile64+0x1d8/0x220
[  269.590451][ T7650]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[  269.590483][ T7650]  do_syscall_64+0xcd/0x490
[  269.590527][ T7650]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.590555][ T7650] RIP: 0033:0x7fb9ecb8e929
[  269.590577][ T7650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  269.590604][ T7650] RSP: 002b:00007fb9eda94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  269.590629][ T7650] RAX: ffffffffffffffda RBX: 00007fb9ecdb5fa0 RCX: 00007fb9ecb8e929
[  269.590647][ T7650] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000004
[  269.590665][ T7650] RBP: 00007fb9ecc10b39 R08: 0000000000000000 R09: 0000000000000000
[  269.590682][ T7650] R10: 0000000000000200 R11: 0000000000000246 R12: 0000000000000000
[  269.590699][ T7650] R13: 0000000000000000 R14: 00007fb9ecdb5fa0 R15: 00007fffa0c05368
[  269.590724][ T7650]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  270.784879][   T73] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  270.881820][   T73] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  270.934683][   T73] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  270.983022][   T73] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  271.130119][   T73] bridge_slave_1: left allmulticast mode
[  271.135858][   T73] bridge_slave_1: left promiscuous mode
[  271.145031][   T73] bridge0: port 2(bridge_slave_1) entered disabled state
[  271.155501][   T73] bridge_slave_0: left allmulticast mode
[  271.161593][   T73] bridge_slave_0: left promiscuous mode
[  271.167903][   T73] bridge0: port 1(bridge_slave_0) entered disabled state
[  271.283917][   T73] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  271.294374][   T73] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  271.305362][   T73] bond0 (unregistering): Released all slaves
[  271.375099][   T73] ovs_ÿþ: left promiscuous mode
[  271.553366][   T73] hsr_slave_0: left promiscuous mode
[  271.561871][   T73] hsr_slave_1: left promiscuous mode
[  271.569483][   T73] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  271.576983][   T73] batman_adv: batadv0: Removing interface: batadv_slave_0
[  271.587739][   T73] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  271.595220][   T73] batman_adv: batadv0: Removing interface: batadv_slave_1
[  271.609015][   T73] veth1_macvtap: left promiscuous mode
[  271.614635][   T73] veth0_macvtap: left promiscuous mode
[  271.622081][   T73] veth1_vlan: left promiscuous mode
[  271.627538][   T73] veth0_vlan: left promiscuous mode
[  271.823764][   T73] team0 (unregistering): Port device team_slave_1 removed
[  271.850206][   T73] team0 (unregistering): Port device team_slave_0 removed
[  272.197495][   T73] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  272.256074][   T73] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  272.314539][   T73] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  272.404186][   T73] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  272.523330][   T73] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  272.573419][   T73] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  272.645720][   T73] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  272.769760][   T73] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  272.833390][   T73] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  272.888489][   T73] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  272.946253][   T73] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  273.064992][   T73] bridge_slave_1: left allmulticast mode
[  273.072317][   T73] bridge_slave_1: left promiscuous mode
[  273.078458][   T73] bridge0: port 2(bridge_slave_1) entered disabled state
[  273.088621][   T73] bridge_slave_0: left allmulticast mode
[  273.094390][   T73] bridge_slave_0: left promiscuous mode
[  273.101894][   T73] bridge0: port 1(bridge_slave_0) entered disabled state
[  273.112300][   T73] bridge_slave_1: left allmulticast mode
[  273.118783][   T73] bridge_slave_1: left promiscuous mode
[  273.124732][   T73] bridge0: port 2(bridge_slave_1) entered disabled state
[  273.134231][   T73] bridge_slave_0: left allmulticast mode
[  273.141006][   T73] bridge_slave_0: left promiscuous mode
[  273.146782][   T73] bridge0: port 1(bridge_slave_0) entered disabled state
[  273.157808][   T73] bridge_slave_1: left allmulticast mode
[  273.163550][   T73] bridge_slave_1: left promiscuous mode
[  273.173666][   T73] bridge0: port 2(bridge_slave_1) entered disabled state
[  273.186243][   T73] bridge_slave_0: left allmulticast mode
[  273.193430][   T73] bridge_slave_0: left promiscuous mode
[  273.200883][   T73] bridge0: port 1(bridge_slave_0) entered disabled state
[  273.369495][   T73] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  273.380282][   T73] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  273.390145][   T73] bond0 (unregistering): Released all slaves
[  273.461009][   T73] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  273.471176][   T73] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  273.481694][   T73] bond0 (unregistering): Released all slaves
[  273.564546][   T73] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  273.574706][   T73] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  273.584838][   T73] bond0 (unregistering): Released all slaves
[  273.663442][   T73] ovs_ÿÃ: left promiscuous mode
[  274.043428][   T73] hsr_slave_0: left promiscuous mode
[  274.050757][   T73] hsr_slave_1: left promiscuous mode
[  274.056673][   T73] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  274.064594][   T73] batman_adv: batadv0: Removing interface: batadv_slave_0
[  274.072701][   T73] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  274.080567][   T73] batman_adv: batadv0: Removing interface: batadv_slave_1
[  274.091536][   T73] hsr_slave_0: left promiscuous mode
[  274.098616][   T73] hsr_slave_1: left promiscuous mode
[  274.104417][   T73] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  274.111998][   T73] batman_adv: batadv0: Removing interface: batadv_slave_0
[  274.119767][   T73] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  274.127351][   T73] batman_adv: batadv0: Removing interface: batadv_slave_1
[  274.136692][   T73] hsr_slave_0: left promiscuous mode
[  274.142799][   T73] hsr_slave_1: left promiscuous mode
[  274.148789][   T73] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  274.156242][   T73] batman_adv: batadv0: Removing interface: batadv_slave_0
[  274.163979][   T73] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  274.171557][   T73] batman_adv: batadv0: Removing interface: batadv_slave_1
[  274.186842][   T73] veth1_macvtap: left promiscuous mode
[  274.192582][   T73] veth0_macvtap: left promiscuous mode
[  274.198259][   T73] veth1_vlan: left promiscuous mode
[  274.203722][   T73] veth0_vlan: left promiscuous mode
[  274.209893][   T73] veth1_macvtap: left promiscuous mode
[  274.215421][   T73] veth0_macvtap: left promiscuous mode
[  274.221089][   T73] veth1_vlan: left promiscuous mode
[  274.226407][   T73] veth0_vlan: left promiscuous mode
[  274.232594][   T73] veth1_macvtap: left promiscuous mode
[  274.238201][   T73] veth0_macvtap: left promiscuous mode
[  274.482136][   T73] team0 (unregistering): Port device team_slave_1 removed
[  274.509146][   T73] team0 (unregistering): Port device team_slave_0 removed
[  274.692890][   T73] team0 (unregistering): Port device team_slave_1 removed
[  274.722028][   T73] team0 (unregistering): Port device team_slave_0 removed
[  274.879840][   T73] team0 (unregistering): Port device team_slave_1 removed
[  274.904010][   T73] team0 (unregistering): Port device team_slave_0 removed