last executing test programs:

4m44.039157846s ago: executing program 3 (id=458):
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
fanotify_init$auto(0x5, 0x2000000000002)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x26, 0x80805, 0x0)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
ioctl$auto(0x3, 0xff05, 0x0) (fail_nth: 7)

4m43.737310355s ago: executing program 3 (id=459):
mmap$auto(0xfffffffffffffffe, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
r0 = fanotify_init$auto(0x5, 0x2000000000002)
syz_clone(0x4000011, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$auto(r1, 0x1, 0x8, 0x0, 0x269)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r1)
mq_notify$auto(0xffffffffffffffff, &(0x7f0000000280)={@sival_int=0x4, @raw, 0x2, @_sigev_thread={0x0, 0x0}})
read$auto_media_devnode_fops_mc_devnode(r0, &(0x7f0000000000)=""/15, 0xf)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x26, 0x80805, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r2 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kcore\x00', 0x101000, 0x0)
sendfile$auto(0x3, r3, 0x0, 0x400000000006)
r4 = socket(0x1d, 0x2, 0x7)
r5 = socket(0x2, 0x3, 0x7)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r6=>0x0})
bind$auto(r4, &(0x7f0000000000)=@can={0x1d, r6}, 0x6a)
connect$auto(0x3, &(0x7f00000018c0)=@can, 0x18)
syz_genetlink_get_family_id$auto_netdev(0x0, 0xffffffffffffffff)
ioctl$auto_CEC_G_MODE(r2, 0x80046108, &(0x7f0000000200)=0x5)
r7 = socket(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, 0x0, 0xfd}, 0x6a)
open(0x0, 0x4e8401, 0xe)
syz_open_procfs$namespace(0xffffffffffffffff, 0x0)
sendmsg$auto_NETDEV_CMD_QUEUE_GET(r5, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20008000}, 0x40000)

4m40.617560258s ago: executing program 3 (id=468):
unshare$auto(0x40000080)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/ceph/parameters/disable_send_metrics\x00', 0xc0202, 0x0)
write$auto(r0, &(0x7f0000000000)='P^\x00', 0x8)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/core/rps_default_mask\x00', 0x40c082, 0x0)
write$auto_proc_sys_file_operations_proc_sysctl(r1, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0x1d, 0x2, 0x7)
r2 = socket(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth1_to_bond\x00'})
r3 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x44f380, 0x0)
mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x401f, 0x1, 0x8e051, r3, 0x0)
bpf$auto(0xd, 0x0, 0x6f5)
mmap$auto(0x0, 0x2020007, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
init_module$auto(0x0, 0xffff9, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x8000000000000000, 0x15)
madvise$auto(0x0, 0x2000000080000001, 0x3)
mmap$auto(0x0, 0x0, 0x40000003, 0x18, 0xfffffffffffffffa, 0xfffffffffffffff6)
capget$auto(0x0, 0xfffffffffffffffe)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80, 0x0)
r4 = clone$auto(0x7a, 0x7, &(0x7f0000000100)=0x66a98ac3, &(0x7f0000000140)=0x1c, 0xffffffff)
r5 = pidfd_open$auto(r4, 0x6)
setns(r5, 0x60020000)
umount2$auto(&(0x7f0000000080)='.\x00', 0xa)
ioprio_set$auto(0x2, 0x800000000, 0x8)
mmap$auto(0x0, 0x7ffe, 0x4000000000df, 0xfff, 0x401, 0x4)
move_pages$auto(0x0, 0x5, 0x0, &(0x7f00000003c0)=0x1, 0x0, 0x2)
fallocate$auto(0xffffffffffffffff, 0x0, 0x400, 0xcbd5d)
sendfile$auto(0x3, 0x3, 0x0, 0x400000000006)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

4m36.314870223s ago: executing program 3 (id=474):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
listmount$auto(0x0, 0x0, 0x0, 0x1) (async, rerun: 32)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb2, 0x403, 0x8000) (async, rerun: 32)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async)
madvise$auto(0x0, 0xfffffffffffeffff, 0x15) (async, rerun: 32)
r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/003/001\x00', 0x1, 0x0) (rerun: 32)
ioctl$auto_USBDEVFS_BULK32(r0, 0xc0105502, 0x0)
socket(0x2, 0x3, 0x100) (async, rerun: 32)
mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) (rerun: 32)
close_range$auto(0x2, 0x8, 0x0) (async)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/nbd10/queue/zone_append_max_bytes\x00', 0x80, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/image_size\x00', 0x181002, 0x0) (async)
write$auto(0x3, 0x0, 0xfffffdef)
socket(0x10, 0x2, 0x0) (async)
bpf$auto(0x5, 0x0, 0x1000) (async)
readv$auto(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x5}, 0x3) (async)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x68, 0x0, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@HSR_A_IF1_AGE={0x1, 0x3, 0x200}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x8000}, @HSR_A_IFINDEX={0x8}, @HSR_A_NODE_ADDR_B={0x4}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_NODE_ADDR_B={0x0, 0x5, @broadcast}, @HSR_A_IF1_SEQ={0x0, 0x6, 0xf}, @HSR_A_IF2_SEQ={0x0, 0x7, 0x7}, @HSR_A_IF2_AGE={0x8, 0x4, 0x973}]}, 0x68}, 0x1, 0x0, 0x0, 0x18a64d47ddeca1f0}, 0x4040090) (async)
socket(0x2, 0x3, 0x100)
socket(0x10, 0x2, 0x0) (async)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket(0x10, 0x3, 0x0) (async)
pipe2$auto(0x0, 0x80) (async)
keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) (async)
keyctl$auto(0x4, 0xffffffffffffffff, 0x9b, 0x0, 0x5) (async)
mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000) (async)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000100), 0x20400, 0x0)

4m31.893475247s ago: executing program 3 (id=481):
tkill$auto(0x1, 0x7)
keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x0, 0x48eafc79)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r0 = eventfd$auto(0xc)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x20100, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
preadv2$auto(r0, &(0x7f0000001000)={0x0, 0x9}, 0x2, 0xffffffffffffffff, 0x7, 0x0)
r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC2\x00', 0x0, 0x0)
fsconfig$auto_SHMEM_HUGE_NEVER(r0, 0x9, &(0x7f0000000080)='\'(\x00', &(0x7f0000000200)="844545a6166b67874b23b36241dbfe6d32bb7005d0ca81d6f147085172ed6f53e5b980c69662a24e7311965646bb87cef5d86424c2e82a46dd96f5d25b1e843714cbee5b", 0x0)
r2 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0)
mmap$auto(0x14, 0x2020006, 0x205, 0xeb5, r0, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
io_uring_setup$auto(0x40000002c55, 0x0)
recvmsg$auto(0x4, 0x0, 0x33c)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_GET_INTERFACE(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000700)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010b27bd7000fbdbdf2505000000"], 0x14}, 0x1, 0x0, 0x0, 0x4000049}, 0x4000080)
ioctl$auto_USB_RAW_IOCTL_EP_DISABLE(r2, 0x40045506, &(0x7f0000000040)=0x1)
r5 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/radio2\x00', 0x0, 0x0)
read$auto_v4l2_fops_v4l2_dev(r5, 0x0, 0x300)
r6 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/radio2\x00', 0x0, 0x0)
read$auto_v4l2_fops_v4l2_dev(r6, 0x0, 0x300)
ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, &(0x7f00000001c0)=0x6)
unshare$auto(0x40000080)

4m25.42576195s ago: executing program 3 (id=493):
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = socket(0xa, 0x1, 0x84)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x7, 0x0, 0x5, 0x20003, 0x2000000000210006, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x9, 0xfffffffffffffffe, 0x3, 0x105, 0x7, 0x0, 0x0, 0x2}, 0x1fe, 0x81)
sendmsg$auto_NL802154_CMD_SET_CCA_MODE(0xffffffffffffffff, &(0x7f0000001f40)={0x0, 0x0, &(0x7f0000001f00)={&(0x7f0000000180)=ANY=[@ANYBLOB='*', @ANYRES16, @ANYBLOB="010029bd"], 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000"], 0x1ac}}, 0x4004)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0x4)
r1 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
pipe$auto(0x0)
setsockopt$auto(0x3, 0x1, 0x10, 0x0, 0x9)
recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0xbb, 0x0, 0x8, 0x0, 0x81, 0x9}, 0xfffffffb}, 0x5, 0x6586, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r2 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x37}}, 0x6e)
sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
fanotify_init$auto(0x65, 0x2)
pipe$auto(0x0)
dup2$auto(0x5, 0x4)
write$auto(0x6, 0x0, 0x100000001)
splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
setsockopt$auto(r3, 0x104000000000010e, 0xc, 0x0, 0x6)

4m24.321660614s ago: executing program 32 (id=493):
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = socket(0xa, 0x1, 0x84)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x7, 0x0, 0x5, 0x20003, 0x2000000000210006, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x9, 0xfffffffffffffffe, 0x3, 0x105, 0x7, 0x0, 0x0, 0x2}, 0x1fe, 0x81)
sendmsg$auto_NL802154_CMD_SET_CCA_MODE(0xffffffffffffffff, &(0x7f0000001f40)={0x0, 0x0, &(0x7f0000001f00)={&(0x7f0000000180)=ANY=[@ANYBLOB='*', @ANYRES16, @ANYBLOB="010029bd"], 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000"], 0x1ac}}, 0x4004)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0x4)
r1 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
pipe$auto(0x0)
setsockopt$auto(0x3, 0x1, 0x10, 0x0, 0x9)
recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0xbb, 0x0, 0x8, 0x0, 0x81, 0x9}, 0xfffffffb}, 0x5, 0x6586, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r2 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x37}}, 0x6e)
sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
fanotify_init$auto(0x65, 0x2)
pipe$auto(0x0)
dup2$auto(0x5, 0x4)
write$auto(0x6, 0x0, 0x100000001)
splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
setsockopt$auto(r3, 0x104000000000010e, 0xc, 0x0, 0x6)

3m57.829108058s ago: executing program 0 (id=577):
r0 = socket(0xa, 0x2, 0x73)
sendto$auto(r0, 0x0, 0xfffffdef, 0xfffffffe, &(0x7f0000000000)=@generic={0xa, "e208004002de00"}, 0x1c)

3m57.609817733s ago: executing program 0 (id=578):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x8002, 0x2)
mmap$auto(0x0, 0x9, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/can/rcvlist_sff\x00', 0x0, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0)
mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x8e051, r0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
init_module$auto(0x0, 0xffff9, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x8000000000000000, 0x15)
madvise$auto(0x0, 0x2000000080000001, 0x3)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
capget$auto(0x0, 0xfffffffffffffffe)
close_range$auto(r0, r0, 0xf)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80, 0x0)
move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x91e4)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
msgctl$auto_IPC_RMID(0x37, 0x0, &(0x7f0000000100)={{0x2, <r2=>0x0, 0x0, 0x100, 0x5, 0x8, 0xffff}, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x1, 0x7, 0x6, 0x2, 0xdff, 0x15f, 0x6, 0xd, 0x9, @raw=0x80, @inferred=0xffffffffffffffff})
r3 = getuid()
newfstatat$auto(r1, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x4799, 0x40, 0x54dd, 0x2, 0xffffffffffffffff, <r4=>0xffffffffffffffff, 0x0, 0xfffffffffffffff9, 0x5, 0xffffffffffffff2d, 0x8, 0x10001, 0x54e, 0x4, 0x1, 0xc, 0x1}, 0x8)
keyctl$auto(0x8, r2, r3, r4, 0x2)
statmount$auto(0x0, 0x0, 0x1fe, 0xd)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000600), r5)
sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(r5, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000280)=ANY=[@ANYBLOB="00000000748435a7f3f78d38f65fcc252cd062ae58da8aa0693452323a2223eaf81197e32acbcc2af115a410d58b69f74df5240a1d07d7024d1b24a3c0f278838581d27f5177c3e3a16356e22e25bde779d97b7cde", @ANYRES16=r6, @ANYBLOB="01002bbd7000fbdbdf250700000004000600060001004a000000"], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80)
sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008)
move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x91e4)

3m56.131212553s ago: executing program 0 (id=584):
mmap$auto(0x0, 0x20009, 0x4000000000db, 0x12, 0x400, 0x18002) (async)
mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) (async)
r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40040, 0x0) (async)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f0000000040)='{\x00', 0xfff) (async)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
r2 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='&\x00', @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) (async)
read$auto(r2, &(0x7f0000002300)='MAC802154_HWSIM\x00', 0xfdef) (async)
openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/snd/pcmC1D1p\x00', 0x40341, 0x0) (async)
mmap$auto(0x5, 0x40009, 0xe0, 0x9b72, 0xffffffffffffffff, 0x6) (async)
r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop2\x00', 0x240002, 0x0) (async)
open(0x0, 0x161342, 0x0)
msync$auto(0x1ffff000, 0x1800000ff010000, 0x400000004)
listmount$auto(&(0x7f00000000c0)={0x2, @inferred=r3, 0x5, 0x2, 0x9}, &(0x7f00000001c0)=0x6, 0x4, 0x101)
r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000100), 0xffffffffffffffff) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_ETHTOOL_MSG_DEBUG_GET(r5, &(0x7f0000002880)={0x0, 0x0, &(0x7f0000002840)={&(0x7f00000027c0)={0x18, r4, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@ETHTOOL_A_DEBUG_HEADER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x44005}, 0x20000000) (async)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r7 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_CTRL_CMD_GETPOLICY(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c0000106d8aadab9cc20a876bdd01f45465e057eeaaef93ebcc3ce7971bc88c31314137fcc7b1ca9bb3e1b49b9bbb5569b354f3d7fe72c5b3f0ee7040f496150629f2fd2bd7dbc53648823aef3179a84221cb02daa85978f034b02c384a8709362b9a98f1f1aa2a5b35278393b88ff6eb17934ea7df0ebe11e1cdaa93596f53eb2e6a7578b76c3f65a5e8faacfefa926889695f0c74053419501066cf8fcc72603f4f03eed3a9ace1093e7cc45e808527e1c1de9c2e8e95f4c0bbf0e9bcff4eb5afb445a0fd86d4302ff43d77e4ea06a26598bc954522c15fc1c28de2ebf259dfbd58fa6b491dd73274733d646669ee719b5223c70f45dd1efc00a037d3544f43358dcfd593c7045cb3ed6afb11001c42dd2ffa1cd69536195295ae82d090ba9a1bba96bce73b1907af5d67719b80314bf94814a2e4c80f25717da1a3e7a2efbb3ac5a0cee5dcb06045e673589f806abcb9468e13ca", @ANYRES16=r7, @ANYBLOB="01032cb57000fbdbdf250a0000000600010017000000"], 0x1c}, 0x1, 0x0, 0x0, 0x400c01d}, 0x0) (async)
syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), r6) (async)
mmap$auto(0x5, 0x6, 0xdf, 0x9b72, 0x2, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x2e2582, 0x0) (async)
pread64$auto(0xffffffffffffffff, 0x0, 0x0, 0x9)

3m55.0091439s ago: executing program 0 (id=587):
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0)
capget$auto(&(0x7f0000000000)={0x19980330}, 0x0)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) (async)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000002500), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), r0)
sendmsg$auto_OVS_DP_CMD_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010026bd7020f8dbdf250100000008000200", @ANYRES32=0x4, @ANYBLOB="080001004866520008000200", @ANYRES32=0x9, @ANYBLOB="2bd99bf61b16b4561942b6fd0304850c520dbb8d39ab052978f84f3cc4e23b2db30218137cf7c8d9d8a45171d7398c0fd9a799f95057e9f2be3c80b1ae939e46e881d61052a4a5688309887bab58fad90b934e4de3ea58ef02e5f90af85cc3a9944ca0c0b6efa3c7804cdb3f374747369450483a6f313b135fa15a419e3fa0cc1ac19fa5c5beaf0cd1047df9ddc28cfa139e344062d616055287e8539ac5d1273d7ac562b74fb7a857e9672282529d8bab6892c8c2d809b5bdbc44c1f5bf1e1cd6b1ce5225f52adc467966d54e3a7539c004c995812bc8010000000000000096b87052fe8dee209829af4be88047d750b129032a4abb38951cf1b6504e09301002aaba63bdd8adf7147fa8ec81cc7bfaf48931d8670b76c135346a178b75226bc1642387bfd9a7e25e14e00d121aaff4edc0fc5fea7467d03df9913ec215fdbc99f3578731a850a37fcf2ca97ede1407e5cbe3a32b371300b7b767701f198766a0c23e4740f5924ed96604d8213fd160c89668652555960ec60f9e9c8013fe4a93d9b02581de0504e468cc7c730ba515f9a3aa85eb5c2a81105c0ae1731f286c9f1e525d65fe0e887e5d7299fb4b6c04c39e19c6d8fdaac89b82f755b31d4a760246e97ba10cab19b16e91d4db6c5178774fde949c4b24821e41f7de36eb6e136a5aa609be9a57918c6596be72d5050be51c6b3aa1ba5eb4c8029b63c97f7cfcec6fa091dde2d06d59cb69b8ff7237bd6524562343257404858d69abf06f7aae00dcf7b1c1326f13e319d337aa1e3082b42ae5c271c37f25e586652eeb6041381e9d2afc5d81ec9a0000"], 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x4000080) (async, rerun: 64)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/auth.rpcsec.context/channel\x00', 0x101002, 0x0) (rerun: 64)
r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/auth.rpcsec.context/channel\x00', 0x101002, 0x0)
read$auto(r2, 0x0, 0x10001) (async)
syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 32)
socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x5, 0x0) (async, rerun: 32)
setsockopt$auto(0x3, 0x10000000084, 0x20, 0x0, 0x4) (async, rerun: 32)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000500)={'gretap0\x00'}) (async)
sendmsg$auto_BATADV_CMD_SET_MESH(0xffffffffffffffff, 0x0, 0x140080e4)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x44f, 0x807, 0x5, 0x717e, 0x1ffde, 0x7, 0x3, 0x8, 0x9, 0x80003, 0x8, 0x200000000001, 0x384, 0x9, 0x1, 0x10006, 0x400007f, 0x7, 0x0, 0xe, 0x22000, 0x200, 0x0, 0x84, 0x2, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x117, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4, 0x0, 0x10000000, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x1f7, 0xd)
openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000000c0), 0x4d6602, 0x0) (async, rerun: 32)
ioperm$auto(0x2, 0x8000, 0x2b325536) (rerun: 32)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = open(&(0x7f00000005c0)='./file0\x00', 0x40000, 0x1ba)
getdents64$auto(r4, 0x0, 0x400) (async, rerun: 64)
clone$auto(0x100000020003b49, 0x80000000002, 0x0, 0x0, 0x4) (rerun: 64)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(r5, 0xfffffffffffff000, 0x9)

3m52.534165374s ago: executing program 0 (id=597):
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop9\x00', 0x41e5c0, 0x0)
ioperm$auto(0x7, 0x6, 0x0)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
r2 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0)
fchmod$auto(0x0, 0x9b9a)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
socket(0x6, 0x1, 0x2000008)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/neigh/wg0/base_reachable_time\x00', 0xa0202, 0x0)
writev$auto(0x3, &(0x7f0000000100)={&(0x7f00000001c0), 0x7111}, 0x8)
unshare$auto(0x40000080)
r3 = socket(0xa, 0x3, 0x2c)
setsockopt$auto(r3, 0x1, 0x44, &(0x7f0000000180)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\t\xf8p\xc6\xb9E\x81\xb6F\x96\xa6\xba\xf4\x98;n\xb2nA6\x1a\xb9\xac\xde\x0e\x90\x18\xf1\x13I\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\xc2\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x00\x00\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81', 0xa95e)
mmap$auto(0x0, 0x202000b, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r4 = fcntl$auto(0x2, 0x40c, 0x7f)
ioctl$auto_BLKPG(r0, 0x1269, 0x0)
r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
write$auto(r5, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
syz_genetlink_get_family_id$auto_mac802154_hwsim(0x0, r2)
r6 = fanotify_init$auto(0x401, 0x1)
write$auto(0x3, 0x0, 0xfdef)
mq_timedsend$auto(0xffffffffffffffff, &(0x7f0000000040)='@*!:}\xc1-.!\\#[./\',-\x00', 0x80, 0x9, 0x0)
mq_timedreceive$auto(0xffffffffffffffff, &(0x7f0000000400)=' \x00;\xcc\xc7\x0f\xce\x8b|\xc0+I?\x8d+c\x82\x18\xec\xc5S\x19\xd7Vd\xecT\xf8\xaby\x82e\xb7\x1dz\xf5:\x80\x00\x00\x00\xf1\thR\x01N\xe6J\xfb\xc1\xd8J\xd6\xc0\xd2&\xa4\xdc\xe7}\xd5\xbb\xa9\x19\xaev9\xadP\x17Wh$\xb4\xfb\x1a:\xe8%\r\x11\xf8\xb7', 0x4dcd, 0x0, 0x0)
r7 = ioctl$auto_NS_GET_USERNS(r4, 0xb701, 0x0)
ioctl$auto_BLKRAGET(r7, 0x1263, 0x0)
setresuid$auto(0xffffffffffffffff, 0x0, 0x0)
msgsnd$auto(0x0, &(0x7f0000000000)={0x1, 0x5}, 0x8, 0x7)
ioctl$auto_BLKOPENZONE(r0, 0x40101286, &(0x7f0000000040)={0x2, 0xf})
dup2$auto(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$auto_snd_seq_f_ops_seq_clientmgr(r6, 0x8, &(0x7f0000000080)="9f68304f3e1e0149feb88d8d0e4af1bafb3173f9f7f6439e5d133070b54c1addb01f08da20ae744afe71715e8d37665ecb1238c7a5f7a333f0")

3m38.880729619s ago: executing program 0 (id=620):
mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xfffefffffffffffa, 0x8000)
ioctl$auto_SNDCTL_DSP_GETODELAY(0xffffffffffffffff, 0x80045017, &(0x7f0000000c00))
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x8, 0xffffffffffffff49, 0x5, 0x1823, 0x800000000004, 0x1, 0x5, 0x19, 0x10, 0x5, 0x2dde, 0x8, 0xfffffffffffffffa, 0xab, 0x0, 0x1]}, &(0x7f0000000040)={0x0, 0x7})
r0 = io_uring_setup$auto(0x6, 0x0)
close_range$auto(0x2, r0, 0x7)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f)

3m22.86809294s ago: executing program 33 (id=620):
mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xfffefffffffffffa, 0x8000)
ioctl$auto_SNDCTL_DSP_GETODELAY(0xffffffffffffffff, 0x80045017, &(0x7f0000000c00))
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x8, 0xffffffffffffff49, 0x5, 0x1823, 0x800000000004, 0x1, 0x5, 0x19, 0x10, 0x5, 0x2dde, 0x8, 0xfffffffffffffffa, 0xab, 0x0, 0x1]}, &(0x7f0000000040)={0x0, 0x7})
r0 = io_uring_setup$auto(0x6, 0x0)
close_range$auto(0x2, r0, 0x7)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f)

1m34.812311453s ago: executing program 5 (id=939):
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
mmap$auto(0x2, 0x4, 0x3, 0xeb1, 0x401, 0xca)
keyctl$auto(0x5, 0xffffeffffffffffe, 0x107, 0x803, 0x800000000000c)
mq_open$auto(0x0, 0x60, 0x1, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0)
write$auto(r0, &(0x7f0000000180)='/de\b\xfe\xcdEio1\x00\x05\x00\x00\x02\xff\xffqHF\xa1\xedk\xf0x\x8f\xed\xd6\xca#\n(\xca#\x9c\xed\xb1\xd7\xef\xff\xf3\xbb\x84TW\x1b\xfaN\x92\xb1:*:jr\xb4\xba\xaf\xdd\xfc\x1aW+\x18\x86\xd8\x03\xd1\x92k\x8e\xe0|P\x1d3\xd9\xe0\x7fg\x94\x01\xc5\xe8\x00\xb5`3\xe4\x16?H\xbe[\xf7KQ\xe2\xc1\x15\xb9\xe6\'?\xb8\xd7A\xffl\xeb\xd2\xa7\x9c\xec\xb5\xa6\x9fzcXF\xac\xaf\xe5\xab\xad+\xdf\xa64\x18p\x1a\xafl\xf1\x90k\x8e\xcf\xe6WM\xf3\x96\xcb\xc8L\xc5C\x89`\x0fi\xac\xa3`\xc3\xa3\xdbv\x01\x8a\xd0\xce\xa5C\x00'/181, 0xa3db)
mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2)
mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000)
mmap$auto(0x401000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)

1m34.037076289s ago: executing program 5 (id=940):
mmap$auto(0x0, 0x3, 0x40000000009f, 0x10000000040eb1, 0x401, 0x300000000000)
syz_clone(0x2360411, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3)
madvise$auto(0x0, 0x20200, 0x15)
futex$auto(0x0, 0x6, 0x7, 0x0, 0x0, 0x80000002)

1m31.355726574s ago: executing program 5 (id=948):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000c00), r0)
sendmsg$auto_TCP_METRICS_CMD_DEL(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000c40)={0x1c, r1, 0x901, 0x70bd29, 0x25dfdbfb, {}, [@TCP_METRICS_ATTR_ADDR_IPV4={0x8, 0x1, @remote}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x40) (fail_nth: 5)

1m29.877597619s ago: executing program 5 (id=951):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x1, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0)
ioctl$auto_CEC_DQEVENT(r0, 0xc0506107, 0x0)
ioctl$auto_CEC_DQEVENT(r0, 0xc0506107, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
socketpair$auto(0x1, 0x8a, 0x8000000000000000, 0x0)
write$auto(0xc8, 0x0, 0x40f6)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x80000000, 0x5f, 0x80000001, 0x7, 0x6d3f, 0x7, 0x2, 0xfffffffffffffffe]}, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0x8, 0x1, 0x948b, 0x3, 0x15f4da0d, 0x3, 0x3, 0x262, 0x8000001c, 0x7, 0x6d3e, 0xc, 0x2, 0x5]}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r2 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x37}}, 0x6e)
sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$auto(r3, 0x104000000000010e, 0xc, 0x0, 0x6)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x6, 0x65f, 0x7fffffff, 0x70, 0x3, 0x20000002, 0x9, 0x3, 0x4, 0x4, 0xb4, 0x9, 0xa, 0x10003, 0x80, 0x4, 0x3, 0x32f, 0x1002000, 0x203, 0x8, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x885]}, 0x3, 0xd)
pwrite64$auto(0xc8, &(0x7f0000000040)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/231, 0xfdf2, 0x3a)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_batadv(0x0, r4)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$auto(0x3, 0x1, 0x3f, 0x0, 0x209)
syz_genetlink_get_family_id$auto_nl80211(0x0, r2)

1m28.626317349s ago: executing program 5 (id=953):
tkill$auto(0x1, 0x7)
keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x0, 0x48eafc79)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r0 = eventfd$auto(0xc)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x20100, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
preadv2$auto(r0, &(0x7f0000001000)={0x0, 0x9}, 0x2, 0xffffffffffffffff, 0x7, 0x0)
r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC2\x00', 0x0, 0x0)
fsconfig$auto_SHMEM_HUGE_NEVER(r0, 0x9, &(0x7f0000000080)='\'(\x00', &(0x7f0000000200)="844545a6166b67874b23b36241dbfe6d32bb7005d0ca81d6f147085172ed6f53e5b980c69662a24e7311965646bb87cef5d86424c2e82a46dd96f5d25b1e843714cbee5b", 0x0)
r2 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0)
mmap$auto(0x14, 0x2020006, 0x205, 0xeb5, r0, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
io_uring_setup$auto(0x40000002c55, 0x0)
recvmsg$auto(0x4, 0x0, 0x33c)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_GET_INTERFACE(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000700)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010b27bd7000fbdbdf2505000000"], 0x14}, 0x1, 0x0, 0x0, 0x4000049}, 0x4000080)
ioctl$auto_USB_RAW_IOCTL_EP_DISABLE(r2, 0x40045506, &(0x7f0000000040)=0x1)
r5 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/radio2\x00', 0x0, 0x0)
read$auto_v4l2_fops_v4l2_dev(r5, 0x0, 0x300)
r6 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/radio2\x00', 0x0, 0x0)
read$auto_v4l2_fops_v4l2_dev(r6, 0x0, 0x300)
ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, &(0x7f00000001c0)=0x6)
unshare$auto(0x40000080)

1m26.669763866s ago: executing program 5 (id=956):
socket(0x11, 0x80003, 0x300)
rt_sigqueueinfo$auto(0x0, 0xc74, &(0x7f0000000000)={@siginfo_0_0={0xf9, 0x14, 0x7e73, @_timer={0x0, 0x80000001, @sival_ptr=0x0, 0x5}}})
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/queues/tx-9/xps_rxqs\x00', 0x1a1842, 0x0)
unshare$auto(0x40000080)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = open(&(0x7f0000000040)='./file0\x00', 0x44, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000003c0)=""/192, 0xc0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0)
r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/pcm0p/sub0/info\x00', 0x1c1282, 0x0)
read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000280)=""/65, 0x41)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0)
sendmsg$auto_NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000480)={0x94, 0x0, 0x4, 0x70fd28, 0x25dfdbfc, {}, [@NL80211_ATTR_RADAR_BACKGROUND={0x4}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x7}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x9}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}, @NL80211_ATTR_CIPHER_SUITE_GROUP={0x8, 0x4a, 0x2bac}, @NL80211_ATTR_S1G_CAPABILITY_MASK={0x4f, 0x129, "6ba7e61ab88fd423c660b494c240167869cf601e276d4a8cb3a4891b2730a834ae76fe7c4249425b1a024e601c921a61036964c835a649388a2aa4267cef88178f752da35090bd36324383"}, @NL80211_ATTR_STA_VLAN={0x8, 0x14, 0xfff}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x4e22}]}, 0x94}, 0x1, 0x0, 0x0, 0x4}, 0x814)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2)
syz_clone3(&(0x7f0000000400)={0x61898900, 0x0, 0x0, 0x0, {0x11}, 0x0, 0x0, 0x0, 0x0, 0x0, {r1}}, 0x58)
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mmap$auto(0x0, 0x10000, 0x8000, 0xeb1, 0xfffffffffffffffa, 0x8000)
ppoll$auto(0x0, 0x9, 0x0, 0x0, 0x8)
madvise$auto(0x0, 0x200007, 0x19)
openat$auto_hpet_fops_hpet(0xffffffffffffff9c, &(0x7f0000001b80), 0x80202, 0x0)
syz_clone3(0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0)
sysfs$auto(0x2, 0x23, 0x0)
r3 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x40040, 0x0)
write$auto(r3, 0x0, 0x4)
clock_gettime$auto(0x4, 0x0)

1m25.757766331s ago: executing program 34 (id=956):
socket(0x11, 0x80003, 0x300)
rt_sigqueueinfo$auto(0x0, 0xc74, &(0x7f0000000000)={@siginfo_0_0={0xf9, 0x14, 0x7e73, @_timer={0x0, 0x80000001, @sival_ptr=0x0, 0x5}}})
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/queues/tx-9/xps_rxqs\x00', 0x1a1842, 0x0)
unshare$auto(0x40000080)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = open(&(0x7f0000000040)='./file0\x00', 0x44, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000003c0)=""/192, 0xc0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0)
r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/pcm0p/sub0/info\x00', 0x1c1282, 0x0)
read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000280)=""/65, 0x41)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0)
sendmsg$auto_NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000480)={0x94, 0x0, 0x4, 0x70fd28, 0x25dfdbfc, {}, [@NL80211_ATTR_RADAR_BACKGROUND={0x4}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x7}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x9}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}, @NL80211_ATTR_CIPHER_SUITE_GROUP={0x8, 0x4a, 0x2bac}, @NL80211_ATTR_S1G_CAPABILITY_MASK={0x4f, 0x129, "6ba7e61ab88fd423c660b494c240167869cf601e276d4a8cb3a4891b2730a834ae76fe7c4249425b1a024e601c921a61036964c835a649388a2aa4267cef88178f752da35090bd36324383"}, @NL80211_ATTR_STA_VLAN={0x8, 0x14, 0xfff}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x4e22}]}, 0x94}, 0x1, 0x0, 0x0, 0x4}, 0x814)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2)
syz_clone3(&(0x7f0000000400)={0x61898900, 0x0, 0x0, 0x0, {0x11}, 0x0, 0x0, 0x0, 0x0, 0x0, {r1}}, 0x58)
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mmap$auto(0x0, 0x10000, 0x8000, 0xeb1, 0xfffffffffffffffa, 0x8000)
ppoll$auto(0x0, 0x9, 0x0, 0x0, 0x8)
madvise$auto(0x0, 0x200007, 0x19)
openat$auto_hpet_fops_hpet(0xffffffffffffff9c, &(0x7f0000001b80), 0x80202, 0x0)
syz_clone3(0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0)
sysfs$auto(0x2, 0x23, 0x0)
r3 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x40040, 0x0)
write$auto(r3, 0x0, 0x4)
clock_gettime$auto(0x4, 0x0)

8.748775706s ago: executing program 4 (id=1107):
capset$auto(0x0, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
select$auto(0x0, &(0x7f0000000040)={[0x9, 0x4, 0x34, 0x9, 0x1, 0x1, 0xa, 0x6, 0x5, 0x1, 0x0, 0xcf, 0x5, 0x213, 0x5, 0xb98]}, 0x0, 0x0, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c80"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r1, 0x4b67, 0x1)
r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0)
r3 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000180), 0xffffffffffffffff)
capset$auto(&(0x7f00000001c0)={0x0, <r4=>0xffffffffffffffff}, &(0x7f0000000200)={0x8, 0xffffffff, 0xec})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'bridge0\x00', <r5=>0x0})
r6 = getpid()
sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000f40)={0x874, r3, 0x400, 0x70bd28, 0x25dfdbfb, {}, [@NL802154_ATTR_SUPPORTED_COMMANDS={0x2a9, 0x19, 0x0, 0x1, [@typed={0xc, 0x133, 0x0, 0x0, @u64=0x5}, @nested={0x1c0, 0x111, 0x0, 0x1, [@typed={0x8, 0xe1, 0x0, 0x0, @u32=0x58}, @generic="a698be9cf77c7ef367944f2c1260b3a95a4b3fd78d62a74c17011ad6f078ab89bae98420a075faa2716fc601f5eb335078469bb3152a622515c36415c3e6e7797c1b31", @generic="40a96a9c13ca2ebcd45f80602d54daec6994ddfbe409cc22625897d0fa31c6551b7af7872403004c9e3bc4132a275f5cf4ddf606d5dffe84f2a91f69e228273912a137013d7ff2a9f4642238535af09e26bedc8a733094668109d66f678ee9bf605ffb9811ec1b8f33635a6cb52dbc0187b137a9005f30002f77643f5a8e581cc2e7e2d0627c5061ae26acb3e4f29eaa816a02bf682eb453e0132645d5072e8241f44d405c82d00a14dc9bf6002d147d9853669f657748d36eb3aa1412789ee2cda2a9ac760b53c32899b2ed377604f91e68d25f5fab1754e44029fc0638c7ea8b8e728b64c4574c41edbfdcf3dc3d", @generic="f48e0bfd5520fef080d389932a621726b0543a0e4c05d2a95e08d11004f13f7a58915b4b61b8dfdab2e0b774b2ff26f6be9eac323e525d6539b92082c2c02dea3f39feb2778cb506022d336f6d888e61e9b550cb6ab0a6f5c9b1a61b648e1f1c16102a82a4246878cc270a8a234b9ee6fc2af77d2649b5a8d094578899d8c7d1f909"]}, @generic="55a55ccc57f3543b59bf6697efd1933ece4bdaca983ef52bff05f8a8f44fd940630dcf601687adcb872cde524d736990f9bf2465404d03af7d1ee83206f1af23d9d49cb16b7ddb52b39daa6b8b45e6cba5aad18c0572fabd5edd009dbd2485015f6ed58003adcd62a414f63b5677588274649773fe7db1efa7d08bb94566477aa956a7a18cfb0f84e396301720ad48ccdeb0f52ea391293afda759b830944978411ca5c98d83e4a70ea8bd6dac15613925f2b745d75a4c3df7d8759dabeadc174ebdd9c0f8bc629f5a063bf49daadd2d4c9de04899d0ada425"]}, @NL802154_ATTR_PID={0x8, 0x1c, r4}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_COORDINATOR={0x5a1, 0x1e, 0x0, 0x1, [@nested={0x1aa, 0x52, 0x0, 0x1, [@generic="3d84ea52e9b3fc79b767c0fe3d468955fa5c73b9cf7c4000604d0e25a0adfe488f0b04c13a54098f8e0159b2", @generic="fcb4fcda6bbabd4a0b00382aa8c75adc8ec059", @typed={0x8, 0xf2, 0x0, 0x0, @u32=0x8}, @nested={0x4, 0x137}, @generic="ff2f03525bc35a43e370a984bc1f244e7523490e79ea8e61f2e0f12993117133d3e773b2ad7c582dfb667892a9c3abebb7076e54d4c290568b362b2a7e2f63e8bec95b9dcde9edd79cf441991764e23f572d650390149c9b5d01d6310babb1f65df9605c171984fb872ce20b263c4a1f90", @typed={0x8, 0x5d, 0x0, 0x0, @fd=r0}, @nested={0x4, 0x112}, @generic="0b9f92f857d083292f3c021f20ee3943b7adb90092f90a15c3d744644eccd89023c6f63d56bf290fbb627f2483418b0b9d2442b44c7882bc6e784dd557e8e7e7ed72a607e4bda3c9ef14a9aeeb5b594d072e88d2624becabfef98b96e5cad1689ef259e186694ea0d9acae3f84a477fbd8509ffc005f911ef8c7833eedafad13f8efef1e1836594c727d1cb70d5bef39fb770112cdb499bed15a069db27e2e050b2e91b0e71170d2025a8c6a3bf99556910d90ccfda9aa4b1a12caefce9f28fce1528f8f5415e233316781f29ce22612736622ee5e7d233e5c687a0ef705"]}, @nested={0x10, 0x8, 0x0, 0x1, [@typed={0x8, 0x85, 0x0, 0x0, @u32}, @nested={0x4, 0x61}]}, @generic="41aaf998344b6d2e065d88a000698709f15cd307cca6ab5c3fe7e83e8699d77dc7ae802019b0fea293a43b7aa168b917eb180523e810180a5ebaf1199b75c69c3aadcbc4", @nested={0xde, 0x72, 0x0, 0x1, [@typed={0xc, 0xb6, 0x0, 0x0, @u64=0x1}, @generic="7b48cb1f966671bb3753d52565a745a3b54161a69a597318619b38c8e38cfbd44dc0f7377e291df793a17c0caab9660ee2680e74b50fa820537c1c6606d6dd27f65fe8bc52093810dc1d340fd1cbaf241a6f612e9d10a938e1d699db145c9395686ee08293e2b0d93d7714d72b7659024b61e88a6cfcd768b29f4f496c378a1646d0a7d367b80095e5d85e63b6367a6f4395d9f89b8cad44b1a9fe8fa454ff06a972f0a5d5145d15ad358e097d31f6bd298498d85f9cc45f0aca635f5ed20b1438ff4f553364e3bf2f58c613ca4a"]}, @typed={0x4, 0x20}, @nested={0x12c, 0x66, 0x0, 0x1, [@generic="2453d23bcca5229497aa6715cd002217b4ea3c52d85301b07cdc2ca66b16ee08e377f2423f0976558f80769ad3f9a9a7325140d98416f312db3086dae90e1fcc73e2c2bf67ff1c3bcce6e6a84a2bf80613b41510f0e0d601fb541e4d07b24cd1a746c5e8b9c943", @typed={0x8, 0x26, 0x0, 0x0, @pid=r6}, @typed={0x8, 0xda, 0x0, 0x0, @ipv4=@loopback}, @nested={0x4, 0x28}, @generic="390da5ecfbea669022756257bb7929d2974065c89fb0ccd1000800a6f64537f95ec474ed5d437dfce7fc027ff9a78636ddc003bc7245725663a7a8e824f354a84cf08f222d966ae576e2560215c990a316b7a93475030000002f5a7e321401c3c0f7b9192a34d19fe3ad6a947c3565d96d02c6b1c49e6d008b9fbedb9825df1fa75cd99b138eaa9d88b7fd8b2b242c435dc817764feba91b66f03e924dc0e2df710a7a02eca0c69c38", @nested={0x4, 0xe0}]}, @generic="60493d59dfa7fe032be68e41cb02a995930f", @nested={0x111, 0xe9, 0x0, 0x1, [@generic="b7d26880a7529e6aca7bd1ed43bd339f238e91075030b5778f2dbfaf301bda18f8ec5e11a9b8a31503636a713d64c4985767858fdb27b7c1cf9ec8c73e864b9549fb0b36180a0141e9125573acc2d9115cf00a32b461f48a05efcb5037944ed4e640627fc3b79f7d18cff89f8849f0d8e56ac87e9561aac334085bece1f8fe62a26a191a14830d4572a3", @typed={0x14, 0x1b, 0x0, 0x0, @ipv6=@private2}, @generic, @nested={0x4, 0x22}, @nested={0x4, 0x101}, @generic="30e776117903aa5349b82ec7206256c5eb92d4ceeed1d40db21cb8a52ad9125aa0d16696b38b72c2a2897fd5877a60e8b488fcb17f96a534938ab9c84d0cd0d7a05817c6270d6dae231ce696d2784665c5dee9f8c95034d614436b1499a13a17387de2804fef1a"]}, @generic="2f8ada29b4a896aaff9185652d01eb32282dbea4f9f24a09ff4e546a379768b3b1187207e87a62deaa4f22269de6c3caa2fc98498a9a4f70215b9a5fcf51d213da933fab84cfd131245dc6f31d8dad684df9042ce748fa343eeb5abec5cfe6", @typed={0x8, 0xa7, 0x0, 0x0, @fd=r0}]}]}, 0x874}, 0x1, 0x0, 0x0, 0x20000040}, 0x40400dd)
r7 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x48, r7, 0x1b, 0x70bd26, 0x25dfdbfe, {}, [@OVS_PACKET_ATTR_ACTIONS={0x4}, @OVS_PACKET_ATTR_HASH={0xc, 0xb, 0xffffffffffffffff}, @OVS_PACKET_ATTR_KEY={0x4}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "89803500"}, @OVS_PACKET_ATTR_ACTIONS={0xc, 0x3, 0x0, 0x1, [@nested={0x5, 0x17, 0x0, 0x1, [@generic="1f"]}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4004040}, 0x4800)
read$auto(r2, 0x0, 0xc85a)
write$auto(0x3, 0x0, 0xfdef)
unshare$auto(0x40000080)
write$auto(0xca, &(0x7f0000000400)='\x04>\x00\x1d\xa4\xd2\xc3\xec&9\v\xbc\xdein\xe1G8\x02\x18\x00\x00\xd3b\x01\xbd\x9b@\xb0\x00\x00\x00\x84\xa2\\\x15\xc4>\xa9\x82,\x95\xeeH\xf8}v\xb3\xcb(\xa90Abe\xc3\x8c\xcc\xe7\xb8\x00F\x89#\xb4\xf0F\xa1GH\xb5\x8f\x9dZ~\xea\xa3\x93\xc2\x04\xe1;b\x99\x97}Z\x7f\x0f\x90\xce\x85-e\xb6n\xbc\xc6=\xf8\xce\xe7\x1e]\x85|\xce\xd7L\x9b\xd3lb\xc5\xee\xdb\xcb\xbb\xd8\xd9\xd3\xf8 \xe9e\xe5\x80\x1c7B+]\\!\xcej}H\x03x\x83Z\x98\xb8\t\xde\xd4\xf5\xf32\xccR\xaa\xdd\x16\xab\xd8\x1d\"\xc7\xa5\xe1k\x1d\xd9k\xc6\xb2\xa7\x97\x9a\xf6\xfe\xef\x1a\xbd\xcb\xb8*\x8b9\x00R\xe9)?Em\xb2\xac\xd1\xf6\xff\xc1\xc7\xbdl\xa2+tI\xa3\xa8\xabVe\x87\xa9\xae9\x82\xd2.SCt\xcc\x8c7\x7f\xdc\xc3\xfb\x94\xfc\xdfc+\x04\xfb\xf5$\xecO1@\x99l;\xd3X\xd5\"\xec\x17hR\xc5\x99\x8b\x9f\xf3\xf48%\xfa\xf2\x1d\xc5\x10T\x83p0\xd7]\x83{\x81\xdei\xd2\xfc\xfd=3K\xc3\xfe\x12\x98\x8b\xbe\xd1+\xc4r\x7f\x8f5\xcc\xa6\xd8>k\xcc\xee\xe0\x9bW\x0e\xc63\x84^\xde`\xd2\xe8\xfc\x02\xef\xa4\xdc\xd0A\xd5`?9D\x1c\x1b\x1b\xd5\xcb\xfb\x03I\xc9\x97\xac#\x0ee\xc8ltL\x88\x17m~aA%\xd3\xaf\xaa6hf\x9b\x83\x02A\xb0\xf6\x14\xb3\x18B\xfd\x9ai\xf8j \a\x1es\xa3U\x98sqq,\xd2A4?l\xa2\x9c\xc9\x9fa\xe8\x99qw\xf3\x18\x12R+(%x\xb6\xf8\x92\xa5\xe4\xdd\xe9\xf2\x0e\xc8', 0x100)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/hung_task_check_interval_secs\x00', 0x88542, 0x0)
writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000140), 0x7111}, 0x8)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000100), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0)
r8 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x20282, 0x0)
ioctl$auto_UI_DEV_SETUP(r8, 0x405c5503, &(0x7f00000000c0)={{0x9, 0xf2cf, 0x9, 0x80}, "6a034a07c7b8edb8fc3b39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0x6})
ioctl$auto_UI_DEV_CREATE(r8, 0x5501, 0x0)

7.871320952s ago: executing program 1 (id=1108):
mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000)
r0 = io_uring_setup$auto(0x6, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
mmap$auto(0x0, 0x10000, 0x4000000000db, 0xeb1, 0x2, 0x8000)
read$auto(r1, 0x0, 0x20)
r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3)
shmctl$auto_IPC_INFO(0xb, 0x3, &(0x7f0000000240)={{0x0, <r3=>0xee00, 0xee00, 0xfff, 0x0, 0xffffffff, 0x3}, 0x900000, 0xffffffffffffff1f, 0xa3f9, 0x6, @raw=0x7, @raw=0x100, 0x7, 0x0, &(0x7f0000000040)="992310036a", &(0x7f00000000c0)="1127726e07466f5245c890e31fce6862de19a6998e5054177351d8c00cfe9e1457c960df81e3318ba9152c66f0f29e706fc2d80dd18fcbf8af2e50c70472d8d9fef38eac5f0cc43c3dac5fa37f4c8033f86918549563197bdd2bbe7075eb7c2a453e5cb07fe8f5fd4d580089750442f9669dd49579a922c91cdddf08592ef2767ae4fedb2caee12aab34373c1ab5c115029c9f229e7c710b38ac869828d038934957a648bccd5568c7525fe4f1c4c0c73fad3e74552509f30772465550e28bade16f7ecce44089ff83f801828d1495a118b08da4945b663b7bddbdb5f945440c345b9e18f83724251aa0e00cbe"})
r4 = setfsgid$auto(0xee01)
stat$auto(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)={0x1, 0x100000001, 0x3a33, 0x10000, 0xee01, r4, 0x0, 0x5, 0x7ff, 0xe89, 0x8000000000000003, 0x3, 0x9, 0x6, 0x1, 0x5, 0x9})
ioctl$auto_XFS_IOC_SWAPEXT(r0, 0xc0c0586d, &(0x7f00000002c0)={0x1, @inferred=r1, @raw=0x7, 0xffffffffffffff01, 0x0, '\x00', {0x6, 0x0, 0x1, r3, r4, 0x5, 0x5, 0x4, {0x4521, 0x8}, {0xfffffffffffffffe, 0x800}, {0x78, 0x100}, 0x2, 0xa, 0x7, 0x0, 0x9, 0x3, 0x8, 0x422, 0x4, 0x6, '\x00', 0x1, 0xa84, 0x7, 0x401}})
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
mmap$auto(0x0, 0x8, 0x3, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x163340, 0x2a)
socket(0x18, 0x1, 0x1)
recvmmsg$auto(0x3, 0x0, 0x3, 0x6, 0x0)
sysfs$auto(0x2, 0x10000000000000b, 0x0)
madvise$auto(0x0, 0x5, 0x15)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe0180, 0x0)

6.468155611s ago: executing program 6 (id=1110):
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/input/event1\x00', 0xbcd842, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab02, 0x0)
ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$auto(r1, 0xae41, r1)
ioctl$auto_KVM_CREATE_VM(r0, 0xae80, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x60380, 0x0)
ioctl$auto(0x3, 0xae41, r2)
r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyu3\x00', 0x1, 0x0)
ioctl$auto_TIOCSETD2(r3, 0x5423, &(0x7f0000000080))
mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
lchown$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
mmap$auto(0xfffffffffffffffe, 0x580f, 0x112f4a03, 0x8000000008011, 0x3, 0x0)
getresgid$auto(0x0, 0x0, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x60002, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x180342, 0x0)
msgget$auto(0x0, 0x5)
msgsnd$auto(0x0, &(0x7f0000000040)={0x5}, 0x1000, 0x4)
msgctl$auto(0x0, 0x0, 0x0)

6.352549344s ago: executing program 1 (id=1112):
clock_getres$auto(0x0, &(0x7f0000000080)={0x6, 0x41})
socket(0x2c, 0x5, 0x800)
mmap$auto(0x0, 0x2020009, 0x3, 0x18, 0xfffffffffffffffa, 0x8000)
r0 = socket(0x2, 0x1, 0x106)
getsockopt$auto(r0, 0x11c, 0x3, 0xfffffffffffffffe, 0xfffffffffffffffd)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000)
r1 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000003640)='/proc/self/numa_maps\x00', 0x40080, 0x0)
lseek$auto(r1, 0x7ff, 0x1)
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000002300)='/dev/fuse\x00', 0x42000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
ioctl$auto(0x3, 0x89e2, 0x91)

5.4850227s ago: executing program 1 (id=1113):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/mtd/mtd0/oobavail\x00', 0x42000, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000100)=""/185, 0xb9)
r1 = socket(0x10, 0x3, 0x6)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_proc_coredump_filter_operations_base(0xffffffffffffff9c, &(0x7f0000001d80), 0x101102, 0x0)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyt3\x00', 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r3)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'veth0_macvtap\x00', <r5=>0x0})
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="2f212dbd7000fcdbdf252100000008000300", @ANYRES32=r5, @ANYBLOB="08009e00", @ANYRES16=r2], 0x24}}, 0x4000000)
r6 = openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x0, 0x0)
mmap$auto(0x0, 0x4020004, 0x6, 0xeb1, r6, 0x8000)
close_range$auto(r1, r3, 0x4)
read$auto(0x3, 0x0, 0x80)

5.257133906s ago: executing program 2 (id=1114):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001080), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r3=>0x0})
sendmsg$auto_NL80211_CMD_GET_WIPHY(r0, &(0x7f0000000040)={0x0, 0xf000, &(0x7f0000001140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="810b25bd7000ffdbdf251100000008000300", @ANYRES32=r3], 0x1c}, 0x1, 0x0, 0x0, 0x20000084}, 0x0)

4.97121326s ago: executing program 2 (id=1115):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
getcwd$auto(0x0, 0xffffffffffffffff)
r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x90000, 0x30, 0x10}, 0x18)
openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0)
mount_setattr$auto(r0, &(0x7f00000001c0)='./file0\x00', 0x4, &(0x7f0000000100)={0x7fffffff, 0xb, 0x5, @raw=0x1}, 0x1)
r1 = socket(0x2, 0x1, 0x106)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket(0x2c, 0x80003, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0x80040, 0x0)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/devices/virtual/iscsi_transport/iser/caps\x00', 0x400, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000c80)=""/74, 0x4a)
r3 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x55)
r4 = socket(0x2, 0x3, 0xa)
mlockall$auto(0xfffffffd)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8)
r5 = syz_genetlink_get_family_id$auto_smc_gen_netlink(0x0, r1)
sendmsg$auto_SMC_NETLINK_GET_DEV_SMCR(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=ANY=[@ANYBLOB="04010000", @ANYRES16=r5, @ANYBLOB="000327bd7000ffdbdf2506000000b42cdf2c20ad6fdee54f2c54f267167111f457f50ad20d4a2c636c5f36f9378a466f4b1dbd0f451d67ba72c587c4396ecf111a5cc952e3e39e523e69891854e10e036a98276bea93dc951c66a6f04a7b929624d623e88ef2ae40d49984647d3cb295fb33b3e10bbf4d10c71c8e5e4eb23db2e31e41c23dc02998e9ebe6c293764037fe5efac60aca193b698ae0bd5eeb61cce6cf00a0403e34311fdd46eb62731986ce3727789da704e035fa0cd977cc8b04d1c310cbafbf63efd2e1cd92cfce7c9c0ec57701a31cdedc9f459211e42f94d92ba782fa487e2c882d8b15ab1b6d8f53d6ad1c462c73debd3c127b8b2d7c"], 0x104}}, 0x40)
connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7001400)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r3)
r6 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000500)='/proc/lockdep_stats\x00', 0x400, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r6, &(0x7f0000000540)=""/104, 0x68)

4.970440263s ago: executing program 1 (id=1123):
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r0, 0x29, 0x39, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110)

4.844503855s ago: executing program 4 (id=1116):
r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000000)={0x1c, r0, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@NL80211_ATTR_STA_PLINK_STATE={0x5, 0x74, 0xfe}]}, 0x1c}, 0x1, 0x68, 0x0, 0x4000000}, 0x0)

4.743319506s ago: executing program 6 (id=1117):
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000fcbeff1d691b13ba2679404b15e11f2b47f61a6415af72a99f3f3dcb7cfc7e85fc46e6fa143fe32e0eba6bba305743e4bbcae3b7025cb466da93cc61f5bd265f75facc6ff16e8ec812fd7df0848a6438296a5bf2", @ANYBLOB="1e00df45"], 0x1ac}}, 0x4000094)
openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x80440, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='V'], 0x1ac}}, 0x40000)

4.685235957s ago: executing program 1 (id=1118):
mmap$auto(0x0, 0x3, 0xdf, 0x5030, 0x2, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
sysfs$auto(0x2, 0x10000000000002a, 0x0)
r0 = fsopen$auto(0x0, 0x1)
r1 = getpid()
process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000080), 0x1ffffffff}, 0x6, 0x0)
r2 = clone$auto(0x3, 0x4, &(0x7f0000000300)=0xb1fc, &(0x7f0000000340)=0x7, 0x80)
openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000700)='/proc/self/numa_maps\x00', 0x840, 0x0)
r3 = waitid$auto_P_PIDFD(0x3, r0, &(0x7f0000000400)={@siginfo_0_0={0x5, 0x6, 0x7fffffff, @_sigsys={&(0x7f0000000380)="73a15f79050855333d84386a480259184342ce360d4fd98ff730d1dc2a9ca4aab3374afca84aa2dc17d94e94f7f9cf175fff4892b3a1a2840129bd73e697a0956564456d1b135128032dc9cf1d5440166ddb1c2a5f9adf74", 0x10000}}}, 0x800, &(0x7f0000000480)={{0x1, 0x9}, {0xc1b2, 0xe}, 0x6179, 0x72b, 0x1, 0x3, 0x7938, 0x4, 0x6, 0xa, 0x40000003d, 0x1, 0x4, 0x2, 0xff, 0x3})
r4 = getpgrp(0xffffffffffffffff)
prctl$auto(0x1000000003b, 0x1, r4, 0xfffffffffffffff5, 0x7)
syz_clone3(&(0x7f0000000580)={0x2240200, &(0x7f0000000000), &(0x7f00000000c0), &(0x7f0000000100), {0x7}, &(0x7f0000000140)=""/183, 0xb7, &(0x7f0000000200)=""/204, &(0x7f0000000540)=[r1, r2, r3, r4], 0x4, {r0}}, 0x58)
close_range$auto(0x2, 0x8, 0x0)
r5 = mq_open$auto(&(0x7f0000000000)='.\xf1e4\xdf\x16\x95kxE\xd9x\x15\xb0\xf6V\x93\xb4E\x06\xc5}l', 0x400056a, 0x9, 0x0)
ftruncate$auto(r5, 0x10000000004)
process_madvise$auto_MADV_DONTDUMP(r5, &(0x7f00000006c0)={&(0x7f0000000600)="4d438657e820a9e6f037b02a67a73e21924be99a623f0245a5b38bbb49a7f67371c2d86f78bdd1238d0bdf5839232c3b3a9b1377d8f93698c1d1b71a01b54f94ef9b3b7a66df12da885cbba9cebbabb1d67dfcb8167232a49700477d26b06512b75b72f80c5c6cb061c9123ae609b1bf18a6c9f7f839270ccebc59c8e4a0791d6741ef04bab0481cb4cad2c6372d7a0388dbd6a21e94ab", 0x1}, 0x2, 0x10, 0x0)
socket(0x2, 0x80002, 0x73)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54)
fcntl$auto(0x3, 0x4, 0xa553)
write$auto(0x3, 0x0, 0xfdef)

4.51642879s ago: executing program 4 (id=1119):
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0)
adjtimex$auto(&(0x7f0000000000)={0x4, 0x0, 0xcbe9, 0xffff, 0xa, 0x80000000, 0xd37f, 0x0, 0xffff, 0xc, 0x3, {0x10, 0x6}, 0xfffffffffffffffc, 0x10002, 0x2, 0x4, 0x0, 0xfffffffdfffffffa, 0x1, 0x0, 0x9, 0x7, 0xffffffff})
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
r0 = socket(0x2, 0x5, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
socket(0x2, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
shutdown$auto(0x200000003, 0x2)
recvmmsg$auto(0x3, &(0x7f0000000100)={{0x0, 0x9, &(0x7f0000000080)={0x0, 0x9}, 0x8, 0x0, 0x1, 0x4}, 0x4}, 0x10000, 0x300, 0x0)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0xe6, 0x0, 0x2, 0xb}, 0xfff}, 0x6, 0x311)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffcc}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
socket(0x2, 0x801, 0x100)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/net/bond0/queues/rx-9/rps_cpus\x00', 0x2002, 0x0)
write$auto(r1, &(0x7f0000000040)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
read$auto(0x3, 0x0, 0x7)
getsockopt$auto(0x4, 0x6, 0x6, 0xfffffffffffffffc, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mremap$auto(0x4000, 0xfee0, 0x3fd6, 0x3, 0xfffff000)
r2 = gettid()
process_vm_readv$auto(r2, &(0x7f0000000040)={0x0, 0x2}, 0x4, &(0x7f00000000c0)={0x0, 0x100000000000002}, 0x3, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x20000, 0x0)

4.413689264s ago: executing program 6 (id=1120):
r0 = socket(0x2c, 0x3, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sysfs$auto(0x2, 0x8, 0x0)
fsopen$auto(0x0, 0x1)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
bind$auto(r0, &(0x7f0000000080)=@xdp={0x2c, 0xc, 0x0, 0x1c}, 0x6b)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001080), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = bpf$auto_BPF_ENABLE_STATS(0x20, &(0x7f0000000100)=@enable_stats={0x6e4}, 0x1000)
r5 = clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
tkill$auto(r5, 0x9)
bpf$auto(0x2, &(0x7f00000001c0)=@link_create={@prog_fd=r4, @target_fd=r3, 0x5, 0x7ea3, @tcx={@relative_id=0xf92, 0x80000000}}, 0x9)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r6=>0x0})
r7 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/ieee80211/phy16/netdev:wlan0/stations/08:02:11:00:00:01/num_ps_buf_frames\x00', 0x400000, 0x0)
bpf$auto_BPF_PROG_ATTACH(0x8, &(0x7f0000000300)=@test={r7, 0x8, 0xca4, 0xfffffffc, 0xfffffffffffffc01, 0x80000000, 0x80000001, 0x5, 0x6, 0x5, 0x5, 0x8f4, 0xcf, 0x8, 0x10}, 0x9)
sendmsg$auto_NL80211_CMD_GET_WIPHY(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="810b25bd7000ffdbdf251100000008000300", @ANYRES32=r6], 0x1c}, 0x1, 0x0, 0x0, 0x20000084}, 0x0)

4.143996263s ago: executing program 6 (id=1121):
mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000)
mlockall$auto(0x7)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
read$auto(r0, 0x0, 0x20)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
r2 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0)
ioctl$auto_IOCTL_VMCI_GET_CONTEXT_ID(r2, 0x7b3, 0x0)
r3 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0)
ioctl$auto_IOCTL_VMCI_VERSION2(r3, 0x7a7, 0x0)
ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, 0x6)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
adjtimex$auto(0x0)
ioctl$auto_IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, 0x0)
r4 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000600)='/dev/mtd0\x00', 0x14082, 0x0)
ioctl$auto_OTPGETREGIONINFO(r4, 0x400c4d0f, &(0x7f00000005c0)={0x5, 0xffff, 0x3})
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
shmctl$auto_SHM_UNLOCK(0x6, 0xc, &(0x7f0000000100)={{0xee, <r5=>0x0, 0xee00, 0x7, 0x2, 0x4, 0x11}, 0x3ff, 0x3, 0x8, 0x3, @raw=0x7, @raw=0x1000, 0x8b8, 0x0, &(0x7f0000000040)="caad4de59f2d7b3904875077e6a0386c320c31dfb6ad2f8598bf079489d1", &(0x7f0000000080)="9b7532a4697663a60ebd23957c9cb275678a9ece9f84b838966783680de30b4c9721faff17078dc6adec45ecf2c8059538dc4d4822f33cc585b2b8ff8b6b1c10b1aff2ac4aed6b1c71fbdd284b4ed56133baccfa7046ada1ca9481edc6e8fa2f7358e4e01326f247dd79c6bf7ef2763c19ea34fd1ea1378e5c37e94f6da8327a"})
msgctl$auto_MSG_INFO(0x600000, 0xc, &(0x7f0000000240)={{0xc9c, 0xee00, <r6=>0xffffffffffffffff, 0x5, 0x6, 0x5, 0x2}, &(0x7f00000001c0)=0xc4, &(0x7f00000004c0)=0x5, 0x80000000, 0x3, 0x9, 0x7fff, 0x4, 0x9, 0x7, 0xb, @inferred=0xffffffffffffffff, @raw=0x5})
shmctl$auto_IPC_STAT(0x0, 0x2, &(0x7f0000000540)={{0x0, r5, r6, 0x7, 0x7fff, 0x27e6000, 0x8}, 0x10001, 0x80000000, 0x7, 0x8, @raw=0x4, @inferred, 0x4, 0x0, &(0x7f00000002c0)="2d042720b4e65933ccdbdd2c4490f3ec58e0dc6f1118d23121e43d3dcdc226c49705ca86e3aade833faf7470ebdc67810329f0f380abef86e32d4a182da484c4aaa2275f237ebcbd1d71dfb67b4b7596eecc46dad4809e2056d9be4121fb449dc0c37f10bc2024220370f0f736b34a692aecc33f9a6c0baa87cd3f040cdfaba72d1bb2b0623b2900438902ff47ffd89379136c85417a442c437f4fd6bce429865dc3d07af810e007623802524e3094a60f6e762748ac8f632922811919c34cb9b84026005ecb49dbed9454a1a37492b0f1fd245b75", &(0x7f00000003c0)="4850d094c2cb90a1f54aba2e2fe3e79d0927737ac0433521f2b4959fc2976a1e6b7301d75a9e318375e74590d39694b7ac01e0c8533390fa827ae9c74e2f1f5eba1d52c4cc7cfc25f98abf931c409d6af12879c70f6543c23acaa933fc4751ed406345f10c9d52cf0ba2f88f7739e385ed679658fb38f11ce5a5a23e67b04469aa625ed17e80e1ae723b1568cd114623d20ed94aad3d0cf54db36fc9fd283c961de1983b460c147d23f7e63486470dd63e09bb05ed070f1eff12fcc6d75582067a094981f2bd3bf27eae118a267909a1642dcfbc7fee5f110f9abca816f3815c65d6a5a773b5052f25dd52f473c386d97c"})
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x183941, 0x0)
seccomp$auto(0x2, 0x10, 0x0)
unshare$auto(0x40000080)

2.838281237s ago: executing program 6 (id=1122):
clock_getres$auto(0x0, &(0x7f0000000080)={0x6, 0x41})
socket(0x2c, 0x5, 0x800)
mmap$auto(0x0, 0x2020009, 0x3, 0x18, 0xfffffffffffffffa, 0x8000)
r0 = socket(0x2, 0x1, 0x106)
getsockopt$auto(r0, 0x11c, 0x3, 0xfffffffffffffffe, 0xfffffffffffffffd)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000)
r1 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000003640)='/proc/self/numa_maps\x00', 0x40080, 0x0)
lseek$auto(r1, 0x7ff, 0x1)
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000002300)='/dev/fuse\x00', 0x42000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
ioctl$auto(0x3, 0x89e2, 0x91)

2.676070343s ago: executing program 1 (id=1124):
unshare$auto(0x40000080)
socket(0x8, 0x5, 0x0)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x1)
openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000240), 0x5a3500, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vbi26\x00', 0x0, 0x0)
ioctl$auto(0x3, 0xc0485619, 0x38)
r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x80040, 0x0)
ioctl$auto_USB_RAW_IOCTL_CONFIGURE(r0, 0x5509, 0x0)
unshare$auto(0x40000080)
sendmsg$auto_MACSEC_CMD_UPD_RXSA(0xffffffffffffffff, 0x0, 0x44044)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = getpgrp(0xffffffffffffffff)
prctl$auto(0x1000000003b, 0x1, r1, 0xfffffffffffffff5, 0x7)
r2 = openat$auto_event_trigger_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/events/vmalloc/free_vmap_area_noflush/trigger\x00', 0x0, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
madvise$auto(0x0, 0x20499d, 0x9)
readv$auto(r2, &(0x7f0000001080)={&(0x7f0000000080), 0x5c2}, 0x5)
r3 = socket(0x28, 0x1, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyd4\x00', 0x131442, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000340)={[0x7, 0x7, 0x1867, 0x1, 0x0, 0x4460, 0x15f4da0a, 0x1, 0x3, 0x300000000000000, 0x7fffffff, 0x7, 0x0, 0x9, 0x20000002]}, 0x0)
mmap$auto(0xacc, 0x5, 0x3, 0x10, r3, 0x7f)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000)
sched_rr_get_interval$auto(0x0, 0x0)
r4 = socket(0x25, 0x5, 0x1400)
setsockopt$auto(r4, 0x10000000084, 0x82, 0x0, 0x98)
syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff)

2.443339934s ago: executing program 2 (id=1125):
r0 = socket(0x1a, 0x800, 0x1)
connect$auto(r0, &(0x7f00000000c0)=@qipcrtr={0x2a, 0x0, 0xfffffffe}, 0x55)
openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
mmap$auto(0x9, 0x2020009, 0x9, 0x7f, 0xffffffffffffffff, 0x8000)
write$auto(0x3, 0x0, 0x5c8)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r1 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, 0x0, 0x6a)
close_range$auto(r0, r1, 0x10001)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
name_to_handle_at$auto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x8)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1, 0xb}, 0x800009}, 0x5, 0x2000fdff)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x800, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x8002, 0x2)
mmap$auto(0x4, 0xfff, 0x2, 0x14, 0x401, 0x300000000000)
adjtimex$auto(&(0x7f00000006c0)={0x7, 0x0, 0xfffffffffffffffc, 0x8, 0x3, 0x7, 0x9, 0x0, 0x10001, 0x1, 0x7, {0x1, 0x10000}, 0x4, 0xe, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000005, 0x83, 0xffffffffffff628e, 0xa74a, 0x5, 0x1800})
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
r2 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_OVS_FLOW_CMD_GET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="2802598d4df86e1c8b99609a5398fa30e51108393908007e5ff76bcce044716ba693c030301264d4f2feb76572d4d251f2a5b4bdfa78e215024edc480021de848608724468b967260600cb7c67f2561eb0f596d58171be4f33ae41dfe39790c4f273ae8ff9f28f035b1b863b0a698104", @ANYRES16=r2, @ANYBLOB="010025bd700002dcdf250300000004000800100001800c00108008000100", @ANYRES32, @ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800)
r4 = openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/buffer_size_kb\x00', 0x40, 0x0)
readv$auto(r4, &(0x7f0000000100)={0x0, 0x3}, 0x1)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x14000, 0x0)
lseek$auto(0x3, 0x8, 0x1)
write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9)
ioctl$auto_UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x0, 0x0)

1.712758872s ago: executing program 6 (id=1126):
capset$auto(0x0, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
select$auto(0x0, &(0x7f0000000040)={[0x9, 0x4, 0x34, 0x9, 0x1, 0x1, 0xa, 0x6, 0x5, 0x1, 0x0, 0xcf, 0x5, 0x213, 0x5, 0xb98]}, 0x0, 0x0, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c80"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r1, 0x4b67, 0x1)
r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0)
r3 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000180), 0xffffffffffffffff)
capset$auto(&(0x7f00000001c0)={0x0, <r4=>0xffffffffffffffff}, &(0x7f0000000200)={0x8, 0xffffffff, 0xec})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'bridge0\x00', <r5=>0x0})
r6 = getpid()
sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000f40)={0x874, r3, 0x400, 0x70bd28, 0x25dfdbfb, {}, [@NL802154_ATTR_SUPPORTED_COMMANDS={0x2a9, 0x19, 0x0, 0x1, [@typed={0xc, 0x133, 0x0, 0x0, @u64=0x5}, @nested={0x1c0, 0x111, 0x0, 0x1, [@typed={0x8, 0xe1, 0x0, 0x0, @u32=0x58}, @generic="a698be9cf77c7ef367944f2c1260b3a95a4b3fd78d62a74c17011ad6f078ab89bae98420a075faa2716fc601f5eb335078469bb3152a622515c36415c3e6e7797c1b31", @generic="40a96a9c13ca2ebcd45f80602d54daec6994ddfbe409cc22625897d0fa31c6551b7af7872403004c9e3bc4132a275f5cf4ddf606d5dffe84f2a91f69e228273912a137013d7ff2a9f4642238535af09e26bedc8a733094668109d66f678ee9bf605ffb9811ec1b8f33635a6cb52dbc0187b137a9005f30002f77643f5a8e581cc2e7e2d0627c5061ae26acb3e4f29eaa816a02bf682eb453e0132645d5072e8241f44d405c82d00a14dc9bf6002d147d9853669f657748d36eb3aa1412789ee2cda2a9ac760b53c32899b2ed377604f91e68d25f5fab1754e44029fc0638c7ea8b8e728b64c4574c41edbfdcf3dc3d", @generic="f48e0bfd5520fef080d389932a621726b0543a0e4c05d2a95e08d11004f13f7a58915b4b61b8dfdab2e0b774b2ff26f6be9eac323e525d6539b92082c2c02dea3f39feb2778cb506022d336f6d888e61e9b550cb6ab0a6f5c9b1a61b648e1f1c16102a82a4246878cc270a8a234b9ee6fc2af77d2649b5a8d094578899d8c7d1f909"]}, @generic="55a55ccc57f3543b59bf6697efd1933ece4bdaca983ef52bff05f8a8f44fd940630dcf601687adcb872cde524d736990f9bf2465404d03af7d1ee83206f1af23d9d49cb16b7ddb52b39daa6b8b45e6cba5aad18c0572fabd5edd009dbd2485015f6ed58003adcd62a414f63b5677588274649773fe7db1efa7d08bb94566477aa956a7a18cfb0f84e396301720ad48ccdeb0f52ea391293afda759b830944978411ca5c98d83e4a70ea8bd6dac15613925f2b745d75a4c3df7d8759dabeadc174ebdd9c0f8bc629f5a063bf49daadd2d4c9de04899d0ada425"]}, @NL802154_ATTR_PID={0x8, 0x1c, r4}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_COORDINATOR={0x5a1, 0x1e, 0x0, 0x1, [@nested={0x1aa, 0x52, 0x0, 0x1, [@generic="3d84ea52e9b3fc79b767c0fe3d468955fa5c73b9cf7c4000604d0e25a0adfe488f0b04c13a54098f8e0159b2", @generic="fcb4fcda6bbabd4a0b00382aa8c75adc8ec059", @typed={0x8, 0xf2, 0x0, 0x0, @u32=0x8}, @nested={0x4, 0x137}, @generic="ff2f03525bc35a43e370a984bc1f244e7523490e79ea8e61f2e0f12993117133d3e773b2ad7c582dfb667892a9c3abebb7076e54d4c290568b362b2a7e2f63e8bec95b9dcde9edd79cf441991764e23f572d650390149c9b5d01d6310babb1f65df9605c171984fb872ce20b263c4a1f90", @typed={0x8, 0x5d, 0x0, 0x0, @fd=r0}, @nested={0x4, 0x112}, @generic="0b9f92f857d083292f3c021f20ee3943b7adb90092f90a15c3d744644eccd89023c6f63d56bf290fbb627f2483418b0b9d2442b44c7882bc6e784dd557e8e7e7ed72a607e4bda3c9ef14a9aeeb5b594d072e88d2624becabfef98b96e5cad1689ef259e186694ea0d9acae3f84a477fbd8509ffc005f911ef8c7833eedafad13f8efef1e1836594c727d1cb70d5bef39fb770112cdb499bed15a069db27e2e050b2e91b0e71170d2025a8c6a3bf99556910d90ccfda9aa4b1a12caefce9f28fce1528f8f5415e233316781f29ce22612736622ee5e7d233e5c687a0ef705"]}, @nested={0x10, 0x8, 0x0, 0x1, [@typed={0x8, 0x85, 0x0, 0x0, @u32}, @nested={0x4, 0x61}]}, @generic="41aaf998344b6d2e065d88a000698709f15cd307cca6ab5c3fe7e83e8699d77dc7ae802019b0fea293a43b7aa168b917eb180523e810180a5ebaf1199b75c69c3aadcbc4", @nested={0xde, 0x72, 0x0, 0x1, [@typed={0xc, 0xb6, 0x0, 0x0, @u64=0x1}, @generic="7b48cb1f966671bb3753d52565a745a3b54161a69a597318619b38c8e38cfbd44dc0f7377e291df793a17c0caab9660ee2680e74b50fa820537c1c6606d6dd27f65fe8bc52093810dc1d340fd1cbaf241a6f612e9d10a938e1d699db145c9395686ee08293e2b0d93d7714d72b7659024b61e88a6cfcd768b29f4f496c378a1646d0a7d367b80095e5d85e63b6367a6f4395d9f89b8cad44b1a9fe8fa454ff06a972f0a5d5145d15ad358e097d31f6bd298498d85f9cc45f0aca635f5ed20b1438ff4f553364e3bf2f58c613ca4a"]}, @typed={0x4, 0x20}, @nested={0x12c, 0x66, 0x0, 0x1, [@generic="2453d23bcca5229497aa6715cd002217b4ea3c52d85301b07cdc2ca66b16ee08e377f2423f0976558f80769ad3f9a9a7325140d98416f312db3086dae90e1fcc73e2c2bf67ff1c3bcce6e6a84a2bf80613b41510f0e0d601fb541e4d07b24cd1a746c5e8b9c943", @typed={0x8, 0x26, 0x0, 0x0, @pid=r6}, @typed={0x8, 0xda, 0x0, 0x0, @ipv4=@loopback}, @nested={0x4, 0x28}, @generic="390da5ecfbea669022756257bb7929d2974065c89fb0ccd1000800a6f64537f95ec474ed5d437dfce7fc027ff9a78636ddc003bc7245725663a7a8e824f354a84cf08f222d966ae576e2560215c990a316b7a93475030000002f5a7e321401c3c0f7b9192a34d19fe3ad6a947c3565d96d02c6b1c49e6d008b9fbedb9825df1fa75cd99b138eaa9d88b7fd8b2b242c435dc817764feba91b66f03e924dc0e2df710a7a02eca0c69c38", @nested={0x4, 0xe0}]}, @generic="60493d59dfa7fe032be68e41cb02a995930f", @nested={0x111, 0xe9, 0x0, 0x1, [@generic="b7d26880a7529e6aca7bd1ed43bd339f238e91075030b5778f2dbfaf301bda18f8ec5e11a9b8a31503636a713d64c4985767858fdb27b7c1cf9ec8c73e864b9549fb0b36180a0141e9125573acc2d9115cf00a32b461f48a05efcb5037944ed4e640627fc3b79f7d18cff89f8849f0d8e56ac87e9561aac334085bece1f8fe62a26a191a14830d4572a3", @typed={0x14, 0x1b, 0x0, 0x0, @ipv6=@private2}, @generic, @nested={0x4, 0x22}, @nested={0x4, 0x101}, @generic="30e776117903aa5349b82ec7206256c5eb92d4ceeed1d40db21cb8a52ad9125aa0d16696b38b72c2a2897fd5877a60e8b488fcb17f96a534938ab9c84d0cd0d7a05817c6270d6dae231ce696d2784665c5dee9f8c95034d614436b1499a13a17387de2804fef1a"]}, @generic="2f8ada29b4a896aaff9185652d01eb32282dbea4f9f24a09ff4e546a379768b3b1187207e87a62deaa4f22269de6c3caa2fc98498a9a4f70215b9a5fcf51d213da933fab84cfd131245dc6f31d8dad684df9042ce748fa343eeb5abec5cfe6", @typed={0x8, 0xa7, 0x0, 0x0, @fd=r0}]}]}, 0x874}, 0x1, 0x0, 0x0, 0x20000040}, 0x40400dd)
r7 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x48, r7, 0x1b, 0x70bd26, 0x25dfdbfe, {}, [@OVS_PACKET_ATTR_ACTIONS={0x4}, @OVS_PACKET_ATTR_HASH={0xc, 0xb, 0xffffffffffffffff}, @OVS_PACKET_ATTR_KEY={0x4}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "89803500"}, @OVS_PACKET_ATTR_ACTIONS={0xc, 0x3, 0x0, 0x1, [@nested={0x5, 0x17, 0x0, 0x1, [@generic="1f"]}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4004040}, 0x4800)
read$auto(r2, 0x0, 0xc85a)
write$auto(0x3, 0x0, 0xfdef)
unshare$auto(0x40000080)
write$auto(0xca, &(0x7f0000000400)='\x04>\x00\x1d\xa4\xd2\xc3\xec&9\v\xbc\xdein\xe1G8\x02\x18\x00\x00\xd3b\x01\xbd\x9b@\xb0\x00\x00\x00\x84\xa2\\\x15\xc4>\xa9\x82,\x95\xeeH\xf8}v\xb3\xcb(\xa90Abe\xc3\x8c\xcc\xe7\xb8\x00F\x89#\xb4\xf0F\xa1GH\xb5\x8f\x9dZ~\xea\xa3\x93\xc2\x04\xe1;b\x99\x97}Z\x7f\x0f\x90\xce\x85-e\xb6n\xbc\xc6=\xf8\xce\xe7\x1e]\x85|\xce\xd7L\x9b\xd3lb\xc5\xee\xdb\xcb\xbb\xd8\xd9\xd3\xf8 \xe9e\xe5\x80\x1c7B+]\\!\xcej}H\x03x\x83Z\x98\xb8\t\xde\xd4\xf5\xf32\xccR\xaa\xdd\x16\xab\xd8\x1d\"\xc7\xa5\xe1k\x1d\xd9k\xc6\xb2\xa7\x97\x9a\xf6\xfe\xef\x1a\xbd\xcb\xb8*\x8b9\x00R\xe9)?Em\xb2\xac\xd1\xf6\xff\xc1\xc7\xbdl\xa2+tI\xa3\xa8\xabVe\x87\xa9\xae9\x82\xd2.SCt\xcc\x8c7\x7f\xdc\xc3\xfb\x94\xfc\xdfc+\x04\xfb\xf5$\xecO1@\x99l;\xd3X\xd5\"\xec\x17hR\xc5\x99\x8b\x9f\xf3\xf48%\xfa\xf2\x1d\xc5\x10T\x83p0\xd7]\x83{\x81\xdei\xd2\xfc\xfd=3K\xc3\xfe\x12\x98\x8b\xbe\xd1+\xc4r\x7f\x8f5\xcc\xa6\xd8>k\xcc\xee\xe0\x9bW\x0e\xc63\x84^\xde`\xd2\xe8\xfc\x02\xef\xa4\xdc\xd0A\xd5`?9D\x1c\x1b\x1b\xd5\xcb\xfb\x03I\xc9\x97\xac#\x0ee\xc8ltL\x88\x17m~aA%\xd3\xaf\xaa6hf\x9b\x83\x02A\xb0\xf6\x14\xb3\x18B\xfd\x9ai\xf8j \a\x1es\xa3U\x98sqq,\xd2A4?l\xa2\x9c\xc9\x9fa\xe8\x99qw\xf3\x18\x12R+(%x\xb6\xf8\x92\xa5\xe4\xdd\xe9\xf2\x0e\xc8', 0x100)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/hung_task_check_interval_secs\x00', 0x88542, 0x0)
writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000140), 0x7111}, 0x8)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000100), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0)
r8 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x20282, 0x0)
ioctl$auto_UI_DEV_SETUP(r8, 0x405c5503, &(0x7f00000000c0)={{0x9, 0xf2cf, 0x9, 0x80}, "6a034a07c7b8edb8fc3b39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0x6})
ioctl$auto_UI_DEV_CREATE(r8, 0x5501, 0x0)

1.627854719s ago: executing program 2 (id=1127):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x1, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0)
ioctl$auto_CEC_DQEVENT(r0, 0xc0506107, 0x0)
ioctl$auto_CEC_DQEVENT(r0, 0xc0506107, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
socketpair$auto(0x1, 0x8a, 0x8000000000000000, 0x0)
write$auto(0xc8, 0x0, 0x40f6)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x80000000, 0x5f, 0x80000001, 0x7, 0x6d3f, 0x7, 0x2, 0xfffffffffffffffe]}, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0x8, 0x1, 0x948b, 0x3, 0x15f4da0d, 0x3, 0x3, 0x262, 0x8000001c, 0x7, 0x6d3e, 0xc, 0x2, 0x5]}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r2 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x37}}, 0x6e)
sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000)
setsockopt$auto(0xffffffffffffffff, 0x104000000000010e, 0xc, 0x0, 0x6)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x6, 0x65f, 0x7fffffff, 0x70, 0x3, 0x20000002, 0x9, 0x3, 0x4, 0x4, 0xb4, 0x9, 0xa, 0x10003, 0x80, 0x4, 0x3, 0x32f, 0x1002000, 0x203, 0x8, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x885]}, 0x3, 0xd)
pwrite64$auto(0xc8, &(0x7f0000000040)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/231, 0xfdf2, 0x3a)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
setsockopt$auto(0x3, 0x1, 0x3f, 0x0, 0x209)
syz_genetlink_get_family_id$auto_nl80211(0x0, r2)

1.0674871s ago: executing program 4 (id=1128):
r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
readv$auto(r0, &(0x7f00000002c0)={0x0, 0x9}, 0x8)
r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000200), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_HWSIM_CMD_DEL_RADIO(r2, &(0x7f0000003bc0)={0x0, 0x0, &(0x7f0000003b80)={&(0x7f0000003980)={0x24, r1, 0x5, 0x70bd26, 0x25dfdbfd, {}, [@HWSIM_ATTR_RADIO_NAME={0xd, 0x11, '/dev/fb1\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0xc044)
keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8)
keyctl$auto(0x1d, 0xffffffffffffffff, 0x5, 0x0, 0x8000008)

676.977947ms ago: executing program 4 (id=1129):
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x20b42, 0x0)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0)
ioctl$auto(r0, 0x540a, r0)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/rpc/use-gss-proxy\x00', 0x48041, 0x0)
write$auto(r1, 0x0, 0x16d)
r2 = pidfd_open$auto(0x1, 0x0) (async)
r3 = openat$auto_fops_atomic_t_ro_(0xffffffffffffff9c, &(0x7f00000003c0), 0x28000, 0x0) (async)
process_vm_readv$auto(0x0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, 0x0, 0xa, 0x0) (async)
r4 = socket(0x2, 0x5, 0x0)
setsockopt$auto_SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000000)='}]\x00', 0x10)
close_range$auto(0x2, r2, 0xfffffffe)
r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r5)
ioctl$auto(r3, 0x80000541b, r3)

367.564766ms ago: executing program 2 (id=1130):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x800)
semctl$auto(0x1ff, 0x2, 0x13, 0x1)
r0 = socket(0xa, 0x1, 0x84)
getsockopt$auto(r0, 0x0, 0x483, 0x0, 0x0)

185.605657ms ago: executing program 4 (id=1131):
close_range$auto(0x2, 0x8, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x742, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_hcd.7/usb8/8-0:1.0/usb8-port1/disable\x00', 0x20102, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000)
r0 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x80842, 0x91)
read$auto(r0, 0x0, 0x1)
write$auto(0x3, 0x0, 0xfffffdef)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd6/queue/scheduler\x00', 0x189002, 0x0)
unshare$auto(0x200)
unshare$auto(0x7f)
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00')
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
setns(r2, 0x0)
syz_clone(0x16221400, 0x0, 0x0, 0x0, 0x0, 0x0)
sendfile$auto(r1, r1, 0x0, 0x3)
r3 = openat$auto_hwsim_fops_ps_(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy3/hwsim/ps\x00', 0x8200, 0x0)
io_uring_enter$auto(r3, 0xd4ee, 0x3, 0x80000000, &(0x7f0000000100)="e346ea6b5147228f66104dc113501577903c4d9303b3f6cb120afce4bae0fc3426aff2d057c98b5111aae9f76173acb15a2b2e0ef9ce71cbf8", 0x5)

0s ago: executing program 2 (id=1132):
r0 = socket(0x2c, 0x3, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sysfs$auto(0x2, 0x8, 0x0)
fsopen$auto(0x0, 0x1)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
bind$auto(r0, &(0x7f0000000080)=@xdp={0x2c, 0xc, 0x0, 0x1c}, 0x6b)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001080), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = bpf$auto_BPF_ENABLE_STATS(0x20, &(0x7f0000000100)=@enable_stats={0x6e4}, 0x1000)
r5 = clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
tkill$auto(r5, 0x9)
bpf$auto(0x2, &(0x7f00000001c0)=@link_create={@prog_fd=r4, @target_fd=r3, 0x5, 0x7ea3, @tcx={@relative_id=0xf92, 0x80000000}}, 0x9)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r6=>0x0})
r7 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/ieee80211/phy16/netdev:wlan0/stations/08:02:11:00:00:01/num_ps_buf_frames\x00', 0x400000, 0x0)
bpf$auto_BPF_PROG_ATTACH(0x8, &(0x7f0000000300)=@test={r7, 0x8, 0xca4, 0xfffffffc, 0xfffffffffffffc01, 0x80000000, 0x80000001, 0x5, 0x6, 0x5, 0x5, 0x8f4, 0xcf, 0x8, 0x10}, 0x9)
sendmsg$auto_NL80211_CMD_GET_WIPHY(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="810b25bd7000ffdbdf251100000008000300", @ANYRES32=r6], 0x1c}, 0x1, 0x0, 0x0, 0x20000084}, 0x0)

kernel console output (not intermixed with test programs):

x1e0
[  301.977225][ T8939]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  301.977284][ T8939]  do_pte_missing+0x223d/0x3fb0
[  301.977333][ T8939]  __handle_mm_fault+0x103d/0x2a40
[  301.977377][ T8939]  ? __pfx___handle_mm_fault+0x10/0x10
[  301.977409][ T8939]  ? __pte_offset_map_lock+0x155/0x2f0
[  301.977456][ T8939]  ? find_held_lock+0x2b/0x80
[  301.977484][ T8939]  ? find_held_lock+0x2b/0x80
[  301.977541][ T8939]  handle_mm_fault+0x3fe/0xad0
[  301.977582][ T8939]  __get_user_pages+0x771/0x36f0
[  301.977659][ T8939]  ? __pfx_mt_find+0x10/0x10
[  301.977694][ T8939]  ? __pfx___get_user_pages+0x10/0x10
[  301.977764][ T8939]  populate_vma_page_range+0x278/0x3a0
[  301.977800][ T8939]  ? __pfx_populate_vma_page_range+0x10/0x10
[  301.977835][ T8939]  ? __pfx_find_vma_intersection+0x10/0x10
[  301.977889][ T8939]  ? do_mmap+0x69c/0x11b0
[  301.977945][ T8939]  __mm_populate+0x1d8/0x380
[  301.977980][ T8939]  ? __pfx___mm_populate+0x10/0x10
[  301.978017][ T8939]  ? up_write+0x1b2/0x520
[  301.978071][ T8939]  vm_mmap_pgoff+0x362/0x450
[  301.978126][ T8939]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  301.978187][ T8939]  ? __x64_sys_futex+0x1e0/0x4c0
[  301.978223][ T8939]  ? __x64_sys_futex+0x1e9/0x4c0
[  301.978265][ T8939]  ksys_mmap_pgoff+0x7d/0x5c0
[  301.978315][ T8939]  ? rcu_is_watching+0x12/0xc0
[  301.978351][ T8939]  __x64_sys_mmap+0x125/0x190
[  301.978389][ T8939]  do_syscall_64+0xcd/0x230
[  301.978443][ T8939]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.978477][ T8939] RIP: 0033:0x7f7c2b18e969
[  301.978505][ T8939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  301.978538][ T8939] RSP: 002b:00007f7c2bf14038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  301.978571][ T8939] RAX: ffffffffffffffda RBX: 00007f7c2b3b5fa0 RCX: 00007f7c2b18e969
[  301.978593][ T8939] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000
[  301.978612][ T8939] RBP: 00007f7c2b210ab1 R08: 0000000000000002 R09: 0000000000008000
[  301.978639][ T8939] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000
[  301.978659][ T8939] R13: 0000000000000000 R14: 00007f7c2b3b5fa0 R15: 00007fff86964d48
[  301.978703][ T8939]  </TASK>
[  302.492343][   T32] oom_reaper: reaped process 8552 (syz.0.587), now anon-rss:0kB, file-rss:20396kB, shmem-rss:17664kB
[  303.562263][ T8953] input: jJǸ���;9�%v����l��Q�	J86�� as /devices/virtual/input/input9
[  304.195993][ T8967] netlink: 28 bytes leftover after parsing attributes in process `syz.2.666'.
[  304.473211][ T8967] team0: Port device team_slave_0 removed
[  304.837415][ T8972] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  304.843810][ T8972] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  304.850587][ T8972] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  304.876144][ T8972] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  306.869770][ T5138] Bluetooth: hci0: command 0x0c1a tx timeout
[  306.875917][ T5138] Bluetooth: hci3: command 0x0c1a tx timeout
[  306.883737][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout
[  306.956725][ T5138] Bluetooth: hci2: command 0x0c1a tx timeout
[  307.897897][ T9006] ubi: mtd0 is already attached to ubi0
[  308.163150][ T5898] smpboot: CPU 0 is now offline
[  308.255310][ T9002] netlink: 28 bytes leftover after parsing attributes in process `syz.1.675'.
[  308.449097][ T9002] geneve1: entered promiscuous mode
[  308.454622][ T9002] geneve1: entered allmulticast mode
[  308.754051][ T5835] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  308.787653][ T5835] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  308.801505][ T5835] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  308.815513][ T5835] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  308.824258][ T5835] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  310.868566][ T5835] Bluetooth: hci4: command tx timeout
[  311.104730][ T9009] chnl_net:caif_netlink_parms(): no params data found
[  311.831537][ T9039] ubi: mtd0 is already attached to ubi0
[  312.181297][ T9047] syz.4.683 (9047): /proc/9042/oom_adj is deprecated, please use /proc/9042/oom_score_adj instead.
[  312.947159][ T5835] Bluetooth: hci4: command tx timeout
[  314.512818][ T9009] bridge0: port 1(bridge_slave_0) entered blocking state
[  314.569030][ T9009] bridge0: port 1(bridge_slave_0) entered disabled state
[  314.576418][ T9009] bridge_slave_0: entered allmulticast mode
[  314.669220][ T9009] bridge_slave_0: entered promiscuous mode
[  314.748437][ T9009] bridge0: port 2(bridge_slave_1) entered blocking state
[  314.755579][ T9009] bridge0: port 2(bridge_slave_1) entered disabled state
[  314.846986][ T9009] bridge_slave_1: entered allmulticast mode
[  314.855993][ T9009] bridge_slave_1: entered promiscuous mode
[  315.027504][ T5835] Bluetooth: hci4: command tx timeout
[  315.423211][ T9009] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  315.520607][ T9009] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  315.898304][ T9009] team0: Port device team_slave_0 added
[  315.971446][ T9009] team0: Port device team_slave_1 added
[  316.036800][ T9065] vmstat_refresh: nr_hugetlb -1024
[  316.140562][ T9067] input: jJǸ���;9�%v����l��Q�	J86�� as /devices/virtual/input/input10
[  316.575826][ T9064] bridge0: port 3(team0) entered blocking state
[  316.599681][ T9064] bridge0: port 3(team0) entered disabled state
[  316.623445][ T9064] team0: entered allmulticast mode
[  316.649657][ T9064] team_slave_1: entered allmulticast mode
[  316.676766][ T9064] team0: entered promiscuous mode
[  316.695308][ T9064] team_slave_1: entered promiscuous mode
[  316.718221][ T9064] bridge0: port 3(team0) entered blocking state
[  316.724730][ T9064] bridge0: port 3(team0) entered forwarding state
[  316.917949][ T9009] batman_adv: batadv0: Adding interface: batadv_slave_0
[  316.924943][ T9009] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  317.110122][ T5835] Bluetooth: hci4: command tx timeout
[  317.146041][ T9009] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  317.231376][ T9009] batman_adv: batadv0: Adding interface: batadv_slave_1
[  317.266361][ T9009] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  317.428409][ T9009] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  317.789719][ T6485] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  317.871191][ T9009] hsr_slave_0: entered promiscuous mode
[  318.175089][ T9009] hsr_slave_1: entered promiscuous mode
[  318.393330][ T9009] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  318.450608][ T9009] Cannot create hsr debugfs directory
[  318.559136][ T9080] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  318.565243][ T9080] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  318.585067][ T6485] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  318.625659][ T9080] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  318.663581][ T9080] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  318.694044][ T9080] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  318.740056][ T9080] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  318.772624][ T9080] CPU0 is offline.
[  318.849156][ T6485] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  319.078852][ T6485] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  319.424318][ T9100] netlink: 12 bytes leftover after parsing attributes in process `syz.4.698'.
[  319.493154][ T9097] HfR: entered promiscuous mode
[  319.534532][ T9102] device-mapper: ioctl: Unable to rename non-existent device,  to �
[  320.156964][ T9100] openvswitch: HfR: Dropping previously announced user features
[  320.627522][ T5835] Bluetooth: hci3: command 0x0c1a tx timeout
[  320.633766][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout
[  320.640056][ T5138] Bluetooth: hci2: command 0x0c1a tx timeout
[  320.707228][ T5835] Bluetooth: hci4: command 0x0c1a tx timeout
[  320.774686][ T5835] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  321.058989][ T6485] team0: left allmulticast mode
[  321.082683][ T6485] team_slave_1: left allmulticast mode
[  321.110441][ T6485] team0: left promiscuous mode
[  321.115256][ T6485] team_slave_1: left promiscuous mode
[  321.152384][ T6485] bridge0: port 3(team0) entered disabled state
[  321.232093][ T6485] bridge_slave_1: left allmulticast mode
[  321.254766][ T6485] bridge_slave_1: left promiscuous mode
[  321.285429][ T6485] bridge0: port 2(bridge_slave_1) entered disabled state
[  321.332462][ T6485] bridge_slave_0: left allmulticast mode
[  321.355349][ T6485] bridge_slave_0: left promiscuous mode
[  321.390944][ T6485] bridge0: port 1(bridge_slave_0) entered disabled state
[  322.755620][ T6485] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  322.786895][ T5835] Bluetooth: hci4: command 0x0c1a tx timeout
[  322.798055][ T6485] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  322.823968][ T6485] bond0 (unregistering): Released all slaves
[  322.973159][ T6485] HfR: left promiscuous mode
[  323.132801][ T9009] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  323.188511][ T9009] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  323.279238][ T9143] FAULT_INJECTION: forcing a failure.
[  323.279238][ T9143] name failslab, interval 1, probability 0, space 0, times 0
[  323.313023][ T9009] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  323.323471][ T9143] CPU: 1 UID: 0 PID: 9143 Comm: syz.1.707 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  323.323509][ T9143] Tainted: [U]=USER
[  323.323516][ T9143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  323.323535][ T9143] Call Trace:
[  323.323542][ T9143]  <TASK>
[  323.323550][ T9143]  dump_stack_lvl+0x16c/0x1f0
[  323.323591][ T9143]  should_fail_ex+0x512/0x640
[  323.323626][ T9143]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  323.323657][ T9143]  should_failslab+0xc2/0x120
[  323.323688][ T9143]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  323.323716][ T9143]  ? security_file_alloc+0x34/0x2b0
[  323.323754][ T9143]  security_file_alloc+0x34/0x2b0
[  323.323788][ T9143]  init_file+0x93/0x4c0
[  323.323818][ T9143]  alloc_empty_file+0x73/0x1e0
[  323.323850][ T9143]  dentry_open+0x46/0xd0
[  323.323882][ T9143]  get_name+0x2c6/0x480
[  323.323904][ T9143]  ? __pfx_get_name+0x10/0x10
[  323.323928][ T9143]  ? __pfx_filldir_one+0x10/0x10
[  323.323950][ T9143]  ? find_held_lock+0x2b/0x80
[  323.323991][ T9143]  ? __pfx_reconnect_path+0x10/0x10
[  323.324014][ T9143]  ? __pfx_kernfs_fh_to_parent+0x10/0x10
[  323.324056][ T9143]  exportfs_decode_fh_raw+0x703/0x890
[  323.324078][ T9143]  ? __pfx_vfs_dentry_acceptable+0x10/0x10
[  323.324118][ T9143]  ? __pfx_exportfs_decode_fh_raw+0x10/0x10
[  323.324177][ T9143]  do_handle_open+0x75e/0xb70
[  323.324243][ T9143]  ? __pfx_do_handle_open+0x10/0x10
[  323.324282][ T9143]  ? ksys_write+0x1b9/0x240
[  323.324306][ T9143]  ? rcu_is_watching+0x12/0xc0
[  323.324335][ T9143]  ? do_syscall_64+0xcd/0x230
[  323.324370][ T9143]  do_syscall_64+0xcd/0x230
[  323.324413][ T9143]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.324438][ T9143] RIP: 0033:0x7fc7ceb8e969
[  323.324457][ T9143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  323.324480][ T9143] RSP: 002b:00007fc7cf94c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[  323.324502][ T9143] RAX: ffffffffffffffda RBX: 00007fc7cedb5fa0 RCX: 00007fc7ceb8e969
[  323.324518][ T9143] RDX: 0000000000000002 RSI: 0000200000000040 RDI: 0000000000000003
[  323.324532][ T9143] RBP: 00007fc7cf94c090 R08: 0000000000000000 R09: 0000000000000000
[  323.324546][ T9143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  323.324561][ T9143] R13: 0000000000000000 R14: 00007fc7cedb5fa0 R15: 00007ffed1011848
[  323.324590][ T9143]  </TASK>
[  323.672748][ T9145] input: jJǸ���;9�%v����l��Q�	J86�� as /devices/virtual/input/input11
[  323.874262][ T9009] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  324.357067][ T6485] hsr_slave_0: left promiscuous mode
[  324.388758][ T6485] hsr_slave_1: left promiscuous mode
[  324.412034][ T6485] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  324.478122][ T6485] batman_adv: batadv0: Removing interface: batadv_slave_0
[  324.536976][ T6485] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  324.571832][ T6485] batman_adv: batadv0: Removing interface: batadv_slave_1
[  324.725301][ T6485] veth1_macvtap: left promiscuous mode
[  324.796523][ T6485] veth0_macvtap: left promiscuous mode
[  324.837919][ T6485] veth1_vlan: left promiscuous mode
[  324.843265][ T6485] veth0_vlan: left promiscuous mode
[  324.870715][ T5835] Bluetooth: hci4: command 0x0c1a tx timeout
[  326.606478][ T6485] team0 (unregistering): Port device team_slave_1 removed
[  327.592866][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  327.599393][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  327.831667][ T9009] 8021q: adding VLAN 0 to HW filter on device bond0
[  328.017525][ T9009] 8021q: adding VLAN 0 to HW filter on device team0
[  328.161677][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  328.169010][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  328.205127][ T5835] Bluetooth: hci3: unexpected subevent 0x01 length: 4 < 18
[  328.212961][   T30] audit: type=1800 audit(6043214513.741:7): pid=9185 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.713" name="dbroot" dev="configfs" ino=21919 res=0 errno=0
[  328.278935][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  328.286266][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  330.053515][ T9009] 8021q: adding VLAN 0 to HW filter on device batadv0
[  331.479352][ T9250] FAULT_INJECTION: forcing a failure.
[  331.479352][ T9250] name failslab, interval 1, probability 0, space 0, times 0
[  331.566745][ T9250] CPU: 1 UID: 0 PID: 9250 Comm: syz.2.723 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  331.566785][ T9250] Tainted: [U]=USER
[  331.566793][ T9250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  331.566808][ T9250] Call Trace:
[  331.566815][ T9250]  <TASK>
[  331.566824][ T9250]  dump_stack_lvl+0x16c/0x1f0
[  331.566864][ T9250]  should_fail_ex+0x512/0x640
[  331.566900][ T9250]  ? __kvmalloc_node_noprof+0x122/0x600
[  331.566929][ T9250]  should_failslab+0xc2/0x120
[  331.566960][ T9250]  __kvmalloc_node_noprof+0x135/0x600
[  331.566986][ T9250]  ? seq_read_iter+0x826/0x12c0
[  331.567027][ T9250]  ? seq_read_iter+0x826/0x12c0
[  331.567060][ T9250]  seq_read_iter+0x826/0x12c0
[  331.567095][ T9250]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[  331.567135][ T9250]  kernfs_fop_read_iter+0x40f/0x5a0
[  331.567173][ T9250]  copy_splice_read+0x615/0xba0
[  331.567215][ T9250]  ? __pfx_copy_splice_read+0x10/0x10
[  331.567254][ T9250]  ? look_up_lock_class+0x59/0x150
[  331.567295][ T9250]  ? lockdep_init_map_type+0x5c/0x280
[  331.567330][ T9250]  ? __pfx_pipe_lock_cmp_fn+0x10/0x10
[  331.567356][ T9250]  ? __pfx_copy_splice_read+0x10/0x10
[  331.567392][ T9250]  do_splice_read+0x285/0x370
[  331.567431][ T9250]  splice_direct_to_actor+0x2a1/0xa30
[  331.567470][ T9250]  ? __pfx_direct_splice_actor+0x10/0x10
[  331.567522][ T9250]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  331.567558][ T9250]  ? get_pid_task+0xfc/0x250
[  331.567600][ T9250]  do_splice_direct+0x174/0x240
[  331.567638][ T9250]  ? __pfx_do_splice_direct+0x10/0x10
[  331.567675][ T9250]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  331.567717][ T9250]  ? rw_verify_area+0xcf/0x680
[  331.567757][ T9250]  do_sendfile+0xafd/0xe50
[  331.567785][ T9250]  ? __pfx_do_sendfile+0x10/0x10
[  331.567808][ T9250]  ? __fget_files+0x20e/0x3c0
[  331.567837][ T9250]  __x64_sys_sendfile64+0x1d8/0x220
[  331.567865][ T9250]  ? ksys_write+0x1b9/0x240
[  331.567888][ T9250]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[  331.567917][ T9250]  ? rcu_is_watching+0x12/0xc0
[  331.567953][ T9250]  do_syscall_64+0xcd/0x230
[  331.567993][ T9250]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.568018][ T9250] RIP: 0033:0x7f7c2b18e969
[  331.568036][ T9250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  331.568059][ T9250] RSP: 002b:00007f7c2bf14038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  331.568081][ T9250] RAX: ffffffffffffffda RBX: 00007f7c2b3b5fa0 RCX: 00007f7c2b18e969
[  331.568097][ T9250] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[  331.568111][ T9250] RBP: 00007f7c2bf14090 R08: 0000000000000000 R09: 0000000000000000
[  331.568125][ T9250] R10: 0000000001000200 R11: 0000000000000246 R12: 0000000000000001
[  331.568140][ T9250] R13: 0000000000000000 R14: 00007f7c2b3b5fa0 R15: 00007fff86964d48
[  331.568170][ T9250]  </TASK>
[  331.861301][    C1] vkms_vblank_simulate: vblank timer overrun
[  332.294648][ T9009] veth0_vlan: entered promiscuous mode
[  332.362598][ T9009] veth1_vlan: entered promiscuous mode
[  332.435605][ T9009] veth0_macvtap: entered promiscuous mode
[  332.480521][ T9009] veth1_macvtap: entered promiscuous mode
[  332.523484][ T9009] batman_adv: batadv0: Interface activated: batadv_slave_0
[  332.692008][ T9009] batman_adv: batadv0: Interface activated: batadv_slave_1
[  332.813645][ T9009] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  332.860481][ T9009] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  332.921101][ T9009] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  332.935556][ T9267] netlink: 326 bytes leftover after parsing attributes in process `syz.4.727'.
[  332.981482][ T9009] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  333.031478][ T9272] netlink: 12 bytes leftover after parsing attributes in process `syz.2.726'.
[  333.138638][ T9275] device-mapper: ioctl: Unable to rename non-existent device,  to �
[  333.466327][ T9270] HfR: entered promiscuous mode
[  333.540496][ T9267] veth1_macvtap: left promiscuous mode
[  333.799546][ T9272] openvswitch: HfR: Dropping previously announced user features
[  334.534263][ T6485] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  334.607317][ T6485] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  335.141440][ T8628] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  335.183073][ T8628] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  335.637234][ T9307] FAULT_INJECTION: forcing a failure.
[  335.637234][ T9307] name failslab, interval 1, probability 0, space 0, times 0
[  335.747397][ T9307] CPU: 1 UID: 0 PID: 9307 Comm: syz.1.733 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  335.747439][ T9307] Tainted: [U]=USER
[  335.747447][ T9307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  335.747460][ T9307] Call Trace:
[  335.747468][ T9307]  <TASK>
[  335.747477][ T9307]  dump_stack_lvl+0x16c/0x1f0
[  335.747518][ T9307]  should_fail_ex+0x512/0x640
[  335.747553][ T9307]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  335.747584][ T9307]  should_failslab+0xc2/0x120
[  335.747615][ T9307]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  335.747643][ T9307]  ? ptlock_alloc+0x1f/0x70
[  335.747671][ T9307]  ptlock_alloc+0x1f/0x70
[  335.747694][ T9307]  pte_alloc_one+0x6d/0x380
[  335.747722][ T9307]  do_pte_missing+0x1c0b/0x3fb0
[  335.747748][ T9307]  ? do_raw_spin_unlock+0x172/0x230
[  335.747787][ T9307]  ? __pmd_alloc+0x3c2/0x870
[  335.747821][ T9307]  ? find_held_lock+0x2b/0x80
[  335.747847][ T9307]  __handle_mm_fault+0x103d/0x2a40
[  335.747881][ T9307]  ? __pfx___handle_mm_fault+0x10/0x10
[  335.747924][ T9307]  ? find_vma+0xbf/0x140
[  335.747956][ T9307]  ? __pfx_find_vma+0x10/0x10
[  335.747994][ T9307]  handle_mm_fault+0x3fe/0xad0
[  335.748023][ T9307]  do_user_addr_fault+0x7a6/0x1370
[  335.748058][ T9307]  ? rcu_is_watching+0x12/0xc0
[  335.748084][ T9307]  exc_page_fault+0x5c/0xc0
[  335.748119][ T9307]  asm_exc_page_fault+0x26/0x30
[  335.748142][ T9307] RIP: 0010:rep_movs_alternative+0x30/0x90
[  335.748171][ T9307] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08
[  335.748195][ T9307] RSP: 0018:ffffc900038ffa08 EFLAGS: 00050246
[  335.748214][ T9307] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000008
[  335.748228][ T9307] RDX: fffff5200071ff70 RSI: 0000000000000000 RDI: ffffc900038ffb78
[  335.748244][ T9307] RBP: 0000000000000008 R08: 0000000000000001 R09: fffff5200071ff6f
[  335.748258][ T9307] R10: ffffc900038ffb7f R11: 0000000000000000 R12: 0000000000000000
[  335.748272][ T9307] R13: ffffc900038ffb78 R14: 0000000000000000 R15: 0000000000000000
[  335.748304][ T9307]  _copy_from_user+0x98/0xd0
[  335.748327][ T9307]  copy_from_sockptr_offset.constprop.0+0x153/0x1a0
[  335.748367][ T9307]  ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10
[  335.748408][ T9307]  ? __local_bh_enable_ip+0xa4/0x120
[  335.748438][ T9307]  ? lockdep_hardirqs_on+0x7c/0x110
[  335.748478][ T9307]  do_ip_setsockopt+0x1902/0x3130
[  335.748519][ T9307]  ? __pfx_do_ip_setsockopt+0x10/0x10
[  335.748574][ T9307]  ip_setsockopt+0x59/0xf0
[  335.748614][ T9307]  ipv6_setsockopt+0x155/0x170
[  335.748649][ T9307]  sctp_setsockopt+0x16c/0xb870
[  335.748685][ T9307]  ? __pfx_sctp_setsockopt+0x10/0x10
[  335.748711][ T9307]  ? __lock_acquire+0x5ca/0x1ba0
[  335.748740][ T9307]  ? __pfx_aa_sk_perm+0x10/0x10
[  335.748771][ T9307]  ? find_held_lock+0x2b/0x80
[  335.748796][ T9307]  ? sock_common_setsockopt+0x2e/0xf0
[  335.748833][ T9307]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  335.748870][ T9307]  do_sock_setsockopt+0x221/0x470
[  335.748909][ T9307]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  335.748967][ T9307]  __sys_setsockopt+0x120/0x1a0
[  335.749000][ T9307]  __x64_sys_setsockopt+0xbd/0x160
[  335.749028][ T9307]  ? do_syscall_64+0x91/0x230
[  335.749070][ T9307]  ? lockdep_hardirqs_on+0x7c/0x110
[  335.749105][ T9307]  do_syscall_64+0xcd/0x230
[  335.749145][ T9307]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.749170][ T9307] RIP: 0033:0x7fc7ceb8e969
[  335.749188][ T9307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  335.749213][ T9307] RSP: 002b:00007fc7cf94c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  335.749236][ T9307] RAX: ffffffffffffffda RBX: 00007fc7cedb5fa0 RCX: 00007fc7ceb8e969
[  335.749252][ T9307] RDX: 0000000000000024 RSI: 0000000000000000 RDI: 0000000000000003
[  335.749266][ T9307] RBP: 00007fc7cf94c090 R08: 0000000000000009 R09: 0000000000000000
[  335.749280][ T9307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  335.749294][ T9307] R13: 0000000000000000 R14: 00007fc7cedb5fa0 R15: 00007ffed1011848
[  335.749325][ T9307]  </TASK>
[  336.165720][    C1] vkms_vblank_simulate: vblank timer overrun
[  336.657078][ T5835] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  337.733473][ T9330] FAULT_INJECTION: forcing a failure.
[  337.733473][ T9330] name failslab, interval 1, probability 0, space 0, times 0
[  338.389184][ T9330] CPU: 1 UID: 0 PID: 9330 Comm: syz.1.739 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  338.389223][ T9330] Tainted: [U]=USER
[  338.389230][ T9330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  338.389244][ T9330] Call Trace:
[  338.389251][ T9330]  <TASK>
[  338.389259][ T9330]  dump_stack_lvl+0x16c/0x1f0
[  338.389300][ T9330]  should_fail_ex+0x512/0x640
[  338.389341][ T9330]  should_failslab+0xc2/0x120
[  338.389373][ T9330]  __kmalloc_cache_noprof+0x6a/0x3e0
[  338.389396][ T9330]  ? __pfx_sctp_get_port_local+0x10/0x10
[  338.389435][ T9330]  ? sctp_bind_addr_match+0x193/0x300
[  338.389468][ T9330]  ? sctp_add_bind_addr+0xae/0x3f0
[  338.389506][ T9330]  sctp_add_bind_addr+0xae/0x3f0
[  338.389544][ T9330]  sctp_do_bind+0x2d6/0x700
[  338.389577][ T9330]  sctp_connect_new_asoc+0x5fd/0x790
[  338.389608][ T9330]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  338.389645][ T9330]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  338.389670][ T9330]  sctp_sendmsg+0x15f9/0x1ee0
[  338.389708][ T9330]  ? __pfx_sctp_sendmsg+0x10/0x10
[  338.389738][ T9330]  ? __pfx___might_resched+0x10/0x10
[  338.389775][ T9330]  ? iovec_from_user+0xbb/0x140
[  338.389800][ T9330]  ? __pfx_aa_sk_perm+0x10/0x10
[  338.389829][ T9330]  ? __import_iovec+0x1c8/0x660
[  338.389854][ T9330]  ? __pfx_sctp_sendmsg+0x10/0x10
[  338.389883][ T9330]  inet_sendmsg+0x11c/0x140
[  338.389922][ T9330]  ____sys_sendmsg+0x973/0xc70
[  338.389962][ T9330]  ? copy_msghdr_from_user+0x10a/0x160
[  338.389991][ T9330]  ? __pfx_____sys_sendmsg+0x10/0x10
[  338.390034][ T9330]  ? __pfx__kstrtoull+0x10/0x10
[  338.390069][ T9330]  ___sys_sendmsg+0x134/0x1d0
[  338.390101][ T9330]  ? __pfx____sys_sendmsg+0x10/0x10
[  338.390152][ T9330]  ? find_held_lock+0x2b/0x80
[  338.390194][ T9330]  __sys_sendmmsg+0x200/0x420
[  338.390227][ T9330]  ? __pfx___sys_sendmmsg+0x10/0x10
[  338.390267][ T9330]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  338.390318][ T9330]  ? fput+0x70/0xf0
[  338.390347][ T9330]  ? ksys_write+0x1b9/0x240
[  338.390370][ T9330]  ? __pfx_ksys_write+0x10/0x10
[  338.390391][ T9330]  ? rcu_is_watching+0x12/0xc0
[  338.390418][ T9330]  __x64_sys_sendmmsg+0x9c/0x100
[  338.390447][ T9330]  ? lockdep_hardirqs_on+0x7c/0x110
[  338.390482][ T9330]  do_syscall_64+0xcd/0x230
[  338.390520][ T9330]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  338.390544][ T9330] RIP: 0033:0x7fc7ceb8e969
[  338.390563][ T9330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  338.390586][ T9330] RSP: 002b:00007fc7cf94c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  338.390608][ T9330] RAX: ffffffffffffffda RBX: 00007fc7cedb5fa0 RCX: 00007fc7ceb8e969
[  338.390624][ T9330] RDX: 0000000000000005 RSI: 0000200000000140 RDI: 0000000000000002
[  338.390639][ T9330] RBP: 00007fc7cf94c090 R08: 0000000000000000 R09: 0000000000000000
[  338.390653][ T9330] R10: 0000000000000311 R11: 0000000000000246 R12: 0000000000000001
[  338.390668][ T9330] R13: 0000000000000000 R14: 00007fc7cedb5fa0 R15: 00007ffed1011848
[  338.390698][ T9330]  </TASK>
[  338.935721][ T9335] capability: warning: `syz.4.743' uses deprecated v2 capabilities in a way that may be insecure
[  339.568583][ T9346] FAULT_INJECTION: forcing a failure.
[  339.568583][ T9346] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  339.620861][ T9346] CPU: 1 UID: 0 PID: 9346 Comm: syz.4.744 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  339.620903][ T9346] Tainted: [U]=USER
[  339.620911][ T9346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  339.620925][ T9346] Call Trace:
[  339.620932][ T9346]  <TASK>
[  339.620941][ T9346]  dump_stack_lvl+0x16c/0x1f0
[  339.620983][ T9346]  should_fail_ex+0x512/0x640
[  339.621025][ T9346]  should_fail_alloc_page+0xe7/0x130
[  339.621059][ T9346]  prepare_alloc_pages+0x3c2/0x610
[  339.621102][ T9346]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  339.621135][ T9346]  ? stack_trace_save+0x8e/0xc0
[  339.621161][ T9346]  ? __pfx_stack_trace_save+0x10/0x10
[  339.621185][ T9346]  ? stack_depot_save_flags+0x28/0xa50
[  339.621226][ T9346]  ? __alloc_frozen_pages_noprof+0x294/0x23f0
[  339.621265][ T9346]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  339.621292][ T9346]  ? __kasan_slab_alloc+0x89/0x90
[  339.621320][ T9346]  ? __pmd_alloc+0xc3/0x870
[  339.621356][ T9346]  ? handle_mm_fault+0x3fe/0xad0
[  339.621379][ T9346]  ? do_user_addr_fault+0x7a6/0x1370
[  339.621401][ T9346]  ? exc_page_fault+0x5c/0xc0
[  339.621433][ T9346]  ? asm_exc_page_fault+0x26/0x30
[  339.621456][ T9346]  ? rep_movs_alternative+0xf/0x90
[  339.621483][ T9346]  ? _copy_from_user+0x98/0xd0
[  339.621501][ T9346]  ? ____sys_sendmsg+0x607/0xc70
[  339.621548][ T9346]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  339.621581][ T9346]  ? policy_nodemask+0xea/0x4e0
[  339.621612][ T9346]  alloc_pages_mpol+0x1fb/0x550
[  339.621749][ T9346]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  339.621780][ T9346]  ? cgroup_rstat_updated+0x2a/0xb20
[  339.621825][ T9346]  alloc_pages_noprof+0x131/0x390
[  339.621857][ T9346]  pte_alloc_one+0x19/0x380
[  339.621885][ T9346]  do_pte_missing+0x1c0b/0x3fb0
[  339.621910][ T9346]  ? do_raw_spin_unlock+0x172/0x230
[  339.621951][ T9346]  ? __pmd_alloc+0x3c2/0x870
[  339.621986][ T9346]  ? find_held_lock+0x2b/0x80
[  339.622010][ T9346]  __handle_mm_fault+0x103d/0x2a40
[  339.622042][ T9346]  ? __pfx___handle_mm_fault+0x10/0x10
[  339.622083][ T9346]  ? find_vma+0xbf/0x140
[  339.622115][ T9346]  ? __pfx_find_vma+0x10/0x10
[  339.622150][ T9346]  handle_mm_fault+0x3fe/0xad0
[  339.622181][ T9346]  do_user_addr_fault+0x7a6/0x1370
[  339.622209][ T9346]  ? rcu_is_watching+0x12/0xc0
[  339.622234][ T9346]  exc_page_fault+0x5c/0xc0
[  339.622267][ T9346]  asm_exc_page_fault+0x26/0x30
[  339.622288][ T9346] RIP: 0010:rep_movs_alternative+0xf/0x90
[  339.622316][ T9346] Code: c4 10 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66
[  339.622338][ T9346] RSP: 0018:ffffc9000382f9d0 EFLAGS: 00050202
[  339.622356][ T9346] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000007
[  339.622370][ T9346] RDX: fffff52000705f4c RSI: 0000000000000000 RDI: ffffc9000382fa58
[  339.622384][ T9346] RBP: 0000000000000007 R08: 0000000000000001 R09: fffff52000705f4b
[  339.622398][ T9346] R10: ffffc9000382fa5e R11: 0000000000000000 R12: 0000000000000000
[  339.622411][ T9346] R13: ffffc9000382fa58 R14: 1ffff92000705f45 R15: ffffc9000382fd8c
[  339.622441][ T9346]  _copy_from_user+0x98/0xd0
[  339.622463][ T9346]  ____sys_sendmsg+0x607/0xc70
[  339.622514][ T9346]  ? __pfx_____sys_sendmsg+0x10/0x10
[  339.622557][ T9346]  ? __pfx__kstrtoull+0x10/0x10
[  339.622593][ T9346]  ___sys_sendmsg+0x134/0x1d0
[  339.622630][ T9346]  ? __pfx____sys_sendmsg+0x10/0x10
[  339.622675][ T9346]  ? find_held_lock+0x2b/0x80
[  339.622717][ T9346]  __sys_sendmmsg+0x200/0x420
[  339.622751][ T9346]  ? __pfx___sys_sendmmsg+0x10/0x10
[  339.622792][ T9346]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  339.622844][ T9346]  ? fput+0x70/0xf0
[  339.622873][ T9346]  ? ksys_write+0x1b9/0x240
[  339.622896][ T9346]  ? __pfx_ksys_write+0x10/0x10
[  339.622918][ T9346]  ? rcu_is_watching+0x12/0xc0
[  339.622945][ T9346]  __x64_sys_sendmmsg+0x9c/0x100
[  339.622974][ T9346]  ? lockdep_hardirqs_on+0x7c/0x110
[  339.623009][ T9346]  do_syscall_64+0xcd/0x230
[  339.623049][ T9346]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.623072][ T9346] RIP: 0033:0x7f566af8e969
[  339.623090][ T9346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  339.623112][ T9346] RSP: 002b:00007f566bd6d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  339.623133][ T9346] RAX: ffffffffffffffda RBX: 00007f566b1b5fa0 RCX: 00007f566af8e969
[  339.623149][ T9346] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000003
[  339.623163][ T9346] RBP: 00007f566bd6d090 R08: 0000000000000000 R09: 0000000000000000
[  339.623177][ T9346] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001
[  339.623191][ T9346] R13: 0000000000000000 R14: 00007f566b1b5fa0 R15: 00007ffc0b864c08
[  339.623226][ T9346]  </TASK>
[  340.948897][    C1] sd 0:0:1:0: [sda] tag#1707 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  340.959523][    C1] sd 0:0:1:0: [sda] tag#1707 CDB: Write(6) 0a 00 00 00 0b 00 00 00 00 00 00 00
[  344.434532][ T9397] nbd: socks must be embedded in a SOCK_ITEM attr
[  344.558108][ T9397] block nbd0: shutting down sockets
[  345.117617][ T9407] vivid-009: =================  START STATUS  =================
[  345.156766][ T9407] vivid-009: Enable Output Cropping: true
[  345.217870][ T9409] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(2.0.7), cmd(5)
[  345.293174][ T9407] vivid-009: Enable Output Composing: true
[  345.334662][ T9407] vivid-009: Enable Output Scaler: true
[  345.501454][ T9407] vivid-009: Tx RGB Quantization Range: Automatic
[  345.619575][ T9407] vivid-009: Transmit Mode: HDMI
[  345.624613][ T9407] vivid-009: Hotplug Present: 0x00000000
[  345.864596][ T9407] vivid-009: RxSense Present: 0x00000000
[  345.960298][ T9407] vivid-009: EDID Present: 0x00000000
[  346.006792][ T9407] vivid-009: ==================  END STATUS  ==================
[  347.498099][ T9451] ACPI: Can not change Invalid GPE/Fixed Event status
[  347.672989][ T9451] netlink: 330 bytes leftover after parsing attributes in process `syz.4.766'.
[  352.996890][ T9535] netlink: 4 bytes leftover after parsing attributes in process `syz.2.783'.
[  353.064198][ T9535] netlink: 8 bytes leftover after parsing attributes in process `syz.2.783'.
[  354.435546][ T9561] ima: policy update failed
[  354.483221][   T30] audit: type=1802 audit(6043214603.011:8): pid=9561 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.5.792" res=0 errno=0
[  354.640513][ T9559] FAULT_INJECTION: forcing a failure.
[  354.640513][ T9559] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  354.717547][ T9572] ACPI: Can not change Invalid GPE/Fixed Event status
[  354.784616][ T9559] CPU: 1 UID: 0 PID: 9559 Comm: syz.4.790 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  354.784659][ T9559] Tainted: [U]=USER
[  354.784667][ T9559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  354.784682][ T9559] Call Trace:
[  354.784690][ T9559]  <TASK>
[  354.784699][ T9559]  dump_stack_lvl+0x16c/0x1f0
[  354.784742][ T9559]  should_fail_ex+0x512/0x640
[  354.784785][ T9559]  should_fail_alloc_page+0xe7/0x130
[  354.784819][ T9559]  prepare_alloc_pages+0x3c2/0x610
[  354.784864][ T9559]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  354.784895][ T9559]  ? kasan_save_stack+0x42/0x60
[  354.784921][ T9559]  ? kasan_save_stack+0x33/0x60
[  354.784945][ T9559]  ? kasan_save_track+0x14/0x30
[  354.784970][ T9559]  ? __kasan_slab_alloc+0x89/0x90
[  354.784997][ T9559]  ? kmem_cache_alloc_noprof+0x1cb/0x3b0
[  354.785024][ T9559]  ? ptlock_alloc+0x1f/0x70
[  354.785053][ T9559]  ? pte_alloc_one+0x6d/0x380
[  354.785079][ T9559]  ? __pte_alloc+0x6d/0x3c0
[  354.785112][ T9559]  ? copy_page_range+0x3a29/0x5fe0
[  354.785149][ T9559]  ? copy_process+0x8644/0x91b0
[  354.785180][ T9559]  ? kernel_clone+0xfc/0x960
[  354.785209][ T9559]  ? __do_sys_clone+0xce/0x120
[  354.785240][ T9559]  ? do_syscall_64+0xcd/0x230
[  354.785276][ T9559]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  354.785305][ T9559]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  354.785339][ T9559]  ? look_up_lock_class+0x6b/0x150
[  354.785382][ T9559]  ? look_up_lock_class+0x59/0x150
[  354.785418][ T9559]  ? register_lock_class+0x41/0x4c0
[  354.785452][ T9559]  ? __lock_acquire+0xaa4/0x1ba0
[  354.785483][ T9559]  ? look_up_lock_class+0x59/0x150
[  354.785517][ T9559]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  354.785554][ T9559]  ? policy_nodemask+0xea/0x4e0
[  354.785587][ T9559]  alloc_pages_mpol+0x1fb/0x550
[  354.785620][ T9559]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  354.785649][ T9559]  ? page_table_check_set+0x96f/0xb50
[  354.785688][ T9559]  alloc_pages_noprof+0x131/0x390
[  354.785720][ T9559]  pte_alloc_one+0x19/0x380
[  354.785749][ T9559]  __pte_alloc+0x6d/0x3c0
[  354.785782][ T9559]  ? __pfx___pte_alloc+0x10/0x10
[  354.785815][ T9559]  ? __pfx___might_resched+0x10/0x10
[  354.785842][ T9559]  ? copy_page_range+0x197d/0x5fe0
[  354.785886][ T9559]  copy_page_range+0x3a29/0x5fe0
[  354.785958][ T9559]  ? __pfx_copy_page_range+0x10/0x10
[  354.786009][ T9559]  ? __pfx___might_resched+0x10/0x10
[  354.786035][ T9559]  ? __pfx_mas_store+0x10/0x10
[  354.786064][ T9559]  ? __vma_enter_locked+0x163/0x3f0
[  354.786098][ T9559]  ? copy_process+0x85f7/0x91b0
[  354.786128][ T9559]  ? down_write+0x14d/0x200
[  354.786154][ T9559]  ? up_write+0x1b2/0x520
[  354.786194][ T9559]  copy_process+0x8644/0x91b0
[  354.786248][ T9559]  ? __pfx_copy_process+0x10/0x10
[  354.786283][ T9559]  ? try_to_wake_up+0xa2f/0x1680
[  354.786312][ T9559]  ? plist_check_head+0xa3/0x150
[  354.786340][ T9559]  ? find_held_lock+0x2b/0x80
[  354.786369][ T9559]  ? wake_up_q+0xb0/0x160
[  354.786389][ T9559]  ? do_raw_spin_unlock+0x172/0x230
[  354.786433][ T9559]  kernel_clone+0xfc/0x960
[  354.786465][ T9559]  ? __pfx_futex_wake+0x10/0x10
[  354.786496][ T9559]  ? __pfx_kernel_clone+0x10/0x10
[  354.786547][ T9559]  __do_sys_clone+0xce/0x120
[  354.786578][ T9559]  ? __pfx___do_sys_clone+0x10/0x10
[  354.786613][ T9559]  ? ksys_unshare+0x687/0xa40
[  354.786662][ T9559]  ? rcu_is_watching+0x12/0xc0
[  354.786694][ T9559]  do_syscall_64+0xcd/0x230
[  354.786735][ T9559]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  354.786760][ T9559] RIP: 0033:0x7f566af8e969
[  354.786779][ T9559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  354.786804][ T9559] RSP: 002b:00007f566bd6cfe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  354.786826][ T9559] RAX: ffffffffffffffda RBX: 00007f566b1b5fa0 RCX: 00007f566af8e969
[  354.786843][ T9559] RDX: 0000000000000000 RSI: 0000000000000700 RDI: 0000000002360411
[  354.786858][ T9559] RBP: 00007f566b010ab1 R08: 0000000000000000 R09: 0000000000000000
[  354.786873][ T9559] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  354.786888][ T9559] R13: 0000000000000000 R14: 00007f566b1b5fa0 R15: 00007ffc0b864c08
[  354.786919][ T9559]  </TASK>
[  355.429699][ T9575] netlink: 330 bytes leftover after parsing attributes in process `syz.1.793'.
[  355.996984][ T9582] netlink: 342 bytes leftover after parsing attributes in process `syz.5.796'.
[  356.255278][ T9584] netlink: 4 bytes leftover after parsing attributes in process `syz.1.797'.
[  356.295638][ T9584] netlink: 8 bytes leftover after parsing attributes in process `syz.1.797'.
[  357.836300][ T9605] =======================================================
[  357.836300][ T9605] WARNING: The mand mount option has been deprecated and
[  357.836300][ T9605]          and is ignored by this kernel. Remove the mand
[  357.836300][ T9605]          option from the mount to silence this warning.
[  357.836300][ T9605] =======================================================
[  359.565814][ T9637] FAULT_INJECTION: forcing a failure.
[  359.565814][ T9637] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  359.664767][ T9637] CPU: 1 UID: 0 PID: 9637 Comm: syz.5.807 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  359.664808][ T9637] Tainted: [U]=USER
[  359.664816][ T9637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  359.664830][ T9637] Call Trace:
[  359.664838][ T9637]  <TASK>
[  359.664847][ T9637]  dump_stack_lvl+0x16c/0x1f0
[  359.664888][ T9637]  should_fail_ex+0x512/0x640
[  359.664929][ T9637]  should_fail_alloc_page+0xe7/0x130
[  359.664962][ T9637]  prepare_alloc_pages+0x3c2/0x610
[  359.665005][ T9637]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  359.665033][ T9637]  ? arch_stack_walk+0xa6/0x100
[  359.665073][ T9637]  ? stack_trace_save+0x8e/0xc0
[  359.665098][ T9637]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  359.665130][ T9637]  ? __alloc_frozen_pages_noprof+0x294/0x23f0
[  359.665163][ T9637]  ? kasan_save_track+0x14/0x30
[  359.665187][ T9637]  ? __kasan_slab_alloc+0x89/0x90
[  359.665213][ T9637]  ? kmem_cache_alloc_noprof+0x1cb/0x3b0
[  359.665239][ T9637]  ? __pmd_alloc+0xc3/0x870
[  359.665274][ T9637]  ? __handle_mm_fault+0x948/0x2a40
[  359.665297][ T9637]  ? handle_mm_fault+0x3fe/0xad0
[  359.665319][ T9637]  ? do_user_addr_fault+0x7a6/0x1370
[  359.665341][ T9637]  ? exc_page_fault+0x5c/0xc0
[  359.665373][ T9637]  ? asm_exc_page_fault+0x26/0x30
[  359.665395][ T9637]  ? rep_movs_alternative+0x30/0x90
[  359.665422][ T9637]  ? _copy_from_user+0x98/0xd0
[  359.665441][ T9637]  ? io_unregister_pbuf_ring+0x103/0x4c0
[  359.665474][ T9637]  ? __io_uring_register+0x11f6/0x2310
[  359.665501][ T9637]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  359.665537][ T9637]  ? policy_nodemask+0xea/0x4e0
[  359.665569][ T9637]  alloc_pages_mpol+0x1fb/0x550
[  359.665600][ T9637]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  359.665639][ T9637]  alloc_pages_noprof+0x131/0x390
[  359.665670][ T9637]  pte_alloc_one+0x19/0x380
[  359.665698][ T9637]  __pte_alloc+0x6d/0x3c0
[  359.665730][ T9637]  ? __pfx___pte_alloc+0x10/0x10
[  359.665764][ T9637]  ? do_raw_spin_lock+0x12c/0x2b0
[  359.665803][ T9637]  ? find_held_lock+0x2b/0x80
[  359.665827][ T9637]  do_pte_missing+0x2925/0x3fb0
[  359.665855][ T9637]  ? _raw_spin_unlock+0x28/0x50
[  359.665886][ T9637]  ? __pmd_alloc+0x3c2/0x870
[  359.665924][ T9637]  __handle_mm_fault+0x103d/0x2a40
[  359.665958][ T9637]  ? __pfx___handle_mm_fault+0x10/0x10
[  359.666000][ T9637]  ? find_vma+0xbf/0x140
[  359.666034][ T9637]  ? __pfx_find_vma+0x10/0x10
[  359.666071][ T9637]  handle_mm_fault+0x3fe/0xad0
[  359.666101][ T9637]  do_user_addr_fault+0x7a6/0x1370
[  359.666128][ T9637]  ? rcu_is_watching+0x12/0xc0
[  359.666154][ T9637]  exc_page_fault+0x5c/0xc0
[  359.666188][ T9637]  asm_exc_page_fault+0x26/0x30
[  359.666210][ T9637] RIP: 0010:rep_movs_alternative+0x30/0x90
[  359.666244][ T9637] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08
[  359.666265][ T9637] RSP: 0018:ffffc90003d8fc40 EFLAGS: 00050202
[  359.666283][ T9637] RAX: 0000000000000001 RBX: 0000200000000000 RCX: 0000000000000028
[  359.666297][ T9637] RDX: fffff520007b1f99 RSI: 0000200000000000 RDI: ffffc90003d8fca0
[  359.666311][ T9637] RBP: 0000000000000028 R08: 0000000000000001 R09: fffff520007b1f98
[  359.666324][ T9637] R10: ffffc90003d8fcc7 R11: 0000000000000000 R12: 0000000000000000
[  359.666338][ T9637] R13: ffffc90003d8fca0 R14: 0000000000000001 R15: 0000200000000000
[  359.666367][ T9637]  _copy_from_user+0x98/0xd0
[  359.666390][ T9637]  io_unregister_pbuf_ring+0x103/0x4c0
[  359.666428][ T9637]  ? __pfx_io_unregister_pbuf_ring+0x10/0x10
[  359.666464][ T9637]  ? proc_fail_nth_write+0x9f/0x250
[  359.666508][ T9637]  ? __mutex_trylock_common+0xe9/0x250
[  359.666542][ T9637]  ? __pfx___mutex_trylock_common+0x10/0x10
[  359.666579][ T9637]  __io_uring_register+0x11f6/0x2310
[  359.666605][ T9637]  ? trace_contention_end+0xdd/0x130
[  359.666637][ T9637]  ? __pfx___io_uring_register+0x10/0x10
[  359.666659][ T9637]  ? __mutex_lock+0x1ca/0xb90
[  359.666698][ T9637]  ? __x64_sys_io_uring_register+0x159/0x280
[  359.666725][ T9637]  ? __pfx___mutex_lock+0x10/0x10
[  359.666769][ T9637]  ? __fget_files+0x20e/0x3c0
[  359.666788][ T9637]  ? __fput_deferred+0x350/0x370
[  359.666827][ T9637]  __x64_sys_io_uring_register+0x169/0x280
[  359.666856][ T9637]  do_syscall_64+0xcd/0x230
[  359.666895][ T9637]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.666918][ T9637] RIP: 0033:0x7f361738e969
[  359.666936][ T9637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  359.666958][ T9637] RSP: 002b:00007f36151f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[  359.666978][ T9637] RAX: ffffffffffffffda RBX: 00007f36175b5fa0 RCX: 00007f361738e969
[  359.666994][ T9637] RDX: 0000200000000000 RSI: 0000000000000017 RDI: 0000000000000003
[  359.667008][ T9637] RBP: 00007f36151f6090 R08: 0000000000000000 R09: 0000000000000000
[  359.667022][ T9637] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[  359.667037][ T9637] R13: 0000000000000000 R14: 00007f36175b5fa0 R15: 00007fff5f2c2938
[  359.667067][ T9637]  </TASK>
[  360.248931][ T9639] netlink: 4 bytes leftover after parsing attributes in process `syz.4.808'.
[  360.259348][ T9639] netlink: 8 bytes leftover after parsing attributes in process `syz.4.808'.
[  360.458194][ T9644] FAULT_INJECTION: forcing a failure.
[  360.458194][ T9644] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  360.472077][ T9644] CPU: 1 UID: 0 PID: 9644 Comm: syz.2.817 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  360.472115][ T9644] Tainted: [U]=USER
[  360.472122][ T9644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  360.472137][ T9644] Call Trace:
[  360.472144][ T9644]  <TASK>
[  360.472152][ T9644]  dump_stack_lvl+0x16c/0x1f0
[  360.472194][ T9644]  should_fail_ex+0x512/0x640
[  360.472235][ T9644]  should_fail_alloc_page+0xe7/0x130
[  360.472269][ T9644]  prepare_alloc_pages+0x3c2/0x610
[  360.472306][ T9644]  ? arch_stack_walk+0xa6/0x100
[  360.472339][ T9644]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  360.472375][ T9644]  ? stack_trace_save+0x8e/0xc0
[  360.472401][ T9644]  ? __pfx_stack_trace_save+0x10/0x10
[  360.472426][ T9644]  ? stack_depot_save_flags+0x28/0xa50
[  360.472467][ T9644]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  360.472504][ T9644]  ? kasan_save_stack+0x42/0x60
[  360.472528][ T9644]  ? kasan_save_stack+0x33/0x60
[  360.472552][ T9644]  ? kasan_save_track+0x14/0x30
[  360.472576][ T9644]  ? __kasan_slab_alloc+0x89/0x90
[  360.472603][ T9644]  ? kmem_cache_alloc_noprof+0x1cb/0x3b0
[  360.472629][ T9644]  ? __pmd_alloc+0xc3/0x870
[  360.472668][ T9644]  ? filldir+0x29c/0x5f0
[  360.472699][ T9644]  ? proc_readdir_de+0x1d1/0x690
[  360.472728][ T9644]  ? proc_readdir+0xf7/0x140
[  360.472755][ T9644]  ? proc_root_readdir+0x5e/0xd0
[  360.472780][ T9644]  ? iterate_dir+0x293/0xb40
[  360.472812][ T9644]  ? __x64_sys_getdents+0x14d/0x2c0
[  360.472846][ T9644]  ? do_syscall_64+0xcd/0x230
[  360.472882][ T9644]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.472909][ T9644]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  360.472945][ T9644]  ? policy_nodemask+0xea/0x4e0
[  360.472978][ T9644]  alloc_pages_mpol+0x1fb/0x550
[  360.473010][ T9644]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  360.473038][ T9644]  ? __lock_acquire+0xaa4/0x1ba0
[  360.473079][ T9644]  ? __pfx_filemap_map_pages+0x10/0x10
[  360.473109][ T9644]  alloc_pages_noprof+0x131/0x390
[  360.473141][ T9644]  pte_alloc_one+0x19/0x380
[  360.473170][ T9644]  __do_fault+0x320/0x490
[  360.473202][ T9644]  ? __pfx_filemap_map_pages+0x10/0x10
[  360.473232][ T9644]  do_pte_missing+0x1a6/0x3fb0
[  360.473257][ T9644]  ? do_raw_spin_unlock+0x172/0x230
[  360.473297][ T9644]  ? __pmd_alloc+0x3c2/0x870
[  360.473332][ T9644]  ? find_held_lock+0x2b/0x80
[  360.473357][ T9644]  __handle_mm_fault+0x103d/0x2a40
[  360.473391][ T9644]  ? __pfx___handle_mm_fault+0x10/0x10
[  360.473434][ T9644]  ? find_vma+0xbf/0x140
[  360.473468][ T9644]  ? __pfx_find_vma+0x10/0x10
[  360.473513][ T9644]  handle_mm_fault+0x3fe/0xad0
[  360.473543][ T9644]  do_user_addr_fault+0x7a6/0x1370
[  360.473571][ T9644]  ? rcu_is_watching+0x12/0xc0
[  360.473596][ T9644]  exc_page_fault+0x5c/0xc0
[  360.473632][ T9644]  asm_exc_page_fault+0x26/0x30
[  360.473654][ T9644] RIP: 0010:filldir+0x29c/0x5f0
[  360.473688][ T9644] Code: db e8 08 28 84 ff 89 d8 48 83 c4 50 5b 5d 41 5c 41 5d 41 5e 41 5f e9 03 11 36 09 e8 ee 27 84 ff 0f 01 cb 0f ae e8 48 8b 04 24 <49> 89 47 08 e8 db 27 84 ff 4c 8b 7c 24 30 48 8b 44 24 10 49 89 07
[  360.473710][ T9644] RSP: 0018:ffffc90003adfca8 EFLAGS: 00050293
[  360.473727][ T9644] RAX: 0000000000000000 RBX: ffffc90003adfe80 RCX: ffffffff8236878a
[  360.473742][ T9644] RDX: ffff88802d82bc00 RSI: ffffffff823687e2 RDI: 0000000000000006
[  360.473756][ T9644] RBP: 0000000000000018 R08: 0000000000000006 R09: 0000000000000000
[  360.473770][ T9644] R10: 0000000000000018 R11: 0000000000000000 R12: 0000000000000001
[  360.473783][ T9644] R13: 0000000000000018 R14: ffffffff8ba270c0 R15: 0000000000000000
[  360.473806][ T9644]  ? filldir+0x23a/0x5f0
[  360.473838][ T9644]  ? filldir+0x292/0x5f0
[  360.473876][ T9644]  ? filldir+0x292/0x5f0
[  360.473917][ T9644]  ? __pfx_filldir+0x10/0x10
[  360.473948][ T9644]  proc_readdir_de+0x1d1/0x690
[  360.473983][ T9644]  proc_readdir+0xf7/0x140
[  360.474014][ T9644]  proc_root_readdir+0x5e/0xd0
[  360.474041][ T9644]  iterate_dir+0x293/0xb40
[  360.474080][ T9644]  __x64_sys_getdents+0x14d/0x2c0
[  360.474116][ T9644]  ? __pfx___x64_sys_getdents+0x10/0x10
[  360.474150][ T9644]  ? fput+0x70/0xf0
[  360.474177][ T9644]  ? __pfx_filldir+0x10/0x10
[  360.474211][ T9644]  ? rcu_is_watching+0x12/0xc0
[  360.474241][ T9644]  do_syscall_64+0xcd/0x230
[  360.474279][ T9644]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.474301][ T9644] RIP: 0033:0x7f7c2b18e969
[  360.474320][ T9644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  360.474343][ T9644] RSP: 002b:00007f7c2bf14038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  360.474363][ T9644] RAX: ffffffffffffffda RBX: 00007f7c2b3b5fa0 RCX: 00007f7c2b18e969
[  360.474379][ T9644] RDX: 0000000000000018 RSI: 0000000000000000 RDI: 0000000000000003
[  360.474393][ T9644] RBP: 00007f7c2bf14090 R08: 0000000000000000 R09: 0000000000000000
[  360.474407][ T9644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  360.474421][ T9644] R13: 0000000000000000 R14: 00007f7c2b3b5fa0 R15: 00007fff86964d48
[  360.474452][ T9644]  </TASK>
[  363.592069][ T9677] FAULT_INJECTION: forcing a failure.
[  363.592069][ T9677] name failslab, interval 1, probability 0, space 0, times 0
[  363.686932][ T9677] CPU: 1 UID: 0 PID: 9677 Comm: syz.1.815 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  363.686972][ T9677] Tainted: [U]=USER
[  363.686979][ T9677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  363.686992][ T9677] Call Trace:
[  363.686999][ T9677]  <TASK>
[  363.687007][ T9677]  dump_stack_lvl+0x16c/0x1f0
[  363.687049][ T9677]  should_fail_ex+0x512/0x640
[  363.687085][ T9677]  ? __kvmalloc_node_noprof+0x122/0x600
[  363.687114][ T9677]  should_failslab+0xc2/0x120
[  363.687145][ T9677]  __kvmalloc_node_noprof+0x135/0x600
[  363.687176][ T9677]  ? br_dev_setup+0x8cb/0xab0
[  363.687208][ T9677]  ? __pfx_br_dev_setup+0x10/0x10
[  363.687238][ T9677]  ? alloc_netdev_mqs+0xb5b/0x1570
[  363.687275][ T9677]  ? alloc_netdev_mqs+0xb5b/0x1570
[  363.687304][ T9677]  alloc_netdev_mqs+0xb5b/0x1570
[  363.687342][ T9677]  br_add_bridge+0x33/0xf0
[  363.687365][ T9677]  old_deviceless+0x62c/0x700
[  363.687391][ T9677]  ? __pfx___mutex_lock+0x10/0x10
[  363.687429][ T9677]  ? __pfx_old_deviceless+0x10/0x10
[  363.687459][ T9677]  ? __pfx___might_resched+0x10/0x10
[  363.687498][ T9677]  br_ioctl_stub+0x3e8/0x4c0
[  363.687523][ T9677]  ? br_ioctl_call+0x34/0xa0
[  363.687543][ T9677]  ? __pfx_br_ioctl_stub+0x10/0x10
[  363.687569][ T9677]  ? __pfx___mutex_lock+0x10/0x10
[  363.687622][ T9677]  ? __pfx_br_ioctl_stub+0x10/0x10
[  363.687648][ T9677]  br_ioctl_call+0x50/0xa0
[  363.687671][ T9677]  sock_ioctl+0x365/0x6b0
[  363.687692][ T9677]  ? __pfx_sock_ioctl+0x10/0x10
[  363.687712][ T9677]  ? hook_file_ioctl_common+0x145/0x410
[  363.687754][ T9677]  ? __pfx_sock_ioctl+0x10/0x10
[  363.687776][ T9677]  __x64_sys_ioctl+0x193/0x200
[  363.687813][ T9677]  do_syscall_64+0xcd/0x230
[  363.687853][ T9677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  363.687877][ T9677] RIP: 0033:0x7fc7ceb8e969
[  363.687895][ T9677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  363.687917][ T9677] RSP: 002b:00007fc7cf94c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  363.687943][ T9677] RAX: ffffffffffffffda RBX: 00007fc7cedb5fa0 RCX: 00007fc7ceb8e969
[  363.687959][ T9677] RDX: 0000000000000004 RSI: 0000000000008941 RDI: 0000000000000000
[  363.687973][ T9677] RBP: 00007fc7cf94c090 R08: 0000000000000000 R09: 0000000000000000
[  363.687988][ T9677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  363.688002][ T9677] R13: 0000000000000000 R14: 00007fc7cedb5fa0 R15: 00007ffed1011848
[  363.688032][ T9677]  </TASK>
[  368.927624][ T9744] FAULT_INJECTION: forcing a failure.
[  368.927624][ T9744] name failslab, interval 1, probability 0, space 0, times 0
[  369.020931][ T9744] CPU: 1 UID: 0 PID: 9744 Comm: syz.1.829 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  369.020971][ T9744] Tainted: [U]=USER
[  369.020979][ T9744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  369.020992][ T9744] Call Trace:
[  369.020999][ T9744]  <TASK>
[  369.021008][ T9744]  dump_stack_lvl+0x16c/0x1f0
[  369.021049][ T9744]  should_fail_ex+0x512/0x640
[  369.021085][ T9744]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  369.021112][ T9744]  should_failslab+0xc2/0x120
[  369.021143][ T9744]  __kmalloc_cache_noprof+0x6a/0x3e0
[  369.021164][ T9744]  ? __mark_inode_dirty+0x53a/0xe50
[  369.021194][ T9744]  ? kernfs_iop_get_link+0x65/0x1620
[  369.021229][ T9744]  ? __pfx_kernfs_iop_get_link+0x10/0x10
[  369.021263][ T9744]  kernfs_iop_get_link+0x65/0x1620
[  369.021300][ T9744]  ? __pfx___might_resched+0x10/0x10
[  369.021329][ T9744]  ? touch_atime+0x2cf/0x5d0
[  369.021360][ T9744]  ? __pfx_kernfs_iop_get_link+0x10/0x10
[  369.021394][ T9744]  step_into+0x1b25/0x2270
[  369.021429][ T9744]  ? __pfx___up_read+0x10/0x10
[  369.021469][ T9744]  ? __pfx_step_into+0x10/0x10
[  369.021505][ T9744]  ? kernfs_dop_revalidate+0x80/0x740
[  369.021543][ T9744]  ? lookup_fast+0x156/0x610
[  369.021576][ T9744]  ? __pfx_kernfs_iop_permission+0x10/0x10
[  369.021618][ T9744]  walk_component+0xfc/0x5b0
[  369.021663][ T9744]  link_path_walk.part.0.constprop.0+0x685/0xd60
[  369.021714][ T9744]  path_openat+0x227/0x2d40
[  369.021738][ T9744]  ? arch_stack_walk+0xa6/0x100
[  369.021778][ T9744]  ? __pfx_path_openat+0x10/0x10
[  369.021802][ T9744]  ? stack_trace_save+0x8e/0xc0
[  369.021826][ T9744]  ? __pfx_stack_trace_save+0x10/0x10
[  369.021854][ T9744]  do_filp_open+0x20b/0x470
[  369.021878][ T9744]  ? __pfx_do_filp_open+0x10/0x10
[  369.021900][ T9744]  ? kasan_save_stack+0x42/0x60
[  369.021924][ T9744]  ? kasan_save_stack+0x33/0x60
[  369.021982][ T9744]  file_open_name+0x2a3/0x450
[  369.022016][ T9744]  ? __pfx_file_open_name+0x10/0x10
[  369.022061][ T9744]  acct_on+0x77/0x870
[  369.022094][ T9744]  __x64_sys_acct+0xaf/0x230
[  369.022123][ T9744]  ? lockdep_hardirqs_on+0x7c/0x110
[  369.022158][ T9744]  do_syscall_64+0xcd/0x230
[  369.022197][ T9744]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  369.022220][ T9744] RIP: 0033:0x7fc7ceb8e969
[  369.022238][ T9744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  369.022262][ T9744] RSP: 002b:00007fc7cf94c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3
[  369.022283][ T9744] RAX: ffffffffffffffda RBX: 00007fc7cedb5fa0 RCX: 00007fc7ceb8e969
[  369.022299][ T9744] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000001c0
[  369.022313][ T9744] RBP: 00007fc7cf94c090 R08: 0000000000000000 R09: 0000000000000000
[  369.022328][ T9744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  369.022342][ T9744] R13: 0000000000000001 R14: 00007fc7cedb5fa0 R15: 00007ffed1011848
[  369.022371][ T9744]  </TASK>
[  369.318141][    C1] vkms_vblank_simulate: vblank timer overrun
[  370.012189][ T9755] FAULT_INJECTION: forcing a failure.
[  370.012189][ T9755] name failslab, interval 1, probability 0, space 0, times 0
[  370.066794][ T9755] CPU: 1 UID: 0 PID: 9755 Comm: syz.5.833 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  370.066834][ T9755] Tainted: [U]=USER
[  370.066841][ T9755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  370.066854][ T9755] Call Trace:
[  370.066861][ T9755]  <TASK>
[  370.066869][ T9755]  dump_stack_lvl+0x16c/0x1f0
[  370.066909][ T9755]  should_fail_ex+0x512/0x640
[  370.066951][ T9755]  should_failslab+0xc2/0x120
[  370.066984][ T9755]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  370.067013][ T9755]  ? skb_clone+0x190/0x3f0
[  370.067047][ T9755]  skb_clone+0x190/0x3f0
[  370.067079][ T9755]  netlink_deliver_tap+0xabd/0xd30
[  370.067119][ T9755]  netlink_unicast+0x5df/0x7f0
[  370.067155][ T9755]  ? __pfx_netlink_unicast+0x10/0x10
[  370.067187][ T9755]  ? __lock_acquire+0xaa4/0x1ba0
[  370.067227][ T9755]  netlink_sendmsg+0x8d1/0xdd0
[  370.067265][ T9755]  ? __pfx_netlink_sendmsg+0x10/0x10
[  370.067310][ T9755]  ____sys_sendmsg+0xa95/0xc70
[  370.067349][ T9755]  ? copy_msghdr_from_user+0x10a/0x160
[  370.067378][ T9755]  ? __pfx_____sys_sendmsg+0x10/0x10
[  370.067431][ T9755]  ___sys_sendmsg+0x134/0x1d0
[  370.067469][ T9755]  ? __pfx____sys_sendmsg+0x10/0x10
[  370.067537][ T9755]  __sys_sendmsg+0x16d/0x220
[  370.067568][ T9755]  ? __pfx___sys_sendmsg+0x10/0x10
[  370.067607][ T9755]  ? rcu_is_watching+0x12/0xc0
[  370.067637][ T9755]  do_syscall_64+0xcd/0x230
[  370.067674][ T9755]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  370.067697][ T9755] RIP: 0033:0x7f361738e969
[  370.067715][ T9755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  370.067740][ T9755] RSP: 002b:00007f36151f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  370.067762][ T9755] RAX: ffffffffffffffda RBX: 00007f36175b5fa0 RCX: 00007f361738e969
[  370.067778][ T9755] RDX: 0000000004040080 RSI: 0000200000000780 RDI: 0000000000000003
[  370.067792][ T9755] RBP: 00007f36151f6090 R08: 0000000000000000 R09: 0000000000000000
[  370.067807][ T9755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  370.067821][ T9755] R13: 0000000000000000 R14: 00007f36175b5fa0 R15: 00007fff5f2c2938
[  370.067852][ T9755]  </TASK>
[  371.248774][ T9739] Invalid ELF header magic: != ELF
[  371.654903][ T9739] can: request_module (can-proto-0) failed.
[  373.602515][ T9790] netlink: 346 bytes leftover after parsing attributes in process `syz.5.836'.
[  373.655453][ T9804] netlink: 16 bytes leftover after parsing attributes in process `syz.2.845'.
[  373.769940][ T9807] netlink: 93 bytes leftover after parsing attributes in process `syz.2.845'.
[  381.151252][ T9908] netlink: 16 bytes leftover after parsing attributes in process `syz.4.853'.
[  381.258501][ T9915] netlink: 93 bytes leftover after parsing attributes in process `syz.4.853'.
[  383.662240][ T9944] ptrace attach of "./syz-executor exec"[9009] was attempted by "./syz-executor exec"[9944]
[  389.042513][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  389.049786][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  392.038832][T10058] FAULT_INJECTION: forcing a failure.
[  392.038832][T10058] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  392.193650][T10058] CPU: 1 UID: 0 PID: 10058 Comm: syz.2.875 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  392.193689][T10058] Tainted: [U]=USER
[  392.193696][T10058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  392.193709][T10058] Call Trace:
[  392.193716][T10058]  <TASK>
[  392.193725][T10058]  dump_stack_lvl+0x16c/0x1f0
[  392.193765][T10058]  should_fail_ex+0x512/0x640
[  392.193806][T10058]  _copy_from_iter+0x2a4/0x15b0
[  392.193847][T10058]  ? __alloc_skb+0x200/0x380
[  392.193876][T10058]  ? __pfx__copy_from_iter+0x10/0x10
[  392.193917][T10058]  ? __lock_acquire+0xaa4/0x1ba0
[  392.193956][T10058]  netlink_sendmsg+0x829/0xdd0
[  392.193995][T10058]  ? __pfx_netlink_sendmsg+0x10/0x10
[  392.194039][T10058]  ____sys_sendmsg+0xa95/0xc70
[  392.194077][T10058]  ? copy_msghdr_from_user+0x10a/0x160
[  392.194106][T10058]  ? __pfx_____sys_sendmsg+0x10/0x10
[  392.194164][T10058]  ___sys_sendmsg+0x134/0x1d0
[  392.194195][T10058]  ? __pfx____sys_sendmsg+0x10/0x10
[  392.194259][T10058]  __sys_sendmsg+0x16d/0x220
[  392.194289][T10058]  ? __pfx___sys_sendmsg+0x10/0x10
[  392.194327][T10058]  ? rcu_is_watching+0x12/0xc0
[  392.194357][T10058]  do_syscall_64+0xcd/0x230
[  392.194397][T10058]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.194421][T10058] RIP: 0033:0x7f7c2b18e969
[  392.194440][T10058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  392.194463][T10058] RSP: 002b:00007f7c2bf14038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  392.194485][T10058] RAX: ffffffffffffffda RBX: 00007f7c2b3b5fa0 RCX: 00007f7c2b18e969
[  392.194501][T10058] RDX: 0000000004008040 RSI: 00002000000001c0 RDI: 0000000000000003
[  392.194516][T10058] RBP: 00007f7c2bf14090 R08: 0000000000000000 R09: 0000000000000000
[  392.194531][T10058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  392.194545][T10058] R13: 0000000000000000 R14: 00007f7c2b3b5fa0 R15: 00007fff86964d48
[  392.194574][T10058]  </TASK>
[  392.395937][    C1] vkms_vblank_simulate: vblank timer overrun
[  397.018958][T10115] FAULT_INJECTION: forcing a failure.
[  397.018958][T10115] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  397.206794][T10115] CPU: 1 UID: 0 PID: 10115 Comm: syz.2.889 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  397.206833][T10115] Tainted: [U]=USER
[  397.206840][T10115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  397.206854][T10115] Call Trace:
[  397.206861][T10115]  <TASK>
[  397.206871][T10115]  dump_stack_lvl+0x16c/0x1f0
[  397.206910][T10115]  should_fail_ex+0x512/0x640
[  397.206950][T10115]  should_fail_alloc_page+0xe7/0x130
[  397.206982][T10115]  prepare_alloc_pages+0x3c2/0x610
[  397.207025][T10115]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  397.207056][T10115]  ? stack_trace_save+0x8e/0xc0
[  397.207089][T10115]  ? __lock_acquire+0xaa4/0x1ba0
[  397.207120][T10115]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  397.207150][T10115]  ? __lock_acquire+0xaa4/0x1ba0
[  397.207195][T10115]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  397.207230][T10115]  ? policy_nodemask+0xea/0x4e0
[  397.207262][T10115]  alloc_pages_mpol+0x1fb/0x550
[  397.207293][T10115]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  397.207331][T10115]  alloc_pages_noprof+0x131/0x390
[  397.207362][T10115]  pgd_alloc+0x49/0x4f0
[  397.207392][T10115]  mm_init+0x6f4/0x1370
[  397.207418][T10115]  ? mm_alloc+0x1c/0xc0
[  397.207448][T10115]  mm_alloc+0x9f/0xc0
[  397.207475][T10115]  alloc_bprm+0x2ab/0xdd0
[  397.207515][T10115]  ? strncpy_from_user+0x203/0x2e0
[  397.207552][T10115]  do_execveat_common.isra.0+0x1ce/0x610
[  397.207597][T10115]  __x64_sys_execveat+0xda/0x120
[  397.207621][T10115]  do_syscall_64+0xcd/0x230
[  397.207660][T10115]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.207684][T10115] RIP: 0033:0x7f7c2b18e969
[  397.207703][T10115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  397.207726][T10115] RSP: 002b:00007f7c28ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  397.207748][T10115] RAX: ffffffffffffffda RBX: 00007f7c2b3b6080 RCX: 00007f7c2b18e969
[  397.207764][T10115] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  397.207779][T10115] RBP: 00007f7c28ff6090 R08: 0000000000011000 R09: 0000000000000000
[  397.207793][T10115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  397.207808][T10115] R13: 0000000000000000 R14: 00007f7c2b3b6080 R15: 00007fff86964d48
[  397.207841][T10115]  </TASK>
[  397.446302][    C1] vkms_vblank_simulate: vblank timer overrun
[  400.868024][T10156] netlink: 4 bytes leftover after parsing attributes in process `syz.4.899'.
[  403.360322][T10194] FAULT_INJECTION: forcing a failure.
[  403.360322][T10194] name failslab, interval 1, probability 0, space 0, times 0
[  403.437026][T10194] CPU: 1 UID: 0 PID: 10194 Comm: syz.2.911 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  403.437070][T10194] Tainted: [U]=USER
[  403.437078][T10194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  403.437093][T10194] Call Trace:
[  403.437101][T10194]  <TASK>
[  403.437110][T10194]  dump_stack_lvl+0x16c/0x1f0
[  403.437152][T10194]  should_fail_ex+0x512/0x640
[  403.437189][T10194]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  403.437221][T10194]  should_failslab+0xc2/0x120
[  403.437252][T10194]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  403.437282][T10194]  ? ptlock_alloc+0x1f/0x70
[  403.437310][T10194]  ptlock_alloc+0x1f/0x70
[  403.437334][T10194]  pte_alloc_one+0x6d/0x380
[  403.437363][T10194]  do_pte_missing+0x1c0b/0x3fb0
[  403.437389][T10194]  ? do_raw_spin_unlock+0x172/0x230
[  403.437430][T10194]  ? __pmd_alloc+0x3c2/0x870
[  403.437465][T10194]  ? find_held_lock+0x2b/0x80
[  403.437491][T10194]  __handle_mm_fault+0x103d/0x2a40
[  403.437525][T10194]  ? __pfx___handle_mm_fault+0x10/0x10
[  403.437568][T10194]  ? find_vma+0xbf/0x140
[  403.437601][T10194]  ? __pfx_find_vma+0x10/0x10
[  403.437639][T10194]  handle_mm_fault+0x3fe/0xad0
[  403.437670][T10194]  do_user_addr_fault+0x7a6/0x1370
[  403.437697][T10194]  ? rcu_is_watching+0x12/0xc0
[  403.437724][T10194]  exc_page_fault+0x5c/0xc0
[  403.437760][T10194]  asm_exc_page_fault+0x26/0x30
[  403.437784][T10194] RIP: 0010:strncpy_from_user+0x147/0x2e0
[  403.437819][T10194] Code: 00 00 4d 89 74 1d 00 48 83 ed 08 bf 07 00 00 00 48 83 c3 08 48 89 ee e8 77 3d bb fc 48 83 fd 07 76 22 e8 fc 41 bb fc 45 31 ff <49> 8b 04 1c 31 ff 44 89 fe 49 89 c6 e8 28 3d bb fc 45 85 ff 0f 84
[  403.437843][T10194] RSP: 0018:ffffc9000ba27d18 EFLAGS: 00050246
[  403.437863][T10194] RAX: 000000000000003b RBX: 0000000000000000 RCX: ffffc9000c20c000
[  403.437879][T10194] RDX: 0000000000080000 RSI: ffffffff84ff6dd4 RDI: 0000000000000007
[  403.437894][T10194] RBP: 0000000000000fe0 R08: 0000000000000007 R09: 0000000000000007
[  403.437909][T10194] R10: 0000000000000fe0 R11: 0000000000000000 R12: 0000000000000000
[  403.437929][T10194] R13: ffff88805db5d520 R14: 0000000000000fe0 R15: 0000000000000000
[  403.437954][T10194]  ? strncpy_from_user+0x144/0x2e0
[  403.437991][T10194]  ? strncpy_from_user+0x144/0x2e0
[  403.438028][T10194]  getname_flags.part.0+0x8f/0x550
[  403.438066][T10194]  getname_flags+0x93/0xf0
[  403.438105][T10194]  do_sys_openat2+0xb8/0x1d0
[  403.438139][T10194]  ? __pfx_do_sys_openat2+0x10/0x10
[  403.438185][T10194]  __x64_sys_open+0x153/0x1e0
[  403.438219][T10194]  ? __pfx___x64_sys_open+0x10/0x10
[  403.438259][T10194]  ? rcu_is_watching+0x12/0xc0
[  403.438285][T10194]  do_syscall_64+0xcd/0x230
[  403.438325][T10194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.438348][T10194] RIP: 0033:0x7f7c2b18e969
[  403.438367][T10194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  403.438390][T10194] RSP: 002b:00007f7c2bf14038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  403.438411][T10194] RAX: ffffffffffffffda RBX: 00007f7c2b3b5fa0 RCX: 00007f7c2b18e969
[  403.438427][T10194] RDX: 0000000000000154 RSI: 0000000000022240 RDI: 0000000000000000
[  403.438441][T10194] RBP: 00007f7c2b210ab1 R08: 0000000000000000 R09: 0000000000000000
[  403.438456][T10194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  403.438470][T10194] R13: 0000000000000000 R14: 00007f7c2b3b5fa0 R15: 00007fff86964d48
[  403.438506][T10194]  </TASK>
[  404.849863][T10206] netlink: 28 bytes leftover after parsing attributes in process `syz.5.914'.
[  405.195054][T10206] bridge_slave_1: left allmulticast mode
[  405.284507][T10206] bridge_slave_1: left promiscuous mode
[  405.395404][T10206] bridge0: port 2(bridge_slave_1) entered disabled state
[  405.724750][T10206] bridge_slave_0: left allmulticast mode
[  405.743536][T10206] bridge_slave_0: left promiscuous mode
[  405.766990][T10206] bridge0: port 1(bridge_slave_0) entered disabled state
[  406.663213][T10224] FAULT_INJECTION: forcing a failure.
[  406.663213][T10224] name failslab, interval 1, probability 0, space 0, times 0
[  406.801608][T10224] CPU: 1 UID: 0 PID: 10224 Comm: syz.1.920 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  406.801648][T10224] Tainted: [U]=USER
[  406.801655][T10224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  406.801669][T10224] Call Trace:
[  406.801676][T10224]  <TASK>
[  406.801685][T10224]  dump_stack_lvl+0x16c/0x1f0
[  406.801726][T10224]  should_fail_ex+0x512/0x640
[  406.801761][T10224]  ? __kmalloc_noprof+0xbf/0x510
[  406.801791][T10224]  ? lsm_blob_alloc+0x68/0x90
[  406.801812][T10224]  should_failslab+0xc2/0x120
[  406.801842][T10224]  __kmalloc_noprof+0xd2/0x510
[  406.801880][T10224]  lsm_blob_alloc+0x68/0x90
[  406.801908][T10224]  security_sk_alloc+0x30/0x270
[  406.801937][T10224]  sk_prot_alloc+0xfb/0x2a0
[  406.801981][T10224]  sk_alloc+0x36/0xc20
[  406.802013][T10224]  inet_create+0x3a1/0x1090
[  406.802050][T10224]  ? inet_create+0x93/0x1090
[  406.802091][T10224]  __sock_create+0x338/0x8d0
[  406.802146][T10224]  mptcp_subflow_create_socket+0xf5/0xed0
[  406.802178][T10224]  ? __pfx_mptcp_subflow_create_socket+0x10/0x10
[  406.802214][T10224]  __mptcp_nmpc_sk+0x182/0x7d0
[  406.802243][T10224]  ? __pfx___mptcp_nmpc_sk+0x10/0x10
[  406.802275][T10224]  ? __local_bh_enable_ip+0xa4/0x120
[  406.802306][T10224]  mptcp_sendmsg+0x15bb/0x1e00
[  406.802343][T10224]  ? __pfx___might_resched+0x10/0x10
[  406.802368][T10224]  ? trace_kmalloc+0x2b/0xd0
[  406.802398][T10224]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  406.802436][T10224]  ? aa_sk_perm+0x2f4/0xb10
[  406.802465][T10224]  ? __pfx_mptcp_sendmsg+0x10/0x10
[  406.802512][T10224]  ? __pfx_mptcp_sendmsg+0x10/0x10
[  406.802548][T10224]  inet_sendmsg+0x11c/0x140
[  406.802585][T10224]  ____sys_sendmsg+0x973/0xc70
[  406.802625][T10224]  ? __pfx_____sys_sendmsg+0x10/0x10
[  406.802670][T10224]  ? __pfx__kstrtoull+0x10/0x10
[  406.802705][T10224]  ___sys_sendmsg+0x134/0x1d0
[  406.802736][T10224]  ? __pfx____sys_sendmsg+0x10/0x10
[  406.802780][T10224]  ? find_held_lock+0x2b/0x80
[  406.802842][T10224]  __sys_sendmmsg+0x200/0x420
[  406.802877][T10224]  ? __pfx___sys_sendmmsg+0x10/0x10
[  406.802918][T10224]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  406.802970][T10224]  ? fput+0x70/0xf0
[  406.803000][T10224]  ? ksys_write+0x1b9/0x240
[  406.803023][T10224]  ? __pfx_ksys_write+0x10/0x10
[  406.803046][T10224]  ? rcu_is_watching+0x12/0xc0
[  406.803072][T10224]  __x64_sys_sendmmsg+0x9c/0x100
[  406.803101][T10224]  ? lockdep_hardirqs_on+0x7c/0x110
[  406.803133][T10224]  do_syscall_64+0xcd/0x230
[  406.803170][T10224]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.803194][T10224] RIP: 0033:0x7fc7ceb8e969
[  406.803211][T10224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  406.803234][T10224] RSP: 002b:00007fc7cf94c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  406.803255][T10224] RAX: ffffffffffffffda RBX: 00007fc7cedb5fa0 RCX: 00007fc7ceb8e969
[  406.803271][T10224] RDX: 0000000000000005 RSI: 0000200000000140 RDI: 0000000000000004
[  406.803285][T10224] RBP: 00007fc7cf94c090 R08: 0000000000000000 R09: 0000000000000000
[  406.803300][T10224] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001
[  406.803314][T10224] R13: 0000000000000000 R14: 00007fc7cedb5fa0 R15: 00007ffed1011848
[  406.803344][T10224]  </TASK>
[  407.648788][T10237] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(537396514.0.0), cmd(0)
[  419.024142][T10347] nfsd: Unknown parameter '^B�-'
[  419.092079][T10352] FAULT_INJECTION: forcing a failure.
[  419.092079][T10352] name failslab, interval 1, probability 0, space 0, times 0
[  419.188459][T10352] CPU: 1 UID: 0 PID: 10352 Comm: syz.5.948 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  419.188503][T10352] Tainted: [U]=USER
[  419.188511][T10352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  419.188525][T10352] Call Trace:
[  419.188532][T10352]  <TASK>
[  419.188541][T10352]  dump_stack_lvl+0x16c/0x1f0
[  419.188582][T10352]  should_fail_ex+0x512/0x640
[  419.188623][T10352]  should_failslab+0xc2/0x120
[  419.188654][T10352]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  419.188682][T10352]  ? skb_clone+0x190/0x3f0
[  419.188716][T10352]  skb_clone+0x190/0x3f0
[  419.188748][T10352]  netlink_deliver_tap+0xabd/0xd30
[  419.188786][T10352]  netlink_unicast+0x5df/0x7f0
[  419.188821][T10352]  ? __pfx_netlink_unicast+0x10/0x10
[  419.188852][T10352]  ? __lock_acquire+0xaa4/0x1ba0
[  419.188892][T10352]  netlink_sendmsg+0x8d1/0xdd0
[  419.188930][T10352]  ? __pfx_netlink_sendmsg+0x10/0x10
[  419.188974][T10352]  ____sys_sendmsg+0xa95/0xc70
[  419.189013][T10352]  ? copy_msghdr_from_user+0x10a/0x160
[  419.189042][T10352]  ? __pfx_____sys_sendmsg+0x10/0x10
[  419.189094][T10352]  ___sys_sendmsg+0x134/0x1d0
[  419.189125][T10352]  ? __pfx____sys_sendmsg+0x10/0x10
[  419.189192][T10352]  __sys_sendmsg+0x16d/0x220
[  419.189222][T10352]  ? __pfx___sys_sendmsg+0x10/0x10
[  419.189267][T10352]  ? rcu_is_watching+0x12/0xc0
[  419.189298][T10352]  do_syscall_64+0xcd/0x230
[  419.189337][T10352]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.189361][T10352] RIP: 0033:0x7f361738e969
[  419.189379][T10352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  419.189403][T10352] RSP: 002b:00007f36151f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  419.189425][T10352] RAX: ffffffffffffffda RBX: 00007f36175b5fa0 RCX: 00007f361738e969
[  419.189440][T10352] RDX: 0000000000000040 RSI: 0000200000000cc0 RDI: 0000000000000003
[  419.189455][T10352] RBP: 00007f36151f6090 R08: 0000000000000000 R09: 0000000000000000
[  419.189469][T10352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  419.189486][T10352] R13: 0000000000000000 R14: 00007f36175b5fa0 R15: 00007fff5f2c2938
[  419.189523][T10352]  </TASK>
[  419.680830][T10340] netlink: 8 bytes leftover after parsing attributes in process `syz.4.943'.

syzkaller
syzkaller login: [  424.699977][ T6872] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  425.508479][ T5138] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  425.736087][ T6872] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  425.898211][ T5835] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  425.909296][ T5835] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  425.917886][ T5835] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  425.925739][ T5835] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  425.934619][ T5835] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  426.498722][ T6872] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  427.035159][ T6872] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  427.987355][ T5835] Bluetooth: hci0: command tx timeout
[  428.959147][T10430] netlink: 28 bytes leftover after parsing attributes in process `syz.2.968'.
[  430.067255][ T5835] Bluetooth: hci0: command tx timeout
[  430.840454][ T6872] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  430.898519][ T6872] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  430.946101][ T6872] bond0 (unregistering): Released all slaves
[  431.333437][T10402] chnl_net:caif_netlink_parms(): no params data found
[  432.146884][ T5835] Bluetooth: hci0: command tx timeout
[  433.535925][ T6872] hsr_slave_0: left promiscuous mode
[  433.600569][ T6872] hsr_slave_1: left promiscuous mode
[  433.637460][ T6872] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  433.644905][ T6872] batman_adv: batadv0: Removing interface: batadv_slave_0
[  433.810624][ T6872] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  433.852229][ T6872] batman_adv: batadv0: Removing interface: batadv_slave_1
[  433.961797][ T5835] Bluetooth: hci3: Unable to find connection for big 0xd2
[  434.071175][ T6872] veth1_macvtap: left promiscuous mode
[  434.106846][ T6872] veth0_macvtap: left promiscuous mode
[  434.141068][ T6872] veth1_vlan: left promiscuous mode
[  434.175287][ T6872] veth0_vlan: left promiscuous mode
[  434.226713][ T5835] Bluetooth: hci0: command tx timeout
[  434.234707][T10477] input: jJǸ���;9�%v����l��Q�	J86�� as /devices/virtual/input/input12
[  435.945184][ T6872] team0 (unregistering): Port device team_slave_1 removed
[  436.058558][ T6872] team0 (unregistering): Port device team_slave_0 removed
[  437.063338][T10402] bridge0: port 1(bridge_slave_0) entered blocking state
[  437.070966][T10402] bridge0: port 1(bridge_slave_0) entered disabled state
[  437.082679][T10402] bridge_slave_0: entered allmulticast mode
[  437.091333][T10402] bridge_slave_0: entered promiscuous mode
[  437.208837][T10402] bridge0: port 2(bridge_slave_1) entered blocking state
[  437.243866][T10402] bridge0: port 2(bridge_slave_1) entered disabled state
[  437.260675][T10402] bridge_slave_1: entered allmulticast mode
[  437.278366][T10402] bridge_slave_1: entered promiscuous mode
[  437.631749][T10402] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  437.664007][T10402] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  437.815344][T10402] team0: Port device team_slave_0 added
[  437.875382][T10402] team0: Port device team_slave_1 added
[  438.191210][T10402] batman_adv: batadv0: Adding interface: batadv_slave_0
[  438.237678][T10402] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  438.380436][T10402] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  438.462852][T10402] batman_adv: batadv0: Adding interface: batadv_slave_1
[  438.507674][T10402] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  438.640942][T10402] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  438.897205][T10501] FAULT_INJECTION: forcing a failure.
[  438.897205][T10501] name failslab, interval 1, probability 0, space 0, times 0
[  438.973596][T10501] CPU: 1 UID: 0 PID: 10501 Comm: syz.2.974 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  438.973639][T10501] Tainted: [U]=USER
[  438.973646][T10501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  438.973661][T10501] Call Trace:
[  438.973669][T10501]  <TASK>
[  438.973679][T10501]  dump_stack_lvl+0x16c/0x1f0
[  438.973722][T10501]  should_fail_ex+0x512/0x640
[  438.973759][T10501]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  438.973792][T10501]  should_failslab+0xc2/0x120
[  438.973823][T10501]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  438.973852][T10501]  ? __alloc_skb+0x2b2/0x380
[  438.973885][T10501]  __alloc_skb+0x2b2/0x380
[  438.973913][T10501]  ? __pfx___alloc_skb+0x10/0x10
[  438.973951][T10501]  ? __pfx_add_uevent_var+0x10/0x10
[  438.973974][T10501]  ? trace_kmalloc+0x2b/0xd0
[  438.974012][T10501]  ? __asan_memcpy+0x3c/0x60
[  438.974037][T10501]  alloc_uevent_skb+0x7d/0x210
[  438.974062][T10501]  ? __pfx_rx_queue_namespace+0x10/0x10
[  438.974097][T10501]  kobject_uevent_env+0x11cc/0x1870
[  438.974139][T10501]  ? internal_create_groups+0x11a/0x150
[  438.974187][T10501]  net_rx_queue_update_kobjects+0x1de/0x770
[  438.974229][T10501]  ? kset_register+0x1bb/0x2b0
[  438.974255][T10501]  netdev_register_kobject+0x269/0x3a0
[  438.974295][T10501]  register_netdevice+0x13dc/0x2270
[  438.974336][T10501]  ? __pfx_register_netdevice+0x10/0x10
[  438.974382][T10501]  __ip_tunnel_create+0x4a8/0x680
[  438.974417][T10501]  ? __pfx___ip_tunnel_create+0x10/0x10
[  438.974460][T10501]  ip_tunnel_init_net+0x22f/0x7d0
[  438.974501][T10501]  ? __pfx_ip_tunnel_init_net+0x10/0x10
[  438.974543][T10501]  ? trace_kmalloc+0x2b/0xd0
[  438.974577][T10501]  ? lockdep_init_map_type+0x5c/0x280
[  438.974615][T10501]  ? __pfx_ipgre_init_net+0x10/0x10
[  438.974643][T10501]  ops_init+0x1e2/0x5f0
[  438.974679][T10501]  setup_net+0x21e/0x850
[  438.974719][T10501]  ? __pfx_setup_net+0x10/0x10
[  438.974749][T10501]  ? lockdep_init_map_type+0x5c/0x280
[  438.974782][T10501]  ? __pfx_down_read_killable+0x10/0x10
[  438.974809][T10501]  ? debug_mutex_init+0x37/0x70
[  438.974836][T10501]  copy_net_ns+0x2a6/0x5f0
[  438.974874][T10501]  create_new_namespaces+0x3ea/0xad0
[  438.974909][T10501]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  438.974940][T10501]  ksys_unshare+0x45b/0xa40
[  438.974974][T10501]  ? __pfx_ksys_unshare+0x10/0x10
[  438.975006][T10501]  ? xfd_validate_state+0x5d/0x180
[  438.975030][T10501]  ? rcu_is_watching+0x12/0xc0
[  438.975060][T10501]  __x64_sys_unshare+0x31/0x40
[  438.975093][T10501]  do_syscall_64+0xcd/0x230
[  438.975138][T10501]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  438.975164][T10501] RIP: 0033:0x7f7c2b18e969
[  438.975184][T10501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  438.975217][T10501] RSP: 002b:00007f7c2bf14038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  438.975240][T10501] RAX: ffffffffffffffda RBX: 00007f7c2b3b5fa0 RCX: 00007f7c2b18e969
[  438.975256][T10501] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  438.975270][T10501] RBP: 00007f7c2b210ab1 R08: 0000000000000000 R09: 0000000000000000
[  438.975285][T10501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  438.975299][T10501] R13: 0000000000000000 R14: 00007f7c2b3b5fa0 R15: 00007fff86964d48
[  438.975330][T10501]  </TASK>
[  439.569116][T10402] hsr_slave_0: entered promiscuous mode
[  439.576812][T10402] hsr_slave_1: entered promiscuous mode
[  439.582933][T10402] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  439.590920][T10402] Cannot create hsr debugfs directory
[  439.936051][T10509] ima: policy update failed
[  439.954417][   T30] audit: type=1802 audit(6043214688.481:9): pid=10509 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.975" res=0 errno=0
[  439.973455][T10509] netlink: 25 bytes leftover after parsing attributes in process `syz.4.975'.
[  440.567971][T10402] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  440.662930][T10402] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  440.752821][T10402] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  440.922675][T10402] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  442.193457][T10402] 8021q: adding VLAN 0 to HW filter on device bond0
[  442.464642][T10402] 8021q: adding VLAN 0 to HW filter on device team0
[  442.575042][ T8628] bridge0: port 1(bridge_slave_0) entered blocking state
[  442.582269][ T8628] bridge0: port 1(bridge_slave_0) entered forwarding state
[  442.676590][ T8628] bridge0: port 2(bridge_slave_1) entered blocking state
[  442.683806][ T8628] bridge0: port 2(bridge_slave_1) entered forwarding state
[  443.747430][ T5835] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  444.481103][T10402] 8021q: adding VLAN 0 to HW filter on device batadv0
[  444.616495][ T5835] Bluetooth: hci1: Unable to find connection for big 0xd2
[  444.847402][T10584] input: jJǸ���;9�%v����l��Q�	J86�� as /devices/virtual/input/input13
[  446.353772][T10402] veth0_vlan: entered promiscuous mode
[  446.435294][T10402] veth1_vlan: entered promiscuous mode
[  446.556245][T10402] veth0_macvtap: entered promiscuous mode
[  447.820637][T10402] veth1_macvtap: entered promiscuous mode
[  448.136679][T10402] batman_adv: batadv0: Interface activated: batadv_slave_0
[  448.252327][T10402] batman_adv: batadv0: Interface activated: batadv_slave_1
[  448.482065][T10402] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  448.539899][T10402] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  448.576701][T10402] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  448.614768][T10402] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  449.146042][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  449.206427][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  449.403426][ T8628] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  449.456004][ T8628] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  450.041939][T10637] FAULT_INJECTION: forcing a failure.
[  450.041939][T10637] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  450.173144][T10637] CPU: 1 UID: 0 PID: 10637 Comm: syz.6.958 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  450.173185][T10637] Tainted: [U]=USER
[  450.173193][T10637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  450.173207][T10637] Call Trace:
[  450.173215][T10637]  <TASK>
[  450.173223][T10637]  dump_stack_lvl+0x16c/0x1f0
[  450.173264][T10637]  should_fail_ex+0x512/0x640
[  450.173304][T10637]  should_fail_alloc_page+0xe7/0x130
[  450.173337][T10637]  prepare_alloc_pages+0x3c2/0x610
[  450.173379][T10637]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  450.173407][T10637]  ? find_held_lock+0x2b/0x80
[  450.173435][T10637]  ? __lock_acquire+0x5ca/0x1ba0
[  450.173472][T10637]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  450.173517][T10637]  ? find_held_lock+0x2b/0x80
[  450.173540][T10637]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  450.173575][T10637]  ? policy_nodemask+0xea/0x4e0
[  450.173607][T10637]  alloc_pages_mpol+0x1fb/0x550
[  450.173639][T10637]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  450.173677][T10637]  folio_alloc_mpol_noprof+0x36/0x2f0
[  450.173715][T10637]  shmem_alloc_folio+0x135/0x160
[  450.173740][T10637]  shmem_alloc_and_add_folio+0x499/0xc20
[  450.173776][T10637]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  450.173809][T10637]  ? shmem_allowable_huge_orders+0xcb/0x2f0
[  450.173844][T10637]  shmem_get_folio_gfp+0x687/0x1530
[  450.173881][T10637]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  450.173913][T10637]  ? filemap_map_pages+0xf6c/0x1680
[  450.173948][T10637]  shmem_fault+0x1fe/0xa30
[  450.173986][T10637]  ? __pfx_shmem_fault+0x10/0x10
[  450.174020][T10637]  ? __pfx_filemap_map_pages+0x10/0x10
[  450.174061][T10637]  __do_fault+0x10a/0x490
[  450.174094][T10637]  do_pte_missing+0x1031/0x3fb0
[  450.174120][T10637]  ? do_raw_spin_unlock+0x172/0x230
[  450.174159][T10637]  ? __pmd_alloc+0x3c2/0x870
[  450.174192][T10637]  ? find_held_lock+0x2b/0x80
[  450.174217][T10637]  __handle_mm_fault+0x103d/0x2a40
[  450.174251][T10637]  ? __pfx___handle_mm_fault+0x10/0x10
[  450.174293][T10637]  ? find_vma+0xbf/0x140
[  450.174325][T10637]  ? __pfx_find_vma+0x10/0x10
[  450.174363][T10637]  handle_mm_fault+0x3fe/0xad0
[  450.174392][T10637]  do_user_addr_fault+0x7a6/0x1370
[  450.174420][T10637]  ? rcu_is_watching+0x12/0xc0
[  450.174445][T10637]  exc_page_fault+0x5c/0xc0
[  450.174480][T10637]  asm_exc_page_fault+0x26/0x30
[  450.174503][T10637] RIP: 0010:rep_movs_alternative+0xf/0x90
[  450.174532][T10637] Code: c4 10 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66
[  450.174555][T10637] RSP: 0018:ffffc9000ac4f9d0 EFLAGS: 00050202
[  450.174574][T10637] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000007
[  450.174589][T10637] RDX: fffff52001589f4c RSI: 0000000000000000 RDI: ffffc9000ac4fa58
[  450.174604][T10637] RBP: 0000000000000007 R08: 0000000000000001 R09: fffff52001589f4b
[  450.174619][T10637] R10: ffffc9000ac4fa5e R11: 0000000000000000 R12: 0000000000000000
[  450.174633][T10637] R13: ffffc9000ac4fa58 R14: 1ffff92001589f45 R15: ffffc9000ac4fd8c
[  450.174664][T10637]  _copy_from_user+0x98/0xd0
[  450.174688][T10637]  ____sys_sendmsg+0x607/0xc70
[  450.174728][T10637]  ? __pfx_____sys_sendmsg+0x10/0x10
[  450.174770][T10637]  ? __pfx__kstrtoull+0x10/0x10
[  450.174805][T10637]  ___sys_sendmsg+0x134/0x1d0
[  450.174837][T10637]  ? __pfx____sys_sendmsg+0x10/0x10
[  450.174881][T10637]  ? find_held_lock+0x2b/0x80
[  450.174923][T10637]  __sys_sendmmsg+0x200/0x420
[  450.174956][T10637]  ? __pfx___sys_sendmmsg+0x10/0x10
[  450.175000][T10637]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  450.175051][T10637]  ? fput+0x70/0xf0
[  450.175079][T10637]  ? ksys_write+0x1b9/0x240
[  450.175101][T10637]  ? __pfx_ksys_write+0x10/0x10
[  450.175123][T10637]  ? rcu_is_watching+0x12/0xc0
[  450.175149][T10637]  __x64_sys_sendmmsg+0x9c/0x100
[  450.175179][T10637]  ? lockdep_hardirqs_on+0x7c/0x110
[  450.175213][T10637]  do_syscall_64+0xcd/0x230
[  450.175252][T10637]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  450.175275][T10637] RIP: 0033:0x7f723cd8e969
[  450.175293][T10637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  450.175316][T10637] RSP: 002b:00007f723db18038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  450.175337][T10637] RAX: ffffffffffffffda RBX: 00007f723cfb5fa0 RCX: 00007f723cd8e969
[  450.175352][T10637] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000003
[  450.175367][T10637] RBP: 00007f723db18090 R08: 0000000000000000 R09: 0000000000000000
[  450.175381][T10637] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000001
[  450.175396][T10637] R13: 0000000000000000 R14: 00007f723cfb5fa0 R15: 00007ffcd57f0508
[  450.175440][T10637]  </TASK>
[  451.166493][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  451.173852][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  451.323017][T10642] ubi: mtd0 is already attached to ubi0
[  453.452349][T10674] netlink: 338 bytes leftover after parsing attributes in process `syz.4.997'.
[  453.507086][T10674] FAULT_INJECTION: forcing a failure.
[  453.507086][T10674] name failslab, interval 1, probability 0, space 0, times 0
[  453.575929][T10674] CPU: 1 UID: 0 PID: 10674 Comm: syz.4.997 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  453.575970][T10674] Tainted: [U]=USER
[  453.575977][T10674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  453.575991][T10674] Call Trace:
[  453.575998][T10674]  <TASK>
[  453.576006][T10674]  dump_stack_lvl+0x16c/0x1f0
[  453.576048][T10674]  should_fail_ex+0x512/0x640
[  453.576088][T10674]  should_failslab+0xc2/0x120
[  453.576119][T10674]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  453.576148][T10674]  ? skb_clone+0x190/0x3f0
[  453.576181][T10674]  skb_clone+0x190/0x3f0
[  453.576213][T10674]  netlink_deliver_tap+0xabd/0xd30
[  453.576245][T10674]  ? __pfx_rtnl_fdb_dump+0x10/0x10
[  453.576281][T10674]  netlink_dump+0x638/0xd00
[  453.576315][T10674]  ? __pfx_netlink_dump+0x10/0x10
[  453.576344][T10674]  ? __rhashtable_lookup.constprop.0+0x3a5/0x760
[  453.576375][T10674]  ? __netlink_dump_start+0x150/0x990
[  453.576416][T10674]  ? netlink_lookup+0x258/0x520
[  453.576445][T10674]  ? __pfx_netlink_lookup+0x10/0x10
[  453.576484][T10674]  __netlink_dump_start+0x6d6/0x990
[  453.576518][T10674]  ? __pfx_rtnl_fdb_dump+0x10/0x10
[  453.576555][T10674]  rtnetlink_rcv_msg+0xb3e/0xe90
[  453.576585][T10674]  ? __pfx_rtnl_fdb_dump+0x10/0x10
[  453.576624][T10674]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  453.576656][T10674]  ? __pfx_rtnl_dumpit+0x10/0x10
[  453.576677][T10674]  ? __pfx_rtnl_fdb_dump+0x10/0x10
[  453.576720][T10674]  netlink_rcv_skb+0x16a/0x440
[  453.576753][T10674]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  453.576787][T10674]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  453.576837][T10674]  ? netlink_deliver_tap+0x1ae/0xd30
[  453.576873][T10674]  netlink_unicast+0x53d/0x7f0
[  453.576910][T10674]  ? __pfx_netlink_unicast+0x10/0x10
[  453.576940][T10674]  ? __lock_acquire+0xaa4/0x1ba0
[  453.576979][T10674]  netlink_sendmsg+0x8d1/0xdd0
[  453.577017][T10674]  ? __pfx_netlink_sendmsg+0x10/0x10
[  453.577062][T10674]  ____sys_sendmsg+0xa95/0xc70
[  453.577100][T10674]  ? copy_msghdr_from_user+0x10a/0x160
[  453.577129][T10674]  ? __pfx_____sys_sendmsg+0x10/0x10
[  453.577181][T10674]  ___sys_sendmsg+0x134/0x1d0
[  453.577212][T10674]  ? __pfx____sys_sendmsg+0x10/0x10
[  453.577280][T10674]  __sys_sendmsg+0x16d/0x220
[  453.577310][T10674]  ? __pfx___sys_sendmsg+0x10/0x10
[  453.577349][T10674]  ? rcu_is_watching+0x12/0xc0
[  453.577380][T10674]  do_syscall_64+0xcd/0x230
[  453.577420][T10674]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  453.577445][T10674] RIP: 0033:0x7f566af8e969
[  453.577462][T10674] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  453.577486][T10674] RSP: 002b:00007f566bd6d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  453.577508][T10674] RAX: ffffffffffffffda RBX: 00007f566b1b5fa0 RCX: 00007f566af8e969
[  453.577524][T10674] RDX: 0000000000040000 RSI: 0000200000000240 RDI: 0000000000000003
[  453.577539][T10674] RBP: 00007f566bd6d090 R08: 0000000000000000 R09: 0000000000000000
[  453.577554][T10674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  453.577569][T10674] R13: 0000000000000000 R14: 00007f566b1b5fa0 R15: 00007ffc0b864c08
[  453.577599][T10674]  </TASK>
[  455.934695][T10719] FAULT_INJECTION: forcing a failure.
[  455.934695][T10719] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  456.023977][T10719] CPU: 1 UID: 0 PID: 10719 Comm: syz.2.1006 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  456.024016][T10719] Tainted: [U]=USER
[  456.024024][T10719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  456.024037][T10719] Call Trace:
[  456.024044][T10719]  <TASK>
[  456.024053][T10719]  dump_stack_lvl+0x16c/0x1f0
[  456.024094][T10719]  should_fail_ex+0x512/0x640
[  456.024134][T10719]  _copy_to_user+0x32/0xd0
[  456.024158][T10719]  simple_read_from_buffer+0xcb/0x170
[  456.024196][T10719]  proc_fail_nth_read+0x197/0x270
[  456.024232][T10719]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  456.024268][T10719]  ? rw_verify_area+0xcf/0x680
[  456.024310][T10719]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  456.024345][T10719]  vfs_read+0x1de/0xc70
[  456.024372][T10719]  ? __pfx___mutex_lock+0x10/0x10
[  456.024408][T10719]  ? __pfx_vfs_read+0x10/0x10
[  456.024439][T10719]  ? __fget_files+0x20e/0x3c0
[  456.024469][T10719]  ksys_read+0x12a/0x240
[  456.024492][T10719]  ? __pfx_ksys_read+0x10/0x10
[  456.024513][T10719]  ? rcu_is_watching+0x12/0xc0
[  456.024543][T10719]  do_syscall_64+0xcd/0x230
[  456.024583][T10719]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  456.024607][T10719] RIP: 0033:0x7f7c2b18d37c
[  456.024625][T10719] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  456.024649][T10719] RSP: 002b:00007f7c2bf14030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  456.024671][T10719] RAX: ffffffffffffffda RBX: 00007f7c2b3b5fa0 RCX: 00007f7c2b18d37c
[  456.024687][T10719] RDX: 000000000000000f RSI: 00007f7c2bf140a0 RDI: 0000000000000004
[  456.024702][T10719] RBP: 00007f7c2bf14090 R08: 0000000000000000 R09: 0000000000000000
[  456.024716][T10719] R10: 0000000000000100 R11: 0000000000000246 R12: 0000000000000002
[  456.024730][T10719] R13: 0000000000000000 R14: 00007f7c2b3b5fa0 R15: 00007fff86964d48
[  456.024760][T10719]  </TASK>
[  457.252743][T10725] FAULT_INJECTION: forcing a failure.
[  457.252743][T10725] name failslab, interval 1, probability 0, space 0, times 0
[  457.322722][T10725] CPU: 1 UID: 0 PID: 10725 Comm: syz.2.1009 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  457.322764][T10725] Tainted: [U]=USER
[  457.322772][T10725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  457.322786][T10725] Call Trace:
[  457.322794][T10725]  <TASK>
[  457.322803][T10725]  dump_stack_lvl+0x16c/0x1f0
[  457.322844][T10725]  should_fail_ex+0x512/0x640
[  457.322881][T10725]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  457.322912][T10725]  should_failslab+0xc2/0x120
[  457.322944][T10725]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  457.322971][T10725]  ? __pfx___might_resched+0x10/0x10
[  457.322998][T10725]  ? __anon_vma_prepare+0xae/0x5e0
[  457.323030][T10725]  __anon_vma_prepare+0xae/0x5e0
[  457.323055][T10725]  ? __filemap_get_folio+0x333/0xc10
[  457.323093][T10725]  __vmf_anon_prepare+0x11c/0x240
[  457.323132][T10725]  hugetlb_fault+0x1f4e/0x2e90
[  457.323160][T10725]  ? __pfx_hugetlb_fault+0x10/0x10
[  457.323194][T10725]  ? find_vma+0xbf/0x140
[  457.323225][T10725]  ? __pfx_find_vma+0x10/0x10
[  457.323261][T10725]  handle_mm_fault+0x95d/0xad0
[  457.323291][T10725]  do_user_addr_fault+0x7a6/0x1370
[  457.323318][T10725]  ? rcu_is_watching+0x12/0xc0
[  457.323344][T10725]  exc_page_fault+0x5c/0xc0
[  457.323377][T10725]  asm_exc_page_fault+0x26/0x30
[  457.323399][T10725] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  457.323429][T10725] Code: cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 e9 7f 09 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  457.323453][T10725] RSP: 0018:ffffc9000415fc00 EFLAGS: 00050202
[  457.323479][T10725] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000000000001ff
[  457.323494][T10725] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8880125f6400
[  457.323509][T10725] RBP: 00000000000001ff R08: 0000000000000001 R09: ffffed10024becbf
[  457.323523][T10725] R10: ffff8880125f65fe R11: 0000000000000000 R12: 0000000000000000
[  457.323538][T10725] R13: ffff8880125f6400 R14: ffff888060908430 R15: 0000000000000000
[  457.323569][T10725]  _copy_from_user+0x98/0xd0
[  457.323592][T10725]  memdup_user_nul+0x6c/0x120
[  457.323625][T10725]  nsim_dev_health_break_write+0xbd/0x210
[  457.323660][T10725]  ? __pfx_nsim_dev_health_break_write+0x10/0x10
[  457.323701][T10725]  full_proxy_write+0x13f/0x200
[  457.323733][T10725]  vfs_write+0x25c/0x1180
[  457.323756][T10725]  ? __pfx_full_proxy_write+0x10/0x10
[  457.323788][T10725]  ? __pfx___mutex_lock+0x10/0x10
[  457.323826][T10725]  ? __pfx_vfs_write+0x10/0x10
[  457.323859][T10725]  ? __fget_files+0x20e/0x3c0
[  457.323891][T10725]  ksys_write+0x12a/0x240
[  457.323914][T10725]  ? __pfx_ksys_write+0x10/0x10
[  457.323937][T10725]  ? rcu_is_watching+0x12/0xc0
[  457.323968][T10725]  do_syscall_64+0xcd/0x230
[  457.324008][T10725]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.324032][T10725] RIP: 0033:0x7f7c2b18e969
[  457.324050][T10725] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  457.324072][T10725] RSP: 002b:00007f7c2bf14038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  457.324093][T10725] RAX: ffffffffffffffda RBX: 00007f7c2b3b5fa0 RCX: 00007f7c2b18e969
[  457.324108][T10725] RDX: 00000000000001ff RSI: 0000000000000000 RDI: 0000000000000005
[  457.324122][T10725] RBP: 00007f7c2bf14090 R08: 0000000000000000 R09: 0000000000000000
[  457.324136][T10725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  457.324150][T10725] R13: 0000000000000000 R14: 00007f7c2b3b5fa0 R15: 00007fff86964d48
[  457.324181][T10725]  </TASK>
[  457.910826][T10738] FAULT_INJECTION: forcing a failure.
[  457.910826][T10738] name failslab, interval 1, probability 0, space 0, times 0
[  457.923566][T10738] CPU: 1 UID: 0 PID: 10738 Comm: syz.2.1011 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  457.923606][T10738] Tainted: [U]=USER
[  457.923614][T10738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  457.923629][T10738] Call Trace:
[  457.923638][T10738]  <TASK>
[  457.923647][T10738]  dump_stack_lvl+0x16c/0x1f0
[  457.923691][T10738]  should_fail_ex+0x512/0x640
[  457.923729][T10738]  ? __kmalloc_noprof+0xbf/0x510
[  457.923760][T10738]  ? devlink_fmsg_put_value+0xaa/0x2d0
[  457.923791][T10738]  should_failslab+0xc2/0x120
[  457.923822][T10738]  __kmalloc_noprof+0xd2/0x510
[  457.923848][T10738]  ? trace_kmalloc+0x2b/0xd0
[  457.923880][T10738]  ? __kmalloc_noprof+0x242/0x510
[  457.923913][T10738]  devlink_fmsg_put_value+0xaa/0x2d0
[  457.923949][T10738]  devlink_fmsg_string_pair_put+0xc1/0x1b0
[  457.923984][T10738]  nsim_dev_dummy_fmsg_put+0x77/0x1e0
[  457.924016][T10738]  devlink_health_do_dump+0x243/0x620
[  457.924054][T10738]  devlink_health_report+0x3c9/0x9c0
[  457.924091][T10738]  ? __pfx_devlink_health_report+0x10/0x10
[  457.924130][T10738]  ? _copy_from_user+0x59/0xd0
[  457.924162][T10738]  nsim_dev_health_break_write+0x166/0x210
[  457.924195][T10738]  ? __pfx_nsim_dev_health_break_write+0x10/0x10
[  457.924241][T10738]  full_proxy_write+0x13f/0x200
[  457.924275][T10738]  vfs_write+0x25c/0x1180
[  457.924298][T10738]  ? __pfx_full_proxy_write+0x10/0x10
[  457.924331][T10738]  ? __pfx___mutex_lock+0x10/0x10
[  457.924370][T10738]  ? __pfx_vfs_write+0x10/0x10
[  457.924403][T10738]  ? __fget_files+0x20e/0x3c0
[  457.924442][T10738]  ksys_write+0x12a/0x240
[  457.924470][T10738]  ? __pfx_ksys_write+0x10/0x10
[  457.924493][T10738]  ? rcu_is_watching+0x12/0xc0
[  457.924526][T10738]  do_syscall_64+0xcd/0x230
[  457.924568][T10738]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.924593][T10738] RIP: 0033:0x7f7c2b18e969
[  457.924614][T10738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  457.924637][T10738] RSP: 002b:00007f7c2bf14038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  457.924659][T10738] RAX: ffffffffffffffda RBX: 00007f7c2b3b5fa0 RCX: 00007f7c2b18e969
[  457.924676][T10738] RDX: 00000000000001ff RSI: 0000000000000000 RDI: 0000000000000005
[  457.924690][T10738] RBP: 00007f7c2b210ab1 R08: 0000000000000000 R09: 0000000000000000
[  457.924705][T10738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  457.924719][T10738] R13: 0000000000000000 R14: 00007f7c2b3b5fa0 R15: 00007fff86964d48
[  457.924751][T10738]  </TASK>
[  460.878280][T10774] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input14
[  461.128188][T10777] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1017'.
[  461.261580][T10780] FAULT_INJECTION: forcing a failure.
[  461.261580][T10780] name failslab, interval 1, probability 0, space 0, times 0
[  461.385689][T10780] CPU: 1 UID: 0 PID: 10780 Comm: syz.2.1018 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  461.385736][T10780] Tainted: [U]=USER
[  461.385743][T10780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  461.385757][T10780] Call Trace:
[  461.385765][T10780]  <TASK>
[  461.385774][T10780]  dump_stack_lvl+0x16c/0x1f0
[  461.385814][T10780]  should_fail_ex+0x512/0x640
[  461.385856][T10780]  should_failslab+0xc2/0x120
[  461.385887][T10780]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  461.385915][T10780]  ? skb_clone+0x190/0x3f0
[  461.385949][T10780]  skb_clone+0x190/0x3f0
[  461.385980][T10780]  netlink_deliver_tap+0xabd/0xd30
[  461.386018][T10780]  netlink_unicast+0x5df/0x7f0
[  461.386054][T10780]  ? __pfx_netlink_unicast+0x10/0x10
[  461.386084][T10780]  ? __lock_acquire+0xaa4/0x1ba0
[  461.386124][T10780]  netlink_sendmsg+0x8d1/0xdd0
[  461.386161][T10780]  ? __pfx_netlink_sendmsg+0x10/0x10
[  461.386206][T10780]  ____sys_sendmsg+0xa95/0xc70
[  461.386244][T10780]  ? copy_msghdr_from_user+0x10a/0x160
[  461.386274][T10780]  ? __pfx_____sys_sendmsg+0x10/0x10
[  461.386315][T10780]  ? kfree+0x252/0x4d0
[  461.386333][T10780]  ? __pfx__kstrtoull+0x10/0x10
[  461.386369][T10780]  ___sys_sendmsg+0x134/0x1d0
[  461.386401][T10780]  ? __pfx____sys_sendmsg+0x10/0x10
[  461.386459][T10780]  ? __pfx___might_resched+0x10/0x10
[  461.386492][T10780]  __sys_sendmmsg+0x200/0x420
[  461.386526][T10780]  ? __pfx___sys_sendmmsg+0x10/0x10
[  461.386570][T10780]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  461.386622][T10780]  ? fput+0x70/0xf0
[  461.386650][T10780]  ? ksys_write+0x1b9/0x240
[  461.386672][T10780]  ? __pfx_ksys_write+0x10/0x10
[  461.386694][T10780]  ? rcu_is_watching+0x12/0xc0
[  461.386721][T10780]  __x64_sys_sendmmsg+0x9c/0x100
[  461.386755][T10780]  ? lockdep_hardirqs_on+0x7c/0x110
[  461.386789][T10780]  do_syscall_64+0xcd/0x230
[  461.386828][T10780]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  461.386852][T10780] RIP: 0033:0x7f7c2b18e969
[  461.386871][T10780] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  461.386895][T10780] RSP: 002b:00007f7c28fd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  461.386917][T10780] RAX: ffffffffffffffda RBX: 00007f7c2b3b6160 RCX: 00007f7c2b18e969
[  461.386932][T10780] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003
[  461.386947][T10780] RBP: 00007f7c28fd5090 R08: 0000000000000000 R09: 0000000000000000
[  461.386962][T10780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  461.386976][T10780] R13: 0000000000000000 R14: 00007f7c2b3b6160 R15: 00007fff86964d48
[  461.387006][T10780]  </TASK>
[  462.461474][T10780] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1018'.
[  462.613275][T10780] : renamed from bond0 (while UP)
[  464.732616][ T5835] Bluetooth: hci3: Unable to find connection for big 0xd2
[  465.858811][T10829] input: jJǸ���;9�%v����l��Q�	J86�� as /devices/virtual/input/input15
[  466.950444][T10844] FAULT_INJECTION: forcing a failure.
[  466.950444][T10844] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  467.062984][T10844] CPU: 1 UID: 0 PID: 10844 Comm: syz.4.1029 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  467.063031][T10844] Tainted: [U]=USER
[  467.063039][T10844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  467.063056][T10844] Call Trace:
[  467.063063][T10844]  <TASK>
[  467.063072][T10844]  dump_stack_lvl+0x16c/0x1f0
[  467.063113][T10844]  should_fail_ex+0x512/0x640
[  467.063160][T10844]  _copy_to_user+0x32/0xd0
[  467.063184][T10844]  put_user_ifreq+0x72/0xc0
[  467.063219][T10844]  sock_ioctl+0x5ef/0x6b0
[  467.063241][T10844]  ? __pfx_sock_ioctl+0x10/0x10
[  467.063259][T10844]  ? hook_file_ioctl_common+0x145/0x410
[  467.063293][T10844]  ? __fget_files+0x20e/0x3c0
[  467.063318][T10844]  ? __pfx_sock_ioctl+0x10/0x10
[  467.063339][T10844]  __x64_sys_ioctl+0x193/0x200
[  467.063373][T10844]  do_syscall_64+0xcd/0x230
[  467.063411][T10844]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.063434][T10844] RIP: 0033:0x7f566af8e969
[  467.063452][T10844] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  467.063475][T10844] RSP: 002b:00007f566bd4c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  467.063497][T10844] RAX: ffffffffffffffda RBX: 00007f566b1b6080 RCX: 00007f566af8e969
[  467.063513][T10844] RDX: 0000000000000024 RSI: 00000000000089f0 RDI: 0000000000000003
[  467.063528][T10844] RBP: 00007f566bd4c090 R08: 0000000000000000 R09: 0000000000000000
[  467.063542][T10844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  467.063556][T10844] R13: 0000000000000001 R14: 00007f566b1b6080 R15: 00007ffc0b864c08
[  467.063586][T10844]  </TASK>
[  470.721819][ T5835] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260
[  470.721855][ T5835] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260
[  470.739696][ T5835] Bluetooth: hci0: Unknown advertising packet type: 0x7f
[  470.739740][ T5835] Bluetooth: hci0: adv larger than maximum supported
[  470.748854][ T5835] Bluetooth: hci0: Malformed LE Event: 0x0d
[  477.468142][T10992] sysfs_service_op_store: Client not running :-5:
[  478.915937][T11016] netlink: 'syz.2.1054': attribute type 21 has an invalid length.
[  478.989849][T11016] netlink: 326 bytes leftover after parsing attributes in process `syz.2.1054'.
[  479.102442][T11017] netlink: 'syz.2.1054': attribute type 21 has an invalid length.
[  479.204738][T11017] netlink: 326 bytes leftover after parsing attributes in process `syz.2.1054'.
[  479.431435][T11023] random: crng reseeded on system resumption
[  480.754382][T11050] FAULT_INJECTION: forcing a failure.
[  480.754382][T11050] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  480.887197][T11050] CPU: 1 UID: 0 PID: 11050 Comm: syz.4.1058 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  480.887235][T11050] Tainted: [U]=USER
[  480.887242][T11050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  480.887255][T11050] Call Trace:
[  480.887263][T11050]  <TASK>
[  480.887272][T11050]  dump_stack_lvl+0x16c/0x1f0
[  480.887313][T11050]  should_fail_ex+0x512/0x640
[  480.887354][T11050]  _copy_to_user+0x32/0xd0
[  480.887378][T11050]  simple_read_from_buffer+0xcb/0x170
[  480.887417][T11050]  proc_fail_nth_read+0x197/0x270
[  480.887452][T11050]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  480.887489][T11050]  ? rw_verify_area+0xcf/0x680
[  480.887544][T11050]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  480.887579][T11050]  vfs_read+0x1de/0xc70
[  480.887606][T11050]  ? __pfx___mutex_lock+0x10/0x10
[  480.887642][T11050]  ? __pfx_vfs_read+0x10/0x10
[  480.887678][T11050]  ? __fget_files+0x20e/0x3c0
[  480.887709][T11050]  ksys_read+0x12a/0x240
[  480.887731][T11050]  ? __pfx_ksys_read+0x10/0x10
[  480.887752][T11050]  ? rcu_is_watching+0x12/0xc0
[  480.887783][T11050]  do_syscall_64+0xcd/0x230
[  480.887822][T11050]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  480.887847][T11050] RIP: 0033:0x7f566af8d37c
[  480.887865][T11050] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  480.887889][T11050] RSP: 002b:00007f566bd4c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  480.887911][T11050] RAX: ffffffffffffffda RBX: 00007f566b1b6080 RCX: 00007f566af8d37c
[  480.887927][T11050] RDX: 000000000000000f RSI: 00007f566bd4c0a0 RDI: 0000000000000007
[  480.887942][T11050] RBP: 00007f566bd4c090 R08: 0000000000000000 R09: 0000000000000000
[  480.887957][T11050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  480.887971][T11050] R13: 0000000000000000 R14: 00007f566b1b6080 R15: 00007ffc0b864c08
[  480.888001][T11050]  </TASK>
[  482.488893][ T5835] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260
[  482.488929][ T5835] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260
[  482.510874][ T5835] Bluetooth: hci0: Unknown advertising packet type: 0x7f
[  482.510906][ T5835] Bluetooth: hci0: adv larger than maximum supported
[  482.520240][ T5835] Bluetooth: hci0: Malformed LE Event: 0x0d
[  482.649250][T11067] input: jJǸ���;9�%v����l��Q�	J86�� as /devices/virtual/input/input16
[  484.209723][T11091] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied.
[  486.563130][ T5835] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260
[  486.563166][ T5835] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260
[  486.581640][ T5835] Bluetooth: hci2: Unknown advertising packet type: 0x7f
[  486.581684][ T5835] Bluetooth: hci2: adv larger than maximum supported
[  486.590874][ T5835] Bluetooth: hci2: Malformed LE Event: 0x0d
[  487.762022][   T30] audit: type=1800 audit(6043214736.291:10): pid=11159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1079" name="trace_pipe" dev="tracefs" ino=1054 res=0 errno=0
[  488.596247][T11162] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1078'.
[  488.803444][T11177] netlink: 25 bytes leftover after parsing attributes in process `syz.4.1078'.
[  490.730217][T11208] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1088'.
[  491.285185][ T5835] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260
[  491.285222][ T5835] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260
[  491.306636][ T5835] Bluetooth: hci1: Unknown advertising packet type: 0x7f
[  491.306668][ T5835] Bluetooth: hci1: adv larger than maximum supported
[  491.313972][ T5835] Bluetooth: hci1: Malformed LE Event: 0x0d
[  493.021874][ T5835] Bluetooth: hci1: Unable to find connection for big 0xd2
[  493.289176][T11243] input: jJǸ���;9�%v����l��Q�	J86�� as /devices/virtual/input/input17
[  493.670757][T11257] binder: 11215:11257 ioctl 400c620e 200000000140 returned -22
[  495.429673][T11275] FAULT_INJECTION: forcing a failure.
[  495.429673][T11275] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  495.526391][T11275] CPU: 1 UID: 0 PID: 11275 Comm: syz.1.1095 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  495.526432][T11275] Tainted: [U]=USER
[  495.526440][T11275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  495.526453][T11275] Call Trace:
[  495.526461][T11275]  <TASK>
[  495.526470][T11275]  dump_stack_lvl+0x16c/0x1f0
[  495.526511][T11275]  should_fail_ex+0x512/0x640
[  495.526554][T11275]  should_fail_alloc_page+0xe7/0x130
[  495.526587][T11275]  prepare_alloc_pages+0x3c2/0x610
[  495.526629][T11275]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  495.526658][T11275]  ? find_held_lock+0x2b/0x80
[  495.526685][T11275]  ? __lock_acquire+0x5ca/0x1ba0
[  495.526726][T11275]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  495.526769][T11275]  ? find_held_lock+0x2b/0x80
[  495.526790][T11275]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  495.526822][T11275]  ? policy_nodemask+0xea/0x4e0
[  495.526852][T11275]  alloc_pages_mpol+0x1fb/0x550
[  495.526881][T11275]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  495.526917][T11275]  folio_alloc_mpol_noprof+0x36/0x2f0
[  495.526951][T11275]  shmem_alloc_folio+0x135/0x160
[  495.526975][T11275]  shmem_alloc_and_add_folio+0x499/0xc20
[  495.527008][T11275]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  495.527039][T11275]  ? shmem_allowable_huge_orders+0xcb/0x2f0
[  495.527072][T11275]  shmem_get_folio_gfp+0x687/0x1530
[  495.527106][T11275]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  495.527136][T11275]  ? filemap_map_pages+0xf6c/0x1680
[  495.527168][T11275]  shmem_fault+0x1fe/0xa30
[  495.527204][T11275]  ? __pfx_shmem_fault+0x10/0x10
[  495.527238][T11275]  ? __pfx_filemap_map_pages+0x10/0x10
[  495.527279][T11275]  __do_fault+0x10a/0x490
[  495.527313][T11275]  do_pte_missing+0x1031/0x3fb0
[  495.527338][T11275]  ? do_raw_spin_unlock+0x172/0x230
[  495.527378][T11275]  ? __pmd_alloc+0x3c2/0x870
[  495.527413][T11275]  ? find_held_lock+0x2b/0x80
[  495.527437][T11275]  __handle_mm_fault+0x103d/0x2a40
[  495.527472][T11275]  ? __pfx___handle_mm_fault+0x10/0x10
[  495.527514][T11275]  ? find_vma+0xbf/0x140
[  495.527547][T11275]  ? __pfx_find_vma+0x10/0x10
[  495.527585][T11275]  handle_mm_fault+0x3fe/0xad0
[  495.527615][T11275]  do_user_addr_fault+0x7a6/0x1370
[  495.527644][T11275]  ? rcu_is_watching+0x12/0xc0
[  495.527669][T11275]  exc_page_fault+0x5c/0xc0
[  495.527702][T11275]  asm_exc_page_fault+0x26/0x30
[  495.527725][T11275] RIP: 0010:rep_movs_alternative+0x30/0x90
[  495.527752][T11275] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08
[  495.527773][T11275] RSP: 0018:ffffc900039dfb20 EFLAGS: 00050202
[  495.527791][T11275] RAX: 0000000000000001 RBX: 0000000000000091 RCX: 000000000000000c
[  495.527805][T11275] RDX: fffff5200073bf8c RSI: 0000000000000091 RDI: ffffc900039dfc58
[  495.527819][T11275] RBP: 000000000000000c R08: 0000000000000001 R09: fffff5200073bf8c
[  495.527833][T11275] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000
[  495.527848][T11275] R13: ffffc900039dfc58 R14: 0000000000000001 R15: 000000000000000c
[  495.527877][T11275]  _copy_from_user+0x98/0xd0
[  495.527900][T11275]  mctp_ioctl_tag_copy_from_user+0xaf/0x340
[  495.527941][T11275]  ? __pfx_mctp_ioctl_tag_copy_from_user+0x10/0x10
[  495.527981][T11275]  ? kasan_quarantine_put+0x10a/0x240
[  495.528005][T11275]  ? lockdep_hardirqs_on+0x7c/0x110
[  495.528046][T11275]  mctp_ioctl+0x3df/0x6e0
[  495.528081][T11275]  ? tomoyo_path_number_perm+0x295/0x580
[  495.528115][T11275]  ? __pfx_mctp_ioctl+0x10/0x10
[  495.528152][T11275]  ? tomoyo_path_number_perm+0x18d/0x580
[  495.528190][T11275]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  495.528226][T11275]  sock_do_ioctl+0x118/0x280
[  495.528263][T11275]  ? __pfx_sock_do_ioctl+0x10/0x10
[  495.528316][T11275]  sock_ioctl+0x227/0x6b0
[  495.528337][T11275]  ? __pfx_sock_ioctl+0x10/0x10
[  495.528356][T11275]  ? hook_file_ioctl_common+0x145/0x410
[  495.528392][T11275]  ? __fget_files+0x20e/0x3c0
[  495.528419][T11275]  ? __pfx_sock_ioctl+0x10/0x10
[  495.528441][T11275]  __x64_sys_ioctl+0x193/0x200
[  495.528479][T11275]  do_syscall_64+0xcd/0x230
[  495.528518][T11275]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  495.528543][T11275] RIP: 0033:0x7fc7ceb8e969
[  495.528561][T11275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  495.528585][T11275] RSP: 002b:00007fc7cf94c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  495.528606][T11275] RAX: ffffffffffffffda RBX: 00007fc7cedb5fa0 RCX: 00007fc7ceb8e969
[  495.528622][T11275] RDX: 0000000000000091 RSI: 00000000000089e2 RDI: 0000000000000003
[  495.528636][T11275] RBP: 00007fc7cf94c090 R08: 0000000000000000 R09: 0000000000000000
[  495.528650][T11275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  495.528664][T11275] R13: 0000000000000000 R14: 00007fc7cedb5fa0 R15: 00007ffed1011848
[  495.528694][T11275]  </TASK>
[  497.254750][T11283] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1098'.
[  501.975639][ T5835] Bluetooth: hci2: Unable to find connection for big 0xd2
[  502.206864][T11337] input: jJǸ���;9�%v����l��Q�	J86�� as /devices/virtual/input/input18
[  502.319569][T11332] GUP no longer grows the stack in syz.6.1105 (11332): 14000-401000 (4000)
[  502.538911][T11332] CPU: 1 UID: 0 PID: 11332 Comm: syz.6.1105 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  502.538953][T11332] Tainted: [U]=USER
[  502.538961][T11332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  502.538976][T11332] Call Trace:
[  502.538983][T11332]  <TASK>
[  502.538992][T11332]  dump_stack_lvl+0x16c/0x1f0
[  502.539034][T11332]  gup_vma_lookup+0x1d2/0x220
[  502.539073][T11332]  __get_user_pages+0x234/0x36f0
[  502.539121][T11332]  ? process_vm_rw_core.constprop.0+0x1d8/0x9a0
[  502.539153][T11332]  ? look_up_lock_class+0x59/0x150
[  502.539190][T11332]  ? __pfx___get_user_pages+0x10/0x10
[  502.539228][T11332]  ? process_vm_rw+0x216/0x2c0
[  502.539257][T11332]  ? __x64_sys_process_vm_readv+0xe2/0x1c0
[  502.539288][T11332]  ? do_syscall_64+0xcd/0x230
[  502.539334][T11332]  __gup_longterm_locked+0x20d/0x1850
[  502.539384][T11332]  ? __pfx___gup_longterm_locked+0x10/0x10
[  502.539440][T11332]  pin_user_pages_remote+0xed/0x140
[  502.539465][T11332]  ? __pfx_pin_user_pages_remote+0x10/0x10
[  502.539488][T11332]  ? mm_access+0x22d/0x2e0
[  502.539529][T11332]  process_vm_rw_core.constprop.0+0x41b/0x9a0
[  502.539567][T11332]  ? futex_wait_queue+0x14c/0x220
[  502.539599][T11332]  ? futex_unqueue+0xba/0x140
[  502.539630][T11332]  ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10
[  502.539665][T11332]  ? iovec_from_user+0xbb/0x140
[  502.539711][T11332]  ? iovec_from_user+0xbb/0x140
[  502.539738][T11332]  process_vm_rw+0x216/0x2c0
[  502.539771][T11332]  ? __pfx_process_vm_rw+0x10/0x10
[  502.539825][T11332]  ? __pfx_task_mm_cid_work+0x10/0x10
[  502.539861][T11332]  ? xfd_validate_state+0x5d/0x180
[  502.539891][T11332]  __x64_sys_process_vm_readv+0xe2/0x1c0
[  502.539925][T11332]  ? do_syscall_64+0x91/0x230
[  502.539965][T11332]  ? lockdep_hardirqs_on+0x7c/0x110
[  502.540000][T11332]  do_syscall_64+0xcd/0x230
[  502.540039][T11332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  502.540063][T11332] RIP: 0033:0x7f723cd8e969
[  502.540082][T11332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  502.540106][T11332] RSP: 002b:00007f723abd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136
[  502.540128][T11332] RAX: ffffffffffffffda RBX: 00007f723cfb6160 RCX: 00007f723cd8e969
[  502.540144][T11332] RDX: 0000000000000004 RSI: 0000200000000040 RDI: 000000000000007f
[  502.540159][T11332] RBP: 00007f723ce10ab1 R08: 0000000000000003 R09: 0000000000000000
[  502.540174][T11332] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000
[  502.540189][T11332] R13: 0000000000000000 R14: 00007f723cfb6160 R15: 00007ffcd57f0508
[  502.540220][T11332]  </TASK>
[  502.823872][T11340] FAULT_INJECTION: forcing a failure.
[  502.823872][T11340] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  502.837785][T11340] CPU: 1 UID: 0 PID: 11340 Comm: syz.1.1108 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  502.837825][T11340] Tainted: [U]=USER
[  502.837833][T11340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  502.837848][T11340] Call Trace:
[  502.837855][T11340]  <TASK>
[  502.837864][T11340]  dump_stack_lvl+0x16c/0x1f0
[  502.837905][T11340]  should_fail_ex+0x512/0x640
[  502.837947][T11340]  should_fail_alloc_page+0xe7/0x130
[  502.837981][T11340]  prepare_alloc_pages+0x3c2/0x610
[  502.838020][T11340]  ? rcu_is_watching+0x12/0xc0
[  502.838047][T11340]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  502.838081][T11340]  ? find_held_lock+0x2b/0x80
[  502.838104][T11340]  ? cgroup_rstat_updated+0x2a/0xb20
[  502.838149][T11340]  ? rcu_is_watching+0x12/0xc0
[  502.838173][T11340]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  502.838203][T11340]  ? __mod_zone_page_state+0xcc/0x1a0
[  502.838231][T11340]  ? lru_gen_add_folio+0x1a4/0xef0
[  502.838267][T11340]  ? __lock_acquire+0x5ca/0x1ba0
[  502.838305][T11340]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  502.838341][T11340]  ? policy_nodemask+0xea/0x4e0
[  502.838410][T11340]  alloc_pages_mpol+0x1fb/0x550
[  502.838443][T11340]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  502.838476][T11340]  ? __lock_acquire+0x5ca/0x1ba0
[  502.838513][T11340]  folio_alloc_mpol_noprof+0x36/0x2f0
[  502.838553][T11340]  vma_alloc_folio_noprof+0xed/0x1e0
[  502.838590][T11340]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  502.838636][T11340]  do_pte_missing+0x223d/0x3fb0
[  502.838672][T11340]  __handle_mm_fault+0x103d/0x2a40
[  502.838706][T11340]  ? __pfx___handle_mm_fault+0x10/0x10
[  502.838731][T11340]  ? __pte_offset_map_lock+0x155/0x2f0
[  502.838767][T11340]  ? find_held_lock+0x2b/0x80
[  502.838789][T11340]  ? find_held_lock+0x2b/0x80
[  502.838832][T11340]  handle_mm_fault+0x3fe/0xad0
[  502.838863][T11340]  __get_user_pages+0x771/0x36f0
[  502.838910][T11340]  ? __pfx_mt_find+0x10/0x10
[  502.838934][T11340]  ? __pfx___get_user_pages+0x10/0x10
[  502.838985][T11340]  populate_vma_page_range+0x278/0x3a0
[  502.839012][T11340]  ? __pfx_populate_vma_page_range+0x10/0x10
[  502.839036][T11340]  ? __pfx_find_vma_intersection+0x10/0x10
[  502.839076][T11340]  ? do_mmap+0x69c/0x11b0
[  502.839116][T11340]  __mm_populate+0x1d8/0x380
[  502.839141][T11340]  ? __pfx___mm_populate+0x10/0x10
[  502.839167][T11340]  ? up_write+0x1b2/0x520
[  502.839211][T11340]  vm_mmap_pgoff+0x362/0x450
[  502.839251][T11340]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  502.839291][T11340]  ? find_held_lock+0x2b/0x80
[  502.839319][T11340]  ? __x64_sys_futex+0x1e0/0x4c0
[  502.839351][T11340]  ? __x64_sys_futex+0x1e9/0x4c0
[  502.839383][T11340]  ksys_mmap_pgoff+0x7d/0x5c0
[  502.839421][T11340]  ? rcu_is_watching+0x12/0xc0
[  502.839447][T11340]  __x64_sys_mmap+0x125/0x190
[  502.839475][T11340]  do_syscall_64+0xcd/0x230
[  502.839516][T11340]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  502.839541][T11340] RIP: 0033:0x7fc7ceb8e969
[  502.839562][T11340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  502.839589][T11340] RSP: 002b:00007fc7cf94c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  502.839612][T11340] RAX: ffffffffffffffda RBX: 00007fc7cedb5fa0 RCX: 00007fc7ceb8e969
[  502.839628][T11340] RDX: 00000000000000df RSI: 0000000000040009 RDI: 0000000000000000
[  502.839643][T11340] RBP: 00007fc7cec10ab1 R08: 0000000000000007 R09: 0000000000028000
[  502.839659][T11340] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000
[  502.839674][T11340] R13: 0000000000000000 R14: 00007fc7cedb5fa0 R15: 00007ffed1011848
[  502.839708][T11340]  </TASK>
[  504.108981][T11348] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1111'.
[  504.620637][T11348] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  504.672452][T11348] batman_adv: batadv0: Removing interface: batadv_slave_0
[  504.750161][T11348] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  504.812972][T11348] batman_adv: batadv0: Removing interface: batadv_slave_1
[  509.032092][ T5835] Bluetooth: hci0: Unable to find connection for big 0xd2
[  509.240580][T11409] input: jJǸ���;9�%v����l��Q�	J86�� as /devices/virtual/input/input19
[  510.550796][T11424] 
[  510.553251][T11424] ======================================================
[  510.560273][T11424] WARNING: possible circular locking dependency detected
[  510.567385][T11424] 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 Tainted: G     U             
[  510.576061][T11424] ------------------------------------------------------
[  510.583074][T11424] syz.4.1131/11424 is trying to acquire lock:
[  510.589145][T11424] ffff88802642f118 (&q->elevator_lock){+.+.}-{4:4}, at: elv_iosched_store+0x201/0x5f0
[  510.598756][T11424] 
[  510.598756][T11424] but task is already holding lock:
[  510.606117][T11424] ffff88802642ebe8 (&q->q_usage_counter(io)#55){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  510.617385][T11424] 
[  510.617385][T11424] which lock already depends on the new lock.
[  510.617385][T11424] 
[  510.627785][T11424] 
[  510.627785][T11424] the existing dependency chain (in reverse order) is:
[  510.636805][T11424] 
[  510.636805][T11424] -> #2 (&q->q_usage_counter(io)#55){++++}-{0:0}:
[  510.645441][T11424]        blk_alloc_queue+0x619/0x760
[  510.650783][T11424]        blk_mq_alloc_queue+0x179/0x290
[  510.656375][T11424]        __blk_mq_alloc_disk+0x29/0x120
[  510.661960][T11424]        nbd_dev_add+0x49d/0xbb0
[  510.666910][T11424]        nbd_init+0x181/0x320
[  510.671605][T11424]        do_one_initcall+0x120/0x6e0
[  510.676911][T11424]        kernel_init_freeable+0x5c2/0x900
[  510.682843][T11424]        kernel_init+0x1c/0x2b0
[  510.687715][T11424]        ret_from_fork+0x48/0x80
[  510.692678][T11424]        ret_from_fork_asm+0x1a/0x30
[  510.698081][T11424] 
[  510.698081][T11424] -> #1 (fs_reclaim){+.+.}-{0:0}:
[  510.705322][T11424]        fs_reclaim_acquire+0x102/0x150
[  510.710900][T11424]        kmem_cache_alloc_noprof+0x53/0x3b0
[  510.716821][T11424]        __kernfs_new_node+0xd2/0x8a0
[  510.722206][T11424]        kernfs_new_node+0x13c/0x1e0
[  510.727771][T11424]        kernfs_create_dir_ns+0x4c/0x1a0
[  510.733952][T11424]        sysfs_create_dir_ns+0x13a/0x2b0
[  510.739804][T11424]        kobject_add_internal+0x2c4/0x9b0
[  510.745539][T11424]        kobject_add+0x16e/0x240
[  510.750601][T11424]        elv_register_queue+0xd3/0x2a0
[  510.756189][T11424]        blk_register_queue+0x3c4/0x560
[  510.761787][T11424]        add_disk_fwnode+0x911/0x13a0
[  510.767283][T11424]        nbd_dev_add+0x78e/0xbb0
[  510.772254][T11424]        nbd_init+0x181/0x320
[  510.776966][T11424]        do_one_initcall+0x120/0x6e0
[  510.782284][T11424]        kernel_init_freeable+0x5c2/0x900
[  510.788048][T11424]        kernel_init+0x1c/0x2b0
[  510.792928][T11424]        ret_from_fork+0x48/0x80
[  510.797881][T11424]        ret_from_fork_asm+0x1a/0x30
[  510.803186][T11424] 
[  510.803186][T11424] -> #0 (&q->elevator_lock){+.+.}-{4:4}:
[  510.811117][T11424]        __lock_acquire+0x1173/0x1ba0
[  510.816513][T11424]        lock_acquire+0x179/0x350
[  510.821557][T11424]        __mutex_lock+0x199/0xb90
[  510.826601][T11424]        elv_iosched_store+0x201/0x5f0
[  510.832174][T11424]        queue_attr_store+0x270/0x310
[  510.837574][T11424]        sysfs_kf_write+0xef/0x150
[  510.842727][T11424]        kernfs_fop_write_iter+0x354/0x510
[  510.848561][T11424]        iter_file_splice_write+0x91c/0x1150
[  510.854577][T11424]        direct_splice_actor+0x18f/0x6c0
[  510.860266][T11424]        splice_direct_to_actor+0x345/0xa30
[  510.866181][T11424]        do_splice_direct+0x174/0x240
[  510.871591][T11424]        do_sendfile+0xafd/0xe50
[  510.876561][T11424]        __x64_sys_sendfile64+0x1d8/0x220
[  510.882537][T11424]        do_syscall_64+0xcd/0x230
[  510.887599][T11424]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  510.894032][T11424] 
[  510.894032][T11424] other info that might help us debug this:
[  510.894032][T11424] 
[  510.904267][T11424] Chain exists of:
[  510.904267][T11424]   &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#55
[  510.904267][T11424] 
[  510.918339][T11424]  Possible unsafe locking scenario:
[  510.918339][T11424] 
[  510.925816][T11424]        CPU0                    CPU1
[  510.931192][T11424]        ----                    ----
[  510.936756][T11424]   lock(&q->q_usage_counter(io)#55);
[  510.942235][T11424]                                lock(fs_reclaim);
[  510.948747][T11424]                                lock(&q->q_usage_counter(io)#55);
[  510.956660][T11424]   lock(&q->elevator_lock);
[  510.961261][T11424] 
[  510.961261][T11424]  *** DEADLOCK ***
[  510.961261][T11424] 
[  510.969405][T11424] 5 locks held by syz.4.1131/11424:
[  510.974614][T11424]  #0: ffff88807d9f4420 (sb_writers#7){.+.+}-{0:0}, at: splice_direct_to_actor+0x345/0xa30
[  510.984673][T11424]  #1: ffff888044a76088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  510.994472][T11424]  #2: ffff8881437a3b48 (kn->active#126){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[  511.004630][T11424]  #3: ffff88802642ebe8 (&q->q_usage_counter(io)#55){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  511.016340][T11424]  #4: ffff88802642ec20 (&q->q_usage_counter(queue)#7){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  511.028220][T11424] 
[  511.028220][T11424] stack backtrace:
[  511.034116][T11424] CPU: 1 UID: 0 PID: 11424 Comm: syz.4.1131 Tainted: G     U              6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  511.034152][T11424] Tainted: [U]=USER
[  511.034160][T11424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  511.034175][T11424] Call Trace:
[  511.034184][T11424]  <TASK>
[  511.034193][T11424]  dump_stack_lvl+0x116/0x1f0
[  511.034232][T11424]  print_circular_bug+0x275/0x350
[  511.034264][T11424]  check_noncircular+0x14c/0x170
[  511.034298][T11424]  __lock_acquire+0x1173/0x1ba0
[  511.034336][T11424]  lock_acquire+0x179/0x350
[  511.034366][T11424]  ? elv_iosched_store+0x201/0x5f0
[  511.034399][T11424]  ? __pfx___might_resched+0x10/0x10
[  511.034427][T11424]  ? do_raw_spin_lock+0x12c/0x2b0
[  511.034465][T11424]  __mutex_lock+0x199/0xb90
[  511.034557][T11424]  ? elv_iosched_store+0x201/0x5f0
[  511.034593][T11424]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  511.034626][T11424]  ? elv_iosched_store+0x201/0x5f0
[  511.034657][T11424]  ? lockdep_hardirqs_on+0x7c/0x110
[  511.034695][T11424]  ? __pfx___mutex_lock+0x10/0x10
[  511.034737][T11424]  ? __pfx_autoremove_wake_function+0x10/0x10
[  511.034772][T11424]  ? elv_iosched_store+0x201/0x5f0
[  511.034803][T11424]  elv_iosched_store+0x201/0x5f0
[  511.034835][T11424]  ? __x64_sys_sendfile64+0x1d8/0x220
[  511.034866][T11424]  ? __pfx_elv_iosched_store+0x10/0x10
[  511.034899][T11424]  ? __mutex_trylock_common+0xe9/0x250
[  511.034933][T11424]  ? __pfx_elv_iosched_store+0x10/0x10
[  511.034971][T11424]  queue_attr_store+0x270/0x310
[  511.034995][T11424]  ? __pfx_queue_attr_store+0x10/0x10
[  511.035025][T11424]  ? find_held_lock+0x2b/0x80
[  511.035048][T11424]  ? sysfs_file_kobj+0xe4/0x290
[  511.035086][T11424]  ? __pfx_queue_attr_store+0x10/0x10
[  511.035109][T11424]  sysfs_kf_write+0xef/0x150
[  511.035146][T11424]  kernfs_fop_write_iter+0x354/0x510
[  511.035178][T11424]  ? __pfx_sysfs_kf_write+0x10/0x10
[  511.035216][T11424]  iter_file_splice_write+0x91c/0x1150
[  511.035268][T11424]  ? __pfx_iter_file_splice_write+0x10/0x10
[  511.035312][T11424]  ? __pfx_copy_splice_read+0x10/0x10
[  511.035356][T11424]  ? __pfx_iter_file_splice_write+0x10/0x10
[  511.035397][T11424]  direct_splice_actor+0x18f/0x6c0
[  511.035489][T11424]  splice_direct_to_actor+0x345/0xa30
[  511.035530][T11424]  ? __pfx_direct_splice_actor+0x10/0x10
[  511.035570][T11424]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  511.035613][T11424]  do_splice_direct+0x174/0x240
[  511.035649][T11424]  ? __pfx_do_splice_direct+0x10/0x10
[  511.035687][T11424]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  511.035725][T11424]  ? rw_verify_area+0xcf/0x680
[  511.035762][T11424]  do_sendfile+0xafd/0xe50
[  511.035785][T11424]  ? __pfx_do_sendfile+0x10/0x10
[  511.035804][T11424]  ? do_raw_spin_unlock+0x172/0x230
[  511.035843][T11424]  ? __x64_sys_futex+0x1e0/0x4c0
[  511.035869][T11424]  ? __x64_sys_futex+0x1e9/0x4c0
[  511.035896][T11424]  __x64_sys_sendfile64+0x1d8/0x220
[  511.035924][T11424]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[  511.035953][T11424]  ? rcu_is_watching+0x12/0xc0
[  511.035978][T11424]  do_syscall_64+0xcd/0x230
[  511.036015][T11424]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  511.036039][T11424] RIP: 0033:0x7f566af8e969
[  511.036059][T11424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  511.036083][T11424] RSP: 002b:00007f566bd6d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  511.036105][T11424] RAX: ffffffffffffffda RBX: 00007f566b1b5fa0 RCX: 00007f566af8e969
[  511.036121][T11424] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000005
[  511.036137][T11424] RBP: 00007f566b010ab1 R08: 0000000000000000 R09: 0000000000000000
[  511.036153][T11424] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
[  511.036167][T11424] R13: 0000000000000000 R14: 00007f566b1b5fa0 R15: 00007ffc0b864c08
[  511.036190][T11424]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  512.093009][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  512.104701][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  512.939751][ T8625] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  513.041829][ T8625] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  513.182871][ T8625] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  513.251056][ T8625] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  513.407650][ T8625] team0: left allmulticast mode
[  513.412961][ T8625] team_slave_1: left allmulticast mode
[  513.451023][ T8625] team0: left promiscuous mode
[  513.455840][ T8625] team_slave_1: left promiscuous mode
[  513.486890][ T8625] bridge0: port 3(team0) entered disabled state
[  513.508088][ T8625] bridge_slave_1: left allmulticast mode
[  513.513767][ T8625] bridge_slave_1: left promiscuous mode
[  513.557966][ T8625] bridge0: port 2(bridge_slave_1) entered disabled state
[  513.581546][ T8625] bridge_slave_0: left allmulticast mode
[  513.607557][ T8625] bridge_slave_0: left promiscuous mode
[  513.618798][ T8625] bridge0: port 1(bridge_slave_0) entered disabled state
[  514.212144][ T8625]  (unregistering): (slave bond_slave_0): Releasing backup interface
[  514.232016][ T8625]  (unregistering): (slave bond_slave_1): Releasing backup interface
[  514.242329][ T8625]  (unregistering): Released all slaves
[  514.302947][ T8625] HfR: left promiscuous mode
[  514.495154][ T8625] hsr_slave_0: left promiscuous mode
[  514.513047][ T8625] hsr_slave_1: left promiscuous mode
[  514.540331][ T8625] veth1_macvtap: left promiscuous mode
[  514.545863][ T8625] veth0_macvtap: left promiscuous mode
[  514.565389][ T8625] veth1_vlan: left promiscuous mode
[  514.580503][ T8625] veth0_vlan: left promiscuous mode
[  514.941967][ T8625] team0 (unregistering): Port device team_slave_1 removed
[  515.256126][ T8625] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  515.312051][ T8625] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  515.365776][ T8625] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  515.433401][ T8625] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  515.579427][ T8625] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  515.641735][ T8625] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  515.695077][ T8625] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  515.742429][ T8625] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  515.843731][ T8625] netdevsim netdevsim15 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  515.918665][ T8625] bridge_slave_1: left allmulticast mode
[  515.924349][ T8625] bridge_slave_1: left promiscuous mode
[  515.945283][ T8625] bridge0: port 2(bridge_slave_1) entered disabled state
[  515.968377][ T8625] bridge_slave_0: left allmulticast mode
[  515.974404][ T8625] bridge_slave_0: left promiscuous mode
[  515.997711][ T8625] bridge0: port 1(bridge_slave_0) entered disabled state
[  516.353269][ T8625] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  516.379205][ T8625] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  516.400619][ T8625] bond0 (unregistering): Released all slaves
[  516.532592][ T8625]  (unregistering): (slave bond_slave_0): Releasing backup interface
[  516.543540][ T8625]  (unregistering): (slave bond_slave_1): Releasing backup interface
[  516.554819][ T8625]  (unregistering): Released all slaves
[  516.638418][ T8625] .SR: left promiscuous mode
[  516.898404][ T8625] hsr_slave_0: left promiscuous mode
[  516.910990][ T8625] hsr_slave_1: left promiscuous mode
[  516.928096][ T8625] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  516.935543][ T8625] batman_adv: batadv0: Removing interface: batadv_slave_0
[  516.960406][ T8625] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  516.987703][ T8625] batman_adv: batadv0: Removing interface: batadv_slave_1
[  517.013943][ T8625] hsr_slave_0: left promiscuous mode
[  517.031395][ T8625] hsr_slave_1: left promiscuous mode
[  517.047813][ T8625] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  517.055241][ T8625] batman_adv: batadv0: Removing interface: batadv_slave_0
[  517.084668][ T8625] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  517.108002][ T8625] batman_adv: batadv0: Removing interface: batadv_slave_1
[  517.133875][ T8625] veth1_macvtap: left promiscuous mode
[  517.155935][ T8625] veth0_macvtap: left promiscuous mode
[  517.167965][ T8625] veth1_vlan: left promiscuous mode
[  517.173262][ T8625] veth0_vlan: left promiscuous mode
[  517.197295][ T8625] veth1_macvtap: left promiscuous mode
[  517.202932][ T8625] veth0_macvtap: left promiscuous mode
[  517.224002][ T8625] veth1_vlan: left promiscuous mode
[  517.238243][ T8625] veth0_vlan: left promiscuous mode
[  517.473971][ T8625] team0 (unregistering): Port device team_slave_1 removed
[  517.503128][ T8625] team0 (unregistering): Port device team_slave_0 removed
[  517.724280][ T8625] team0 (unregistering): Port device team_slave_1 removed
[  517.752395][ T8625] team0 (unregistering): Port device team_slave_0 removed