last executing test programs:

6m24.305571129s ago: executing program 0 (id=362):
socket(0xa, 0x3, 0x3a) (async)
r0 = socket(0x11, 0x3, 0x9) (async, rerun: 32)
close_range$auto(0x2, 0x8, 0x0) (async, rerun: 32)
socket(0xa, 0x2, 0x0) (async)
socket(0xa, 0x801, 0x106)
bind$auto(0x3, &(0x7f0000000040)=@generic={0xa, "02d0ac0c00e435826339c7328903"}, 0x17)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48})
sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0xe7, &(0x7f0000000100)={&(0x7f00000003c0)="4a67d23edb3100000000000000000075", 0x49}, 0x5, &(0x7f0000000180), 0x5, 0x3}, 0x1}, 0x2, 0x101) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8, 0x0) (async)
mmap$auto(0x0, 0x40000b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
close_range$auto(0x2, 0x8000, 0x0) (async)
io_uring_setup$auto(0x9, 0x0) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async)
close_range$auto(0x2, 0x8000, 0x0) (async)
r2 = socket(0xa, 0x2, 0x88) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'wg0\x00', <r4=>0x0})
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r4, r3, 0x4, 0x401, r2, @relative_id=0x13, 0xe600}, 0xf) (async)
bpf$auto(0x2, &(0x7f0000000500)=@bpf_attr_11={0x5, 0x8000000000000001, 0x9, 0x5, 0xf870e9f, 0x7, 0x8}, 0x9)
bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xf) (async)
msgctl$auto_IPC_INFO(0x9c0, 0x3, &(0x7f0000000200)={{0x1, <r5=>0x0, 0xee00, 0x4979, 0x1, 0x2}, &(0x7f0000000040)=0x5, &(0x7f0000000080)=0x8, 0x6, 0xfffffffffffffff7, 0x6, 0xc, 0x7fffffffffffffff, 0x3, 0xa0, 0x6, @raw=0x7, @inferred=0xffffffffffffffff}) (async)
shmctl$auto_SHM_LOCK(0x1, 0xb, &(0x7f0000000400)={{0x1, <r6=>0x0, 0x0, 0x441, 0x4, 0x41, 0x9}, 0x5, 0x9, 0x5, 0x5, @raw=0x10, @raw=0xfffffffe, 0x2, 0x0, &(0x7f0000000300)="a7226fbf7edb1baf1a16206c59209b2a57a4645ef2b7aff3736cd484ec2505be104499c2a57ba4dac04839f1e89fdf6a58091ad4f96be7a6037eaaac88bccd04eaeb82652cd76db353c1bf49900010fe61a6ed5de31fdee5762afa0b540c6e8b24a2c7ecfda7a2a690fd525da5c27963f705b545663585a92ae7ec251a9920a26383cfffe125bd5ed7087ca1ef51abce9b18d799eb8a98f23a1502af23d12918df21a1a737914eae5f24aeb36aa4ef12023c9e", &(0x7f00000000c0)="0095da12dec34a8fdd70ae6120e6259f1a707b5a7cd0d6ecc85699f4a01bcaf133"}) (async)
r7 = getuid()
setresuid$auto(r5, r6, r7)

6m23.962402647s ago: executing program 0 (id=363):
r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event\x00', 0x121000, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000fcdbdf"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xff7fffffffff0001, 0x15)
close_range$auto(r0, 0x8, 0x0)
brk$auto(0x40008000)
syslog$auto(0x10000, &(0x7f0000000180)='/dev/snapshot\x00', 0xc0)
r3 = fanotify_init$auto(0x5, 0x2000000000002)
r4 = open(&(0x7f0000000000)='.\x00', 0xc00, 0x409)
fanotify_mark$auto(r3, 0x9, 0x9, r4, 0x0)
ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0)
syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e</\xfd\x9b\xe4\x99G\xeaS\x9a\xadu(:\x94:\xaf\x06c=3>1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0xda)
move_pages$auto(0x0, 0x5, &(0x7f0000000380)=&(0x7f0000000280), &(0x7f00000003c0)=0x1, 0x0, 0x2)
r5 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/kcore\x00', 0x28000, 0x0)
pread64$auto(r5, 0x0, 0x800003, 0x270)
mlockall$auto(0x7)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000100), 0x202, 0x0)
personality$auto(0xfffff032)
mprotect$auto(0x110c230000, 0xa588, 0x6)
mremap$auto(0x110c231000, 0x0, 0x101, 0x3, 0x0)
move_pages$auto(0x0, 0x9, 0x0, 0x0, 0x0, 0x2)
msgctl$auto_IPC_RMID(0x1, 0x0, &(0x7f0000001600)={{0x7b0, 0x0, 0x0, 0xd, 0x3ff, 0x7, 0xb}, &(0x7f0000000400)=0x9, &(0x7f0000000440)=0x10, 0x1, 0xd80, 0x9, 0x0, 0x8000000000000000, 0x6, 0xa, 0xfff9, @raw=0x80, @raw=0x9})
r6 = syz_open_procfs$namespace(0x0, &(0x7f0000000040))
syz_clone(0x20a08200, 0x0, 0x0, 0x0, 0x0, 0x0)
fcntl$auto(r6, 0x402, 0x0)

6m23.066351887s ago: executing program 0 (id=368):
mmap$auto(0x0, 0x2020007, 0x2, 0x80000eb1, 0xffffffffffffffff, 0x100000000)
r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0)
ioctl$auto_PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x6, 0x50b301a, 0x2c, 0x2c, 0x0, 0x2})
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/dummy_hcd.3/usb4/4-0:1.0/ep_81/uevent\x00', 0x22100, 0x0)
r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
write$auto(r2, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000040)=""/247, 0xf7)
r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyv8\x00', 0x480580, 0x0)
ioctl$auto(r3, 0x4b72, 0x4)
bpf$auto(0x0, &(0x7f0000000300)=@bpf_attr_0={0x21, 0x538, 0x80, 0x10000, 0x4, 0xffffffffffffffff, 0x21000, "72fea04183dce563f03f2a25077b3383", 0x0, 0xffffffffffffffff, 0x7, 0x6, 0x101, 0x1000000000001}, 0x4)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
modify_ldt$auto(0x3, 0x0, 0x80)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
r4 = getpgid(0x0)
r5 = pidfd_open$auto(r4, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/usbip-vudc.0/dev_desc\x00', 0x200, 0x0)
read$auto(0x3, 0x0, 0x80)
process_madvise$auto(r5, 0x0, 0x3, 0x0, 0x8000000000000000)
openat$auto_safesetid_uid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000b00), 0x40042, 0x0)
pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x5, 0x9)
munmap$auto(0x8000, 0xffffffff)

6m22.694869971s ago: executing program 0 (id=369):
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
socket(0x2, 0x2, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffffffffffffffb)
ioctl$auto_SOUND_PCM_READ_CHANNELS(r0, 0x80045006, &(0x7f0000000240))
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(0xffffffffffffffff, 0x4008550d, 0xffffffffffffffff)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/graphics/fbcon/rotate_all\x00', 0xa001, 0x0)
write$auto(r1, &(0x7f0000000000)='3\xc7\xff\xff\xff\xdd\x00\b(Ks\x0f\x87|P\x11\xd1li0\x89\x85\x90QM\xd6wfF\xf1x\xb3;c\tP\x03\x84\x97\x99\x83\x97\x81:\xf3\xa3o5\xc5\x86\xed\xa4\x18]\xa3\xc9\x0f\xff\xdak\xb0m\xe1U\xb3\xa2\xee\xdcTJQO\x98\xc8w\x8c\xe7\x00`\x00\x1dj\x1e\xebQT\xdd\x9b\x00'/101, 0x9)

6m21.715390822s ago: executing program 0 (id=376):
r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event\x00', 0x121000, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000fcdbdf"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xff7fffffffff0001, 0x15)
close_range$auto(r0, 0x8, 0x0)
brk$auto(0x40008000)
syslog$auto(0x10000, &(0x7f0000000180)='/dev/snapshot\x00', 0xc0)
r3 = fanotify_init$auto(0x5, 0x2000000000002)
r4 = open(&(0x7f0000000000)='.\x00', 0xc00, 0x409)
fanotify_mark$auto(r3, 0x9, 0x9, r4, 0x0)
ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0)
syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e</\xfd\x9b\xe4\x99G\xeaS\x9a\xadu(:\x94:\xaf\x06c=3>1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0xda)
move_pages$auto(0x0, 0x5, &(0x7f0000000380)=&(0x7f0000000280), &(0x7f00000003c0)=0x1, 0x0, 0x2)
r5 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/kcore\x00', 0x28000, 0x0)
pread64$auto(r5, 0x0, 0x800003, 0x270)
mlockall$auto(0x7)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000100), 0x202, 0x0)
personality$auto(0xfffff032)
mprotect$auto(0x110c230000, 0xa588, 0x6)
mremap$auto(0x110c231000, 0x0, 0x101, 0x3, 0x0)
move_pages$auto(0x0, 0x9, 0x0, 0x0, 0x0, 0x2)
msgctl$auto_IPC_RMID(0x1, 0x0, &(0x7f0000001600)={{0x7b0, 0x0, 0x0, 0xd, 0x3ff, 0x7, 0xb}, &(0x7f0000000400)=0x9, &(0x7f0000000440)=0x10, 0x1, 0xd80, 0x9, 0x0, 0x8000000000000000, 0x6, 0xa, 0xfff9, @raw=0x80, @raw=0x9})
r6 = syz_open_procfs$namespace(0x0, &(0x7f0000000040))
syz_clone(0x20a08200, 0x0, 0x0, 0x0, 0x0, 0x0)
fcntl$auto(r6, 0x402, 0x0)

6m20.45141784s ago: executing program 0 (id=382):
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$auto(0x10, &(0x7f0000000180)=@info={r0, 0x5, 0x3}, 0x6)
setitimer$auto(0x2, &(0x7f0000000080)={{0x2, 0x5}, {0x0, 0x8}}, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
init_module$auto(0x0, 0xffff9, 0x0)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
ioctl$auto(0x3, 0x400454ca, 0x38)
write$auto(0x3, 0x0, 0x7fffffff)
capset$auto(&(0x7f0000000180)={0x19980330}, 0x0)
statmount$auto(&(0x7f0000000000)={0x7ff, @raw=0xffffff01, 0xfffffffffffffffc, 0x6, 0x80000001}, &(0x7f0000000340)={0x37, 0xfffffffa, 0x7fffffffffffffff, 0x64a, 0x9, 0xfffffffffffffff7, 0x401, 0x2, 0xd, 0x4, 0x7ff, 0x2, 0x1000, 0x1, 0x5, 0xe048, 0x5, 0xf, 0x927f, 0x7, 0xcec, 0x9, 0x7, 0x9889, 0x1ff, 0x401, 0x2, 0x5, 0xffff, 0xd4, 0x2, [0x9, 0x58, 0x1, 0x5, 0x3, 0x3ff, 0x0, 0xae, 0x5, 0x4, 0x486b, 0x7, 0x476, 0x3, 0x0, 0x31880000, 0x7ff, 0xf72, 0x1, 0x6, 0x5, 0x4, 0xff, 0x8, 0x100, 0x8, 0x800, 0x5, 0x1, 0x100000001, 0x3, 0xb, 0x1, 0x2, 0xda, 0x3, 0x100, 0xa4c, 0xfffffffffffffff4, 0xffffffffffffffc0, 0x100000001, 0x401, 0x8], "93f0b3e93647fa2f2d05e3c0477b2d3dad733ff938644ec60c61947d65c4d7ba0dd39c4ba3e2e3a525630dfb625e81b29aadce7777f09de43119f3ad7441a76fa4d5dbd6c4bd38d07b57b217ab1c8c2a1548f59b52f2b79d391b802e8aa4850ba82d4221f81a991a96f202571c4748b8c64a1157c3fe09d95e55009a5bfee27f2431"}, 0x2, 0xd31b)
sendmsg$auto_HANDSHAKE_CMD_ACCEPT(0xffffffffffffffff, 0x0, 0x2004881c)
socket(0xa, 0x1, 0x84)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = userfaultfd$auto(0x1)
statx$auto(r1, 0x0, 0x1000, 0x8, 0x0)
move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
socket(0x29, 0x5, 0x0)
r3 = open(&(0x7f00000000c0)='./cgroup\x00', 0x80400, 0xb5d1af1605322dd2)
open_by_handle_at$auto(r3, &(0x7f0000001280)={0x8, 0x2, "0200000000000000"}, 0x6)
sendfile$auto(r2, r2, 0x0, 0x2)
r4 = socket(0x2c, 0x1, 0x4)
openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000300), 0x202, 0x0)
r5 = io_uring_setup$auto(0x6, 0x0)
quotactl_fd$auto(r5, 0x4, 0xffffffffffffffff, &(0x7f0000000240)="9e519a991e1130ac22ed96996e9232dbbb")
bind$auto(r4, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a)

6m5.326839601s ago: executing program 32 (id=382):
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$auto(0x10, &(0x7f0000000180)=@info={r0, 0x5, 0x3}, 0x6)
setitimer$auto(0x2, &(0x7f0000000080)={{0x2, 0x5}, {0x0, 0x8}}, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
init_module$auto(0x0, 0xffff9, 0x0)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
ioctl$auto(0x3, 0x400454ca, 0x38)
write$auto(0x3, 0x0, 0x7fffffff)
capset$auto(&(0x7f0000000180)={0x19980330}, 0x0)
statmount$auto(&(0x7f0000000000)={0x7ff, @raw=0xffffff01, 0xfffffffffffffffc, 0x6, 0x80000001}, &(0x7f0000000340)={0x37, 0xfffffffa, 0x7fffffffffffffff, 0x64a, 0x9, 0xfffffffffffffff7, 0x401, 0x2, 0xd, 0x4, 0x7ff, 0x2, 0x1000, 0x1, 0x5, 0xe048, 0x5, 0xf, 0x927f, 0x7, 0xcec, 0x9, 0x7, 0x9889, 0x1ff, 0x401, 0x2, 0x5, 0xffff, 0xd4, 0x2, [0x9, 0x58, 0x1, 0x5, 0x3, 0x3ff, 0x0, 0xae, 0x5, 0x4, 0x486b, 0x7, 0x476, 0x3, 0x0, 0x31880000, 0x7ff, 0xf72, 0x1, 0x6, 0x5, 0x4, 0xff, 0x8, 0x100, 0x8, 0x800, 0x5, 0x1, 0x100000001, 0x3, 0xb, 0x1, 0x2, 0xda, 0x3, 0x100, 0xa4c, 0xfffffffffffffff4, 0xffffffffffffffc0, 0x100000001, 0x401, 0x8], "93f0b3e93647fa2f2d05e3c0477b2d3dad733ff938644ec60c61947d65c4d7ba0dd39c4ba3e2e3a525630dfb625e81b29aadce7777f09de43119f3ad7441a76fa4d5dbd6c4bd38d07b57b217ab1c8c2a1548f59b52f2b79d391b802e8aa4850ba82d4221f81a991a96f202571c4748b8c64a1157c3fe09d95e55009a5bfee27f2431"}, 0x2, 0xd31b)
sendmsg$auto_HANDSHAKE_CMD_ACCEPT(0xffffffffffffffff, 0x0, 0x2004881c)
socket(0xa, 0x1, 0x84)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = userfaultfd$auto(0x1)
statx$auto(r1, 0x0, 0x1000, 0x8, 0x0)
move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
socket(0x29, 0x5, 0x0)
r3 = open(&(0x7f00000000c0)='./cgroup\x00', 0x80400, 0xb5d1af1605322dd2)
open_by_handle_at$auto(r3, &(0x7f0000001280)={0x8, 0x2, "0200000000000000"}, 0x6)
sendfile$auto(r2, r2, 0x0, 0x2)
r4 = socket(0x2c, 0x1, 0x4)
openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000300), 0x202, 0x0)
r5 = io_uring_setup$auto(0x6, 0x0)
quotactl_fd$auto(r5, 0x4, 0xffffffffffffffff, &(0x7f0000000240)="9e519a991e1130ac22ed96996e9232dbbb")
bind$auto(r4, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a)

2m43.123426844s ago: executing program 3 (id=1276):
openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
getsockopt$auto_SO_TIMESTAMP_NEW(0xffffffffffffffff, 0x7, 0x3f, 0x0, 0x0)
pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xc9\xb3\xbc\x8c\x1dga08\x90\x86\xdde\x1cJ\x99\x00\x11\x11\x14\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xfe\x80\x12\x00\x00\x00\x00\x00\x0fo\x84\xfc\x89\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#\x1c\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd8\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xaf\n1\x80\x1a\xbc_\xef\x8b\t\xcc\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfdef, 0x3)

2m42.965138288s ago: executing program 3 (id=1277):
socket(0x2, 0x2, 0x1)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x100, 0x0)
mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/mm/transparent_hugepage/hugepages-16kB/stats/anon_fault_alloc\x00', 0x0, 0x0)
read$auto(r0, 0x0, 0x20)
io_uring_setup$auto(0xa, 0x0)
r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/008/001\x00', 0x8901, 0x0)
ioctl$auto(r1, 0x4004550c, 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)

2m42.712763831s ago: executing program 3 (id=1280):
socket(0xa, 0x801, 0x84)
setsockopt$auto(0x3, 0xfffffff8, 0x81, 0x0, 0x2)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mincore$auto(0x1000, 0x2, 0x0)
setsockopt$auto(0x3, 0x10000000084, 0x16, 0x0, 0x8)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
socket(0x2c, 0x1, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/zram0/mem_used_max\x00', 0xa081, 0x0)
r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/kcore\x00', 0x10b402, 0x0)
prctl$auto(0x35, 0x0, 0x10, 0x0, 0x0)
prctl$auto(0x34, 0x0, 0x0, 0x0, 0x0)
pread64$auto(r0, 0x0, 0x800003, 0x270)
ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)

2m42.113968808s ago: executing program 3 (id=1284):
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
capset$auto(&(0x7f0000000180)={0x19980330}, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x2a742, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_handshake(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$auto_HANDSHAKE_CMD_ACCEPT(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)={0x14, r1, 0x1, 0x70bd27, 0x25dfdc00}, 0x14}, 0x1, 0x0, 0x0, 0x4002040}, 0x2004881c)
socket(0xa, 0x1, 0x84)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r2 = userfaultfd$auto(0x1)
statx$auto(r2, 0x0, 0x1000, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000)
r3 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cpu/0/cpuid\x00', 0xad80, 0x0)
readv$auto(r3, &(0x7f0000000680)={0x0, 0x40200}, 0x3)
r4 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$auto_mISDN_fops_timerdev(r4, &(0x7f0000001a00)=""/4097, 0x1001)
ioctl$auto_IMADDTIMER(r4, 0x80044940, 0x0)
openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000300), 0x202, 0x0)
quotactl_fd$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff, &(0x7f0000000240)="9e519a991e1130ac22ed96996e9232dbbb")
bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a)

2m41.728148602s ago: executing program 3 (id=1286):
r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event\x00', 0x121000, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000fcdbdf2504000000040010"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xff7fffffffff0001, 0x15)
close_range$auto(r0, 0x8, 0x0)
brk$auto(0x40008000)
syslog$auto(0x10000, &(0x7f0000000180)='/dev/snapshot\x00', 0xc0)
r3 = fanotify_init$auto(0x5, 0x2000000000002)
r4 = open(&(0x7f0000000000)='.\x00', 0xc00, 0x409)
fanotify_mark$auto(r3, 0x9, 0x9, r4, 0x0)
ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0)
syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e</\xfd\x9b\xe4\x99G\xeaS\x9a\xadu(:\x94:\xaf\x06c=3>1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0xda)
move_pages$auto(0x0, 0x5, &(0x7f0000000380)=&(0x7f0000000280), &(0x7f00000003c0)=0x1, 0x0, 0x2)
r5 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/kcore\x00', 0x28000, 0x0)
pread64$auto(r5, 0x0, 0x800003, 0x270)
mlockall$auto(0x7)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000100), 0x202, 0x0)
personality$auto(0xfffff032)
mprotect$auto(0x110c230000, 0xa588, 0x6)
mremap$auto(0x110c231000, 0x0, 0x101, 0x3, 0x0)
move_pages$auto(0x0, 0x9, 0x0, 0x0, 0x0, 0x2)
msgctl$auto_IPC_RMID(0x1, 0x0, &(0x7f0000001600)={{0x7b0, 0x0, 0x0, 0xd, 0x3ff, 0x7, 0xb}, &(0x7f0000000400)=0x9, &(0x7f0000000440)=0x10, 0x1, 0xd80, 0x9, 0x0, 0x8000000000000000, 0x6, 0xa, 0xfff9, @raw=0x80, @raw=0x9})
r6 = syz_open_procfs$namespace(0x0, 0x0)
syz_clone(0x20a08200, 0x0, 0x0, 0x0, 0x0, 0x0)
fcntl$auto(r6, 0x402, 0x0)

2m41.474568962s ago: executing program 2 (id=1287):
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x1, 0x0)
writev$auto(r0, &(0x7f00000000c0)={&(0x7f0000000040)="40c1", 0x128f}, 0x2)
mmap$auto(0x4, 0x5, 0x0, 0x40eb2, 0xffffffffffffffff, 0x308000000000)
r1 = open(&(0x7f0000000040)='./file0\x00', 0x22240, 0x154)
fcntl$auto(r1, 0x400, 0x1)
futex_waitv$auto(0x0, 0x81, 0x0, &(0x7f0000000340)={0x92, 0x6}, 0x8)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc2902, 0x0)
getsockopt$auto(0xffffffffffffffff, 0x6b, 0x3, 0xfffffffffffffffe, 0x0)
write$auto(0x3, 0x0, 0x0)
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
fcntl$auto(0x3, 0x400, 0x2)
getsockopt$auto(0x4, 0x6, 0x1e, 0xfffffffffffffffd, 0x0)
r2 = socket(0x22, 0x2, 0x1)
fstat$auto(r2, 0x0)
r3 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0)
ioctl$auto(r3, 0x3b88, 0x38)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/cgroup.kill\x00', 0xa001, 0x0)
write$auto(r4, &(0x7f0000000040)='\xe9)\x9f%mk\xcd\xec\x13\xdb\xf1\xdc\xc2\xb9', 0x81)
ioctl$auto(0xc8, 0x400454cb, 0xffffffffffffffff)

2m40.503186347s ago: executing program 2 (id=1289):
r0 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130)
fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d)
fallocate$auto(r0, 0x1, 0x820, 0x7fff)
write$auto(r0, 0x0, 0x401)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x20, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptywe\x00', 0x40001, 0x0)
ioctl$auto(0x3, 0x5403, 0xffffffffffffffff)
mmap$auto(0x0, 0x7, 0x4800000000df, 0xeb1, 0x401, 0x8000)
process_madvise$auto_MADV_WIPEONFORK(r0, 0x0, 0x401, 0x12, 0xfffffffa)
unshare$auto(0x9)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
sendfile$auto(0x3, 0x3, 0x0, 0x400000000006)
mmap$auto(0x0, 0x2020009, 0x126, 0xf8, 0xffffffffffffffff, 0x8000)
sysfs$auto(0x2, 0x0, 0x0)
r1 = fsopen$auto(0x0, 0x1)
fsconfig$auto(r1, 0x8, 0x0, 0x0, 0x0)
ioctl$auto_VHOST_SET_VRING_ERR(r1, 0x4008af22, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
getcwd$auto(0x0, 0xfffffffeffffffff)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
fanotify_init$auto(0x8, 0x2000000000002)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x12ba7e, 0x45)
fanotify_mark$auto(0x0, 0x451, 0xa, r2, 0x0)

2m40.187677299s ago: executing program 2 (id=1291):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/key-users\x00', 0x18b800, 0x0)
pread64$auto(r0, 0x0, 0x8100000041, 0x9) (fail_nth: 3)

2m39.930931366s ago: executing program 2 (id=1293):
unshare$auto(0x40000080)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtdblock0\x00', 0x14b602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
keyctl$auto(0x2000000000000017, 0x3ff, 0x0, 0x0, 0x3)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
close_range$auto(0xffffffffffffffff, 0xa, 0x0)
mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000)
futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005)
r0 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0)
ioctl$auto_BLKPG2(r0, 0x1269, 0x0)

2m39.682600299s ago: executing program 3 (id=1295):
unshare$auto(0x40000080)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
listen$auto(0x3, 0x81)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff)
madvise$auto(0x0, 0x2003f2, 0x15)
sendmsg$auto_NFC_CMD_FW_DOWNLOAD(r0, &(0x7f0000001600)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000580)={0x1048, 0x0, 0x8, 0x70bd2b, 0x25dfdbfc, {}, [@NFC_ATTR_SE_APDU={0x1004, 0x19, "fe5753994b92591f5d3a857c460b620a78993c9ba62d5fbc5bbf26f3291f5f1aaea2799ebd00c1130c05678d41ec39d7ccbc1808cd10716d6df18e476493b34fa88efc515e6c7c34a5beaf13cbfb2f47bc871aab044dddeb1cecf89bfe838498e9ce7e8eb5b84e8f97b50c587ac86b755c6cf6304f70bda599d1936c3f1d52fb99c5a5d5baa6596dad9717078ead7d198286128b3d263bd7e050f20263e60fad1aedc6ce16edae78238ed9ca58789ea6948d5395ad3039a853e7a1911d173ac8fe91a78501dba3120209066864afb0fbed0ef821bf285221dfe7098f45776eaf62fcb42884bdacde4d4141caee6ebe297736f7b27348dec82ea72b4ced55680869e163e91852fc10f8af3dfc5a286600ab9b406ab4d8122ef7454388af8a81ddf717c5f6f1f08f34c851f8da7b6989a28fe9c700d311a0481ff228f41ff9b32660009cb814191775eec70e647b57cbae9ca781598d86963d121630c5b1af1eb6b6615556bde734a3b5e037108a0bbc49e706856cb5c7c5a4a3a8fbd28aca58bb4f164eb831b7f72cfe3fb849eaca6a2780b0b25a954890f78c35d96d8ee30710fcbf85b75821162d4d5ca0751af0f0f9ba363bc3397f0cd40c3c4e733ab77fb8ea19f2fc738f9f31650e42e3ed2a7241abe88b07be18d30eb6a90cbfe9347e154677333299bb824635dcb358fd408e253e0f3940c99d479192e78326776c06031e554c5a5f86e514934e11d4c401c55fa626e10c8b8a3a92dbc194ce79b4dfed0db917e1706fecc4fdffae3f250a5daddebd851ec9998a3366fb8dc9fc9d465e82fd7937bcbc1d45396fa17f8a8ef45159f8cb4910270716284499eeeeeaeaca05f041cdebe6a6f477989277d114ba9650f3fdfb831ca49062dbd46130ea256bec61a4436c76dbd2a90a353cbfc4a12578671f1bc9a225651e8c871ddd9e1a13b57c0111c7117d36b63c48a568be2ac497166b8904360c331a46f89ef89f89d9c839c4f17c880ea3891894c83ba52cdc24e149426d31343902f97a82003f260b0751bd46ad178581a5cdb19a6d674d009b58027058d493639728df163e0ceea91304de502e78156b206bb2db9e16139a9071eafa8a982f38fb34e02fecfecac4f04eace3e82e9d3d9be12af97d2aafcdfb05dad609c391ccac078ff3b694b9bfaa93e60adc7678d775a8c57b38bac6bd9579b0ed7f9a844bec64bc8ed4f2965e33bde2e49b0d3700c66540f41655eb9665455bf5a6fd149d39bb20410152f1b1ae15e9eeeb12516ce15bb64fcaba8cb555b36278540cbffac5d2fe543572ea022615203334e018142c2cf10275a84cb6bb37d58f975e4f8f4ce701fa548675e125ec6d287139dac113525683a9b5e870e04ea57ab8412cb14c85eb1e9394617cf273997af9655e3378bb43654c6b66a6bcbaac528f3e0f11b67f3a407e757749c020105a916f02e1bf389df9072f05a9e04ec817cf3b4d21a76edfec931ecefdb4826e5e8929ca95463e18cd5a5e4076ac7c566afbbc3c53e6a8a1142dfb3ff6442e3873928c09c6a95f5f8c3445baf8cfe3d4b0a723070abff8ce3de83fbde513e1d30f7464af1799fe3880909a523c8515ca6d6fd59f13c25b34baa9f542f94f7d26cb6593c2129de7fa464b5e00cf6f3333b2887546b8676e24b2ed11180eb3cfea1e347152f869665189e22ac444faf15e305a3cf74058c61adfed5f7251a7fd05c1763e52c627de5ed20e0e1dc5d423e8f14516c93d9de8b3866dcf20d4d1859111f09314d5bc81c1aae335b9d9e3128e631d1fca7cbfffd92003667f1c23becb74640c74c64dff24a2fea9390e602caa14919da21c27b8d796989008cee2a44044a0ddded63a3c371b92c0fbf3defec5dc8fbe62cd8ec1c0190d806a48c869c20482813de22198430e7b7afcdb4e469f914825efa0ee88769d9823eecdfcad340229bc8f287671d46d53fcd94d57fddc5da8a49cab4c7a2d247e5b5f438b31f9b29b0c123bf4ec54b2e558c33efe2954308ef6606e192cdbb1db051eab62553e0f29004dbb602dea5d6cb3cead8863bd6ab9b9bd3e5c25f4267b7889f701ddd6f93d923cbea699bb3135d9f5d89702f2abbe8bdb8b81481f5f25ffbfcbdbbe11d4049782aa9853377e41f984768733fde61eb08ed9a7bbd6f71cce37dfee0345c3433633f7a9b0024ec8501d3a53f94e63d2b39cc0ae4ff97929738a5efbcd551c4d6b5fb66e7e3b804b8101e81c871ff886cc8f2b5b255bcaaff33cee667879be42eef1db88d1270c847327270275bc52429292f4625bd8c183f2c3bcfc5ea131014b07afd88c827dcd9eccce1cc5c5033d76de3796555d678c22f98ed0c55c66877239e3e965478883bfd10bbfe19cf46ed85ff9e3950181ad244f076d379de6bd98bc0ace78b910f796fded8f3706e533300b0cb42f6ad39c2999e18f5b7231ce68d1573d95a585c0ceb50e0ccb4a45cfdda5fe19da54642778d24455bdce573f809d79737c8f6bbe26cf2fff0e719a4a4a4fea19bd05248f590838457251325871a8f83ff944b922e01232d14c34a0003b768cbec390efad3aa1c43859bac4a2257ac49f0c21078746395f81e4bf9a3217a8fc9e2205a8506c55d26dae990f8c9ba24bad1dcf3e0069cd2000f5db97de0c6ab1db61f22b7304904ae5cee9215eb659e0f387fed76abc0124e9a67333cfa4672e68af221b0ed56dae735c0965e11c4d1973ce70f0288715d88d95a2ec24ea3fc8a4a97e5408ed079a7582e51f76acba809126a47cfcaa009d4e0cc9e60cac39ab9245165133e563fa9bc3392fa1c359817d889cbdcf7677f0df6cb91bd66b131ed16bba24e01f114040057de651e1189aeb6e8c39bdeab6d06ea9ee5c4e9fefb7a54f2e6b70dcd132843d1e9a9b9706b018041a71d85e07909b02dc0beb15b0051d341fc032abd8130fa74671323cf91c267af5c6c8a31239c62a05784f7db1fc0dbf6c47074711141d93b8c332b5c14050d6a046a2d5e3dd066b94b8bf1a7449068315ec0c3749bc2345b81fcd11041362ddafba7b903fe4443332bcd4fb77072fed00274af51bfcf13ec2c19e2e5bd6aca3306e9c0fbe8936925490317048a93ece9820e464767c500754e4da16c5c89acbb603c830150a0f31d427b208a01ddc6ae7276fc067fcfcf03eca31135c113715c2e3f000b47fbf60c677a680faefd7dbf028dfc90548b63bd2418e0f4efd8319f33de3b22bd122ddfaecbeb1dbfb30ecf03a5e0cf223080c90abf50aa9be305e5f25016eca60698b2252caa7a3badf82d8b79b713f97ec0e34ab73bc6ced9ac3badf8ee8bae5de59ed154ed83b13f77ade1c3e9ae868f7948244f9edf624799d2a2a6dd67611238e2e030e81a0dbfd55fa309fab0d2850589dec296812b4434b3d37cd1e691a0957e5b85a449dc3d7f2cd5df51d55773dfef8d4e14fbf161451f5886e83549ce1b0d8f5d8472bf9f9b14c81dbf2e22c38d0a2e12bd3bcf5c60e0c9889b18476712c9e32f145c7a1298cf62907587afad8f85333de0be893a4db4152e370e450a370230d6f9942c4c15a31d1b95daf27dcc9c5a894f3996dbd48cb19b0f5a192de5828f62bced8f2a7016efc2bea4ca05407fc719879316d22d469ece45eaa4030d1f29c582eb63c0347b0930b64686523a3bbc415242921437b40a72e13621f03a62a0a1686da3e5855e79affa029fbeb5c3f3ef76772268183b39b07f46b5711e5f1d0e3e9a49c73a7089b073f08fb4e4128ca9a1432b8df18c7d38ea73ca92b2d638902d96d30e9620c6fe3a53178c24fc918f55460c33dcdb8960108561ba242774752924ccdd58098fccf7f97723099740aaa9a877bd09af8ef56becfe897cd8962fca01dc378dbfb19d0d26ea8bc2a4b6c44f5582a7ed94672ba473dbe2e0bb5282f56131881a4028b47ff6dd68e6631c13cca70ef68f2c9cde078e7e5ba3159f718dc9cd83c5668af7d2772f299333d020df19672be5d05372c40f55bd2292fae7938960ed709fcd8ac4b5ba6306e9c24b0b540ee52c62aa193bfe428c6ea1a6145101300fc34a42071335c185bd5e7b81a64835e574c92cb4c2b724bd8e548feefd263a31372bd12a8f9187463a191e6db8da7d4fbd3cd0a09d29f71867094f3713ece113ab8d06345ce3f28b760d8d6456fc708f4a3429b579d8a10d2b06418f03068573e1beaf731e9704db02486713449b7c56a00ab06d34690ba005e9c828c4a7685d1cbca979a64e7204135bab2cb0e54600eb513c83739ed7800a2e3a6b0e2b9301c4c373c8f0fbe7abd26df9677ef6c2769762c710f9b9b4e86675b0a0868c469a1b573a4c0c3a420b65d1284cbd4d263e748eff161029ee31f38662e47d592c0ffb5870d90a73bcd54255d0eba62cc3ae9185be048919cfe17537c0bbdf37a01488397e4ff42e7c1f18b92af55de7ed148c84d551512c63a7183cc1386f2572a60c648beb699cbc652d557e177214085777c5ea271523a4846563eea1591caaa1bac66d86f7238c3144135aa179a5f128d7b5ffe76a7ed42cee16bef5d20ad205ddb3e423b8098756c12ee5c7f6357eadbf2b7f1eb9d418233a1f56a5ad8e52a6d729bb345db41dffc29283796bf03569d989e583fd60d134da4bebc8c393f3ec31a25f66e69b2b0c7c9bbd8fb10a6f6fdd5e23844e62a60bc346e3129c3bc42a80272fcf0a70dcce7fb7206a590e4940399a4ca6290ac3bed3fbf0e24e8974a3fe261bfc4d0aa5a0e6ba4aa24a0ff119a46274154cd666ad9094d8c64cd7b4ddeeba4a3dfb5672a654815b9d62ee2e2f41151785ce627a1f24a83aa8cf2b7ba28b078cb7c8805606dae85d9041d65158865fd74ffabf49eef8284d01a0d2f178e74540beeccf96ab7e37aef9f557f1c71464df998539afead2fa37aba2b9a5c46329bd132d2c04918b69a8653e17f056cf0a78b6dadcb715bb510de2fe2066b5c990460eb0311a424c588d0f802ade1fd3a7ca485e54dc850911d9a7565d03e0e6efce3267effc574257b042b544133e105b57c93f87984602ce2ac096368e412e8cc1422b534db8543a5a27be08926425308464281620e2b847dff511b15b55fcd313e2f4ab0ed71a7f18a1d7949a60052aa99f9b148aafdf112548dddd11b5ed182b65113472391b8a0c57bd0f5e4c40b5db33e7a03ee92c0531d219a97839868b6113b0006deff05cf4e7f5e559e0217a2dacd1a6b2598d4dccdae97dd64ca10738d1c3a7949c44c903e33e747182fea549d9c8acb10be33ef38e21957c89f082a4d3b7f158b8a3fdff85939fde3249487b1e4f90d31cce5c92078ab0cdfcbb5ae5d2439741e46b29687ff6f687ee7bb3b76b2254c58fa63af9d62c2adc98d6313eb17bea8620a853c3534d5775eb96e6c728b14c1cea7df15d924d9749f0f1f47f1fd2c6ee6974f886210614d43d7cad9b8b16338677d7aae007b610af699de074e2283615e3754bc14be5472b34efe2570153c5dfd922f637ec45db70cc125481802ab611074b9c90d6533d4cff14109c79c7b730458ffeac98938139de637074d5b4c47ebe904c7f9ad062f9b1c3c3219a1e73cf31dbe13f43717a9948064d766aa787579903d7e016dada977aaf251c85a82a5525212d9f40cae352504d38d335303b43059d3ecc566c4fc4bdaf0808733632107d60dea6cea10f325949d5f0439e9597be052bece3edec09445c82aae0818d763a0ca83b1942f86f6f23cc62942ac90033b75524ef3e2df1e0fdb5dac3fb1bc5592ad00f760cf31be90543f9f454c5dda"}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x6}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x9}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x9}, @NFC_ATTR_IM_PROTOCOLS={0x8, 0xd, 0x7}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_RF_MODE={0x5, 0xb, 0x81}]}, 0x1048}, 0x1, 0x0, 0x0, 0xbdbb3f21a7a26072}, 0x4048000)
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYRES8, @ANYRES16, @ANYBLOB="df250c0000000000000000"], 0x14}}, 0x24048004)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_THREADS_SET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB="a8000000", @ANYRES16=r4, @ANYBLOB="01002cbd7000fddbdf2502000000810004006e66736600d8efe42d132b72f30c54315aa74a5b8107cf2ddf901f8fc81365e252144483326ace7da356b7a16f5ce613bc0ce3aeb87ed3d22b4a27c3ecc90c70c861befe60a7a9414b446427a001f61379e8caf4519e032a5dda1e1174e2d575772b93fc046cd3a674866b80d91473ece248c03d28f9398a63a785998700000008000300850000000800010002000000"], 0xa8}}, 0x4000)
sendmsg$auto_NFSD_CMD_VERSION_GET(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r4, 0x100, 0x70bd2d, 0x25dfdbfd, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
madvise$auto(0x0, 0x200007, 0x19)
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0)
mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
socket(0x2, 0x3, 0xa)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54)
mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
bpf$auto(0xfffffffe, &(0x7f00000004c0)=@query={@target_fd, 0x8, 0x3, 0x5, 0xff, @count=0xe35c, 0x0, 0x5, 0x80000000000006, 0xd9, 0xffffffff}, 0x6f2)
sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000)

2m39.030412171s ago: executing program 2 (id=1298):
mmap$auto(0x43b, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x7fffffff)
r0 = socket(0x2, 0x2, 0x0)
bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(r0, &(0x7f0000000040)=@phonet={0x23, 0x2a, 0x7, 0x4}, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0)
r1 = prctl$auto(0x9, 0x1, 0x0, 0x1, 0x0)
r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000340)={[0xe8, 0x9, 0x2, 0x1, 0x5, 0xf, 0x15f4da0e, 0x8, 0x1, 0x100000000000000c, 0x8, 0x1, 0xfcc, 0x9, 0x2, 0x4000000000000a]}, 0x0)
pwrite64$auto(0xc8, &(0x7f0000000140)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00,\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t,\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/242, 0xfdf0, 0x39)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000100)
bind$auto(r0, &(0x7f0000000240)=@sco, 0xfffffffb)
getsockopt$auto_SO_RCVMARK(r2, 0x0, 0x4b, &(0x7f0000000000)='}\'.^\x00', &(0x7f00000000c0)=0x7)
mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0)
shutdown$auto(0x200000003, 0x2)
mlockall$auto(0x7)
mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000)
remap_file_pages$auto(0x68a, 0x19, 0x2fe, 0x5, 0x6)
r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv4/conf/all/bootp_relay\x00', 0x420040, 0x0)
pwrite64$auto(r1, 0x0, 0x2, 0x0)
ioctl$auto_FS_IOC_RESVSP64(r3, 0x4030582a, 0x200000)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
move_pages$auto(0x0, 0x7fffffffffffffff, 0x0, 0x0, 0x0, 0x11)
tgkill$auto(0x0, 0x0, 0x11)
readv$auto(0x3, 0x0, 0x7)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x9ed, 0x0)

2m38.596903012s ago: executing program 2 (id=1301):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_LISTENER_SET(r0, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f00000001c0)={0x14, r1, 0x1, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0xfff5, 0x0, 0x1}, 0x6000000)

2m24.577911711s ago: executing program 33 (id=1295):
unshare$auto(0x40000080)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
listen$auto(0x3, 0x81)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff)
madvise$auto(0x0, 0x2003f2, 0x15)
sendmsg$auto_NFC_CMD_FW_DOWNLOAD(r0, &(0x7f0000001600)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000580)={0x1048, 0x0, 0x8, 0x70bd2b, 0x25dfdbfc, {}, [@NFC_ATTR_SE_APDU={0x1004, 0x19, "fe5753994b92591f5d3a857c460b620a78993c9ba62d5fbc5bbf26f3291f5f1aaea2799ebd00c1130c05678d41ec39d7ccbc1808cd10716d6df18e476493b34fa88efc515e6c7c34a5beaf13cbfb2f47bc871aab044dddeb1cecf89bfe838498e9ce7e8eb5b84e8f97b50c587ac86b755c6cf6304f70bda599d1936c3f1d52fb99c5a5d5baa6596dad9717078ead7d198286128b3d263bd7e050f20263e60fad1aedc6ce16edae78238ed9ca58789ea6948d5395ad3039a853e7a1911d173ac8fe91a78501dba3120209066864afb0fbed0ef821bf285221dfe7098f45776eaf62fcb42884bdacde4d4141caee6ebe297736f7b27348dec82ea72b4ced55680869e163e91852fc10f8af3dfc5a286600ab9b406ab4d8122ef7454388af8a81ddf717c5f6f1f08f34c851f8da7b6989a28fe9c700d311a0481ff228f41ff9b32660009cb814191775eec70e647b57cbae9ca781598d86963d121630c5b1af1eb6b6615556bde734a3b5e037108a0bbc49e706856cb5c7c5a4a3a8fbd28aca58bb4f164eb831b7f72cfe3fb849eaca6a2780b0b25a954890f78c35d96d8ee30710fcbf85b75821162d4d5ca0751af0f0f9ba363bc3397f0cd40c3c4e733ab77fb8ea19f2fc738f9f31650e42e3ed2a7241abe88b07be18d30eb6a90cbfe9347e154677333299bb824635dcb358fd408e253e0f3940c99d479192e78326776c06031e554c5a5f86e514934e11d4c401c55fa626e10c8b8a3a92dbc194ce79b4dfed0db917e1706fecc4fdffae3f250a5daddebd851ec9998a3366fb8dc9fc9d465e82fd7937bcbc1d45396fa17f8a8ef45159f8cb4910270716284499eeeeeaeaca05f041cdebe6a6f477989277d114ba9650f3fdfb831ca49062dbd46130ea256bec61a4436c76dbd2a90a353cbfc4a12578671f1bc9a225651e8c871ddd9e1a13b57c0111c7117d36b63c48a568be2ac497166b8904360c331a46f89ef89f89d9c839c4f17c880ea3891894c83ba52cdc24e149426d31343902f97a82003f260b0751bd46ad178581a5cdb19a6d674d009b58027058d493639728df163e0ceea91304de502e78156b206bb2db9e16139a9071eafa8a982f38fb34e02fecfecac4f04eace3e82e9d3d9be12af97d2aafcdfb05dad609c391ccac078ff3b694b9bfaa93e60adc7678d775a8c57b38bac6bd9579b0ed7f9a844bec64bc8ed4f2965e33bde2e49b0d3700c66540f41655eb9665455bf5a6fd149d39bb20410152f1b1ae15e9eeeb12516ce15bb64fcaba8cb555b36278540cbffac5d2fe543572ea022615203334e018142c2cf10275a84cb6bb37d58f975e4f8f4ce701fa548675e125ec6d287139dac113525683a9b5e870e04ea57ab8412cb14c85eb1e9394617cf273997af9655e3378bb43654c6b66a6bcbaac528f3e0f11b67f3a407e757749c020105a916f02e1bf389df9072f05a9e04ec817cf3b4d21a76edfec931ecefdb4826e5e8929ca95463e18cd5a5e4076ac7c566afbbc3c53e6a8a1142dfb3ff6442e3873928c09c6a95f5f8c3445baf8cfe3d4b0a723070abff8ce3de83fbde513e1d30f7464af1799fe3880909a523c8515ca6d6fd59f13c25b34baa9f542f94f7d26cb6593c2129de7fa464b5e00cf6f3333b2887546b8676e24b2ed11180eb3cfea1e347152f869665189e22ac444faf15e305a3cf74058c61adfed5f7251a7fd05c1763e52c627de5ed20e0e1dc5d423e8f14516c93d9de8b3866dcf20d4d1859111f09314d5bc81c1aae335b9d9e3128e631d1fca7cbfffd92003667f1c23becb74640c74c64dff24a2fea9390e602caa14919da21c27b8d796989008cee2a44044a0ddded63a3c371b92c0fbf3defec5dc8fbe62cd8ec1c0190d806a48c869c20482813de22198430e7b7afcdb4e469f914825efa0ee88769d9823eecdfcad340229bc8f287671d46d53fcd94d57fddc5da8a49cab4c7a2d247e5b5f438b31f9b29b0c123bf4ec54b2e558c33efe2954308ef6606e192cdbb1db051eab62553e0f29004dbb602dea5d6cb3cead8863bd6ab9b9bd3e5c25f4267b7889f701ddd6f93d923cbea699bb3135d9f5d89702f2abbe8bdb8b81481f5f25ffbfcbdbbe11d4049782aa9853377e41f984768733fde61eb08ed9a7bbd6f71cce37dfee0345c3433633f7a9b0024ec8501d3a53f94e63d2b39cc0ae4ff97929738a5efbcd551c4d6b5fb66e7e3b804b8101e81c871ff886cc8f2b5b255bcaaff33cee667879be42eef1db88d1270c847327270275bc52429292f4625bd8c183f2c3bcfc5ea131014b07afd88c827dcd9eccce1cc5c5033d76de3796555d678c22f98ed0c55c66877239e3e965478883bfd10bbfe19cf46ed85ff9e3950181ad244f076d379de6bd98bc0ace78b910f796fded8f3706e533300b0cb42f6ad39c2999e18f5b7231ce68d1573d95a585c0ceb50e0ccb4a45cfdda5fe19da54642778d24455bdce573f809d79737c8f6bbe26cf2fff0e719a4a4a4fea19bd05248f590838457251325871a8f83ff944b922e01232d14c34a0003b768cbec390efad3aa1c43859bac4a2257ac49f0c21078746395f81e4bf9a3217a8fc9e2205a8506c55d26dae990f8c9ba24bad1dcf3e0069cd2000f5db97de0c6ab1db61f22b7304904ae5cee9215eb659e0f387fed76abc0124e9a67333cfa4672e68af221b0ed56dae735c0965e11c4d1973ce70f0288715d88d95a2ec24ea3fc8a4a97e5408ed079a7582e51f76acba809126a47cfcaa009d4e0cc9e60cac39ab9245165133e563fa9bc3392fa1c359817d889cbdcf7677f0df6cb91bd66b131ed16bba24e01f114040057de651e1189aeb6e8c39bdeab6d06ea9ee5c4e9fefb7a54f2e6b70dcd132843d1e9a9b9706b018041a71d85e07909b02dc0beb15b0051d341fc032abd8130fa74671323cf91c267af5c6c8a31239c62a05784f7db1fc0dbf6c47074711141d93b8c332b5c14050d6a046a2d5e3dd066b94b8bf1a7449068315ec0c3749bc2345b81fcd11041362ddafba7b903fe4443332bcd4fb77072fed00274af51bfcf13ec2c19e2e5bd6aca3306e9c0fbe8936925490317048a93ece9820e464767c500754e4da16c5c89acbb603c830150a0f31d427b208a01ddc6ae7276fc067fcfcf03eca31135c113715c2e3f000b47fbf60c677a680faefd7dbf028dfc90548b63bd2418e0f4efd8319f33de3b22bd122ddfaecbeb1dbfb30ecf03a5e0cf223080c90abf50aa9be305e5f25016eca60698b2252caa7a3badf82d8b79b713f97ec0e34ab73bc6ced9ac3badf8ee8bae5de59ed154ed83b13f77ade1c3e9ae868f7948244f9edf624799d2a2a6dd67611238e2e030e81a0dbfd55fa309fab0d2850589dec296812b4434b3d37cd1e691a0957e5b85a449dc3d7f2cd5df51d55773dfef8d4e14fbf161451f5886e83549ce1b0d8f5d8472bf9f9b14c81dbf2e22c38d0a2e12bd3bcf5c60e0c9889b18476712c9e32f145c7a1298cf62907587afad8f85333de0be893a4db4152e370e450a370230d6f9942c4c15a31d1b95daf27dcc9c5a894f3996dbd48cb19b0f5a192de5828f62bced8f2a7016efc2bea4ca05407fc719879316d22d469ece45eaa4030d1f29c582eb63c0347b0930b64686523a3bbc415242921437b40a72e13621f03a62a0a1686da3e5855e79affa029fbeb5c3f3ef76772268183b39b07f46b5711e5f1d0e3e9a49c73a7089b073f08fb4e4128ca9a1432b8df18c7d38ea73ca92b2d638902d96d30e9620c6fe3a53178c24fc918f55460c33dcdb8960108561ba242774752924ccdd58098fccf7f97723099740aaa9a877bd09af8ef56becfe897cd8962fca01dc378dbfb19d0d26ea8bc2a4b6c44f5582a7ed94672ba473dbe2e0bb5282f56131881a4028b47ff6dd68e6631c13cca70ef68f2c9cde078e7e5ba3159f718dc9cd83c5668af7d2772f299333d020df19672be5d05372c40f55bd2292fae7938960ed709fcd8ac4b5ba6306e9c24b0b540ee52c62aa193bfe428c6ea1a6145101300fc34a42071335c185bd5e7b81a64835e574c92cb4c2b724bd8e548feefd263a31372bd12a8f9187463a191e6db8da7d4fbd3cd0a09d29f71867094f3713ece113ab8d06345ce3f28b760d8d6456fc708f4a3429b579d8a10d2b06418f03068573e1beaf731e9704db02486713449b7c56a00ab06d34690ba005e9c828c4a7685d1cbca979a64e7204135bab2cb0e54600eb513c83739ed7800a2e3a6b0e2b9301c4c373c8f0fbe7abd26df9677ef6c2769762c710f9b9b4e86675b0a0868c469a1b573a4c0c3a420b65d1284cbd4d263e748eff161029ee31f38662e47d592c0ffb5870d90a73bcd54255d0eba62cc3ae9185be048919cfe17537c0bbdf37a01488397e4ff42e7c1f18b92af55de7ed148c84d551512c63a7183cc1386f2572a60c648beb699cbc652d557e177214085777c5ea271523a4846563eea1591caaa1bac66d86f7238c3144135aa179a5f128d7b5ffe76a7ed42cee16bef5d20ad205ddb3e423b8098756c12ee5c7f6357eadbf2b7f1eb9d418233a1f56a5ad8e52a6d729bb345db41dffc29283796bf03569d989e583fd60d134da4bebc8c393f3ec31a25f66e69b2b0c7c9bbd8fb10a6f6fdd5e23844e62a60bc346e3129c3bc42a80272fcf0a70dcce7fb7206a590e4940399a4ca6290ac3bed3fbf0e24e8974a3fe261bfc4d0aa5a0e6ba4aa24a0ff119a46274154cd666ad9094d8c64cd7b4ddeeba4a3dfb5672a654815b9d62ee2e2f41151785ce627a1f24a83aa8cf2b7ba28b078cb7c8805606dae85d9041d65158865fd74ffabf49eef8284d01a0d2f178e74540beeccf96ab7e37aef9f557f1c71464df998539afead2fa37aba2b9a5c46329bd132d2c04918b69a8653e17f056cf0a78b6dadcb715bb510de2fe2066b5c990460eb0311a424c588d0f802ade1fd3a7ca485e54dc850911d9a7565d03e0e6efce3267effc574257b042b544133e105b57c93f87984602ce2ac096368e412e8cc1422b534db8543a5a27be08926425308464281620e2b847dff511b15b55fcd313e2f4ab0ed71a7f18a1d7949a60052aa99f9b148aafdf112548dddd11b5ed182b65113472391b8a0c57bd0f5e4c40b5db33e7a03ee92c0531d219a97839868b6113b0006deff05cf4e7f5e559e0217a2dacd1a6b2598d4dccdae97dd64ca10738d1c3a7949c44c903e33e747182fea549d9c8acb10be33ef38e21957c89f082a4d3b7f158b8a3fdff85939fde3249487b1e4f90d31cce5c92078ab0cdfcbb5ae5d2439741e46b29687ff6f687ee7bb3b76b2254c58fa63af9d62c2adc98d6313eb17bea8620a853c3534d5775eb96e6c728b14c1cea7df15d924d9749f0f1f47f1fd2c6ee6974f886210614d43d7cad9b8b16338677d7aae007b610af699de074e2283615e3754bc14be5472b34efe2570153c5dfd922f637ec45db70cc125481802ab611074b9c90d6533d4cff14109c79c7b730458ffeac98938139de637074d5b4c47ebe904c7f9ad062f9b1c3c3219a1e73cf31dbe13f43717a9948064d766aa787579903d7e016dada977aaf251c85a82a5525212d9f40cae352504d38d335303b43059d3ecc566c4fc4bdaf0808733632107d60dea6cea10f325949d5f0439e9597be052bece3edec09445c82aae0818d763a0ca83b1942f86f6f23cc62942ac90033b75524ef3e2df1e0fdb5dac3fb1bc5592ad00f760cf31be90543f9f454c5dda"}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x6}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x9}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x9}, @NFC_ATTR_IM_PROTOCOLS={0x8, 0xd, 0x7}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_RF_MODE={0x5, 0xb, 0x81}]}, 0x1048}, 0x1, 0x0, 0x0, 0xbdbb3f21a7a26072}, 0x4048000)
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYRES8, @ANYRES16, @ANYBLOB="df250c0000000000000000"], 0x14}}, 0x24048004)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_THREADS_SET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB="a8000000", @ANYRES16=r4, @ANYBLOB="01002cbd7000fddbdf2502000000810004006e66736600d8efe42d132b72f30c54315aa74a5b8107cf2ddf901f8fc81365e252144483326ace7da356b7a16f5ce613bc0ce3aeb87ed3d22b4a27c3ecc90c70c861befe60a7a9414b446427a001f61379e8caf4519e032a5dda1e1174e2d575772b93fc046cd3a674866b80d91473ece248c03d28f9398a63a785998700000008000300850000000800010002000000"], 0xa8}}, 0x4000)
sendmsg$auto_NFSD_CMD_VERSION_GET(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r4, 0x100, 0x70bd2d, 0x25dfdbfd, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
madvise$auto(0x0, 0x200007, 0x19)
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0)
mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
socket(0x2, 0x3, 0xa)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54)
mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
bpf$auto(0xfffffffe, &(0x7f00000004c0)=@query={@target_fd, 0x8, 0x3, 0x5, 0xff, @count=0xe35c, 0x0, 0x5, 0x80000000000006, 0xd9, 0xffffffff}, 0x6f2)
sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000)

2m23.545972726s ago: executing program 34 (id=1301):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_LISTENER_SET(r0, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f00000001c0)={0x14, r1, 0x1, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0xfff5, 0x0, 0x1}, 0x6000000)

6.040857815s ago: executing program 4 (id=1835):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="14000000", @ANYBLOB="040006"], 0x14}, 0x1, 0x0, 0x0, 0x4000010}, 0x800)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000280), r0)
r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f00000005c0), r0)
sendmsg$auto_MACSEC_CMD_ADD_RXSC(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000980)={0x28, r1, 0x8ff972b65c311bf5, 0x70bd26, 0x25dfdbfe, {}, [@MACSEC_ATTR_SA_CONFIG={0xc, 0x3, 0x0, 0x1, [@typed={0x8, 0x115, 0x0, 0x0, @u32=0xda}]}, @MACSEC_ATTR_OFFLOAD={0x8, 0x9, 0x0, 0x1, [@generic="77651778"]}]}, 0x28}, 0x1, 0x0, 0x0, 0x20008090}, 0x4000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x810)
sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, 0x0, 0x20008810)
close_range$auto(0x2, 0x8, 0x0)
unshare$auto(0x40000080)
r2 = socket(0x10, 0x2, 0x0)
bpf$auto(0xff, &(0x7f00000004c0)=@bpf_attr_5={@target_fd, 0xffffffffffffffff, 0x4, 0x5, 0xffffffffffffffff, @relative_id=0x4, 0x400000000005}, 0x3fc)
r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0)
read$auto(r3, &(0x7f00000002c0)='N\xd5\f\xb9GC*(,\x00\xc4bAL\xa3`\xb1\xf2\xe7\xc04b$\x99.\xb4\xcc\xc0%\xaa\xd3\xd5\xef\xa4\xd35u\xc0\xa6\r\xcaJ\x11\xaf\x93\xde\xc3|\x17\x96\xd1\x15g\x10\x1ai1(=!\xf1\xe8\xe4\xcdm\xedKW\xe7\xfbL\\\xf2sj(\v\xcd\xe5\x02B\x81ss\xdd\x8199\xa5\x1e\xb0A\xa3\xcbj7\xe9\xc9L\xcc\xc6\xa4\xaf%\xba\xda\xee\xd8%:bXj\xd5[UG\x8a\x8ab\x9a\x18\xe8K\xafU\x8d\xb1\f~\xaa\xab(\x86(\xf9\b\xf7$%\xf2\x11\xa4\x9bj\xc1)\n\x1ft\xb6\xaf\xe2\xd4\x95\xa3\xe1\x1f\xf7uw\a\xd0\x83{_>/\xff', 0x100000001)
waitid$auto_P_ALL(0x0, 0x2, 0x0, 0x5, &(0x7f0000000b40)={{0x3d, 0x6}, {0xfffffffffffff4c5, 0x2}, 0x408, 0x8, 0x0, 0xdd0, 0x7, 0x5, 0x0, 0x3, 0x7, 0x7, 0x0, 0x96bd, 0x7ff, 0xbf0})
write$auto(r3, &(0x7f0000000040)='S\x00\x00\x00\xfe\xff\xff\xff', 0x8587)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='f\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xcb}, 0x2, 0x0, 0x80000000, 0x2a505}, 0x803}, 0x2004, 0x8)
statmount$auto(&(0x7f0000000000)={0xbd, @raw=0x3, 0x3, 0xffffffffffffd4f2}, &(0x7f00000002c0)={0x2, 0x1, 0x6, 0x8, 0x1, 0x5d9, 0xfff, 0x3, 0x80, 0x1, 0x2, 0x9, 0x8000000000000001, 0x7, 0xfffffffffffff134, 0xc, 0x7, 0x9, 0x6, 0x1, 0x9, 0xa, 0x7, 0x7, 0x92c5, 0x9, 0x4, 0x1, 0x7, 0x2, 0x81, [0x6, 0x4, 0x7, 0x6, 0x6, 0xffff, 0x81, 0x1, 0xfffffffeffffffff, 0x80, 0xa, 0x69, 0x53d, 0xffffffffffffffff, 0x26, 0x1, 0x0, 0x5, 0x4, 0x1, 0x7, 0x7, 0x80, 0xffffffffffffffcc, 0x7fff, 0xc, 0x3, 0x7, 0xc488, 0xc286, 0x7fffffff, 0xf, 0x3, 0x0, 0x3ff, 0x6, 0xff, 0x85c, 0x100000001, 0x9, 0x20000000000, 0x1, 0x6], "f167256b4b90c6ca1a52dfcde084aef550f6ad8ed18caa4cf4b2e5c04b2ad7b9b34c7c7a3e9d117a7526a2c99af5108387b9161b2e5b1961a6adde788a98e241b6ae690547f0e0782cc4440e7f15fd8b8644179711a54a6254befc070dcfcc5e1d3aa61a829494222aca115d1213d1ab835cb429cc3b7491dde055783dd0f3d556d9804e59f8a493471f0f9633763322e113529d8e402401fa9115e92fe44b2a3dd3f240c42e5442c8daa6c8f3bb5b774e98b2ff1f5116351013598b8c4194e0"}, 0x8, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)

5.50014165s ago: executing program 6 (id=1839):
setgroups$auto(0xa1, &(0x7f0000000000)=0xc)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
futex$auto(0x0, 0x86, 0xa, 0x0, 0x0, 0x7)

5.361231951s ago: executing program 1 (id=1840):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/amidi2\x00', 0x40, 0x0)
ioctl$auto_SNDRV_RAWMIDI_IOCTL_STATUS64(r1, 0xc0385720, 0x0)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dri/card0\x00', 0xc2c42, 0x0)
close_range$auto(0x2, 0x8, 0x0)
close_range$auto(0x2, 0xa, 0x0)
r2 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080))
r3 = openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x40000, 0x0)
fchdir$auto(r2)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x88042, 0x0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22241, 0x155)
socket(0xa, 0x1, 0x0)
setsockopt$auto(0x3, 0x10000000084, 0x19, 0x0, 0x8)
close_range$auto(r0, r0, 0x1)
mmap$auto(0x8, 0x20009, 0x1f3, 0xeb1, 0x7f, 0x4)
sysfs$auto(0x2, 0x100000000000030, 0x0)
fsopen$auto(0x0, 0x1)
open(&(0x7f0000000080)='./cgroup\x00', 0x101000, 0x0)
sendmsg$auto_GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES64=r3, @ANYBLOB="01002d0008000700"/18, @ANYBLOB='\b\x00\b'], 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x0)
r4 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0)
sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0xfffffffe, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x6)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000003040), 0xffffffffffffffff)
sendmsg$auto_OVS_METER_CMD_SET(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003200)={&(0x7f0000000340)={0x24, r6, 0x159198c6007aa95d, 0x70bd29, 0x25dfdbfc, {}, [@OVS_METER_ATTR_KBPS={0x4}, @OVS_METER_ATTR_BANDS={0x4}, @OVS_METER_ATTR_ID={0x8, 0x1, 0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0xc0}, 0x40)

5.078706658s ago: executing program 1 (id=1842):
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$auto_KVM_GET_SUPPORTED_CPUID(r0, 0xc008ae05, &(0x7f0000000100)={0x3fd, 0x0, [{0x0, 0xffff5a9a, 0x7fffffff, 0x0, 0xf, 0x8, 0x6000}]})
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
mmap$auto(0x76d7, 0xf9f7, 0x0, 0x12, r1, 0x951f)
r2 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x22c02, 0x0)
ioctl$auto_VHOST_VSOCK_SET_GUEST_CID(r2, 0x4008af60, &(0x7f0000000040)=0x6)
ioctl$auto_VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, &(0x7f0000000100)=0x643)
close_range$auto(0x2, 0x8, 0x0)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x6, 0x103, 0xcb2, 0x7, 0x80000000)
r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0)
ioctl$auto_TIOCSTI2(r3, 0x5412, &(0x7f00000002c0))
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x321c0, 0x0)
setsockopt$auto(0x3, 0x29, 0x46, 0x0, 0x808)
madvise$auto(0x0, 0x2000040080000004, 0xe)
r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
write$auto(r4, &(0x7f0000000040)='//\xf2\x00', 0x80000000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
shmdt$auto(0x0)
r5 = socket(0xa, 0x3, 0x3b)
r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001080)='/sys/devices/virtual/block/ram12/events\x00', 0x101480, 0x0)
read$auto(r6, 0x0, 0x9)
io_uring_setup$auto(0xa, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80000, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, r3, 0x8000)
capset$auto(&(0x7f0000000180)={0x19980330}, 0x0)
epoll_ctl$auto(r5, 0x3, r5, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)

5.00574821s ago: executing program 6 (id=1843):
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/007/001\x00', 0xa901, 0x0)
mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/power/wakeup_active_count\x00', 0x0, 0x0)
r0 = openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x2080, 0x0)
bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3)
mmap$auto(0x0, 0x2020009, 0x2, 0xf8, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x20008, 0xfffffffffffffffe, 0x12, 0x401, 0x8000)
read$auto(0xffffffffffffffff, 0x0, 0x20)
mmap$auto(0x0, 0xe97f, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0x0)
socket(0x2, 0x3, 0xa)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
unshare$auto(0x40000080)
r1 = pidfd_open$auto(0x1, 0x0)
setns(r1, 0x60020000)
mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000180)='nfsd\x00', 0x8, 0x0)
pivot_root$auto(&(0x7f0000000100)='..\x00', &(0x7f0000000340)='.\x00z\x86E\xb8\xf1\xcbx\xf6cu<\x0e\xd8\xa5\xcd~\xaf\x80\xd3\xf4\xe5\x02\xf9q p\xe2\x8b\xc0\xedf\xba\x16*\x8ar\xa0\'$A\xe5\xc5\x89\xcb\xd5\xac\x98,\xd4Pycv\xdd\xa1\x84\xfb\xe9\r\x82\x15P*IM\xf7.\xf3v\x85Q\xbc:\xef\xd5\x1a\x9e\xbck\x1d\x114^\x1b\x02\xa1\xb0(\xa2\xdb\xbc\x1a\t\x94\x14\xbb\xc8\xfa\x18I\xff\x7f\xab\xf0\x8f\xd3Gr\xfb5\xf1,\x11\x052u&\xde\x9aF\n\xf0\x06\xfc\x1b\x17\x82%\x14\xb3\x19\x13\f\xbe_\xfdi\x17\xfcv\x82*\xbf<\xfa5\xfd\x8b\x1d\x99\a`\xde\xf4\x8a,\tP) \xf4\xdc\r\x17x\xc6\x18Y\xeaaUY\xeb\xd2\x81\xbare\x00\x8e\xfdA\x93\xb9\xac\xf1\x0eq\x85\xd9\x90\x8a%K\x95\x8fm\v\x98y\x9bc-\xa7;\x117\x19)\x04\xb4\nJ\x0e\x1b\x97e\xee\xdb\xc3\xca\xfe\xa7y\x12\xff\xce')
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0xc, @empty}, 0x54)
recvfrom$auto(0xffffffffffffffff, 0xfffffffffffffffc, 0x5, 0x99, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
ioctl$auto(0x3, 0x541b, 0x7f)
io_uring_setup$auto(0x7, 0x0)
readv$auto(r0, &(0x7f0000000040)={0x0, 0x1}, 0x4)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x3, 0x100)

4.797243026s ago: executing program 4 (id=1845):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$auto_proc_fault_inject_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/make-it-fail\x00', 0x101080, 0x0)
read$auto_proc_fault_inject_operations_base(r0, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$auto_TUNGETVNETBE2(0xffffffffffffffff, 0x800454df, &(0x7f0000000000)=0x8)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
r2 = socket(0x11, 0x80003, 0x300)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
r3 = open(0x0, 0x261c2, 0x84)
close_range$auto(0xffffffffffffffff, r2, 0x0)
r4 = open(&(0x7f0000000000)='./file0\x00', 0x26dc2, 0x84)
io_uring_setup$auto(0x2, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8000, 0x0)
r6 = socket(0xa, 0x2, 0x88)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000280)={'wg0\x00', <r8=>0x0})
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r8, r7, 0x4, 0x401, r6, @relative_id=0x13, 0xe600}, 0xf)
bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r4, 0x0, 0x3}, 0xc)
bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r3, 0x0, 0x3}, 0xc)
bpf$auto(0x2, &(0x7f0000000500)=@bpf_attr_11={0x5, 0x200ffffffff, 0x9, 0x5, 0xf870e9f, 0x7, 0x8}, 0x9)
ioctl$auto_TIOCSBRK2(r1, 0x5427, &(0x7f00000000c0)="04c6e0b013c6a2ff44af3514f1b3ceb16bce5a73ec737aaf5a8a43e368789e6d4a8ec18be08ffebf32274072569cceb0983a55369146784e3384a1a44bbdcb3315e7f9e5e8dea6830d70165a8a3237eccd411f9d137fdb33251a4d7c4327d4e6ef")
futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mlock$auto(0x5, 0x7fff)

3.881142654s ago: executing program 1 (id=1847):
write$auto(0x3, 0x0, 0xfffffdef)

3.866571221s ago: executing program 5 (id=1848):
fsconfig$auto_HIDEPID_NO_ACCESS(0xffffffffffffffff, 0xffff0000, 0x0, 0x0, 0x1)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(0xffffffffffffffff, 0x0, 0xd0)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
capget$auto(0x0, 0xfffffffffffffffe)
openat$auto_proc_fault_inject_operations_base(0xffffffffffffff9c, 0x0, 0x2042, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x80002, 0x73)
mq_open$auto(0x0, 0x600, 0x7ffc, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$auto(0x3, 0x8, 0x7, 0x0)
ioctl$auto(0x1, 0x8983, 0x4)

3.69912716s ago: executing program 1 (id=1849):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/vidtv.0/i2c-0/name\x00', 0x200, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/114, 0x72)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x84c, 0x0, 0x9, 0x0, 0x3, 0x10b}, 0x800009}, 0x1, 0x20000000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x20000, 0x0)
openat$auto_safesetid_uid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000740), 0x101001, 0x0)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)

3.475337348s ago: executing program 5 (id=1850):
r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
getsockopt$auto_SO_TIMESTAMP_NEW(0xffffffffffffffff, 0x7, 0x3f, 0x0, 0x0)
pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xc9\xb3\xbc\x8c\x1dga98\x90\x86\xdde\x1cJ\x99\x00\x11\x11\x14\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xfe\x80\x12\x00\x00\x00\x00\x00\x0fo\x84\xfc\x89\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#\x1c\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd8\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xaf\n1\x80\x1a\xbc_\xef\x8b\t\xcc\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfdef, 0x3)

3.392781664s ago: executing program 1 (id=1851):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/fs/ext4/sda1/mb_group_prealloc\x00', 0x8001, 0x0)
write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
lstat$auto(0x0, &(0x7f0000000180)={0x8001, 0x802, 0x9, 0x63, 0x0, 0x0, 0x0, 0x9, 0x7ff, 0x800000000100002, 0x4, 0x6, 0xc, 0x40, 0x1c, 0x20000000009, 0xb})
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
getsockopt$auto(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x0)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, 0x0, 0x24084005)
getsockopt$auto_SO_BUSY_POLL(0xffffffffffffffff, 0x10000, 0x2e, 0x0, 0x0)
socket(0x27, 0x80000, 0x3)
syz_clone(0x40180311, 0x0, 0x0, 0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8000, 0x0)

3.350501179s ago: executing program 5 (id=1852):
socket(0x15, 0x5, 0x0) (async)
unshare$auto(0x40000080)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/bus/i2c/drivers/anx7411/uevent\x00', 0x10000, 0x0)
sendfile$auto(r1, r1, 0x0, 0xea) (async)
socket(0x2b, 0x1, 0x0) (async)
listen$auto(0x3, 0x81)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) (async)
madvise$auto(0x0, 0x240007, 0x19)
madvise$auto(0x0, 0x2003f2, 0x15) (async)
syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x24048084)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/block/loop4/queue/atomic_write_boundary_bytes\x00', 0x800, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000001080)=""/98, 0x62) (async)
madvise$auto(0x0, 0x200007, 0x19)
close_range$auto(0x2, 0x8, 0x0) (async)
userfaultfd$auto(0x1)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0442, 0x0) (async)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) (async)
epoll_create$auto(0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80302, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) (async)
read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000000)=""/112, 0x70)
ioctl$auto(0x3, 0xae41, r3) (async)
bpf$auto(0x0, 0x0, 0xa3)

3.325669756s ago: executing program 6 (id=1853):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="14000000", @ANYBLOB="040006"], 0x14}, 0x1, 0x0, 0x0, 0x4000010}, 0x800)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000280), r0)
r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f00000005c0), r0)
sendmsg$auto_MACSEC_CMD_ADD_RXSC(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000980)={0x28, r1, 0x8ff972b65c311bf5, 0x70bd26, 0x25dfdbfe, {}, [@MACSEC_ATTR_SA_CONFIG={0xc, 0x3, 0x0, 0x1, [@typed={0x8, 0x115, 0x0, 0x0, @u32=0xda}]}, @MACSEC_ATTR_OFFLOAD={0x8, 0x9, 0x0, 0x1, [@generic="77651778"]}]}, 0x28}, 0x1, 0x0, 0x0, 0x20008090}, 0x4000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x810)
sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, 0x0, 0x20008810)
close_range$auto(0x2, 0x8, 0x0)
unshare$auto(0x40000080)
r2 = socket(0x10, 0x2, 0x0)
bpf$auto(0xff, &(0x7f00000004c0)=@bpf_attr_5={@target_fd, 0xffffffffffffffff, 0x4, 0x5, 0xffffffffffffffff, @relative_id=0x4, 0x400000000005}, 0x3fc)
r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0)
read$auto(r3, &(0x7f00000002c0)='N\xd5\f\xb9GC*(,\x00\xc4bAL\xa3`\xb1\xf2\xe7\xc04b$\x99.\xb4\xcc\xc0%\xaa\xd3\xd5\xef\xa4\xd35u\xc0\xa6\r\xcaJ\x11\xaf\x93\xde\xc3|\x17\x96\xd1\x15g\x10\x1ai1(=!\xf1\xe8\xe4\xcdm\xedKW\xe7\xfbL\\\xf2sj(\v\xcd\xe5\x02B\x81ss\xdd\x8199\xa5\x1e\xb0A\xa3\xcbj7\xe9\xc9L\xcc\xc6\xa4\xaf%\xba\xda\xee\xd8%:bXj\xd5[UG\x8a\x8ab\x9a\x18\xe8K\xafU\x8d\xb1\f~\xaa\xab(\x86(\xf9\b\xf7$%\xf2\x11\xa4\x9bj\xc1)\n\x1ft\xb6\xaf\xe2\xd4\x95\xa3\xe1\x1f\xf7uw\a\xd0\x83{_>/\xff', 0x100000001)
waitid$auto_P_ALL(0x0, 0x2, 0x0, 0x5, &(0x7f0000000b40)={{0x3d, 0x6}, {0xfffffffffffff4c5, 0x2}, 0x408, 0x8, 0x0, 0xdd0, 0x7, 0x5, 0x0, 0x3, 0x7, 0x7, 0x0, 0x96bd, 0x7ff, 0xbf0})
write$auto(r3, &(0x7f0000000040)='S\x00\x00\x00\xfe\xff\xff\xff', 0x8587)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='f\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xcb}, 0x2, 0x0, 0x80000000, 0x2a505}, 0x803}, 0x2004, 0x8)
statmount$auto(&(0x7f0000000000)={0xbd, @raw=0x3, 0x3, 0xffffffffffffd4f2}, &(0x7f00000002c0)={0x2, 0x1, 0x6, 0x8, 0x1, 0x5d9, 0xfff, 0x3, 0x80, 0x1, 0x2, 0x9, 0x8000000000000001, 0x7, 0xfffffffffffff134, 0xc, 0x7, 0x9, 0x6, 0x1, 0x9, 0xa, 0x7, 0x7, 0x92c5, 0x9, 0x4, 0x1, 0x7, 0x2, 0x81, [0x6, 0x4, 0x7, 0x6, 0x6, 0xffff, 0x81, 0x1, 0xfffffffeffffffff, 0x80, 0xa, 0x69, 0x53d, 0xffffffffffffffff, 0x26, 0x1, 0x0, 0x5, 0x4, 0x1, 0x7, 0x7, 0x80, 0xffffffffffffffcc, 0x7fff, 0xc, 0x3, 0x7, 0xc488, 0xc286, 0x7fffffff, 0xf, 0x3, 0x0, 0x3ff, 0x6, 0xff, 0x85c, 0x100000001, 0x9, 0x20000000000, 0x1, 0x6], "f167256b4b90c6ca1a52dfcde084aef550f6ad8ed18caa4cf4b2e5c04b2ad7b9b34c7c7a3e9d117a7526a2c99af5108387b9161b2e5b1961a6adde788a98e241b6ae690547f0e0782cc4440e7f15fd8b8644179711a54a6254befc070dcfcc5e1d3aa61a829494222aca115d1213d1ab835cb429cc3b7491dde055783dd0f3d556d9804e59f8a493471f0f9633763322e113529d8e402401fa9115e92fe44b2a3dd3f240c42e5442c8daa6c8f3bb5b774e98b2ff1f5116351013598b8c4194e0"}, 0x8, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)

2.78160926s ago: executing program 1 (id=1854):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
capget$auto(0x0, 0xfffffffffffffffe)
clone3$auto(&(0x7f0000000080)={0x100008000, 0x8, 0x4, 0x6, 0x0, 0x2, 0x1, 0x81, 0x1, 0x0, 0x3}, 0x40)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
r0 = memfd_create$auto(0x0, 0x2)
r1 = socket(0x23, 0x2, 0x0)
ioctl$auto(r1, 0x89ef, 0xffffffffffffffff)
r2 = fcntl$auto(0xff80000000000000, 0x409, 0x3f)
r3 = openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/dri/vkms/Writeback-1/edid_override\x00', 0x40901, 0x0)
write$auto(r3, 0x0, 0xeaff)
fallocate$auto(r2, 0x1, 0xd, 0x5)
socket(0x1a, 0x1, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000)
mmap$auto(0x0, 0x7, 0xffffffff, 0xeb1, 0x401, 0x8000)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0)
read$auto(r4, 0x0, 0x81)
r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3)
unshare$auto(0x40000080)
io_uring_register$auto(r2, 0x401, &(0x7f0000000100)="fa5dfb5c44312d4e0a3ab09aff5e55233714ebbfcaa33b8644e30071b36d4c66553a5413dada26b0465aac8fc8", 0xb9f)
lsm_list_modules$auto(0x0, 0x0, 0x0)
r6 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000002c40)='/dev/snd/midiC2D2\x00', 0x121002, 0x0)
ioctl$auto_SNDRV_RAWMIDI_IOCTL_PARAMS(r6, 0xc0305710, &(0x7f0000002c80)={0x0, 0xad1b, 0x0, 0x0, 0x8, "ed0fec02e6bf50d015c76509"})
ioctl$auto_SIOCGIFHWADDR(r2, 0x8927, &(0x7f0000000000)="00bc21c3f3276a4e")
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
write$auto(0x3, 0x0, 0x100085)
socket(0xa, 0x5, 0x0)
connect$auto(r2, &(0x7f0000000040)=@sco={0x1f, @none}, 0x5)
getsockopt$auto(r0, 0xfffe, 0x9, 0x0, 0x0)

2.716449384s ago: executing program 4 (id=1855):
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000100), 0xffffffffffffffff)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/nbd0\x00', 0x1e9a02, 0x0) (async, rerun: 64)
setresuid$auto(0x0, 0x0, 0x0) (rerun: 64)
ioctl$auto_BLKALIGNOFF(r0, 0x127a, 0x0) (async)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f0000000440)='/Eev/aud\x00\x00\x00\x00\x00\x00@\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14wa\xeev\xe9\x81\x91\xd0\xf3\x953.O\xabX\xa5\x91\xf1Y8@Z5`\xa4\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\x99&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc\xe0\x91+lP\xec,*e\x95&c\x14\xf4\xd1\x93\x1d\x19\xb2l\x98\xd0\x15\xb1w\xcc\xf4\xaaN\xa9\xf2+1\xed\xe2\xee\xc0\xbf\xfc/&^\x03\x00\x00\x00\x00\x00\x00\x00T^8\xd9\x8c\x15\xa9=|\xa71\xce\xfaE\xc9\xe8\x1e@\xdc\xc7(\xc3\x89\xd2H\x99\xf1uC\xae\xdfSqq\x91\xee\xb0\xb8\xa9\x1cuEe\xa27w\xbdg\xd5:\xdc/\x00\x00\x00\x00\x00\x00\x00\x00%\xc0F\xc2\xda\xf3n\x8e\xbd!\xf05\xed\xf7lP\xaf^\xb8\x1a\t|\xfe\xcak\xc6\xbag\xdd}Z\xc1A\xb8\xb2\x85\xa9J\xf3(\xc6\xa5\xc1L\xb0\xfe\xc2\xe1\xab\x9f\xcd\x90\x01\xd6\x18\x1f\xf9\xab\xa8\x11*z?\xd0u\xad1O\x9fu\x14\xb7\xe3\xed\xbb_\x8b\xacP\xc4\xb52\xdb\xddv\xff\xff\xe0\xd3\xc8\x90\xb5v\xf2\x03M/^=a!\xf6\x1f&[\x11\x03\xba\x06\xb8l\x90\xfblG\xa0D\xb2h\xc1\xc1N2\xe08\xe4\xe9\x00\x00\x00\x00\x00\x00\xa7=\xb9\xe3\x8c\x00\x00\x00', 0x100000a3d9)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x40000008000)
sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800) (async)
sendmsg$auto_NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x41811}, 0x20000000) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x66a03, 0x0)
r3 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$auto_KVM_GET_MSRS(r3, 0x4068aea3, &(0x7f0000000080)={0xc0}) (async)
kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/bond0/bonding/fail_over_mac\x00', 0x103302, 0x0)
sendfile$auto(r4, r4, 0x0, 0x8080000001) (async)
mmap$auto(0xe, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) (async)
close_range$auto(0x2, 0xa, 0xfffffffc) (async)
socket(0x18, 0xa, 0x1) (async)
socket(0xa, 0x2, 0x0) (async)
connect$auto(r0, &(0x7f00000018c0)=@generic={0x11, "ab06fdffff00fff500"}, 0x55) (async, rerun: 64)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) (async, rerun: 64)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0xfdef) (async, rerun: 64)
mmap$auto(0x0, 0x20010, 0x5, 0x20eb1, 0xffffffffffffffff, 0x8000) (async, rerun: 64)
mmap$auto(0x4, 0x1, 0x801, 0x20000000110eb1, r3, 0x1)

2.610873135s ago: executing program 5 (id=1856):
ioctl$auto_posix_clock_file_operations_posix_clock(0xffffffffffffffff, 0x80000043403d05, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x89fc, &(0x7f0000000040)={'bridge0\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x80802, 0x0)
openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000080), 0x200200, 0x0)
getdents64$auto(r1, &(0x7f0000000440)={0x1, 0x5, 0x8000, 0x5, "916e24dd1734f89641f0f5ce302bcb0205173f36f4b6634b48232ab0875497418dc32e93e467b3b66cf1459da7c958265fa050328e2897357dc0cce15b31d97e8477ae13895b320e505e8778339fc5302358e3464b9687fe617f1a5506d3b8bb67d011c8020000008c57df7ad36779be380000000000000000000000000000000000000032d2c5b5cc0070ae765afaea9ead841a5950b3c8e12fe9bbf5ff2df82c6e32116034ba87e7acd2a9778fee6139cbd0a4dba12382cda13333c36f3df82d5c"}, 0x6)
openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000040)='/proc/kmsg\x00', 0x20d00, 0x0)
mmap$auto(0x0, 0x4020009, 0x6, 0x40000000000eb1, 0x401, 0x8000)
r2 = socket(0xd96f55f304dd080d, 0x1, 0x0)
r3 = getsockopt$auto(r2, 0x6, 0x22, 0x0, 0x0)
openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000200), 0x80840, 0x0)
write$auto(r1, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_lockdown_ops_lockdown(0xffffffffffffff9c, 0x0, 0x430000, 0x0)
r4 = openat$auto_dev_fops_plock(0xffffffffffffff9c, &(0x7f0000000140), 0xc080, 0x0)
poll$auto(&(0x7f00000000c0)={r4, 0x1}, 0x1000005, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto_TIOCSBRK2(r3, 0x5427, &(0x7f0000000340))
madvise$auto(0xa, 0x7, 0x5)
syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/net\x00')
openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/uprobe_events\x00', 0x40, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/domainname\x00', 0x88042, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000100), 0x610600, 0x0)

1.748438568s ago: executing program 4 (id=1857):
write$auto(0x3, 0x0, 0xfffffdef)

1.548190788s ago: executing program 4 (id=1858):
r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x4e95127b773a4051, 0x0)
ioctl$auto_SG_SET_RESERVED_SIZE2(r0, 0x2275, 0x0)
r1 = openat$auto_ctl_device_fops_user(0xffffffffffffff9c, &(0x7f0000000280), 0x8002, 0x0)
write$auto_ctl_device_fops_user(r1, &(0x7f0000000300)="0afcdf8eb0d50f1dbabf32062d9b3656d7691f92d3a6925d82b8fff1c24df86c272395d09d23aeaad0db6d154e2e41a384b81c367840632b70a433ed3debb564a91d165ebd91e9fa7b564fe5044878a78648bd53b59992bb6177b85bc34f7ffa2bcf61d2f52b1e4f", 0x68)
r2 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x102, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/pcm0c/sub5/sw_params\x00', 0x101080, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000)
r3 = socket(0xa, 0x3, 0x3b)
getsockopt$auto(r3, 0x29, 0x6, 0x0, 0x0)
ioctl$auto(r2, 0x900064b8, r2)
fstatfs$auto(r0, &(0x7f0000000080)={0x200, 0x3, 0x9, 0xff, 0xfffffffffffffffa, 0xb, 0x7fff, {[0x7, 0x9]}, 0x8, 0x30b, 0x4, [0x7fff, 0x10, 0x5, 0xffffffffffffffff]})
r4 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/007/001\x00', 0xa901, 0x0)
ioctl$auto_USBDEVFS_SUBMITURB(r4, 0x8038550a, &(0x7f0000000000)={0x1, 0x81, 0x5b, 0x3, &(0x7f0000000000), 0x9, 0xeb90, 0x11, @stream_id=0x3, 0x7, 0x476, 0x0, [{0xf, 0x4, 0x70}]})
close_range$auto(r3, r1, 0x97f)

1.492913653s ago: executing program 6 (id=1859):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/amidi2\x00', 0x40, 0x0)
ioctl$auto_SNDRV_RAWMIDI_IOCTL_STATUS64(r1, 0xc0385720, 0x0)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dri/card0\x00', 0xc2c42, 0x0)
close_range$auto(0x2, 0x8, 0x0)
close_range$auto(0x2, 0xa, 0x0)
r2 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080))
r3 = openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x40000, 0x0)
fchdir$auto(r2)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x88042, 0x0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22241, 0x155)
socket(0xa, 0x1, 0x0)
setsockopt$auto(0x3, 0x10000000084, 0x19, 0x0, 0x8)
close_range$auto(r0, r0, 0x1)
mmap$auto(0x8, 0x20009, 0x1f3, 0xeb1, 0x7f, 0x4)
sysfs$auto(0x2, 0x100000000000030, 0x0)
fsopen$auto(0x0, 0x1)
open(&(0x7f0000000080)='./cgroup\x00', 0x101000, 0x0)
sendmsg$auto_GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES64=r3, @ANYBLOB="01002d0008000700"/18, @ANYBLOB='\b\x00\b'], 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x0)
r4 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0)
sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0xfffffffe, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x6)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000003040), 0xffffffffffffffff)
sendmsg$auto_OVS_METER_CMD_SET(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003200)={&(0x7f0000000340)={0x24, r6, 0x159198c6007aa95d, 0x70bd29, 0x25dfdbfc, {}, [@OVS_METER_ATTR_KBPS={0x4}, @OVS_METER_ATTR_BANDS={0x4}, @OVS_METER_ATTR_ID={0x8, 0x1, 0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0xc0}, 0x40)

1.28800962s ago: executing program 6 (id=1860):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/vidtv.0/i2c-0/name\x00', 0x200, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/114, 0x72)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x84c, 0x0, 0x9, 0x0, 0x3, 0x10b}, 0x800009}, 0x1, 0x20000000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sg0\x00', 0x20000, 0x0)
openat$auto_safesetid_uid_file_fops_securityfs(0xffffffffffffff9c, 0x0, 0x101001, 0x0)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)

1.136377307s ago: executing program 6 (id=1861):
unshare$auto(0x1000)
mmap$auto(0xfffffffffffffffc, 0x43, 0xe3, 0x74, 0xffffffffffffffff, 0x28000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0)
close_range$auto(r0, r0, 0x8001)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0)
ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$auto(0x3, 0x4018aebd, r0)
r2 = socket(0x6, 0x4, 0x1)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x4, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
ioctl$auto(0x3, 0xae41, r4)
ioctl$auto_KVM_GET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)={0xd9, 0x0, [{0x49, 0x290, 0xf3}]})
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/mm/ksm/use_zero_pages\x00', 0x101082, 0x0)
write$auto(r2, &(0x7f0000000000)='-\x00', 0x30)
syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff)
ioctl$auto(0x3, 0x8905, 0x38)
r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
write$auto(r5, &(0x7f0000000080)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x40)
prctl$auto(0x2000, 0x7, 0x0, 0xffeffffffffffffc, 0x0)
openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x2, 0x0)
write$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffffff, 0x0, 0x0)
modify_ldt$auto(0x1, 0x0, 0x8000)
getsockopt$auto_SO_TIMESTAMP_OLD(r3, 0x101, 0x1d, &(0x7f00000000c0)='/dev/kvm\x00', &(0x7f0000000100)=0x9c79)
prctl$auto(0x4, 0x3, 0x0, 0x1, 0x1)

542.865045ms ago: executing program 5 (id=1862):
r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x29, 0x2, 0x0)
ioctl$auto(0xffffffffffffffff, 0x7, 0x24)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_async\x00', 0x183941, 0x0)
r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xa8000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0)
socket(0x29, 0x5, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/kcm\x00', 0x480, 0x0)
pread64$auto(r1, 0x0, 0x9, 0x10000003fe)
write$auto(r0, &(0x7f0000000100)='7\x00\\\xa0\x04|\x03\xcb\x92\xfa\b\x1c\xc7k/Q\x1fS\x8b\v\xb5\n`g{n=\x9e\x04\x84\x02\xbe\xed\xc6\xde\xaf^\xf1\x98\x14\x18\xe2\x167a\xf3M\xf9/n#\x03V\xec\x1c\xe4\xe3f\x18\xa3@\x92\xc3-\r\xcd\x02n\xf9@\xca\xa6\xe3\xd8\xc5\x7fi\x1c\xa2\xd6M\x92\"', 0x81)
pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xc9\xb3\xbc\x8c\x1dga08\x90\x86\xdde\x1cJ\x99\x00\x11\x11\x14\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xfe\x80\x12\x00\x00\x00\x00\x00\x0fo\x84\xfc\x89\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#\x1c\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd8\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xaf\n1\x80\x1a\xbc_\xef\x8b\t\xcc\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfdef, 0x3)

454.278384ms ago: executing program 4 (id=1863):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/fs/ext4/sda1/mb_group_prealloc\x00', 0x8001, 0x0)
write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
lstat$auto(0x0, &(0x7f0000000180)={0x8001, 0x802, 0x9, 0x63, 0x0, 0x0, 0x0, 0x9, 0x7ff, 0x800000000100002, 0x4, 0x6, 0xc, 0x40, 0x1c, 0x20000000009, 0xb})
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
getsockopt$auto(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x0)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, 0x0, 0x24084005)
getsockopt$auto_SO_BUSY_POLL(0xffffffffffffffff, 0x10000, 0x2e, 0x0, 0x0)
socket(0x27, 0x80000, 0x3)
syz_clone(0x40180311, 0x0, 0x0, 0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8000, 0x0)

0s ago: executing program 5 (id=1864):
r0 = socketpair$auto(0xb, 0xd, 0xfffffffd, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = socket(0xa, 0x1, 0x84)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x202, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/modules\x00', 0x88880, 0x0)
r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
select$auto(0x8, 0x0, 0x0, &(0x7f0000000240)={[0xe, 0x91e3, 0xb, 0xc, 0x0, 0xf58, 0x3, 0x104412d, 0x8, 0x0, 0x4, 0xd, 0x8000000000000, 0x84c, 0x3, 0x7]}, 0x0)
syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff)
ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, 0x0)
write$auto(0x3, 0x0, 0x7fffffff)
bind$auto(r2, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54)
madvise$auto(0x4000000, 0xffffffffffff0085, 0x1004)
madvise$auto(0xa3a, 0x4, 0x3)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5c000400df8f231a289514b83ab38a2e7007a9c4aac888a413cf66cdaed5ddcc51f1ff15fe220a8aa595a8a22fc486f2fe13892390f00fc808d8218c20ffa162fd242bc12b8c2011e082b42f7a485a60084af6c0cbdbf9c4bcb72ff2c5e38f718a5f0341af2a7a19558727ab9d54", @ANYRES16=r5, @ANYBLOB="01002dbd7000f9dbdf2501000fff060002003f0000000500070058000000080009000200000008000a000c00000014001f00fe8000000000000000000000000000aa14002000fc000000000000000000000000000001"], 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x8000)
shutdown$auto(0x200000003, 0x0)
select$auto(0x4, 0x0, &(0x7f0000000080)={[0x209c, 0xe9e, 0x4, 0x5, 0x1000, 0x100000001, 0xc, 0xf, 0x0, 0x40, 0xe, 0xd59, 0x101, 0xff, 0x2, 0x80080001]}, 0x0, 0x0)
read$auto_binder_features_fops_(r0, &(0x7f00000003c0)=""/235, 0xeb)
r6 = openat$auto_force_wakeup_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/bluetooth/hci8/force_wakeup\x00', 0x100, 0x0)
read$auto_force_wakeup_fops_hci_vhci(r6, &(0x7f0000000100)=""/134, 0x86)
r7 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000004c0), r3)
sendmsg$auto_NL80211_CMD_SET_NOACK_MAP(r0, &(0x7f0000000580)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x3c, r7, 0x200, 0x70bd28, 0x25dfdbfe, {}, [@NL80211_ATTR_BANDS={0x8}, @NL80211_ATTR_FILS_KEK={0x20, 0xf2, "2e3420947cfa4246c66ffa1137b4c0f3a2ecbd8cead1d7f4a57ceb90"}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4008880}, 0x0)
r8 = syz_genetlink_get_family_id$auto_vdpa(&(0x7f0000000600), r1)
sendmsg$auto_VDPA_CMD_DEV_ATTR_SET(r1, &(0x7f0000000740)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000700)={&(0x7f0000000680)={0x64, r8, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@VDPA_ATTR_DEV_NAME={0x14, 0x4, 'lo\x00'}, @VDPA_ATTR_MGMTDEV_BUS_NAME={0xa, 0x1, '-\'\xca}&\x00'}, @VDPA_ATTR_MGMTDEV_BUS_NAME={0x9, 0x1, 'l2tp\x00'}, @VDPA_ATTR_DEV_NAME={0x14, 0x4, 'wlan0\x00'}, @VDPA_ATTR_DEV_QUEUE_INDEX={0x8, 0x11, 0x80000001}, @VDPA_ATTR_DEV_NET_CFG_MTU={0x6, 0xd, 0x8}]}, 0x64}, 0x1, 0x0, 0x0, 0x54}, 0x41)

kernel console output (not intermixed with test programs):

_validate_state+0x129/0x190
[  406.832545][T11612]  __do_sys_keyctl+0x3b2/0x5a0
[  406.832565][T11612]  do_syscall_64+0xc9/0xf80
[  406.832584][T11612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.832600][T11612] RIP: 0033:0x7f3599b9aeb9
[  406.832614][T11612] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  406.832628][T11612] RSP: 002b:00007f359aa8e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  406.832644][T11612] RAX: ffffffffffffffda RBX: 00007f3599e15fa0 RCX: 00007f3599b9aeb9
[  406.832654][T11612] RDX: 7fffffffffffffff RSI: 000000000000ee00 RDI: 0000000000000016
[  406.832663][T11612] RBP: 00007f3599c08c1f R08: 000000000000000c R09: 0000000000000000
[  406.832672][T11612] R10: 00000000000099a7 R11: 0000000000000246 R12: 0000000000000000
[  406.832681][T11612] R13: 00007f3599e16038 R14: 00007f3599e15fa0 R15: 00007fff5de44c98
[  406.832701][T11612]  </TASK>
[  408.190793][T11635] futex_wake_op: syz.1.1191 tries to shift op by -2048; fix this program
[  408.260768][T11635] 0x000000000001-0x000000020000 : ""
[  408.370095][T11635] ftl_cs: FTL header corrupt!
[  408.569371][T11631] could not allocate digest TFM handle 
[  408.904739][ T5824] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  409.341128][T11660] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1194'.
[  409.433482][T11663] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1195'.
[  409.705683][T11668] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1196'.
[  410.049466][T11639] kexec: Could not allocate control_code_buffer
[  411.450311][T11705] ima: policy update failed
[  411.459971][   T30] audit: type=1802 audit(2147487884.707:37): pid=11705 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.1203" res=0 errno=0
[  412.009653][T11718] usb usb13: check_ctrlrecip: process 11718 (syz.4.1207) requesting ep 01 but needs 81
[  412.009681][T11718] usb usb13: usbfs: process 11718 (syz.4.1207) did not claim interface 0 before use
[  412.157357][ T5147] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  412.235002][T11725] netlink: 9 bytes leftover after parsing attributes in process `syz.4.1208'.
[  413.062484][T11744] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1213'.
[  413.102072][T11746] futex_wake_op: syz.4.1212 tries to shift op by -2048; fix this program
[  413.190668][T11716] kexec: Could not allocate control_code_buffer
[  413.199753][T11749] 0x000000000001-0x000000020000 : ""
[  413.254509][T11749] ftl_cs: FTL header corrupt!
[  413.363333][T11742] could not allocate digest TFM handle 
[  413.724438][T11759] futex_wake_op: syz.2.1215 tries to shift op by -2048; fix this program
[  413.773218][T11759] 0x000000000001-0x000000020000 : ""
[  413.825388][T11759] ftl_cs: FTL header corrupt!
[  413.952610][T11757] could not allocate digest TFM handle 
[  414.481504][T11775] futex_wake_op: syz.3.1216 tries to shift op by -2048; fix this program
[  414.594811][T11778] 0x000000000001-0x000000020000 : ""
[  414.657582][T11778] ftl_cs: FTL header corrupt!
[  414.689361][T11767] could not allocate digest TFM handle 
[  415.543288][ T5824] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  415.552605][ T5824] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  416.531660][T11811] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1226'.
[  416.610453][T11796] kexec: Could not allocate control_code_buffer
[  416.846530][   T30] audit: type=1804 audit(2147487890.114:38): pid=11816 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1224" name="/newroot/sys/kernel/tracing/set_event" dev="tracefs" ino=24 res=1 errno=0
[  418.652902][T11856] futex_wake_op: syz.1.1235 tries to shift op by -2048; fix this program
[  418.767883][T11862] 0x000000000001-0x000000020000 : ""
[  418.847442][T11850] could not allocate digest TFM handle 
[  418.855567][ T5824] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  418.924744][T11862] ftl_cs: FTL header corrupt!
[  419.036187][T11855] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1237'.
[  419.150671][T11855] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  419.345770][T11872] futex_wake_op: syz.2.1238 tries to shift op by -2048; fix this program
[  419.384649][T11872] 0x000000000001-0x000000020000 : ""
[  419.434931][T11872] ftl_cs: FTL header corrupt!
[  419.510771][T11869] could not allocate digest TFM handle 
[  419.723689][T11852] kexec: Could not allocate control_code_buffer
[  419.755613][T11855] batman_adv: batadv0: Removing interface: batadv_slave_1
[  420.663213][ T5824] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260
[  420.663238][ T5824] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260
[  420.679265][ T5824] Bluetooth: hci2: Unknown advertising packet type: 0x7f
[  420.679285][ T5824] Bluetooth: hci2: adv larger than maximum supported
[  420.686433][ T5824] Bluetooth: hci2: adv larger than maximum supported
[  420.693765][ T5824] Bluetooth: hci2: Malformed LE Event: 0x0d
[  420.884293][ T5824] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  421.193399][ T5147] Bluetooth: hci4: unexpected event 0x3d length: 726 > 14
[  421.193538][T11901] usb usb7: usbfs: process 11901 (syz.4.1245) did not claim interface 0 before use
[  421.818334][T11891] kexec: Could not allocate control_code_buffer
[  422.944731][ T5147] Bluetooth: hci4: unexpected event 0x3e length: 726 > 260
[  422.944755][ T5147] Bluetooth: hci4: unexpected subevent 0x0d length: 725 > 260
[  422.960773][ T5147] Bluetooth: hci4: Unknown advertising packet type: 0x7f
[  422.960809][ T5147] Bluetooth: hci4: adv larger than maximum supported
[  422.968133][ T5147] Bluetooth: hci4: adv larger than maximum supported
[  422.975335][ T5147] Bluetooth: hci4: Malformed LE Event: 0x0d
[  423.573708][T11945] futex_wake_op: syz.3.1257 tries to shift op by -2048; fix this program
[  423.654014][T11945] 0x000000000001-0x000000020000 : ""
[  423.701028][T11945] ftl_cs: FTL header corrupt!
[  423.835771][T11940] could not allocate digest TFM handle 
[  424.115560][T11960] futex_wake_op: syz.4.1259 tries to shift op by -2048; fix this program
[  424.194531][T11960] futex_wake_op: syz.4.1259 tries to shift op by -2048; fix this program
[  424.325285][T11958] could not allocate digest TFM handle 
[  424.419150][T11971] futex_wake_op: syz.3.1260 tries to shift op by -2048; fix this program
[  424.471606][T11971] futex_wake_op: syz.3.1260 tries to shift op by -2048; fix this program
[  424.585520][T11975] 0x000000000001-0x000000020000 : ""
[  424.656787][T11968] could not allocate digest TFM handle 
[  424.724331][T11975] ftl_cs: FTL header corrupt!
[  425.747201][T12001] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1267'.
[  426.997527][T12028] futex_wake_op: syz.2.1270 tries to shift op by -2048; fix this program
[  427.036277][T12028] futex_wake_op: syz.2.1270 tries to shift op by -2048; fix this program
[  427.131068][T12028] 0x000000000001-0x000000020000 : ""
[  427.152900][T12026] could not allocate digest TFM handle 
[  427.201960][T12028] ftl_cs: FTL header corrupt!
[  427.520442][T12039] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1272'.
[  427.794411][T12039] bridge0: port 3(gretap0) entered blocking state
[  427.827324][T12039] bridge0: port 3(gretap0) entered disabled state
[  427.888084][T12039] gretap0: entered allmulticast mode
[  427.982228][T12039] gretap0: entered promiscuous mode
[  428.045706][T12039] bridge0: port 3(gretap0) entered blocking state
[  428.052231][T12039] bridge0: port 3(gretap0) entered forwarding state
[  428.818508][T12072] futex_wake_op: syz.1.1281 tries to shift op by -2048; fix this program
[  428.954712][T12076] 0x000000000001-0x000000020000 : ""
[  429.013246][T12076] ftl_cs: FTL header corrupt!
[  429.386264][T12083] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1283'.
[  429.728594][T12092] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1286'.
[  431.615700][T12132] futex_wake_op: syz.2.1293 tries to shift op by -2048; fix this program
[  431.674352][T12132] futex_wake_op: syz.2.1293 tries to shift op by -2048; fix this program
[  431.731738][T12135] futex_wake_op: syz.4.1294 tries to shift op by -2048; fix this program
[  431.765302][T12138] 0x000000000001-0x000000020000 : ""
[  431.797798][T12127] could not allocate digest TFM handle 
[  431.842046][T12138] ftl_cs: FTL header corrupt!
[  432.651470][ T5147] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  432.658927][ T5147] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection
[  433.903886][T12172] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1302'.
[  434.542088][T12155] kexec: Could not allocate control_code_buffer
[  435.234958][T12188] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1305'.
[  435.397968][T12191] futex_wake_op: syz.1.1306 tries to shift op by -2048; fix this program
[  435.443870][T12190] 0x000000000001-0x000000020000 : ""
[  435.458502][T12190] ftl_cs: FTL header corrupt!
[  436.454369][T12217] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1311'.
[  438.279658][T12226] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0
[  439.505677][T12239] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1316'.
[  440.274997][T12248] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1319'.
[  441.191123][T12264] futex_wake_op: syz.1.1323 tries to shift op by -2048; fix this program
[  441.227637][T12264] futex_wake_op: syz.1.1323 tries to shift op by -2048; fix this program
[  441.250039][T12262] could not allocate digest TFM handle 
[  441.260444][T12261] 0x000000000001-0x000000020000 : ""
[  441.276943][T12261] ftl_cs: FTL header corrupt!
[  444.394422][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  444.401163][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  446.856494][ T5147] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  446.865532][ T5147] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  446.873592][ T5147] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  446.881449][ T5147] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  446.889509][ T5147] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  447.023174][T12361] chnl_net:caif_netlink_parms(): no params data found
[  447.085740][T12361] bridge0: port 1(bridge_slave_0) entered blocking state
[  447.092907][T12361] bridge0: port 1(bridge_slave_0) entered disabled state
[  447.101411][T12361] bridge_slave_0: entered allmulticast mode
[  447.108647][T12361] bridge_slave_0: entered promiscuous mode
[  447.116460][T12361] bridge0: port 2(bridge_slave_1) entered blocking state
[  447.123562][T12361] bridge0: port 2(bridge_slave_1) entered disabled state
[  447.136343][T12361] bridge_slave_1: entered allmulticast mode
[  447.143528][T12361] bridge_slave_1: entered promiscuous mode
[  447.169680][T12361] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  447.181149][T12361] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  447.207982][T12361] team0: Port device team_slave_0 added
[  447.215977][T12361] team0: Port device team_slave_1 added
[  447.242552][T12361] batman_adv: batadv0: Adding interface: batadv_slave_0
[  447.250641][T12361] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  447.276915][T12361] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  447.289117][T12361] batman_adv: batadv0: Adding interface: batadv_slave_1
[  447.296355][T12361] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  447.322553][T12361] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  447.365024][T12361] hsr_slave_0: entered promiscuous mode
[  447.371289][T12361] hsr_slave_1: entered promiscuous mode
[  447.377752][T12361] debugfs: 'hsr0' already exists in 'hsr'
[  447.383846][T12361] Cannot create hsr debugfs directory
[  447.516522][T12361] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  447.526667][T12361] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  447.540240][T12361] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  447.550047][T12361] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  447.581307][T12361] bridge0: port 2(bridge_slave_1) entered blocking state
[  447.588474][T12361] bridge0: port 2(bridge_slave_1) entered forwarding state
[  447.595841][T12361] bridge0: port 1(bridge_slave_0) entered blocking state
[  447.602918][T12361] bridge0: port 1(bridge_slave_0) entered forwarding state
[  447.651640][T12361] 8021q: adding VLAN 0 to HW filter on device bond0
[  447.669348][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  447.680481][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  447.697494][T12361] 8021q: adding VLAN 0 to HW filter on device team0
[  447.709353][   T50] bridge0: port 1(bridge_slave_0) entered blocking state
[  447.716492][   T50] bridge0: port 1(bridge_slave_0) entered forwarding state
[  447.803923][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[  447.811082][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[  448.235156][ T5824] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  448.245169][ T5824] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  448.260391][ T5824] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  448.279158][ T5824] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  448.286634][ T5824] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  448.805265][T12361] 8021q: adding VLAN 0 to HW filter on device batadv0
[  448.894374][T12383] chnl_net:caif_netlink_parms(): no params data found
[  448.925390][ T5824] Bluetooth: hci0: command tx timeout
[  449.227016][T12383] bridge0: port 1(bridge_slave_0) entered blocking state
[  449.257360][T12383] bridge0: port 1(bridge_slave_0) entered disabled state
[  449.281417][T12383] bridge_slave_0: entered allmulticast mode
[  449.300167][T12383] bridge_slave_0: entered promiscuous mode
[  449.319623][T12383] bridge0: port 2(bridge_slave_1) entered blocking state
[  449.363255][T12383] bridge0: port 2(bridge_slave_1) entered disabled state
[  449.396237][T12383] bridge_slave_1: entered allmulticast mode
[  449.430647][T12383] bridge_slave_1: entered promiscuous mode
[  449.570198][T12415] bridge0: port 3(bond0) entered blocking state
[  449.586488][T12415] bridge0: port 3(bond0) entered disabled state
[  449.602080][T12415] bond0: entered allmulticast mode
[  449.617373][T12415] bond_slave_0: entered allmulticast mode
[  449.627435][T12415] bond_slave_1: entered allmulticast mode
[  449.654945][T12415] bond0: entered promiscuous mode
[  449.675969][T12415] bond_slave_0: entered promiscuous mode
[  449.711208][T12415] bond_slave_1: entered promiscuous mode
[  449.737584][T12415] bridge0: port 3(bond0) entered blocking state
[  449.743969][T12415] bridge0: port 3(bond0) entered forwarding state
[  449.812991][T12383] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  449.857164][T12383] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  449.977602][T12383] team0: Port device team_slave_0 added
[  450.006806][T12361] veth0_vlan: entered promiscuous mode
[  450.028681][T12383] team0: Port device team_slave_1 added
[  450.085444][T12361] veth1_vlan: entered promiscuous mode
[  450.154283][T12383] batman_adv: batadv0: Adding interface: batadv_slave_0
[  450.177464][T12383] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  450.233901][T12383] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  450.281436][T12383] batman_adv: batadv0: Adding interface: batadv_slave_1
[  450.305512][T12383] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  450.357184][T12383] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  450.369029][ T5824] Bluetooth: hci5: command tx timeout
[  450.497744][T12361] veth0_macvtap: entered promiscuous mode
[  450.520105][T12383] hsr_slave_0: entered promiscuous mode
[  450.537633][T12383] hsr_slave_1: entered promiscuous mode
[  450.548746][T12383] debugfs: 'hsr0' already exists in 'hsr'
[  450.564275][T12383] Cannot create hsr debugfs directory
[  450.604676][T12361] veth1_macvtap: entered promiscuous mode
[  450.809020][T12361] batman_adv: batadv0: Interface activated: batadv_slave_0
[  450.994473][ T5824] Bluetooth: hci0: command tx timeout
[  451.524900][ T5824] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  451.532731][ T5824] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection
[  451.866010][T12441] zram: Added device: zram1
[  452.427471][ T5147] Bluetooth: hci5: command tx timeout
[  452.666724][T12361] batman_adv: batadv0: Interface activated: batadv_slave_1
[  452.804819][   T36] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  452.837719][   T36] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  452.894098][T12427] kexec: Could not allocate control_code_buffer
[  452.939027][   T36] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  452.954697][   T36] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  453.068249][ T5147] Bluetooth: hci0: command tx timeout
[  453.125752][T12383] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  453.166050][T12383] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  453.209870][T12383] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  453.250102][T12383] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  453.269965][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  453.303841][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  453.390503][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  453.425722][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  453.634010][T12383] 8021q: adding VLAN 0 to HW filter on device bond0
[  453.699322][T12383] 8021q: adding VLAN 0 to HW filter on device team0
[  453.792334][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  453.799474][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  453.887753][   T80] bridge0: port 2(bridge_slave_1) entered blocking state
[  453.894890][   T80] bridge0: port 2(bridge_slave_1) entered forwarding state
[  453.970577][T12466] debugfs: '!PjEùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' already exists in 'ieee80211'
[  454.045742][T12471] bridge0: port 3(bond0) entered blocking state
[  454.104510][T12471] bridge0: port 3(bond0) entered disabled state
[  454.141432][T12471] bond0: entered allmulticast mode
[  454.183240][T12471] bond_slave_0: entered allmulticast mode
[  454.223173][T12471] bond_slave_1: entered allmulticast mode
[  454.296307][T12471] bond0: entered promiscuous mode
[  454.328950][T12471] bond_slave_0: entered promiscuous mode
[  454.353060][T12471] bond_slave_1: entered promiscuous mode
[  454.375268][T12471] bridge0: port 3(bond0) entered blocking state
[  454.381630][T12471] bridge0: port 3(bond0) entered forwarding state
[  454.496671][ T5147] Bluetooth: hci5: command tx timeout
[  454.633813][T12383] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  454.676800][T12484] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1367'.
[  454.724227][T12383] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  454.757803][ T5147] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  454.765317][ T5147] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection
[  454.914997][T12484] FAULT_INJECTION: forcing a failure.
[  454.914997][T12484] name failslab, interval 1, probability 0, space 0, times 0
[  454.966348][T12484] CPU: 0 UID: 0 PID: 12484 Comm: syz.5.1367 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  454.966375][T12484] Tainted: [L]=SOFTLOCKUP
[  454.966380][T12484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  454.966390][T12484] Call Trace:
[  454.966395][T12484]  <TASK>
[  454.966400][T12484]  dump_stack_lvl+0x100/0x190
[  454.966423][T12484]  should_fail_ex.cold+0x5/0xa
[  454.966447][T12484]  should_failslab+0xc2/0x120
[  454.966469][T12484]  kmem_cache_alloc_node_noprof+0x8c/0x880
[  454.966489][T12484]  ? __alloc_skb+0x156/0x410
[  454.966512][T12484]  ? __alloc_skb+0x156/0x410
[  454.966529][T12484]  __alloc_skb+0x156/0x410
[  454.966547][T12484]  ? __alloc_skb+0x35d/0x410
[  454.966566][T12484]  ? __pfx___alloc_skb+0x10/0x10
[  454.966585][T12484]  ? genl_rcv_msg+0x4be/0x800
[  454.966605][T12484]  netlink_ack+0x117/0xb80
[  454.966634][T12484]  netlink_rcv_skb+0x333/0x420
[  454.966656][T12484]  ? __pfx_genl_rcv_msg+0x10/0x10
[  454.966672][T12484]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  454.966702][T12484]  ? netlink_deliver_tap+0x1ae/0xcc0
[  454.966726][T12484]  genl_rcv+0x28/0x40
[  454.966739][T12484]  netlink_unicast+0x5aa/0x870
[  454.966764][T12484]  ? __pfx_netlink_unicast+0x10/0x10
[  454.966785][T12484]  ? __pfx___might_resched+0x10/0x10
[  454.966807][T12484]  ? __lock_acquire+0x4a5/0x2630
[  454.966832][T12484]  netlink_sendmsg+0x8b0/0xda0
[  454.966857][T12484]  ? __pfx_netlink_sendmsg+0x10/0x10
[  454.966879][T12484]  ? __import_iovec+0x1d2/0x640
[  454.966904][T12484]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  454.966925][T12484]  ____sys_sendmsg+0xa54/0xc30
[  454.966943][T12484]  ? __pfx_____sys_sendmsg+0x10/0x10
[  454.966967][T12484]  ___sys_sendmsg+0x190/0x1e0
[  454.966985][T12484]  ? __pfx____sys_sendmsg+0x10/0x10
[  454.967011][T12484]  ? find_held_lock+0x2b/0x80
[  454.967036][T12484]  __sys_sendmsg+0x170/0x220
[  454.967058][T12484]  ? __pfx___sys_sendmsg+0x10/0x10
[  454.967091][T12484]  do_syscall_64+0xc9/0xf80
[  454.967110][T12484]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.967125][T12484] RIP: 0033:0x7feee279aeb9
[  454.967138][T12484] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  454.967152][T12484] RSP: 002b:00007feee357c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  454.967167][T12484] RAX: ffffffffffffffda RBX: 00007feee2a15fa0 RCX: 00007feee279aeb9
[  454.967177][T12484] RDX: 0000000000000000 RSI: 0000200000001f40 RDI: 0000000000000003
[  454.967186][T12484] RBP: 00007feee357c090 R08: 0000000000000000 R09: 0000000000000000
[  454.967200][T12484] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  454.967209][T12484] R13: 00007feee2a16038 R14: 00007feee2a15fa0 R15: 00007ffd355271c8
[  454.967229][T12484]  </TASK>
[  455.409399][T12482] kexec: Could not allocate control_code_buffer
[  455.465459][T12493] netlink: 25 bytes leftover after parsing attributes in process `syz.5.1369'.
[  455.499082][ T5824] Bluetooth: hci0: command tx timeout
[  456.039464][T12383] 8021q: adding VLAN 0 to HW filter on device batadv0
[  456.394248][T12510] futex_wake_op: syz.1.1372 tries to shift op by -2048; fix this program
[  456.464486][T12510] futex_wake_op: syz.1.1372 tries to shift op by -2048; fix this program
[  456.531599][T12514] 0x000000000001-0x000000020000 : ""
[  456.565808][ T5824] Bluetooth: hci5: command tx timeout
[  456.612740][T12514] ftl_cs: FTL header corrupt!
[  456.686092][T12508] could not allocate digest TFM handle 
[  456.942831][T12383] veth0_vlan: entered promiscuous mode
[  457.004777][T12383] veth1_vlan: entered promiscuous mode
[  457.208763][T12383] veth0_macvtap: entered promiscuous mode
[  457.273547][T12383] veth1_macvtap: entered promiscuous mode
[  457.434107][T12383] batman_adv: batadv0: Interface activated: batadv_slave_0
[  457.493686][T12383] batman_adv: batadv0: Interface activated: batadv_slave_1
[  457.552905][   T12] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  457.604229][   T12] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  457.664823][   T12] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  457.719663][   T12] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  457.906902][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  457.957790][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  458.015631][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  458.053715][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  458.454771][T12551] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[  458.724208][ T5824] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  459.000524][T12564] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1382'.
[  459.219840][T12574] futex_wake_op: syz.4.1383 tries to shift op by -2048; fix this program
[  459.274020][T12574] futex_wake_op: syz.4.1383 tries to shift op by -2048; fix this program
[  459.348856][T12578] 0x000000000001-0x000000020000 : ""
[  459.511946][T12578] ftl_cs: FTL header corrupt!
[  459.558167][T12571] could not allocate digest TFM handle 
[  459.638788][T12552] kexec: Could not allocate control_code_buffer
[  460.633894][T12611] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1389'.
[  461.619698][T12622] FAULT_INJECTION: forcing a failure.
[  461.619698][T12622] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  461.804945][T12622] CPU: 0 UID: 0 PID: 12622 Comm: syz.6.1389 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  461.804971][T12622] Tainted: [L]=SOFTLOCKUP
[  461.804977][T12622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  461.804986][T12622] Call Trace:
[  461.804991][T12622]  <TASK>
[  461.804997][T12622]  dump_stack_lvl+0x100/0x190
[  461.805020][T12622]  should_fail_ex.cold+0x5/0xa
[  461.805042][T12622]  ? prepare_alloc_pages+0x16d/0x5f0
[  461.805066][T12622]  should_fail_alloc_page+0xeb/0x140
[  461.805088][T12622]  prepare_alloc_pages+0x1f0/0x5f0
[  461.805110][T12622]  ? __lock_acquire+0x4a5/0x2630
[  461.805131][T12622]  __alloc_frozen_pages_noprof+0x193/0x2410
[  461.805157][T12622]  ? __pfx___might_resched+0x10/0x10
[  461.805180][T12622]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  461.805206][T12622]  ? process_measurement+0x1ea/0x2400
[  461.805225][T12622]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  461.805243][T12622]  ? policy_nodemask+0xed/0x4f0
[  461.805264][T12622]  alloc_pages_mpol+0x1fb/0x550
[  461.805286][T12622]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  461.805311][T12622]  ___kmalloc_large_node+0x104/0x150
[  461.805336][T12622]  __kmalloc_large_node_noprof+0x1c/0x70
[  461.805359][T12622]  ? read_kcore_iter+0x3c8/0x18e0
[  461.805374][T12622]  __kmalloc_noprof+0x6b1/0x9c0
[  461.805387][T12622]  ? __pfx_down_read+0x10/0x10
[  461.805412][T12622]  ? read_kcore_iter+0x3c8/0x18e0
[  461.805435][T12622]  read_kcore_iter+0x3c8/0x18e0
[  461.805449][T12622]  ? kernel_text_address+0x8d/0x100
[  461.805477][T12622]  ? __pfx_read_kcore_iter+0x10/0x10
[  461.805510][T12622]  ? aa_file_perm+0x277/0x1540
[  461.805542][T12622]  ? common_file_perm+0x1ab/0x4f0
[  461.805569][T12622]  ? proc_reg_read_iter+0x11b/0x310
[  461.805590][T12622]  proc_reg_read_iter+0x11b/0x310
[  461.805610][T12622]  ? __pfx_proc_reg_read_iter+0x10/0x10
[  461.805630][T12622]  vfs_read+0x825/0xb30
[  461.805649][T12622]  ? __pfx_vfs_read+0x10/0x10
[  461.805663][T12622]  ? find_held_lock+0x2b/0x80
[  461.805689][T12622]  __x64_sys_pread64+0x1eb/0x250
[  461.805707][T12622]  ? __pfx___x64_sys_pread64+0x10/0x10
[  461.805730][T12622]  do_syscall_64+0xc9/0xf80
[  461.805748][T12622]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  461.805763][T12622] RIP: 0033:0x7fd03b79aeb9
[  461.805776][T12622] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  461.805789][T12622] RSP: 002b:00007fd03c663028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[  461.805804][T12622] RAX: ffffffffffffffda RBX: 00007fd03ba16180 RCX: 00007fd03b79aeb9
[  461.805814][T12622] RDX: 0000000000800003 RSI: 0000000000000000 RDI: 0000000000000005
[  461.805823][T12622] RBP: 00007fd03c663090 R08: 0000000000000000 R09: 0000000000000000
[  461.805832][T12622] R10: 0000000000000270 R11: 0000000000000246 R12: 0000000000000001
[  461.805840][T12622] R13: 00007fd03ba16218 R14: 00007fd03ba16180 R15: 00007ffc3ef03428
[  461.805860][T12622]  </TASK>
[  462.526733][T12640] debugfs: '!PjEùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' already exists in 'ieee80211'
[  463.461284][ T5147] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  463.468755][ T5147] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection
[  464.190247][T12648] kexec: Could not allocate control_code_buffer
[  464.730214][T12667] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1399'.
[  464.774675][T12666] netlink: 'syz.1.1399': attribute type 1 has an invalid length.
[  464.818181][T12666] netlink: 13 bytes leftover after parsing attributes in process `syz.1.1399'.
[  466.008782][T12687] debugfs: '!PjEùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' already exists in 'ieee80211'
[  466.512142][T12695] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1405'.
[  466.648638][T12699] FAULT_INJECTION: forcing a failure.
[  466.648638][T12699] name failslab, interval 1, probability 0, space 0, times 0
[  466.663977][T12699] CPU: 0 UID: 0 PID: 12699 Comm: syz.6.1407 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  466.664005][T12699] Tainted: [L]=SOFTLOCKUP
[  466.664010][T12699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  466.664020][T12699] Call Trace:
[  466.664026][T12699]  <TASK>
[  466.664032][T12699]  dump_stack_lvl+0x100/0x190
[  466.664055][T12699]  should_fail_ex.cold+0x5/0xa
[  466.664080][T12699]  should_failslab+0xc2/0x120
[  466.664101][T12699]  kmem_cache_alloc_lru_noprof+0x8e/0x7d0
[  466.664120][T12699]  ? __lock_acquire+0x4a5/0x2630
[  466.664140][T12699]  ? alloc_inode+0x183/0x250
[  466.664163][T12699]  ? alloc_inode+0x183/0x250
[  466.664182][T12699]  alloc_inode+0x183/0x250
[  466.664203][T12699]  new_inode+0x22/0x1c0
[  466.664225][T12699]  configfs_new_inode+0x24/0x4a0
[  466.664247][T12699]  configfs_create+0xd9/0x370
[  466.664269][T12699]  configfs_lookup+0x38f/0x780
[  466.664286][T12699]  ? __pfx_configfs_lookup+0x10/0x10
[  466.664299][T12699]  lookup_open.isra.0+0x486/0x1890
[  466.664317][T12699]  ? __pfx_lookup_open.isra.0+0x10/0x10
[  466.664343][T12699]  ? lookup_fast+0x2da/0x600
[  466.664358][T12699]  path_openat+0xa9b/0x3120
[  466.664381][T12699]  ? __pfx_path_openat+0x10/0x10
[  466.664405][T12699]  do_filp_open+0x1f7/0x420
[  466.664423][T12699]  ? __pfx_do_filp_open+0x10/0x10
[  466.664452][T12699]  ? _raw_spin_unlock+0x28/0x50
[  466.664467][T12699]  ? alloc_fd+0x476/0x790
[  466.664488][T12699]  do_sys_openat2+0x12e/0x220
[  466.664510][T12699]  ? __pfx_do_sys_openat2+0x10/0x10
[  466.664533][T12699]  ? find_held_lock+0x2b/0x80
[  466.664552][T12699]  __x64_sys_openat+0x12d/0x210
[  466.664574][T12699]  ? __pfx___x64_sys_openat+0x10/0x10
[  466.664594][T12699]  ? xfd_validate_state+0x129/0x190
[  466.664623][T12699]  do_syscall_64+0xc9/0xf80
[  466.664642][T12699]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.664657][T12699] RIP: 0033:0x7fd03b79aeb9
[  466.664670][T12699] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  466.664684][T12699] RSP: 002b:00007fd03c6a5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  466.664700][T12699] RAX: ffffffffffffffda RBX: 00007fd03ba15fa0 RCX: 00007fd03b79aeb9
[  466.664710][T12699] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  466.664719][T12699] RBP: 00007fd03b808c1f R08: 0000000000000000 R09: 0000000000000000
[  466.664728][T12699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  466.664736][T12699] R13: 00007fd03ba16038 R14: 00007fd03ba15fa0 R15: 00007ffc3ef03428
[  466.664756][T12699]  </TASK>
[  467.047496][T12705] FAULT_INJECTION: forcing a failure.
[  467.047496][T12705] name failslab, interval 1, probability 0, space 0, times 0
[  467.060959][T12705] CPU: 0 UID: 0 PID: 12705 Comm: syz.1.1409 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  467.060985][T12705] Tainted: [L]=SOFTLOCKUP
[  467.060990][T12705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  467.061000][T12705] Call Trace:
[  467.061005][T12705]  <TASK>
[  467.061011][T12705]  dump_stack_lvl+0x100/0x190
[  467.061034][T12705]  should_fail_ex.cold+0x5/0xa
[  467.061060][T12705]  should_failslab+0xc2/0x120
[  467.061081][T12705]  kmem_cache_alloc_noprof+0x83/0x780
[  467.061101][T12705]  ? alloc_empty_file+0x55/0x1c0
[  467.061124][T12705]  ? alloc_empty_file+0x55/0x1c0
[  467.061144][T12705]  alloc_empty_file+0x55/0x1c0
[  467.061165][T12705]  path_openat+0xe8/0x3120
[  467.061181][T12705]  ? getname_flags+0x93/0xf0
[  467.061194][T12705]  ? do_sys_openat2+0xc5/0x220
[  467.061214][T12705]  ? __x64_sys_openat+0x12d/0x210
[  467.061243][T12705]  ? do_syscall_64+0xc9/0xf80
[  467.061260][T12705]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.061281][T12705]  ? __pfx_path_openat+0x10/0x10
[  467.061304][T12705]  do_filp_open+0x1f7/0x420
[  467.061322][T12705]  ? __pfx_do_filp_open+0x10/0x10
[  467.061354][T12705]  ? _raw_spin_unlock+0x28/0x50
[  467.061368][T12705]  ? alloc_fd+0x476/0x790
[  467.061390][T12705]  do_sys_openat2+0x12e/0x220
[  467.061411][T12705]  ? __pfx_do_sys_openat2+0x10/0x10
[  467.061433][T12705]  ? __fget_files+0x21f/0x3d0
[  467.061452][T12705]  __x64_sys_openat+0x12d/0x210
[  467.061474][T12705]  ? __pfx___x64_sys_openat+0x10/0x10
[  467.061495][T12705]  ? xfd_validate_state+0x129/0x190
[  467.061523][T12705]  do_syscall_64+0xc9/0xf80
[  467.061541][T12705]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.061556][T12705] RIP: 0033:0x7f4d6639aeb9
[  467.061569][T12705] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  467.061583][T12705] RSP: 002b:00007f4d6718c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  467.061598][T12705] RAX: ffffffffffffffda RBX: 00007f4d66615fa0 RCX: 00007f4d6639aeb9
[  467.061609][T12705] RDX: 0000000000121002 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  467.061618][T12705] RBP: 00007f4d66408c1f R08: 0000000000000000 R09: 0000000000000000
[  467.061627][T12705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  467.061636][T12705] R13: 00007f4d66616038 R14: 00007f4d66615fa0 R15: 00007fff43042778
[  467.061656][T12705]  </TASK>
[  467.309395][T12706] futex_wake_op: syz.4.1408 tries to shift op by -2048; fix this program
[  467.319621][T12706] futex_wake_op: syz.4.1408 tries to shift op by -2048; fix this program
[  467.328053][T12706] futex_wake_op: syz.4.1408 tries to shift op by -2048; fix this program
[  467.339357][T12706] 0x000000000001-0x000000020000 : ""
[  467.487340][T12706] ftl_cs: FTL header corrupt!
[  467.796258][T12702] could not allocate digest TFM handle 
[  468.448742][T12733] FAULT_INJECTION: forcing a failure.
[  468.448742][T12733] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  468.559231][T12733] CPU: 0 UID: 0 PID: 12733 Comm: syz.5.1415 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  468.559257][T12733] Tainted: [L]=SOFTLOCKUP
[  468.559262][T12733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  468.559271][T12733] Call Trace:
[  468.559276][T12733]  <TASK>
[  468.559282][T12733]  dump_stack_lvl+0x100/0x190
[  468.559304][T12733]  should_fail_ex.cold+0x5/0xa
[  468.559328][T12733]  _copy_to_user+0x32/0xd0
[  468.559352][T12733]  simple_read_from_buffer+0xcb/0x170
[  468.559369][T12733]  proc_fail_nth_read+0x1af/0x230
[  468.559387][T12733]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  468.559405][T12733]  ? rw_verify_area+0xce/0x6d0
[  468.559419][T12733]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  468.559436][T12733]  vfs_read+0x1e4/0xb30
[  468.559454][T12733]  ? __pfx_vfs_read+0x10/0x10
[  468.559468][T12733]  ? find_held_lock+0x2b/0x80
[  468.559484][T12733]  ? __fget_files+0x215/0x3d0
[  468.559502][T12733]  ? __fget_files+0x21f/0x3d0
[  468.559523][T12733]  ksys_read+0x12a/0x250
[  468.559538][T12733]  ? __pfx_ksys_read+0x10/0x10
[  468.559559][T12733]  do_syscall_64+0xc9/0xf80
[  468.559579][T12733]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  468.559593][T12733] RIP: 0033:0x7feee275b78e
[  468.559606][T12733] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  468.559619][T12733] RSP: 002b:00007feee09f5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  468.559634][T12733] RAX: ffffffffffffffda RBX: 00007feee09f66c0 RCX: 00007feee275b78e
[  468.559644][T12733] RDX: 000000000000000f RSI: 00007feee09f60a0 RDI: 0000000000000004
[  468.559653][T12733] RBP: 00007feee09f6090 R08: 0000000000000000 R09: 0000000000000000
[  468.559662][T12733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  468.559670][T12733] R13: 00007feee2a16128 R14: 00007feee2a16090 R15: 00007ffd355271c8
[  468.559689][T12733]  </TASK>
[  469.861599][ T5147] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  469.869184][ T5147] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection
[  470.307485][T12773] futex_wake_op: syz.6.1421 tries to shift op by -2048; fix this program
[  470.398606][T12773] futex_wake_op: syz.6.1421 tries to shift op by -2048; fix this program
[  470.517484][T12770] could not allocate digest TFM handle 
[  470.767351][T12759] kexec: Could not allocate control_code_buffer
[  472.087465][ T5147] Bluetooth: hci6: Opcode 0x0c03 failed: -110
[  472.768268][T12807] FAULT_INJECTION: forcing a failure.
[  472.768268][T12807] name failslab, interval 1, probability 0, space 0, times 0
[  472.906628][T12807] CPU: 0 UID: 0 PID: 12807 Comm: syz.5.1428 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  472.906655][T12807] Tainted: [L]=SOFTLOCKUP
[  472.906661][T12807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  472.906671][T12807] Call Trace:
[  472.906676][T12807]  <TASK>
[  472.906683][T12807]  dump_stack_lvl+0x100/0x190
[  472.906707][T12807]  should_fail_ex.cold+0x5/0xa
[  472.906732][T12807]  should_failslab+0xc2/0x120
[  472.906753][T12807]  kmem_cache_alloc_noprof+0x83/0x780
[  472.906771][T12807]  ? __pfx_map_id_range_down+0x10/0x10
[  472.906786][T12807]  ? security_inode_alloc+0x3b/0x2c0
[  472.906809][T12807]  ? security_inode_alloc+0x3b/0x2c0
[  472.906827][T12807]  security_inode_alloc+0x3b/0x2c0
[  472.906846][T12807]  inode_init_always_gfp+0xced/0x1040
[  472.906867][T12807]  alloc_inode+0x8e/0x250
[  472.906889][T12807]  new_inode+0x22/0x1c0
[  472.906911][T12807]  configfs_new_inode+0x24/0x4a0
[  472.906933][T12807]  configfs_create+0xd9/0x370
[  472.906956][T12807]  configfs_lookup+0x38f/0x780
[  472.906972][T12807]  ? __pfx_configfs_lookup+0x10/0x10
[  472.906985][T12807]  lookup_open.isra.0+0x486/0x1890
[  472.907004][T12807]  ? __pfx_lookup_open.isra.0+0x10/0x10
[  472.907029][T12807]  ? lookup_fast+0x2da/0x600
[  472.907045][T12807]  path_openat+0xa9b/0x3120
[  472.907067][T12807]  ? __pfx_path_openat+0x10/0x10
[  472.907091][T12807]  do_filp_open+0x1f7/0x420
[  472.907109][T12807]  ? __pfx_do_filp_open+0x10/0x10
[  472.907139][T12807]  ? _raw_spin_unlock+0x28/0x50
[  472.907153][T12807]  ? alloc_fd+0x476/0x790
[  472.907174][T12807]  do_sys_openat2+0x12e/0x220
[  472.907196][T12807]  ? __pfx_do_sys_openat2+0x10/0x10
[  472.907219][T12807]  ? find_held_lock+0x2b/0x80
[  472.907238][T12807]  __x64_sys_openat+0x12d/0x210
[  472.907260][T12807]  ? __pfx___x64_sys_openat+0x10/0x10
[  472.907281][T12807]  ? xfd_validate_state+0x129/0x190
[  472.907310][T12807]  do_syscall_64+0xc9/0xf80
[  472.907329][T12807]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  472.907344][T12807] RIP: 0033:0x7feee279aeb9
[  472.907362][T12807] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  472.907384][T12807] RSP: 002b:00007feee357c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  472.907400][T12807] RAX: ffffffffffffffda RBX: 00007feee2a15fa0 RCX: 00007feee279aeb9
[  472.907410][T12807] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  472.907421][T12807] RBP: 00007feee2808c1f R08: 0000000000000000 R09: 0000000000000000
[  472.907430][T12807] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  472.907439][T12807] R13: 00007feee2a16038 R14: 00007feee2a15fa0 R15: 00007ffd355271c8
[  472.907460][T12807]  </TASK>
[  473.840447][T12819] MTRR 3 not used
[  477.360298][T12900] FAULT_INJECTION: forcing a failure.
[  477.360298][T12900] name failslab, interval 1, probability 0, space 0, times 0
[  477.446885][T12900] CPU: 0 UID: 0 PID: 12900 Comm: syz.6.1446 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  477.446913][T12900] Tainted: [L]=SOFTLOCKUP
[  477.446919][T12900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  477.446928][T12900] Call Trace:
[  477.446935][T12900]  <TASK>
[  477.446942][T12900]  dump_stack_lvl+0x100/0x190
[  477.446966][T12900]  should_fail_ex.cold+0x5/0xa
[  477.446991][T12900]  should_failslab+0xc2/0x120
[  477.447011][T12900]  __kmalloc_cache_noprof+0x80/0x810
[  477.447027][T12900]  ? ovs_dp_cmd_new+0x404/0xdf0
[  477.447046][T12900]  ? ovs_dp_cmd_new+0x404/0xdf0
[  477.447060][T12900]  ovs_dp_cmd_new+0x404/0xdf0
[  477.447081][T12900]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[  477.447100][T12900]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x290
[  477.447118][T12900]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x1b4/0x290
[  477.447138][T12900]  genl_family_rcv_msg_doit+0x214/0x300
[  477.447156][T12900]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  477.447172][T12900]  ? genl_get_cmd+0x3ef/0x720
[  477.447191][T12900]  ? bpf_lsm_capable+0x9/0x10
[  477.447204][T12900]  ? security_capable+0x80/0x260
[  477.447222][T12900]  ? ns_capable+0xd2/0xf0
[  477.447240][T12900]  genl_rcv_msg+0x560/0x800
[  477.447257][T12900]  ? __pfx_genl_rcv_msg+0x10/0x10
[  477.447273][T12900]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[  477.447295][T12900]  netlink_rcv_skb+0x159/0x420
[  477.447318][T12900]  ? __pfx_genl_rcv_msg+0x10/0x10
[  477.447335][T12900]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  477.447366][T12900]  ? netlink_deliver_tap+0x1ae/0xcc0
[  477.447390][T12900]  genl_rcv+0x28/0x40
[  477.447402][T12900]  netlink_unicast+0x5aa/0x870
[  477.447427][T12900]  ? __pfx_netlink_unicast+0x10/0x10
[  477.447456][T12900]  netlink_sendmsg+0x8b0/0xda0
[  477.447482][T12900]  ? __pfx_netlink_sendmsg+0x10/0x10
[  477.447502][T12900]  ? __import_iovec+0x1d2/0x640
[  477.447526][T12900]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  477.447547][T12900]  ____sys_sendmsg+0xa54/0xc30
[  477.447566][T12900]  ? __pfx_____sys_sendmsg+0x10/0x10
[  477.447580][T12900]  ? __pfx___futex_wait+0x10/0x10
[  477.447597][T12900]  ? __pfx_futex_wake_mark+0x10/0x10
[  477.447623][T12900]  ___sys_sendmsg+0x190/0x1e0
[  477.447641][T12900]  ? __pfx____sys_sendmsg+0x10/0x10
[  477.447667][T12900]  ? find_held_lock+0x2b/0x80
[  477.447693][T12900]  __sys_sendmsg+0x170/0x220
[  477.447715][T12900]  ? __pfx___sys_sendmsg+0x10/0x10
[  477.447736][T12900]  ? __x64_sys_futex+0x34f/0x4d0
[  477.447766][T12900]  do_syscall_64+0xc9/0xf80
[  477.447785][T12900]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  477.447810][T12900] RIP: 0033:0x7fd03b79aeb9
[  477.447824][T12900] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  477.447839][T12900] RSP: 002b:00007fd03c6a5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  477.447855][T12900] RAX: ffffffffffffffda RBX: 00007fd03ba15fa0 RCX: 00007fd03b79aeb9
[  477.447865][T12900] RDX: 0000000002000000 RSI: 0000200000000080 RDI: 0000000000000009
[  477.447875][T12900] RBP: 00007fd03b808c1f R08: 0000000000000000 R09: 0000000000000000
[  477.447884][T12900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  477.447893][T12900] R13: 00007fd03ba16038 R14: 00007fd03ba15fa0 R15: 00007ffc3ef03428
[  477.447913][T12900]  </TASK>
[  478.099686][T12894] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1443'.
[  478.216390][   T30] audit: type=1807 audit(2147487951.693:39): UNKNOWN=0"û]$|Ë1jë0B|d™¹ýÓ‰OŸ¬+ö×/ÉéxÔóÈõWÓ¦–Ó^¸´gq%ḦrêOŽ res=0
[  478.238931][   T30] audit: type=1802 audit(2147487951.693:40): pid=12894 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.4.1443" res=0 errno=0
[  478.386571][T12904] ima: policy update failed
[  478.426890][   T30] audit: type=1802 audit(2147487952.025:41): pid=12904 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.1443" res=0 errno=0
[  481.697560][T12983] futex_wake_op: syz.4.1458 tries to shift op by -2048; fix this program
[  481.848203][T12983] futex_wake_op: syz.4.1458 tries to shift op by -2048; fix this program
[  482.056309][T12978] could not allocate digest TFM handle 
[  483.574203][T13013] Process accounting resumed
[  483.741885][T13018] usb usb7: usbfs: process 13018 (syz.6.1467) did not claim interface 0 before use
[  484.686057][T13022] FAULT_INJECTION: forcing a failure.
[  484.686057][T13022] name failslab, interval 1, probability 0, space 0, times 0
[  484.743445][T13022] CPU: 0 UID: 0 PID: 13022 Comm: syz.1.1468 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  484.743473][T13022] Tainted: [L]=SOFTLOCKUP
[  484.743478][T13022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  484.743488][T13022] Call Trace:
[  484.743494][T13022]  <TASK>
[  484.743500][T13022]  dump_stack_lvl+0x100/0x190
[  484.743523][T13022]  should_fail_ex.cold+0x5/0xa
[  484.743548][T13022]  should_failslab+0xc2/0x120
[  484.743569][T13022]  ? tbl_mask_array_alloc+0x38/0x160
[  484.743591][T13022]  __kmalloc_noprof+0xf6/0x9c0
[  484.743612][T13022]  ? tbl_mask_array_alloc+0x38/0x160
[  484.743634][T13022]  tbl_mask_array_alloc+0x38/0x160
[  484.743659][T13022]  ovs_flow_tbl_init+0x40/0x600
[  484.743672][T13022]  ? kasan_save_track+0x14/0x30
[  484.743692][T13022]  ovs_dp_cmd_new+0x251/0xdf0
[  484.743710][T13022]  ? __kmalloc_noprof+0x365/0x9c0
[  484.743725][T13022]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[  484.743744][T13022]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x290
[  484.743762][T13022]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x1b4/0x290
[  484.743781][T13022]  genl_family_rcv_msg_doit+0x214/0x300
[  484.743799][T13022]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  484.743815][T13022]  ? genl_get_cmd+0x3ef/0x720
[  484.743833][T13022]  ? bpf_lsm_capable+0x9/0x10
[  484.743846][T13022]  ? security_capable+0x80/0x260
[  484.743865][T13022]  ? ns_capable+0xd2/0xf0
[  484.743882][T13022]  genl_rcv_msg+0x560/0x800
[  484.743899][T13022]  ? __pfx_genl_rcv_msg+0x10/0x10
[  484.743915][T13022]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[  484.743937][T13022]  netlink_rcv_skb+0x159/0x420
[  484.743959][T13022]  ? __pfx_genl_rcv_msg+0x10/0x10
[  484.743975][T13022]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  484.744005][T13022]  ? netlink_deliver_tap+0x1ae/0xcc0
[  484.744029][T13022]  genl_rcv+0x28/0x40
[  484.744042][T13022]  netlink_unicast+0x5aa/0x870
[  484.744067][T13022]  ? __pfx_netlink_unicast+0x10/0x10
[  484.744096][T13022]  netlink_sendmsg+0x8b0/0xda0
[  484.744121][T13022]  ? __pfx_netlink_sendmsg+0x10/0x10
[  484.744142][T13022]  ? __import_iovec+0x1d2/0x640
[  484.744166][T13022]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  484.744187][T13022]  ____sys_sendmsg+0xa54/0xc30
[  484.744205][T13022]  ? __pfx_____sys_sendmsg+0x10/0x10
[  484.744220][T13022]  ? __pfx___futex_wait+0x10/0x10
[  484.744237][T13022]  ? __pfx_futex_wake_mark+0x10/0x10
[  484.744263][T13022]  ___sys_sendmsg+0x190/0x1e0
[  484.744281][T13022]  ? __pfx____sys_sendmsg+0x10/0x10
[  484.744307][T13022]  ? find_held_lock+0x2b/0x80
[  484.744342][T13022]  __sys_sendmsg+0x170/0x220
[  484.744364][T13022]  ? __pfx___sys_sendmsg+0x10/0x10
[  484.744385][T13022]  ? __x64_sys_futex+0x34f/0x4d0
[  484.744417][T13022]  do_syscall_64+0xc9/0xf80
[  484.744437][T13022]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  484.744452][T13022] RIP: 0033:0x7f4d6639aeb9
[  484.744466][T13022] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  484.744481][T13022] RSP: 002b:00007f4d6718c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  484.744496][T13022] RAX: ffffffffffffffda RBX: 00007f4d66615fa0 RCX: 00007f4d6639aeb9
[  484.744507][T13022] RDX: 0000000002000000 RSI: 0000200000000080 RDI: 0000000000000009
[  484.744517][T13022] RBP: 00007f4d66408c1f R08: 0000000000000000 R09: 0000000000000000
[  484.744526][T13022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  484.744536][T13022] R13: 00007f4d66616038 R14: 00007f4d66615fa0 R15: 00007fff43042778
[  484.744556][T13022]  </TASK>
[  485.086954][    C0] hrtimer: interrupt took 340016755 ns
[  485.106409][T12970] kexec: Could not allocate control_code_buffer
[  486.875156][T13061] FAULT_INJECTION: forcing a failure.
[  486.875156][T13061] name failslab, interval 1, probability 0, space 0, times 0
[  486.921803][T13061] CPU: 0 UID: 0 PID: 13061 Comm: syz.1.1479 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  486.921838][T13061] Tainted: [L]=SOFTLOCKUP
[  486.921844][T13061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  486.921853][T13061] Call Trace:
[  486.921864][T13061]  <TASK>
[  486.921872][T13061]  dump_stack_lvl+0x100/0x190
[  486.921895][T13061]  should_fail_ex.cold+0x5/0xa
[  486.921919][T13061]  should_failslab+0xc2/0x120
[  486.921941][T13061]  kmem_cache_alloc_noprof+0x83/0x780
[  486.921961][T13061]  ? alloc_empty_file+0x55/0x1c0
[  486.921985][T13061]  ? alloc_empty_file+0x55/0x1c0
[  486.922008][T13061]  alloc_empty_file+0x55/0x1c0
[  486.922029][T13061]  path_openat+0xe8/0x3120
[  486.922045][T13061]  ? getname_flags+0x93/0xf0
[  486.922058][T13061]  ? do_sys_openat2+0xc5/0x220
[  486.922079][T13061]  ? __x64_sys_openat+0x12d/0x210
[  486.922099][T13061]  ? do_syscall_64+0xc9/0xf80
[  486.922115][T13061]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.922134][T13061]  ? __pfx_path_openat+0x10/0x10
[  486.922158][T13061]  do_filp_open+0x1f7/0x420
[  486.922176][T13061]  ? __pfx_do_filp_open+0x10/0x10
[  486.922208][T13061]  ? _raw_spin_unlock+0x28/0x50
[  486.922222][T13061]  ? alloc_fd+0x476/0x790
[  486.922243][T13061]  do_sys_openat2+0x12e/0x220
[  486.922265][T13061]  ? __pfx_do_sys_openat2+0x10/0x10
[  486.922288][T13061]  ? __fget_files+0x21f/0x3d0
[  486.922308][T13061]  __x64_sys_openat+0x12d/0x210
[  486.922330][T13061]  ? __pfx___x64_sys_openat+0x10/0x10
[  486.922351][T13061]  ? xfd_validate_state+0x129/0x190
[  486.922380][T13061]  do_syscall_64+0xc9/0xf80
[  486.922399][T13061]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.922413][T13061] RIP: 0033:0x7f4d6635b78e
[  486.922426][T13061] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  486.922440][T13061] RSP: 002b:00007f4d6718bf98 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  486.922455][T13061] RAX: ffffffffffffffda RBX: 00007f4d6718c6c0 RCX: 00007f4d6635b78e
[  486.922466][T13061] RDX: 0000000000000002 RSI: 00007f4d664057c5 RDI: ffffffffffffff9c
[  486.922474][T13061] RBP: 00007f4d66408c1f R08: 0000000000000000 R09: 0000000000000000
[  486.922483][T13061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  486.922492][T13061] R13: 00007f4d66616038 R14: 00007f4d66615fa0 R15: 00007fff43042778
[  486.922511][T13061]  </TASK>
[  487.926624][T13072] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1481'.
[  489.843727][T13120] usb usb7: usbfs: process 13120 (syz.4.1488) did not claim interface 0 before use
[  491.304203][ T5147] Bluetooth: hci5: unexpected subevent 0x01 length: 123 > 18
[  491.736528][T13168] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1498'.
[  491.945250][T13172] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[  492.245369][T13153] kexec: Could not allocate control_code_buffer
[  492.623518][T13184] futex_wake_op: syz.6.1502 tries to shift op by -2048; fix this program
[  492.676686][T13184] futex_wake_op: syz.6.1502 tries to shift op by -2048; fix this program
[  492.785694][T13182] could not allocate digest TFM handle 
[  494.059114][T13206] futex_wake_op: syz.6.1505 tries to shift op by -2048; fix this program
[  494.118708][T13206] futex_wake_op: syz.6.1505 tries to shift op by -2048; fix this program
[  494.170711][T13206] 0x000000000001-0x000000020000 : ""
[  494.239667][T13206] ftl_cs: FTL header corrupt!
[  494.257874][T13203] could not allocate digest TFM handle 
[  495.346331][T13222] FAULT_INJECTION: forcing a failure.
[  495.346331][T13222] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  495.410081][T13222] CPU: 0 UID: 0 PID: 13222 Comm: syz.4.1509 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  495.410108][T13222] Tainted: [L]=SOFTLOCKUP
[  495.410114][T13222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  495.410123][T13222] Call Trace:
[  495.410127][T13222]  <TASK>
[  495.410133][T13222]  dump_stack_lvl+0x100/0x190
[  495.410157][T13222]  should_fail_ex.cold+0x5/0xa
[  495.410179][T13222]  ? prepare_alloc_pages+0x16d/0x5f0
[  495.410202][T13222]  should_fail_alloc_page+0xeb/0x140
[  495.410224][T13222]  prepare_alloc_pages+0x1f0/0x5f0
[  495.410250][T13222]  __alloc_frozen_pages_noprof+0x193/0x2410
[  495.410276][T13222]  ? find_held_lock+0x2b/0x80
[  495.410290][T13222]  ? is_bpf_text_address+0x8a/0x1a0
[  495.410314][T13222]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  495.410331][T13222]  ? bpf_ksym_find+0x124/0x1c0
[  495.410349][T13222]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  495.410367][T13222]  ? is_bpf_text_address+0x94/0x1a0
[  495.410392][T13222]  ? unwind_get_return_address+0x59/0xa0
[  495.410410][T13222]  ? arch_stack_walk+0xa6/0xf0
[  495.410429][T13222]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  495.410447][T13222]  ? policy_nodemask+0xed/0x4f0
[  495.410469][T13222]  alloc_pages_mpol+0x1fb/0x550
[  495.410490][T13222]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  495.410516][T13222]  alloc_pages_noprof+0x131/0x390
[  495.410538][T13222]  __pmd_alloc+0x3b/0x9c0
[  495.410563][T13222]  __handle_mm_fault+0xa99/0x2b50
[  495.410581][T13222]  ? mt_find+0x45e/0x8e0
[  495.410601][T13222]  ? __pfx___handle_mm_fault+0x10/0x10
[  495.410616][T13222]  ? __pfx_mt_find+0x10/0x10
[  495.410644][T13222]  ? find_vma+0xbf/0x140
[  495.410663][T13222]  ? __pfx_find_vma+0x10/0x10
[  495.410684][T13222]  handle_mm_fault+0x36d/0xa20
[  495.410703][T13222]  do_user_addr_fault+0x74c/0x12f0
[  495.410726][T13222]  exc_page_fault+0x6f/0xd0
[  495.410743][T13222]  asm_exc_page_fault+0x26/0x30
[  495.410757][T13222] RIP: 0010:rep_movs_alternative+0x30/0x90
[  495.410780][T13222] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 7d 7d 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08
[  495.410794][T13222] RSP: 0018:ffffc90004b078b0 EFLAGS: 00050216
[  495.410806][T13222] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000020
[  495.410816][T13222] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffc90004b07960
[  495.410824][T13222] RBP: 0000000000000020 R08: 0000000000000001 R09: fffff52000960f2f
[  495.410833][T13222] R10: ffffc90004b0797f R11: 0000000000000000 R12: 0000000000000000
[  495.410842][T13222] R13: ffffc90004b07960 R14: 1ffff92000960f24 R15: 0000000000000000
[  495.410861][T13222]  _copy_from_user+0x98/0xd0
[  495.410885][T13222]  ipv6_flowlabel_opt+0x3b7/0x2d40
[  495.410910][T13222]  ? __pfx_ipv6_flowlabel_opt+0x10/0x10
[  495.410929][T13222]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  495.410956][T13222]  ? __local_bh_enable_ip+0x9e/0x120
[  495.410977][T13222]  ? do_ipv6_setsockopt+0x1944/0x4400
[  495.410996][T13222]  do_ipv6_setsockopt+0x1944/0x4400
[  495.411010][T13222]  ? _parse_integer_limit+0x17f/0x1d0
[  495.411030][T13222]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[  495.411051][T13222]  ? lock_acquire+0x17c/0x330
[  495.411072][T13222]  ? __pfx___might_resched+0x10/0x10
[  495.411096][T13222]  ? rcu_is_watching+0x12/0xc0
[  495.411113][T13222]  ? trace_contention_end+0xd6/0x110
[  495.411133][T13222]  ? __mutex_lock+0x26a/0x1b90
[  495.411153][T13222]  ? smc_setsockopt+0x100/0xa10
[  495.411167][T13222]  ? find_held_lock+0x2b/0x80
[  495.411181][T13222]  ? get_pid_task+0xfc/0x250
[  495.411202][T13222]  ? __pfx___mutex_lock+0x10/0x10
[  495.411225][T13222]  ? ipv6_setsockopt+0xcb/0x170
[  495.411238][T13222]  ipv6_setsockopt+0xcb/0x170
[  495.411253][T13222]  tcp_setsockopt+0xa7/0x100
[  495.411276][T13222]  smc_setsockopt+0x1b6/0xa10
[  495.411289][T13222]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  495.411307][T13222]  ? __pfx_smc_setsockopt+0x10/0x10
[  495.411323][T13222]  ? aa_sock_opt_perm+0xfe/0x1b0
[  495.411341][T13222]  ? __pfx_smc_setsockopt+0x10/0x10
[  495.411356][T13222]  do_sock_setsockopt+0xf3/0x1d0
[  495.411373][T13222]  __sys_setsockopt+0x119/0x190
[  495.411398][T13222]  __x64_sys_setsockopt+0xbd/0x160
[  495.411417][T13222]  ? do_syscall_64+0x94/0xf80
[  495.411434][T13222]  ? lockdep_hardirqs_on+0x78/0x100
[  495.411450][T13222]  do_syscall_64+0xc9/0xf80
[  495.411469][T13222]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  495.411483][T13222] RIP: 0033:0x7f800ab9aeb9
[  495.411495][T13222] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  495.411508][T13222] RSP: 002b:00007f800b9ff028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  495.411521][T13222] RAX: ffffffffffffffda RBX: 00007f800ae15fa0 RCX: 00007f800ab9aeb9
[  495.411531][T13222] RDX: 0000000000000020 RSI: 0000000000000029 RDI: 0000000000000003
[  495.411539][T13222] RBP: 00007f800b9ff090 R08: 0000000000000021 R09: 0000000000000000
[  495.411548][T13222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  495.411557][T13222] R13: 00007f800ae16038 R14: 00007f800ae15fa0 R15: 00007fffc59a41c8
[  495.411576][T13222]  </TASK>
[  496.564256][T13223] netlink: 'syz.6.1510': attribute type 2 has an invalid length.
[  496.749325][T13234] futex_wake_op: syz.1.1511 tries to shift op by -2048; fix this program
[  496.776443][T13234] futex_wake_op: syz.1.1511 tries to shift op by -2048; fix this program
[  496.791957][T13234] 0x000000000001-0x000000020000 : ""
[  496.869981][T13234] ftl_cs: FTL header corrupt!
[  496.898893][T13228] could not allocate digest TFM handle 
[  497.952250][T13241] FAULT_INJECTION: forcing a failure.
[  497.952250][T13241] name failslab, interval 1, probability 0, space 0, times 0
[  498.015619][T13241] CPU: 0 UID: 0 PID: 13241 Comm: syz.1.1515 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  498.015648][T13241] Tainted: [L]=SOFTLOCKUP
[  498.015654][T13241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  498.015663][T13241] Call Trace:
[  498.015668][T13241]  <TASK>
[  498.015674][T13241]  dump_stack_lvl+0x100/0x190
[  498.015703][T13241]  should_fail_ex.cold+0x5/0xa
[  498.015729][T13241]  should_failslab+0xc2/0x120
[  498.015749][T13241]  __kmalloc_cache_noprof+0x80/0x810
[  498.015766][T13241]  ? loop_add+0xb9/0xb60
[  498.015786][T13241]  ? tomoyo_path_number_perm+0x188/0x580
[  498.015811][T13241]  ? loop_add+0xb9/0xb60
[  498.015831][T13241]  loop_add+0xb9/0xb60
[  498.015854][T13241]  ? __pfx_loop_add+0x10/0x10
[  498.015889][T13241]  ? find_held_lock+0x2b/0x80
[  498.015903][T13241]  ? hook_file_ioctl_common+0x146/0x410
[  498.015926][T13241]  loop_control_ioctl+0xae/0x620
[  498.015949][T13241]  ? __pfx_loop_control_ioctl+0x10/0x10
[  498.015974][T13241]  ? __pfx_loop_control_ioctl+0x10/0x10
[  498.015998][T13241]  __x64_sys_ioctl+0x18e/0x210
[  498.016022][T13241]  do_syscall_64+0xc9/0xf80
[  498.016041][T13241]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  498.016056][T13241] RIP: 0033:0x7f4d6639aeb9
[  498.016069][T13241] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  498.016083][T13241] RSP: 002b:00007f4d6718c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  498.016099][T13241] RAX: ffffffffffffffda RBX: 00007f4d66615fa0 RCX: 00007f4d6639aeb9
[  498.016108][T13241] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000001
[  498.016117][T13241] RBP: 00007f4d66408c1f R08: 0000000000000000 R09: 0000000000000000
[  498.016126][T13241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  498.016134][T13241] R13: 00007f4d66616038 R14: 00007f4d66615fa0 R15: 00007fff43042778
[  498.016153][T13241]  </TASK>
[  498.453647][T13248] futex_wake_op: syz.4.1516 tries to shift op by -2048; fix this program
[  498.493903][T13248] futex_wake_op: syz.4.1516 tries to shift op by -2048; fix this program
[  498.549424][T13248] 0x000000000001-0x000000020000 : ""
[  498.671079][T13248] ftl_cs: FTL header corrupt!
[  498.863678][T13243] could not allocate digest TFM handle 
[  499.484549][T13270] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7fe00
[  499.511013][T13270] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  499.531758][T13270] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  499.549334][T13270] page_type: f5(slab)
[  499.579560][T13270] raw: 00fff00000000040 ffff88813ff27140 0000000000000000 dead000000000001
[  499.618416][T13270] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  499.664528][T13270] head: 00fff00000000040 ffff88813ff27140 0000000000000000 dead000000000001
[  499.707763][T13270] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  499.743955][T13270] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff
[  499.793790][T13270] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  499.828059][T13270] page dumped because: unmovable page
[  499.870499][T13270] page_owner tracks the page as allocated
[  499.891542][T13270] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2988, tgid 2988 (kworker/u8:7), ts 338412440729, free_ts 338334392554
[  499.962826][T13270]  post_alloc_hook+0x1e1/0x250
[  499.977821][T13270]  get_page_from_freelist+0xe3d/0x2e10
[  500.008562][T13270]  __alloc_frozen_pages_noprof+0x26c/0x2410
[  500.017828][T13270]  alloc_pages_mpol+0x1fb/0x550
[  500.029385][T13270]  new_slab+0x2c4/0x440
[  500.045198][T13270]  ___slab_alloc+0xda3/0x1ca0
[  500.062864][T13270]  __slab_alloc.isra.0+0x63/0x110
[  500.070103][T13271] FAULT_INJECTION: forcing a failure.
[  500.070103][T13271] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  500.089680][T13270]  __kmalloc_node_track_caller_noprof+0x629/0x9d0
[  500.107127][T13270]  kmalloc_reserve+0xef/0x2c0
[  500.112169][T13271] CPU: 0 UID: 0 PID: 13271 Comm: syz.4.1522 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  500.112211][T13271] Tainted: [L]=SOFTLOCKUP
[  500.112217][T13271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  500.112226][T13271] Call Trace:
[  500.112231][T13271]  <TASK>
[  500.112237][T13271]  dump_stack_lvl+0x100/0x190
[  500.112259][T13271]  should_fail_ex.cold+0x5/0xa
[  500.112281][T13271]  ? fs_reclaim_acquire+0x70/0x100
[  500.112304][T13271]  should_fail_alloc_page+0xeb/0x140
[  500.112326][T13271]  prepare_alloc_pages+0x1f0/0x5f0
[  500.112351][T13271]  __alloc_frozen_pages_noprof+0x193/0x2410
[  500.112370][T13271]  ? __gup_longterm_locked+0x109c/0x16f0
[  500.112396][T13271]  ? __gup_longterm_locked+0x560/0x16f0
[  500.112421][T13271]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  500.112441][T13271]  ? try_get_folio+0x262/0x750
[  500.112462][T13271]  ? sanity_check_pinned_pages+0x5f6/0x1250
[  500.112488][T13271]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  500.112505][T13271]  ? policy_nodemask+0xed/0x4f0
[  500.112526][T13271]  alloc_pages_mpol+0x1fb/0x550
[  500.112547][T13271]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  500.112568][T13271]  ? find_held_lock+0x2b/0x80
[  500.112586][T13271]  alloc_pages_noprof+0x131/0x390
[  500.112607][T13271]  brd_submit_bio+0x116a/0x20d0
[  500.112634][T13271]  ? __pfx_brd_submit_bio+0x10/0x10
[  500.112656][T13271]  ? submit_bio_noacct_nocheck+0x6fc/0xbb0
[  500.112674][T13271]  ? submit_bio_noacct_nocheck+0x6fc/0xbb0
[  500.112691][T13271]  ? blk_try_enter_queue+0x1c5/0x4d0
[  500.112708][T13271]  __submit_bio+0x32f/0x6c0
[  500.112724][T13271]  ? __pfx___submit_bio+0x10/0x10
[  500.112760][T13271]  ? submit_bio_noacct_nocheck+0x6fc/0xbb0
[  500.112776][T13271]  submit_bio_noacct_nocheck+0x6fc/0xbb0
[  500.112796][T13271]  ? __pfx_submit_bio_noacct_nocheck+0x10/0x10
[  500.112816][T13271]  ? __pfx___might_resched+0x10/0x10
[  500.112842][T13271]  submit_bio_noacct+0xb5c/0x1e80
[  500.112864][T13271]  blkdev_direct_IO+0x155c/0x1fb0
[  500.112890][T13271]  ? __pfx_blkdev_direct_IO+0x10/0x10
[  500.112910][T13271]  ? filemap_check_errors+0xa9/0x150
[  500.112937][T13271]  blkdev_write_iter+0x703/0xd70
[  500.112959][T13271]  vfs_write+0x6ac/0x1070
[  500.112976][T13271]  ? __pfx_blkdev_write_iter+0x10/0x10
[  500.112994][T13271]  ? __pfx_vfs_write+0x10/0x10
[  500.113009][T13271]  ? find_held_lock+0x2b/0x80
[  500.113035][T13271]  ksys_write+0x12a/0x250
[  500.113051][T13271]  ? __pfx_ksys_write+0x10/0x10
[  500.113072][T13271]  do_syscall_64+0xc9/0xf80
[  500.113091][T13271]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  500.113106][T13271] RIP: 0033:0x7f800ab9aeb9
[  500.113121][T13271] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  500.113135][T13271] RSP: 002b:00007f800b9ff028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  500.113150][T13271] RAX: ffffffffffffffda RBX: 00007f800ae15fa0 RCX: 00007f800ab9aeb9
[  500.113160][T13271] RDX: 000000100000a3d9 RSI: 00002000000000c0 RDI: 0000000000000004
[  500.113170][T13271] RBP: 00007f800ac08c1f R08: 0000000000000000 R09: 0000000000000000
[  500.113180][T13271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  500.113189][T13271] R13: 00007f800ae16038 R14: 00007f800ae15fa0 R15: 00007fffc59a41c8
[  500.113209][T13271]  </TASK>
[  500.445303][T13270]  __alloc_skb+0x186/0x410
[  500.449809][T13270]  nsim_dev_trap_report_work+0x2af/0xd10
[  500.455522][T13270]  process_one_work+0x9c2/0x1840
[  500.460528][T13270]  worker_thread+0x5da/0xe40
[  500.465130][T13270]  kthread+0x3b3/0x730
[  500.469289][T13270]  ret_from_fork+0x754/0xaf0
[  500.474686][T13270]  ret_from_fork_asm+0x1a/0x30
[  500.479574][T13270] page last free pid 5812 tgid 5812 stack trace:
[  500.485899][T13270]  __free_frozen_pages+0x822/0x1130
[  500.491183][T13270]  __folio_put+0x3b4/0x540
[  500.495606][T13270]  put_netmem+0x294/0x320
[  500.500477][T13270]  skb_release_data+0x4b2/0x700
[  500.505404][T13270]  __kfree_skb+0x4f/0x70
[  500.511173][T13270]  tcp_ack+0x1e83/0x6040
[  500.515470][T13270]  tcp_rcv_established+0x1058/0x36c0
[  500.520805][T13270]  tcp_v4_do_rcv+0xc64/0x10a0
[  500.525534][T13270]  __release_sock+0x35a/0x440
[  500.530238][T13270]  release_sock+0x5a/0x220
[  500.534656][T13270]  tcp_sendmsg+0x38/0x50
[  500.538968][T13270]  inet_sendmsg+0xb9/0x140
[  500.543387][T13270]  sock_write_iter+0x509/0x610
[  500.548187][T13270]  vfs_write+0x6ac/0x1070
[  500.552558][T13270]  ksys_write+0x1f8/0x250
[  500.556998][T13270]  do_syscall_64+0xc9/0xf80
[  500.923943][T13295] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1526'.
[  501.029760][T13300] futex_wake_op: syz.1.1528 tries to shift op by -2048; fix this program
[  501.065331][T13300] futex_wake_op: syz.1.1528 tries to shift op by -2048; fix this program
[  501.103011][T13304] 0x000000000001-0x000000020000 : ""
[  501.223365][T13304] ftl_cs: FTL header corrupt!
[  501.235556][T13296] could not allocate digest TFM handle 
[  501.702913][T13315] mkiss: ax0: crc mode is auto.
[  502.811903][T13335] netlink: 350 bytes leftover after parsing attributes in process `syz.4.1535'.
[  503.650990][T13334] ima: policy update failed
[  503.655794][   T30] audit: type=1802 audit(2147487977.386:42): pid=13334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.1535" res=0 errno=0
[  504.113014][ T5147] Bluetooth: hci5: unexpected subevent 0x01 length: 123 > 18
[  504.120510][ T5147] Bluetooth: hci5: Ignoring HCI_Connection_Complete for existing connection
[  504.520008][ T5824] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  504.527521][ T5824] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection
[  505.525486][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  505.534117][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  506.835204][T13381] FAULT_INJECTION: forcing a failure.
[  506.835204][T13381] name failslab, interval 1, probability 0, space 0, times 0
[  506.902790][T13333] kexec: Could not allocate control_code_buffer
[  506.923839][T13381] CPU: 0 UID: 0 PID: 13381 Comm: syz.4.1542 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  506.923867][T13381] Tainted: [L]=SOFTLOCKUP
[  506.923873][T13381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  506.923883][T13381] Call Trace:
[  506.923889][T13381]  <TASK>
[  506.923894][T13381]  dump_stack_lvl+0x100/0x190
[  506.923918][T13381]  should_fail_ex.cold+0x5/0xa
[  506.923944][T13381]  should_failslab+0xc2/0x120
[  506.923965][T13381]  ? lsm_blob_alloc+0x68/0x90
[  506.923989][T13381]  __kmalloc_noprof+0xf6/0x9c0
[  506.924005][T13381]  ? sk_prot_alloc+0x10b/0x2a0
[  506.924028][T13381]  ? lsm_blob_alloc+0x68/0x90
[  506.924047][T13381]  lsm_blob_alloc+0x68/0x90
[  506.924064][T13381]  security_sk_alloc+0x2d/0x290
[  506.924084][T13381]  sk_prot_alloc+0x12a/0x2a0
[  506.924104][T13381]  sk_alloc+0x36/0xe80
[  506.924125][T13381]  packet_create+0x127/0x8e0
[  506.924143][T13381]  __sock_create+0x339/0x860
[  506.924164][T13381]  __sys_socket+0x14d/0x260
[  506.924179][T13381]  ? __pfx_task_work_run+0x10/0x10
[  506.924202][T13381]  ? __pfx___sys_socket+0x10/0x10
[  506.924218][T13381]  ? xfd_validate_state+0x129/0x190
[  506.924244][T13381]  __x64_sys_socket+0x72/0xb0
[  506.924260][T13381]  ? lockdep_hardirqs_on+0x78/0x100
[  506.924278][T13381]  do_syscall_64+0xc9/0xf80
[  506.924296][T13381]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  506.924311][T13381] RIP: 0033:0x7f800ab9aeb9
[  506.924324][T13381] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  506.924339][T13381] RSP: 002b:00007f800b9ff028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  506.924355][T13381] RAX: ffffffffffffffda RBX: 00007f800ae15fa0 RCX: 00007f800ab9aeb9
[  506.924365][T13381] RDX: 0000000000000009 RSI: 0000000000000003 RDI: 0000000000000011
[  506.924374][T13381] RBP: 00007f800ac08c1f R08: 0000000000000000 R09: 0000000000000000
[  506.924382][T13381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  506.924391][T13381] R13: 00007f800ae16038 R14: 00007f800ae15fa0 R15: 00007fffc59a41c8
[  506.924409][T13381]  </TASK>
[  507.719796][T13412] netlink: 350 bytes leftover after parsing attributes in process `syz.6.1546'.
[  508.364058][T13411] ima: policy update failed
[  508.378751][   T30] audit: type=1802 audit(2147487982.141:43): pid=13411 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.6.1546" res=0 errno=0
[  509.063433][T13425] Unable to find swap-space signature
[  509.198849][T13429] FAULT_INJECTION: forcing a failure.
[  509.198849][T13429] name failslab, interval 1, probability 0, space 0, times 0
[  509.272464][T13429] CPU: 0 UID: 0 PID: 13429 Comm: syz.6.1550 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  509.272491][T13429] Tainted: [L]=SOFTLOCKUP
[  509.272497][T13429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  509.272506][T13429] Call Trace:
[  509.272512][T13429]  <TASK>
[  509.272517][T13429]  dump_stack_lvl+0x100/0x190
[  509.272540][T13429]  should_fail_ex.cold+0x5/0xa
[  509.272573][T13429]  should_failslab+0xc2/0x120
[  509.272595][T13429]  __kvmalloc_node_noprof+0x101/0xac0
[  509.272613][T13429]  ? __pfx_futex_wake_mark+0x10/0x10
[  509.272637][T13429]  ? do_semtimedop+0x233/0x2e0
[  509.272660][T13429]  ? do_semtimedop+0x233/0x2e0
[  509.272679][T13429]  do_semtimedop+0x233/0x2e0
[  509.272699][T13429]  ? __pfx_do_semtimedop+0x10/0x10
[  509.272741][T13429]  ? __x64_sys_futex+0x34f/0x4d0
[  509.272760][T13429]  ? __x64_sys_futex+0x358/0x4d0
[  509.272781][T13429]  __x64_sys_semtimedop+0x1b4/0x1f0
[  509.272802][T13429]  ? __pfx___x64_sys_semtimedop+0x10/0x10
[  509.272828][T13429]  do_syscall_64+0xc9/0xf80
[  509.272847][T13429]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  509.272862][T13429] RIP: 0033:0x7fd03b79aeb9
[  509.272874][T13429] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  509.272889][T13429] RSP: 002b:00007fd03c684028 EFLAGS: 00000246 ORIG_RAX: 00000000000000dc
[  509.272905][T13429] RAX: ffffffffffffffda RBX: 00007fd03ba16090 RCX: 00007fd03b79aeb9
[  509.272915][T13429] RDX: 00000000000001f4 RSI: 0000000000000000 RDI: 0000000000000000
[  509.272923][T13429] RBP: 00007fd03b808c1f R08: 0000000000000000 R09: 0000000000000000
[  509.272932][T13429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  509.272940][T13429] R13: 00007fd03ba16128 R14: 00007fd03ba16090 R15: 00007ffc3ef03428
[  509.272959][T13429]  </TASK>
[  509.709471][T13438] FAULT_INJECTION: forcing a failure.
[  509.709471][T13438] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  509.737347][T13438] CPU: 0 UID: 0 PID: 13438 Comm: syz.4.1560 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  509.737374][T13438] Tainted: [L]=SOFTLOCKUP
[  509.737380][T13438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  509.737389][T13438] Call Trace:
[  509.737394][T13438]  <TASK>
[  509.737400][T13438]  dump_stack_lvl+0x100/0x190
[  509.737422][T13438]  should_fail_ex.cold+0x5/0xa
[  509.737445][T13438]  ? prepare_alloc_pages+0x16d/0x5f0
[  509.737469][T13438]  should_fail_alloc_page+0xeb/0x140
[  509.737491][T13438]  prepare_alloc_pages+0x1f0/0x5f0
[  509.737512][T13438]  ? rcu_is_watching+0x12/0xc0
[  509.737529][T13438]  __alloc_frozen_pages_noprof+0x193/0x2410
[  509.737547][T13438]  ? mas_wr_store_entry+0x6d2/0x2390
[  509.737570][T13438]  ? perf_event_mmap+0xbc/0xe40
[  509.737591][T13438]  ? mas_store_prealloc+0x893/0xfb0
[  509.737611][T13438]  ? __pfx_perf_event_mmap+0x10/0x10
[  509.737632][T13438]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  509.737651][T13438]  ? vma_wants_writenotify+0x10b/0x390
[  509.737669][T13438]  ? __pfx_vma_wants_writenotify+0x10/0x10
[  509.737692][T13438]  ? mas_ascend+0x53d/0xb30
[  509.737708][T13438]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  509.737726][T13438]  ? policy_nodemask+0xed/0x4f0
[  509.737747][T13438]  alloc_pages_mpol+0x1fb/0x550
[  509.737768][T13438]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  509.737793][T13438]  alloc_pages_noprof+0x131/0x390
[  509.737814][T13438]  __pmd_alloc+0x3b/0x9c0
[  509.737838][T13438]  __handle_mm_fault+0xa99/0x2b50
[  509.737866][T13438]  ? mt_find+0x45e/0x8e0
[  509.737885][T13438]  ? __pfx___handle_mm_fault+0x10/0x10
[  509.737900][T13438]  ? __pfx_mt_find+0x10/0x10
[  509.737933][T13438]  handle_mm_fault+0x36d/0xa20
[  509.737954][T13438]  __get_user_pages+0xf9c/0x34d0
[  509.737983][T13438]  ? __pfx___get_user_pages+0x10/0x10
[  509.738010][T13438]  populate_vma_page_range+0x267/0x3f0
[  509.738037][T13438]  ? __pfx_populate_vma_page_range+0x10/0x10
[  509.738059][T13438]  ? __pfx_find_vma_intersection+0x10/0x10
[  509.738081][T13438]  ? do_mmap+0x93f/0x12f0
[  509.738103][T13438]  __mm_populate+0x107/0x3a0
[  509.738126][T13438]  ? __pfx___mm_populate+0x10/0x10
[  509.738149][T13438]  ? up_write+0x290/0x4f0
[  509.738172][T13438]  vm_mmap_pgoff+0x37f/0x470
[  509.738195][T13438]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  509.738216][T13438]  ? __fget_files+0x21f/0x3d0
[  509.738234][T13438]  ? __x64_sys_futex+0x34f/0x4d0
[  509.738254][T13438]  ? __x64_sys_futex+0x358/0x4d0
[  509.738275][T13438]  ksys_mmap_pgoff+0x7d/0x5b0
[  509.738299][T13438]  __x64_sys_mmap+0x125/0x190
[  509.738316][T13438]  do_syscall_64+0xc9/0xf80
[  509.738334][T13438]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  509.738350][T13438] RIP: 0033:0x7f800ab9aeb9
[  509.738364][T13438] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  509.738380][T13438] RSP: 002b:00007f800b9ff028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  509.738395][T13438] RAX: ffffffffffffffda RBX: 00007f800ae15fa0 RCX: 00007f800ab9aeb9
[  509.738406][T13438] RDX: 00000000000000df RSI: 0000000000000007 RDI: 0000000000000000
[  509.738415][T13438] RBP: 00007f800ac08c1f R08: 0000000000000002 R09: 0000000000008000
[  509.738424][T13438] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000
[  509.738433][T13438] R13: 00007f800ae16038 R14: 00007f800ae15fa0 R15: 00007fffc59a41c8
[  509.738454][T13438]  </TASK>
[  510.596377][T13449] netlink: 'syz.1.1553': attribute type 2 has an invalid length.
[  510.909413][T13451] FAULT_INJECTION: forcing a failure.
[  510.909413][T13451] name failslab, interval 1, probability 0, space 0, times 0
[  510.948804][T13451] CPU: 0 UID: 0 PID: 13451 Comm: syz.6.1554 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  510.948830][T13451] Tainted: [L]=SOFTLOCKUP
[  510.948836][T13451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  510.948846][T13451] Call Trace:
[  510.948852][T13451]  <TASK>
[  510.948859][T13451]  dump_stack_lvl+0x100/0x190
[  510.948882][T13451]  should_fail_ex.cold+0x5/0xa
[  510.948908][T13451]  should_failslab+0xc2/0x120
[  510.948928][T13451]  ? lsm_blob_alloc+0x68/0x90
[  510.948944][T13451]  __kmalloc_noprof+0xf6/0x9c0
[  510.948959][T13451]  ? sk_prot_alloc+0x10b/0x2a0
[  510.948978][T13451]  ? lsm_blob_alloc+0x68/0x90
[  510.948993][T13451]  lsm_blob_alloc+0x68/0x90
[  510.949008][T13451]  security_sk_alloc+0x2d/0x290
[  510.949028][T13451]  sk_prot_alloc+0x12a/0x2a0
[  510.949044][T13451]  sk_alloc+0x36/0xe80
[  510.949064][T13451]  packet_create+0x127/0x8e0
[  510.949082][T13451]  __sock_create+0x339/0x860
[  510.949103][T13451]  __sys_socket+0x14d/0x260
[  510.949120][T13451]  ? __pfx_task_work_run+0x10/0x10
[  510.949141][T13451]  ? __pfx___sys_socket+0x10/0x10
[  510.949157][T13451]  ? xfd_validate_state+0x129/0x190
[  510.949184][T13451]  __x64_sys_socket+0x72/0xb0
[  510.949204][T13451]  ? lockdep_hardirqs_on+0x78/0x100
[  510.949221][T13451]  do_syscall_64+0xc9/0xf80
[  510.949239][T13451]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  510.949255][T13451] RIP: 0033:0x7fd03b79aeb9
[  510.949268][T13451] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  510.949282][T13451] RSP: 002b:00007fd03c663028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  510.949297][T13451] RAX: ffffffffffffffda RBX: 00007fd03ba16180 RCX: 00007fd03b79aeb9
[  510.949308][T13451] RDX: 0000000000000009 RSI: 0000000000000003 RDI: 0000000000000011
[  510.949317][T13451] RBP: 00007fd03b808c1f R08: 0000000000000000 R09: 0000000000000000
[  510.949326][T13451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  510.949334][T13451] R13: 00007fd03ba16218 R14: 00007fd03ba16180 R15: 00007ffc3ef03428
[  510.949361][T13451]  </TASK>
[  511.524528][T13462] futex_wake_op: syz.4.1556 tries to shift op by -2048; fix this program
[  511.694954][T13462] futex_wake_op: syz.4.1556 tries to shift op by -2048; fix this program
[  513.178392][T13497] usb usb7: usbfs: process 13497 (syz.5.1561) did not claim interface 0 before use
[  513.644302][T13501] Process accounting paused
[  515.080501][T13560] netlink: 'syz.5.1570': attribute type 3 has an invalid length.
[  517.273287][T13603] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1578'.
[  517.945714][T13620] FAULT_INJECTION: forcing a failure.
[  517.945714][T13620] name failslab, interval 1, probability 0, space 0, times 0
[  518.181227][T13620] CPU: 0 UID: 0 PID: 13620 Comm: syz.6.1580 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  518.181253][T13620] Tainted: [L]=SOFTLOCKUP
[  518.181258][T13620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  518.181267][T13620] Call Trace:
[  518.181272][T13620]  <TASK>
[  518.181278][T13620]  dump_stack_lvl+0x100/0x190
[  518.181301][T13620]  should_fail_ex.cold+0x5/0xa
[  518.181325][T13620]  should_failslab+0xc2/0x120
[  518.181346][T13620]  ? tomoyo_encode2+0xfb/0x3c0
[  518.181359][T13620]  __kmalloc_noprof+0xf6/0x9c0
[  518.181372][T13620]  ? __pfx_tomoyo_get_local_path+0x10/0x10
[  518.181388][T13620]  ? tomoyo_realpath_from_path+0xb6/0x690
[  518.181406][T13620]  ? tomoyo_encode2+0xfb/0x3c0
[  518.181418][T13620]  tomoyo_encode2+0xfb/0x3c0
[  518.181434][T13620]  tomoyo_encode+0x29/0x50
[  518.181447][T13620]  tomoyo_realpath_from_path+0x18c/0x690
[  518.181467][T13620]  tomoyo_path_perm+0x276/0x460
[  518.181486][T13620]  ? tomoyo_path_perm+0x262/0x460
[  518.181508][T13620]  ? __pfx_tomoyo_path_perm+0x10/0x10
[  518.181547][T13620]  ? __pfx_ima_file_check+0x10/0x10
[  518.181564][T13620]  ? hook_file_truncate+0xc4/0x250
[  518.181590][T13620]  security_file_truncate+0xb5/0x1e0
[  518.181604][T13620]  path_openat+0x1dbd/0x3120
[  518.181628][T13620]  ? __pfx_path_openat+0x10/0x10
[  518.181652][T13620]  do_filp_open+0x1f7/0x420
[  518.181671][T13620]  ? __pfx_do_filp_open+0x10/0x10
[  518.181707][T13620]  ? _raw_spin_unlock+0x28/0x50
[  518.181722][T13620]  ? alloc_fd+0x476/0x790
[  518.181744][T13620]  do_sys_openat2+0x12e/0x220
[  518.181766][T13620]  ? __pfx_do_sys_openat2+0x10/0x10
[  518.181787][T13620]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  518.181808][T13620]  ? __fget_files+0x21f/0x3d0
[  518.181826][T13620]  __x64_sys_openat+0x12d/0x210
[  518.181849][T13620]  ? __pfx___x64_sys_openat+0x10/0x10
[  518.181870][T13620]  ? ksys_write+0x1ac/0x250
[  518.181892][T13620]  do_syscall_64+0xc9/0xf80
[  518.181911][T13620]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  518.181926][T13620] RIP: 0033:0x7fd03b79aeb9
[  518.181938][T13620] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  518.181952][T13620] RSP: 002b:00007fd03c663028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  518.181968][T13620] RAX: ffffffffffffffda RBX: 00007fd03ba16180 RCX: 00007fd03b79aeb9
[  518.181977][T13620] RDX: 0000000000020201 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  518.181986][T13620] RBP: 00007fd03c663090 R08: 0000000000000000 R09: 0000000000000000
[  518.181995][T13620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  518.182003][T13620] R13: 00007fd03ba16218 R14: 00007fd03ba16180 R15: 00007ffc3ef03428
[  518.182023][T13620]  </TASK>
[  518.182038][T13620] ERROR: Out of memory at tomoyo_realpath_from_path.
[  518.812284][T13627] usb usb7: usbfs: process 13627 (syz.1.1584) did not claim interface 0 before use
[  518.975934][   T30] audit: type=1804 audit(2147487992.745:44): pid=13629 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1585" name="/newroot/sys/kernel/tracing/set_event" dev="tracefs" ino=24 res=1 errno=0
[  520.672211][T13651] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10
[  521.219861][T13652] block nbd7: not configured, cannot reconfigure
[  522.706046][T13671] futex_wake_op: syz.1.1593 tries to shift op by -2048; fix this program
[  522.830904][T13671] futex_wake_op: syz.1.1593 tries to shift op by -2048; fix this program
[  522.906354][T13676] 0x000000000001-0x000000020000 : ""
[  523.049908][T13676] ftl_cs: FTL header corrupt!
[  524.470341][T13715] phram: not enough arguments
[  525.213126][T13733] futex_wake_op: syz.5.1611 tries to shift op by -2048; fix this program
[  525.378759][T13733] futex_wake_op: syz.5.1611 tries to shift op by -2048; fix this program
[  526.035962][T13743] netlink: 'syz.1.1613': attribute type 3 has an invalid length.
[  526.392485][T13747] zswap: compressor  not available
[  526.738249][T13759] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1615'.
[  527.589522][T13780] FAULT_INJECTION: forcing a failure.
[  527.589522][T13780] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  527.639106][T13780] CPU: 0 UID: 0 PID: 13780 Comm: syz.4.1619 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  527.639133][T13780] Tainted: [L]=SOFTLOCKUP
[  527.639139][T13780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  527.639148][T13780] Call Trace:
[  527.639153][T13780]  <TASK>
[  527.639159][T13780]  dump_stack_lvl+0x100/0x190
[  527.639182][T13780]  should_fail_ex.cold+0x5/0xa
[  527.639205][T13780]  ? prepare_alloc_pages+0x16d/0x5f0
[  527.639236][T13780]  should_fail_alloc_page+0xeb/0x140
[  527.639259][T13780]  prepare_alloc_pages+0x1f0/0x5f0
[  527.639281][T13780]  ? rcu_is_watching+0x12/0xc0
[  527.639298][T13780]  __alloc_frozen_pages_noprof+0x193/0x2410
[  527.639317][T13780]  ? __lock_acquire+0x4a5/0x2630
[  527.639343][T13780]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  527.639360][T13780]  ? __lock_acquire+0x4a5/0x2630
[  527.639385][T13780]  ? __lock_acquire+0x4a5/0x2630
[  527.639405][T13780]  ? __lock_acquire+0x4a5/0x2630
[  527.639424][T13780]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  527.639441][T13780]  ? policy_nodemask+0xed/0x4f0
[  527.639462][T13780]  alloc_pages_mpol+0x1fb/0x550
[  527.639483][T13780]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  527.639508][T13780]  folio_alloc_mpol_noprof+0x36/0x340
[  527.639532][T13780]  vma_alloc_folio_noprof+0xed/0x1d0
[  527.639554][T13780]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  527.639576][T13780]  ? rcu_read_unlock+0x2d/0xb0
[  527.639591][T13780]  ? rcu_read_unlock+0x2d/0xb0
[  527.639607][T13780]  ? __lock_acquire+0x4a5/0x2630
[  527.639628][T13780]  do_wp_page+0xf09/0x4c10
[  527.639662][T13780]  ? __pfx_do_wp_page+0x10/0x10
[  527.639686][T13780]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  527.639713][T13780]  __handle_mm_fault+0x1ac0/0x2b50
[  527.639733][T13780]  ? mt_find+0x45e/0x8e0
[  527.639752][T13780]  ? __pfx___handle_mm_fault+0x10/0x10
[  527.639767][T13780]  ? __pfx_mt_find+0x10/0x10
[  527.639794][T13780]  ? find_vma+0xbf/0x140
[  527.639813][T13780]  ? __pfx_find_vma+0x10/0x10
[  527.639835][T13780]  handle_mm_fault+0x36d/0xa20
[  527.639855][T13780]  do_user_addr_fault+0x74c/0x12f0
[  527.639877][T13780]  exc_page_fault+0x6f/0xd0
[  527.639894][T13780]  asm_exc_page_fault+0x26/0x30
[  527.639908][T13780] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  527.639931][T13780] Code: 7d 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 e9 4f 7d 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  527.639947][T13780] RSP: 0018:ffffc90002f37d58 EFLAGS: 00050206
[  527.639960][T13780] RAX: 0000000000000001 RBX: 0000000000003fdf RCX: 000000000000111f
[  527.639969][T13780] RDX: 0000000000000001 RSI: ffff88803f8faec0 RDI: 0000200000003000
[  527.639979][T13780] RBP: 0000200000000140 R08: 0000000000000000 R09: ffffed1007f1f7fb
[  527.639988][T13780] R10: 0000000000000006 R11: 0000000000000000 R12: ffff88803f8f8000
[  527.639997][T13780] R13: 000020000000411f R14: 00007ffffffff000 R15: 0000000000000000
[  527.640016][T13780]  _copy_to_user+0xa4/0xd0
[  527.640040][T13780]  dma_heap_ioctl+0x413/0x5e0
[  527.640066][T13780]  ? __pfx_dma_heap_ioctl+0x10/0x10
[  527.640087][T13780]  ? __do_sys_close_range+0x230/0x740
[  527.640115][T13780]  ? __pfx_dma_heap_ioctl+0x10/0x10
[  527.640138][T13780]  __x64_sys_ioctl+0x18e/0x210
[  527.640162][T13780]  do_syscall_64+0xc9/0xf80
[  527.640181][T13780]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  527.640195][T13780] RIP: 0033:0x7f800ab9aeb9
[  527.640208][T13780] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  527.640229][T13780] RSP: 002b:00007f800b9ff028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  527.640243][T13780] RAX: ffffffffffffffda RBX: 00007f800ae15fa0 RCX: 00007f800ab9aeb9
[  527.640253][T13780] RDX: 0000200000000140 RSI: ffffffffffdffe00 RDI: 0000000000000001
[  527.640263][T13780] RBP: 00007f800ac08c1f R08: 0000000000000000 R09: 0000000000000000
[  527.640272][T13780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  527.640284][T13780] R13: 00007f800ae16038 R14: 00007f800ae15fa0 R15: 00007fffc59a41c8
[  527.640304][T13780]  </TASK>
[  529.924787][T13817] netlink: 'syz.4.1627': attribute type 3 has an invalid length.
[  531.727744][T13853] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1634'.
[  531.918386][T13851] zswap: compressor û not available
[  531.937633][T13856] Setting dangerous option i915.mitigations - tainting kernel
[  532.003248][T13858] Setting dangerous option i915.mitigations - tainting kernel
[  532.787722][T13874] FAULT_INJECTION: forcing a failure.
[  532.787722][T13874] name failslab, interval 1, probability 0, space 0, times 0
[  532.879154][T13874] CPU: 0 UID: 0 PID: 13874 Comm: syz.1.1637 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  532.879183][T13874] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  532.879189][T13874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  532.879198][T13874] Call Trace:
[  532.879203][T13874]  <TASK>
[  532.879209][T13874]  dump_stack_lvl+0x100/0x190
[  532.879231][T13874]  should_fail_ex.cold+0x5/0xa
[  532.879255][T13874]  should_failslab+0xc2/0x120
[  532.879276][T13874]  kmem_cache_alloc_noprof+0x83/0x780
[  532.879296][T13874]  ? __pmd_alloc+0xbf/0x9c0
[  532.879322][T13874]  ? __pmd_alloc+0xbf/0x9c0
[  532.879343][T13874]  __pmd_alloc+0xbf/0x9c0
[  532.879367][T13874]  __handle_mm_fault+0xa99/0x2b50
[  532.879385][T13874]  ? mt_find+0x45e/0x8e0
[  532.879405][T13874]  ? __pfx___handle_mm_fault+0x10/0x10
[  532.879419][T13874]  ? __pfx_mt_find+0x10/0x10
[  532.879448][T13874]  ? find_vma+0xbf/0x140
[  532.879467][T13874]  ? __pfx_find_vma+0x10/0x10
[  532.879488][T13874]  handle_mm_fault+0x36d/0xa20
[  532.879507][T13874]  do_user_addr_fault+0x74c/0x12f0
[  532.879530][T13874]  exc_page_fault+0x6f/0xd0
[  532.879547][T13874]  asm_exc_page_fault+0x26/0x30
[  532.879561][T13874] RIP: 0010:rep_movs_alternative+0x30/0x90
[  532.879584][T13874] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 7d 7d 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08
[  532.879598][T13874] RSP: 0018:ffffc9000c2d78b0 EFLAGS: 00050216
[  532.879611][T13874] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000020
[  532.879620][T13874] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffc9000c2d7960
[  532.879629][T13874] RBP: 0000000000000020 R08: 0000000000000001 R09: fffff5200185af2f
[  532.879638][T13874] R10: ffffc9000c2d797f R11: 0000000000000000 R12: 0000000000000000
[  532.879646][T13874] R13: ffffc9000c2d7960 R14: 1ffff9200185af24 R15: 0000000000000000
[  532.879665][T13874]  _copy_from_user+0x98/0xd0
[  532.879689][T13874]  ipv6_flowlabel_opt+0x3b7/0x2d40
[  532.879713][T13874]  ? __pfx_ipv6_flowlabel_opt+0x10/0x10
[  532.879733][T13874]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  532.879760][T13874]  ? __local_bh_enable_ip+0x9e/0x120
[  532.879781][T13874]  ? do_ipv6_setsockopt+0x1944/0x4400
[  532.879795][T13874]  do_ipv6_setsockopt+0x1944/0x4400
[  532.879809][T13874]  ? _parse_integer_limit+0x17f/0x1d0
[  532.879829][T13874]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[  532.879850][T13874]  ? lock_acquire+0x17c/0x330
[  532.879871][T13874]  ? __pfx___might_resched+0x10/0x10
[  532.879894][T13874]  ? rcu_is_watching+0x12/0xc0
[  532.879909][T13874]  ? trace_contention_end+0xd6/0x110
[  532.879929][T13874]  ? __mutex_lock+0x26a/0x1b90
[  532.879948][T13874]  ? smc_setsockopt+0x100/0xa10
[  532.879962][T13874]  ? find_held_lock+0x2b/0x80
[  532.879976][T13874]  ? get_pid_task+0xfc/0x250
[  532.879997][T13874]  ? __pfx___mutex_lock+0x10/0x10
[  532.880020][T13874]  ? ipv6_setsockopt+0xcb/0x170
[  532.880033][T13874]  ipv6_setsockopt+0xcb/0x170
[  532.880049][T13874]  tcp_setsockopt+0xa7/0x100
[  532.880070][T13874]  smc_setsockopt+0x1b6/0xa10
[  532.880083][T13874]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  532.880101][T13874]  ? __pfx_smc_setsockopt+0x10/0x10
[  532.880117][T13874]  ? aa_sock_opt_perm+0xfe/0x1b0
[  532.880135][T13874]  ? __pfx_smc_setsockopt+0x10/0x10
[  532.880155][T13874]  do_sock_setsockopt+0xf3/0x1d0
[  532.880175][T13874]  __sys_setsockopt+0x119/0x190
[  532.880199][T13874]  __x64_sys_setsockopt+0xbd/0x160
[  532.880219][T13874]  ? do_syscall_64+0x94/0xf80
[  532.880236][T13874]  ? lockdep_hardirqs_on+0x78/0x100
[  532.880252][T13874]  do_syscall_64+0xc9/0xf80
[  532.880270][T13874]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.880284][T13874] RIP: 0033:0x7f4d6639aeb9
[  532.880296][T13874] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  532.880310][T13874] RSP: 002b:00007f4d6718c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  532.880323][T13874] RAX: ffffffffffffffda RBX: 00007f4d66615fa0 RCX: 00007f4d6639aeb9
[  532.880333][T13874] RDX: 0000000000000020 RSI: 0000000000000029 RDI: 0000000000000003
[  532.880341][T13874] RBP: 00007f4d6718c090 R08: 0000000000000021 R09: 0000000000000000
[  532.880349][T13874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  532.880358][T13874] R13: 00007f4d66616038 R14: 00007f4d66615fa0 R15: 00007fff43042778
[  532.880377][T13874]  </TASK>
[  534.563307][T13892] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0
[  534.711772][T13903] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1643'.
[  535.410478][T13920] FAULT_INJECTION: forcing a failure.
[  535.410478][T13920] name failslab, interval 1, probability 0, space 0, times 0
[  535.540096][T13920] CPU: 0 UID: 0 PID: 13920 Comm: syz.4.1646 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  535.540127][T13920] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  535.540133][T13920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  535.540143][T13920] Call Trace:
[  535.540149][T13920]  <TASK>
[  535.540155][T13920]  dump_stack_lvl+0x100/0x190
[  535.540183][T13920]  should_fail_ex.cold+0x5/0xa
[  535.540208][T13920]  should_failslab+0xc2/0x120
[  535.540229][T13920]  __kmalloc_cache_noprof+0x80/0x810
[  535.540246][T13920]  ? loop_add+0xb9/0xb60
[  535.540266][T13920]  ? tomoyo_path_number_perm+0x188/0x580
[  535.540291][T13920]  ? loop_add+0xb9/0xb60
[  535.540312][T13920]  loop_add+0xb9/0xb60
[  535.540335][T13920]  ? __pfx_loop_add+0x10/0x10
[  535.540368][T13920]  ? find_held_lock+0x2b/0x80
[  535.540381][T13920]  ? hook_file_ioctl_common+0x146/0x410
[  535.540404][T13920]  loop_control_ioctl+0xae/0x620
[  535.540428][T13920]  ? __pfx_loop_control_ioctl+0x10/0x10
[  535.540453][T13920]  ? __pfx_loop_control_ioctl+0x10/0x10
[  535.540477][T13920]  __x64_sys_ioctl+0x18e/0x210
[  535.540501][T13920]  do_syscall_64+0xc9/0xf80
[  535.540521][T13920]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  535.540536][T13920] RIP: 0033:0x7f800ab9aeb9
[  535.540549][T13920] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  535.540563][T13920] RSP: 002b:00007f800b9bd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  535.540579][T13920] RAX: ffffffffffffffda RBX: 00007f800ae16180 RCX: 00007f800ab9aeb9
[  535.540589][T13920] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000002
[  535.540597][T13920] RBP: 00007f800ac08c1f R08: 0000000000000000 R09: 0000000000000000
[  535.540606][T13920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  535.540614][T13920] R13: 00007f800ae16218 R14: 00007f800ae16180 R15: 00007fffc59a41c8
[  535.540637][T13920]  </TASK>
[  536.006250][T13929] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1649'.
[  536.631809][T13937] netlink: 'syz.4.1651': attribute type 1 has an invalid length.
[  537.599212][T13956] zswap: compressor û not available
[  537.631286][T13960] Setting dangerous option i915.mitigations - tainting kernel
[  537.712303][T13955] Setting dangerous option i915.mitigations - tainting kernel
[  538.058593][T13940] kexec: Could not allocate control_code_buffer
[  538.313225][T13973] netlink: 'syz.5.1658': attribute type 3 has an invalid length.
[  539.549056][T13992] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1662'.
[  540.460030][ T5147] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  540.467566][ T5147] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  541.602222][T13998] kexec: Could not allocate control_code_buffer
[  541.703611][T14026] netlink: 'syz.5.1669': attribute type 3 has an invalid length.
[  541.942284][   T30] audit: type=1807 audit(2147488015.875:45): UNKNOWN=0"û]$|Ë1jë0B|d™¹ýÓ‰OŸ¬+ö×ÉéxÔóÈõWÓ¦–Ó^¸´gq%ḦrêOŽ res=0
[  541.955038][T14029] ima: policy update failed
[  541.992478][   T30] audit: type=1802 audit(2147488015.885:46): pid=14032 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.1.1671" res=0 errno=0
[  542.088517][   T30] audit: type=1802 audit(2147488015.885:47): pid=14029 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.1671" res=0 errno=0
[  542.317615][T14041] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input11
[  543.244638][T14078] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1678'.
[  543.747886][ T5824] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  543.755511][ T5824] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  543.967555][T14078] Process accounting resumed
[  545.104488][T14082] kexec: Could not allocate control_code_buffer
[  545.478813][T14130] FAULT_INJECTION: forcing a failure.
[  545.478813][T14130] name failslab, interval 1, probability 0, space 0, times 0
[  545.571245][T14130] CPU: 0 UID: 0 PID: 14130 Comm: syz.1.1693 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  545.571275][T14130] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  545.571281][T14130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  545.571291][T14130] Call Trace:
[  545.571297][T14130]  <TASK>
[  545.571303][T14130]  dump_stack_lvl+0x100/0x190
[  545.571327][T14130]  should_fail_ex.cold+0x5/0xa
[  545.571352][T14130]  should_failslab+0xc2/0x120
[  545.571372][T14130]  ? lsm_blob_alloc+0x68/0x90
[  545.571388][T14130]  __kmalloc_noprof+0xf6/0x9c0
[  545.571403][T14130]  ? sk_prot_alloc+0x10b/0x2a0
[  545.571418][T14130]  ? rcu_is_watching+0x12/0xc0
[  545.571432][T14130]  ? sk_prot_alloc+0x10b/0x2a0
[  545.571450][T14130]  ? lsm_blob_alloc+0x68/0x90
[  545.571465][T14130]  lsm_blob_alloc+0x68/0x90
[  545.571481][T14130]  security_sk_alloc+0x2d/0x290
[  545.571501][T14130]  sk_prot_alloc+0x12a/0x2a0
[  545.571517][T14130]  sk_alloc+0x36/0xe80
[  545.571537][T14130]  __netlink_create+0x5e/0x2c0
[  545.571556][T14130]  ? __wake_up+0x3f/0x60
[  545.571573][T14130]  netlink_create+0x293/0x610
[  545.571594][T14130]  ? __pfx_nfnetlink_bind+0x10/0x10
[  545.571611][T14130]  ? __pfx_nfnetlink_unbind+0x10/0x10
[  545.571630][T14130]  __sock_create+0x339/0x860
[  545.571649][T14130]  __sys_socket+0x14d/0x260
[  545.571666][T14130]  ? __pfx___sys_socket+0x10/0x10
[  545.571682][T14130]  ? xfd_validate_state+0x129/0x190
[  545.571709][T14130]  __x64_sys_socket+0x72/0xb0
[  545.571726][T14130]  ? lockdep_hardirqs_on+0x78/0x100
[  545.571746][T14130]  do_syscall_64+0xc9/0xf80
[  545.571765][T14130]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  545.571780][T14130] RIP: 0033:0x7f4d6639aeb9
[  545.571792][T14130] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  545.571814][T14130] RSP: 002b:00007f4d6718c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  545.571830][T14130] RAX: ffffffffffffffda RBX: 00007f4d66615fa0 RCX: 00007f4d6639aeb9
[  545.571841][T14130] RDX: 000000000000000c RSI: 0000000000000002 RDI: 0000000000000010
[  545.571850][T14130] RBP: 00007f4d66408c1f R08: 0000000000000000 R09: 0000000000000000
[  545.571860][T14130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  545.571870][T14130] R13: 00007f4d66616038 R14: 00007f4d66615fa0 R15: 00007fff43042778
[  545.571889][T14130]  </TASK>
[  546.460108][T14142] random: crng reseeded on system resumption
[  547.619456][T14168] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1702'.
[  547.767743][T14168] FAULT_INJECTION: forcing a failure.
[  547.767743][T14168] name failslab, interval 1, probability 0, space 0, times 0
[  547.944627][T14168] CPU: 0 UID: 0 PID: 14168 Comm: syz.4.1702 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  547.944657][T14168] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  547.944663][T14168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  547.944672][T14168] Call Trace:
[  547.944677][T14168]  <TASK>
[  547.944684][T14168]  dump_stack_lvl+0x100/0x190
[  547.944706][T14168]  should_fail_ex.cold+0x5/0xa
[  547.944732][T14168]  should_failslab+0xc2/0x120
[  547.944754][T14168]  __kmalloc_cache_noprof+0x80/0x810
[  547.944769][T14168]  ? ring_buffer_read_start+0x149/0x460
[  547.944797][T14168]  ? ring_buffer_read_start+0x149/0x460
[  547.944818][T14168]  ring_buffer_read_start+0x149/0x460
[  547.944841][T14168]  ? __pfx_ring_buffer_read_start+0x10/0x10
[  547.944862][T14168]  ? lockdep_init_map_type+0x5c/0x250
[  547.944883][T14168]  ? ring_buffer_overruns+0x14e/0x1a0
[  547.944904][T14168]  tracing_open+0x986/0xe00
[  547.944927][T14168]  do_dentry_open+0x73e/0x1570
[  547.944944][T14168]  ? __pfx_tracing_open+0x10/0x10
[  547.944963][T14168]  ? security_inode_permission+0xbf/0x250
[  547.944988][T14168]  vfs_open+0x82/0x3f0
[  547.945010][T14168]  path_openat+0x21dc/0x3120
[  547.945034][T14168]  ? __pfx_path_openat+0x10/0x10
[  547.945059][T14168]  do_filp_open+0x1f7/0x420
[  547.945078][T14168]  ? __pfx_do_filp_open+0x10/0x10
[  547.945109][T14168]  ? _raw_spin_unlock+0x28/0x50
[  547.945123][T14168]  ? alloc_fd+0x476/0x790
[  547.945144][T14168]  do_sys_openat2+0x12e/0x220
[  547.945166][T14168]  ? __pfx_do_sys_openat2+0x10/0x10
[  547.945193][T14168]  ? __fget_files+0x21f/0x3d0
[  547.945212][T14168]  __x64_sys_openat+0x12d/0x210
[  547.945234][T14168]  ? __pfx___x64_sys_openat+0x10/0x10
[  547.945256][T14168]  ? xfd_validate_state+0x129/0x190
[  547.945285][T14168]  do_syscall_64+0xc9/0xf80
[  547.945303][T14168]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  547.945319][T14168] RIP: 0033:0x7f800ab9aeb9
[  547.945332][T14168] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  547.945346][T14168] RSP: 002b:00007f800b9ff028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  547.945362][T14168] RAX: ffffffffffffffda RBX: 00007f800ae15fa0 RCX: 00007f800ab9aeb9
[  547.945372][T14168] RDX: 1a6b75d638828712 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  547.945382][T14168] RBP: 00007f800ac08c1f R08: 0000000000000000 R09: 0000000000000000
[  547.945391][T14168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  547.945400][T14168] R13: 00007f800ae16038 R14: 00007f800ae15fa0 R15: 00007fffc59a41c8
[  547.945421][T14168]  </TASK>
[  549.049568][T14180] zswap: compressor  not available
[  550.706276][T14215] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1710'.
[  552.084627][T14222] zram: Added device: zram2
[  553.068618][T14239] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1716'.
[  553.730441][T14244] zswap: compressor  not available
[  554.225519][T14256] [U]  
[  554.228328][T14256] [U] 
[  554.231000][T14256] [U] 
[  554.233669][T14256] [U] 
[  554.373128][T14256] [U] 
[  554.375847][T14256] [U] 
[  554.378519][T14256] [U] 
[  554.381188][T14256] [U] 
[  554.522453][T14256] [U] 
[  554.525169][T14256] [U] 
[  554.527841][T14256] [U] 
[  554.530510][T14256] [U] 
[  554.679372][T14256] [U] 
[  554.682096][T14256] [U] 
[  554.684769][T14256] [U] 
[  554.687438][T14256] [U] 
[  554.851853][T14256] [U] 
[  555.376951][T14274] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1722'.
[  558.665192][T14300] kexec: Could not allocate control_code_buffer
[  559.035771][T14311] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(16)
[  559.109190][T14314] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(2)
[  559.751860][T14319] FAULT_INJECTION: forcing a failure.
[  559.751860][T14319] name fail_futex, interval 1, probability 0, space 0, times 1
[  559.841613][T14319] CPU: 0 UID: 0 PID: 14319 Comm: syz.5.1730 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  559.841643][T14319] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  559.841649][T14319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  559.841658][T14319] Call Trace:
[  559.841664][T14319]  <TASK>
[  559.841671][T14319]  dump_stack_lvl+0x100/0x190
[  559.841694][T14319]  should_fail_ex.cold+0x5/0xa
[  559.841716][T14319]  ? __kernel_text_address+0xd/0x30
[  559.841740][T14319]  get_futex_key+0x1d2/0x1620
[  559.841761][T14319]  ? __pfx_get_futex_key+0x10/0x10
[  559.841782][T14319]  ? stack_trace_save+0x8e/0xc0
[  559.841798][T14319]  ? __pfx_stack_trace_save+0x10/0x10
[  559.841817][T14319]  futex_wait_setup+0x81/0x500
[  559.841835][T14319]  __futex_wait+0x19f/0x300
[  559.841850][T14319]  ? __pfx___futex_wait+0x10/0x10
[  559.841866][T14319]  ? __pfx_futex_wake_mark+0x10/0x10
[  559.841891][T14319]  ? futex_hash+0x2c5/0x380
[  559.841914][T14319]  futex_wait+0xed/0x380
[  559.841927][T14319]  ? __pfx_futex_wait+0x10/0x10
[  559.841947][T14319]  ? kmem_cache_free+0x48f/0x720
[  559.841965][T14319]  do_futex+0x1ef/0x350
[  559.841985][T14319]  ? __pfx_do_futex+0x10/0x10
[  559.842005][T14319]  ? __pfx___might_resched+0x10/0x10
[  559.842026][T14319]  ? blkcg_maybe_throttle_current+0x5df/0xeb0
[  559.842046][T14319]  __x64_sys_futex+0x34f/0x4d0
[  559.842067][T14319]  ? __pfx_task_work_run+0x10/0x10
[  559.842088][T14319]  ? __pfx___x64_sys_futex+0x10/0x10
[  559.842115][T14319]  do_syscall_64+0xc9/0xf80
[  559.842137][T14319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  559.842152][T14319] RIP: 0033:0x7feee279aeb9
[  559.842165][T14319] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  559.842180][T14319] RSP: 002b:00007feee357c0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  559.842195][T14319] RAX: ffffffffffffffda RBX: 00007feee2a15fa8 RCX: 00007feee279aeb9
[  559.842205][T14319] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007feee2a15fa8
[  559.842215][T14319] RBP: 00007feee2a15fa0 R08: 0000000000000000 R09: 0000000000000000
[  559.842224][T14319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  559.842232][T14319] R13: 00007feee2a16038 R14: 00007ffd355270e0 R15: 00007ffd355271c8
[  559.842251][T14319]  </TASK>
[  562.028072][T14358] netlink: 'syz.4.1740': attribute type 3 has an invalid length.
[  563.303307][T14356] kexec: Could not allocate control_code_buffer
[  563.601155][T14380] usb usb2: usbfs: process 14380 (syz.6.1744) did not claim interface 4 before use
[  563.658378][T14373] zswap: compressor  not available
[  564.675398][T14406] random: crng reseeded on system resumption
[  565.310517][T14419] netlink: 'syz.6.1753': attribute type 3 has an invalid length.
[  565.834358][T14429] nvme_fabrics: missing parameter 'transport=%s'
[  565.877746][T14429] nvme_fabrics: missing parameter 'nqn=%s'
[  566.456463][ T5913] Process accounting resumed
[  566.660644][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  566.666955][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  566.847527][T14463] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0
[  568.716644][ T5147] Bluetooth: hci0: command 0x0406 tx timeout
[  569.193686][T14503] netlink: 'syz.5.1768': attribute type 3 has an invalid length.
[  569.687120][T14510] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7fe00
[  569.730402][T14510] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  569.769801][T14510] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  569.806150][T14510] page_type: f5(slab)
[  569.830745][T14510] raw: 00fff00000000040 ffff88813ff27140 0000000000000000 dead000000000001
[  569.872222][T14510] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  569.910565][T14510] head: 00fff00000000040 ffff88813ff27140 0000000000000000 dead000000000001
[  569.950290][T14510] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  569.987687][T14510] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff
[  570.031819][T14510] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  570.065190][T14510] page dumped because: unmovable page
[  570.084122][T14510] page_owner tracks the page as allocated
[  570.104859][T14510] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2988, tgid 2988 (kworker/u8:7), ts 338412440729, free_ts 338334392554
[  570.171651][T14510]  post_alloc_hook+0x1e1/0x250
[  570.192368][T14510]  get_page_from_freelist+0xe3d/0x2e10
[  570.211978][T14510]  __alloc_frozen_pages_noprof+0x26c/0x2410
[  570.232242][T14510]  alloc_pages_mpol+0x1fb/0x550
[  570.249501][T14510]  new_slab+0x2c4/0x440
[  570.261245][T14510]  ___slab_alloc+0xda3/0x1ca0
[  570.280351][T14510]  __slab_alloc.isra.0+0x63/0x110
[  570.290408][T14510]  __kmalloc_node_track_caller_noprof+0x629/0x9d0
[  570.318398][T14510]  kmalloc_reserve+0xef/0x2c0
[  570.333341][T14510]  __alloc_skb+0x186/0x410
[  570.350781][T14510]  nsim_dev_trap_report_work+0x2af/0xd10
[  570.366650][T14510]  process_one_work+0x9c2/0x1840
[  570.396899][T14510]  worker_thread+0x5da/0xe40
[  570.415855][T14510]  kthread+0x3b3/0x730
[  570.419989][T14510]  ret_from_fork+0x754/0xaf0
[  570.444890][T14510]  ret_from_fork_asm+0x1a/0x30
[  570.449722][T14510] page last free pid 5812 tgid 5812 stack trace:
[  570.480225][T14510]  __free_frozen_pages+0x822/0x1130
[  570.495604][T14510]  __folio_put+0x3b4/0x540
[  570.515917][T14510]  put_netmem+0x294/0x320
[  570.529937][T14510]  skb_release_data+0x4b2/0x700
[  570.545381][T14510]  __kfree_skb+0x4f/0x70
[  570.549706][T14510]  tcp_ack+0x1e83/0x6040
[  570.576224][T14510]  tcp_rcv_established+0x1058/0x36c0
[  570.592902][T14510]  tcp_v4_do_rcv+0xc64/0x10a0
[  570.609560][T14510]  __release_sock+0x35a/0x440
[  570.624462][T14510]  release_sock+0x5a/0x220
[  570.628937][T14510]  tcp_sendmsg+0x38/0x50
[  570.659504][T14510]  inet_sendmsg+0xb9/0x140
[  570.668002][T14510]  sock_write_iter+0x509/0x610
[  570.684873][T14510]  vfs_write+0x6ac/0x1070
[  570.699295][T14510]  ksys_write+0x1f8/0x250
[  570.715488][T14510]  do_syscall_64+0xc9/0xf80
[  570.760743][T14508] kexec: Could not allocate control_code_buffer
[  571.398626][T14523] netlink: 'syz.5.1772': attribute type 3 has an invalid length.
[  572.004901][T14534] netlink: 'syz.1.1774': attribute type 3 has an invalid length.
[  573.688143][T14575] nvme_fabrics: missing parameter 'transport=%s'
[  573.704737][T14575] nvme_fabrics: missing parameter 'nqn=%s'
[  573.806716][T14086] Bluetooth: hci5: command 0x0406 tx timeout
[  573.940394][T14563] Process accounting paused
[  574.197540][ T5147] Bluetooth: hci5: unexpected event 0x3e length: 726 > 260
[  574.197566][ T5147] Bluetooth: hci5: unexpected subevent 0x0d length: 725 > 260
[  574.215305][ T5147] Bluetooth: hci5: Unknown advertising packet type: 0x7f
[  574.215342][ T5147] Bluetooth: hci5: adv larger than maximum supported
[  574.222426][ T5147] Bluetooth: hci5: Unknown advertising packet type: 0x1f
[  574.230437][ T5147] Bluetooth: hci5: Malformed LE Event: 0x0d
[  575.353008][T14580] kexec: Could not allocate control_code_buffer
[  575.624596][ T5939] Process accounting resumed
[  578.426990][T14671] openvswitch: netlink: IP tunnel dst address not specified
[  578.723077][T14677] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1806'.
[  580.436904][T14709] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1814'.
[  581.591758][T14731] can: request_module (can-proto-5) failed.
[  582.012005][T14749] binder: 14747:14749 ioctl 400c620e 0 returned -14
[  582.477795][T14749] FAULT_INJECTION: forcing a failure.
[  582.477795][T14749] name failslab, interval 1, probability 0, space 0, times 0
[  582.637014][T14749] CPU: 0 UID: 0 PID: 14749 Comm: syz.5.1824 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  582.637053][T14749] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  582.637059][T14749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  582.637068][T14749] Call Trace:
[  582.637074][T14749]  <TASK>
[  582.637080][T14749]  dump_stack_lvl+0x100/0x190
[  582.637103][T14749]  should_fail_ex.cold+0x5/0xa
[  582.637129][T14749]  should_failslab+0xc2/0x120
[  582.637149][T14749]  __kmalloc_cache_noprof+0x80/0x810
[  582.637165][T14749]  ? __v4l2_subdev_state_alloc+0x53/0x410
[  582.637192][T14749]  ? __v4l2_subdev_state_alloc+0x53/0x410
[  582.637214][T14749]  __v4l2_subdev_state_alloc+0x53/0x410
[  582.637239][T14749]  subdev_open+0xa6/0x510
[  582.637264][T14749]  v4l2_open+0x1d2/0x490
[  582.637282][T14749]  ? __pfx_v4l2_open+0x10/0x10
[  582.637299][T14749]  chrdev_open+0x234/0x6a0
[  582.637316][T14749]  ? __pfx_apparmor_file_open+0x10/0x10
[  582.637336][T14749]  ? __pfx_chrdev_open+0x10/0x10
[  582.637354][T14749]  ? fsnotify_open_perm_and_set_mode+0x17a/0xa80
[  582.637376][T14749]  do_dentry_open+0x73e/0x1570
[  582.637393][T14749]  ? __pfx_chrdev_open+0x10/0x10
[  582.637411][T14749]  ? security_inode_permission+0xbf/0x250
[  582.637436][T14749]  vfs_open+0x82/0x3f0
[  582.637458][T14749]  path_openat+0x21dc/0x3120
[  582.637482][T14749]  ? __pfx_path_openat+0x10/0x10
[  582.637505][T14749]  do_filp_open+0x1f7/0x420
[  582.637523][T14749]  ? __pfx_do_filp_open+0x10/0x10
[  582.637552][T14749]  ? _raw_spin_unlock+0x28/0x50
[  582.637566][T14749]  ? alloc_fd+0x476/0x790
[  582.637587][T14749]  do_sys_openat2+0x12e/0x220
[  582.637608][T14749]  ? __pfx_do_sys_openat2+0x10/0x10
[  582.637631][T14749]  ? blkcg_maybe_throttle_current+0x5df/0xeb0
[  582.637654][T14749]  __x64_sys_openat+0x12d/0x210
[  582.637676][T14749]  ? __pfx___x64_sys_openat+0x10/0x10
[  582.637696][T14749]  ? xfd_validate_state+0x129/0x190
[  582.637725][T14749]  do_syscall_64+0xc9/0xf80
[  582.637743][T14749]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  582.637759][T14749] RIP: 0033:0x7feee279aeb9
[  582.637772][T14749] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  582.637787][T14749] RSP: 002b:00007feee357c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  582.637802][T14749] RAX: ffffffffffffffda RBX: 00007feee2a15fa0 RCX: 00007feee279aeb9
[  582.637812][T14749] RDX: 00000000000e0800 RSI: 00002000000000c0 RDI: ffffffffffffff9c
[  582.637822][T14749] RBP: 00007feee2808c1f R08: 0000000000000000 R09: 0000000000000000
[  582.637831][T14749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  582.637840][T14749] R13: 00007feee2a16038 R14: 00007feee2a15fa0 R15: 00007ffd355271c8
[  582.637860][T14749]  </TASK>
[  584.000405][T14779] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1830'.
[  584.900396][T14795] netlink: 334 bytes leftover after parsing attributes in process `syz.4.1833'.
[  585.465535][T14809] block2mtd: illegal erase size
[  585.477183][T14805] netlink: 'syz.4.1835': attribute type 3 has an invalid length.
[  585.506605][T14809] vhci_hcd: not connected 4
[  586.084664][T14822] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1840'.
[  586.801204][T14839] FAULT_INJECTION: forcing a failure.
[  586.801204][T14839] name failslab, interval 1, probability 0, space 0, times 0
[  586.858300][T14839] CPU: 0 UID: 0 PID: 14839 Comm: syz.5.1846 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  586.858329][T14839] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  586.858335][T14839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  586.858345][T14839] Call Trace:
[  586.858350][T14839]  <TASK>
[  586.858356][T14839]  dump_stack_lvl+0x100/0x190
[  586.858379][T14839]  should_fail_ex.cold+0x5/0xa
[  586.858405][T14839]  should_failslab+0xc2/0x120
[  586.858425][T14839]  __kmalloc_cache_noprof+0x80/0x810
[  586.858441][T14839]  ? __vb2_init_fileio+0x18f/0xff0
[  586.858466][T14839]  ? __vb2_init_fileio+0x18f/0xff0
[  586.858487][T14839]  __vb2_init_fileio+0x18f/0xff0
[  586.858507][T14839]  ? lockdep_hardirqs_on+0x78/0x100
[  586.858526][T14839]  ? __pollwait+0x276/0x470
[  586.858542][T14839]  vb2_core_poll+0x611/0x740
[  586.858564][T14839]  vb2_poll+0x4b/0xe0
[  586.858589][T14839]  vb2_fop_poll+0x10e/0x350
[  586.858611][T14839]  ? __pfx_vb2_fop_poll+0x10/0x10
[  586.858631][T14839]  v4l2_poll+0x15f/0x220
[  586.858650][T14839]  ? __pfx_v4l2_poll+0x10/0x10
[  586.858667][T14839]  do_sys_poll+0x6e5/0xeb0
[  586.858689][T14839]  ? __pfx_do_sys_poll+0x10/0x10
[  586.858720][T14839]  ? __futex_wait+0x256/0x300
[  586.858735][T14839]  ? __pfx___pollwait+0x10/0x10
[  586.858751][T14839]  ? __pfx_pollwake+0x10/0x10
[  586.858793][T14839]  ? ktime_get_ts64+0x2d2/0x3f0
[  586.858811][T14839]  ? read_tsc+0x9/0x20
[  586.858828][T14839]  ? ktime_get_ts64+0x256/0x3f0
[  586.858848][T14839]  ? poll_select_set_timeout+0xcc/0x160
[  586.858866][T14839]  __x64_sys_poll+0x1a6/0x440
[  586.858881][T14839]  ? __pfx___x64_sys_poll+0x10/0x10
[  586.858902][T14839]  do_syscall_64+0xc9/0xf80
[  586.858921][T14839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  586.858936][T14839] RIP: 0033:0x7feee279aeb9
[  586.858949][T14839] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  586.858963][T14839] RSP: 002b:00007feee357c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000007
[  586.858978][T14839] RAX: ffffffffffffffda RBX: 00007feee2a15fa0 RCX: 00007feee279aeb9
[  586.858988][T14839] RDX: 0000000000000007 RSI: 0000000000000003 RDI: 0000200000000480
[  586.858997][T14839] RBP: 00007feee2808c1f R08: 0000000000000000 R09: 0000000000000000
[  586.859007][T14839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  586.859016][T14839] R13: 00007feee2a16038 R14: 00007feee2a15fa0 R15: 00007ffd355271c8
[  586.859036][T14839]  </TASK>
[  588.083614][T14857] netlink: 'syz.6.1853': attribute type 3 has an invalid length.
[  588.779314][T14873] FAULT_INJECTION: forcing a failure.
[  588.779314][T14873] name failslab, interval 1, probability 0, space 0, times 0
[  588.843391][T14873] CPU: 0 UID: 0 PID: 14873 Comm: syz.5.1856 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  588.843422][T14873] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  588.843428][T14873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  588.843437][T14873] Call Trace:
[  588.843443][T14873]  <TASK>
[  588.843450][T14873]  dump_stack_lvl+0x100/0x190
[  588.843473][T14873]  should_fail_ex.cold+0x5/0xa
[  588.843502][T14873]  should_failslab+0xc2/0x120
[  588.843527][T14873]  ? drm_atomic_state_init+0x183/0x540
[  588.843545][T14873]  __kmalloc_noprof+0xf6/0x9c0
[  588.843566][T14873]  ? drm_atomic_state_init+0x183/0x540
[  588.843585][T14873]  drm_atomic_state_init+0x183/0x540
[  588.843602][T14873]  ? kasan_save_track+0x14/0x30
[  588.843622][T14873]  drm_atomic_state_alloc+0xd3/0x120
[  588.843641][T14873]  drm_client_modeset_commit_atomic+0xcc/0x7e0
[  588.843662][T14873]  ? trace_contention_end+0xd6/0x110
[  588.843683][T14873]  ? __mutex_lock+0x26a/0x1b90
[  588.843701][T14873]  ? __mutex_lock+0x26a/0x1b90
[  588.843718][T14873]  ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10
[  588.843739][T14873]  ? drm_master_internal_acquire+0x21/0x80
[  588.843781][T14873]  drm_client_modeset_commit_locked+0x14d/0x580
[  588.843805][T14873]  drm_client_modeset_commit+0x4f/0x80
[  588.843825][T14873]  __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160
[  588.843849][T14873]  drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0
[  588.843871][T14873]  drm_fbdev_client_restore+0x1b/0x30
[  588.843888][T14873]  ? __pfx_drm_fbdev_client_restore+0x10/0x10
[  588.843904][T14873]  drm_client_dev_restore+0x205/0x2a0
[  588.843927][T14873]  drm_release+0x2c6/0x360
[  588.843945][T14873]  ? __pfx_drm_release+0x10/0x10
[  588.843963][T14873]  __fput+0x3ff/0xb40
[  588.843987][T14873]  task_work_run+0x150/0x240
[  588.844010][T14873]  ? __pfx_task_work_run+0x10/0x10
[  588.844038][T14873]  exit_to_user_mode_loop+0x100/0x4b0
[  588.844058][T14873]  ? rcu_is_watching+0x12/0xc0
[  588.844073][T14873]  do_syscall_64+0x4ea/0xf80
[  588.844092][T14873]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  588.844107][T14873] RIP: 0033:0x7feee279aeb9
[  588.844121][T14873] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  588.844136][T14873] RSP: 002b:00007feee357c028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  588.844152][T14873] RAX: 0000000000000000 RBX: 00007feee2a15fa0 RCX: 00007feee279aeb9
[  588.844161][T14873] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002
[  588.844170][T14873] RBP: 00007feee2808c1f R08: 0000000000000000 R09: 0000000000000000
[  588.844179][T14873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  588.844188][T14873] R13: 00007feee2a16038 R14: 00007feee2a15fa0 R15: 00007ffd355271c8
[  588.844210][T14873]  </TASK>
[  589.939298][T14886] netlink: 342 bytes leftover after parsing attributes in process `syz.6.1859'.
[  590.377666][T14893] FAULT_INJECTION: forcing a failure.
[  590.377666][T14893] name failslab, interval 1, probability 0, space 0, times 0
[  590.417678][T14893] CPU: 0 UID: 0 PID: 14893 Comm: syz.6.1861 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  590.417707][T14893] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  590.417713][T14893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  590.417722][T14893] Call Trace:
[  590.417728][T14893]  <TASK>
[  590.417734][T14893]  dump_stack_lvl+0x100/0x190
[  590.417757][T14893]  should_fail_ex.cold+0x5/0xa
[  590.417783][T14893]  should_failslab+0xc2/0x120
[  590.417803][T14893]  ? tomoyo_realpath_from_path+0xb6/0x690
[  590.417818][T14893]  __kmalloc_noprof+0xf6/0x9c0
[  590.417832][T14893]  ? kfree+0x2a9/0x690
[  590.417849][T14893]  ? tomoyo_realpath_from_path+0xb6/0x690
[  590.417864][T14893]  tomoyo_realpath_from_path+0xb6/0x690
[  590.417883][T14893]  tomoyo_check_open_permission+0x2af/0x3c0
[  590.417905][T14893]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  590.417943][T14893]  ? lock_acquire+0x17c/0x330
[  590.417962][T14893]  ? find_held_lock+0x2b/0x80
[  590.417981][T14893]  tomoyo_file_open+0x6b/0x90
[  590.417999][T14893]  security_file_open+0xb5/0x1e0
[  590.418012][T14893]  do_dentry_open+0x58c/0x1570
[  590.418034][T14893]  ? security_inode_permission+0xbf/0x250
[  590.418059][T14893]  vfs_open+0x82/0x3f0
[  590.418081][T14893]  path_openat+0x21dc/0x3120
[  590.418104][T14893]  ? __pfx_path_openat+0x10/0x10
[  590.418128][T14893]  do_filp_open+0x1f7/0x420
[  590.418147][T14893]  ? __pfx_do_filp_open+0x10/0x10
[  590.418177][T14893]  ? _raw_spin_unlock+0x28/0x50
[  590.418191][T14893]  ? alloc_fd+0x476/0x790
[  590.418222][T14893]  do_sys_openat2+0x12e/0x220
[  590.418244][T14893]  ? __pfx_do_sys_openat2+0x10/0x10
[  590.418274][T14893]  __x64_sys_openat+0x12d/0x210
[  590.418297][T14893]  ? __pfx___x64_sys_openat+0x10/0x10
[  590.418317][T14893]  ? xfd_validate_state+0x129/0x190
[  590.418347][T14893]  do_syscall_64+0xc9/0xf80
[  590.418365][T14893]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  590.418380][T14893] RIP: 0033:0x7fd03b79aeb9
[  590.418393][T14893] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  590.418407][T14893] RSP: 002b:00007fd03c684028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  590.418425][T14893] RAX: ffffffffffffffda RBX: 00007fd03ba16090 RCX: 00007fd03b79aeb9
[  590.418435][T14893] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  590.418444][T14893] RBP: 00007fd03b808c1f R08: 0000000000000000 R09: 0000000000000000
[  590.418454][T14893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  590.418463][T14893] R13: 00007fd03ba16128 R14: 00007fd03ba16090 R15: 00007ffc3ef03428
[  590.418483][T14893]  </TASK>
[  590.418508][T14893] ERROR: Out of memory at tomoyo_realpath_from_path.
[  591.483674][   T31] INFO: task syz.2.1301:12166 blocked for more than 143 seconds.
[  591.491566][   T31]       Tainted: G     U       L      syzkaller #0
[  591.520338][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  591.565513][   T31] task:syz.2.1301      state:D stack:27464 pid:12166 tgid:12165 ppid:5825   task_flags:0x400140 flags:0x00080002
[  591.620811][   T31] Call Trace:
[  591.640090][   T31]  <TASK>
[  591.708950][   T31]  ? __schedule+0xf65/0x5e10
[  591.740640][   T31]  __schedule+0xfe4/0x5e10
[  591.759793][   T31]  ? __lock_acquire+0x4a5/0x2630
[  591.785020][   T31]  ? __pfx___schedule+0x10/0x10
[  591.800145][   T31]  ? find_held_lock+0x2b/0x80
[  591.816208][   T31]  ? schedule+0x2bf/0x390
[  591.830691][   T31]  schedule+0xdd/0x390
[  591.843564][   T31]  schedule_preempt_disabled+0x13/0x30
[  591.861490][   T31]  __mutex_lock+0xc9a/0x1b90
[  591.880672][   T31]  ? netlink_unicast+0x5aa/0x870
[  591.897713][   T31]  ? ___sys_sendmsg+0x190/0x1e0
[  591.915802][   T31]  ? nfsd_nl_listener_set_doit+0xd5/0x1b20
[  591.934665][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  591.953942][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  591.971383][   T31]  ? __asan_memset+0x23/0x50
[  591.988793][   T31]  ? __nla_validate_parse+0x1e7/0x28b0
[  592.009435][   T31]  ? nfsd_nl_listener_set_doit+0xd5/0x1b20
[  592.033638][   T31]  nfsd_nl_listener_set_doit+0xd5/0x1b20
[  592.069799][   T31]  ? genl_family_rcv_msg_attrs_parse.isra.0+0xc8/0x290
[  592.101169][   T31]  ? rcu_is_watching+0x12/0xc0
[  592.125966][   T31]  ? genl_family_rcv_msg_attrs_parse.isra.0+0xc8/0x290
[  592.146127][   T31]  ? trace_kmalloc+0x83/0xb0
[  592.161765][   T31]  ? __kmalloc_noprof+0x365/0x9c0
[  592.178418][   T31]  ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10
[  592.219970][   T31]  ? __nla_parse+0x40/0x60
[  592.233502][   T31]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x290
[  592.265037][   T31]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x1b4/0x290
[  592.306897][   T31]  genl_family_rcv_msg_doit+0x214/0x300
[  592.337648][   T31]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  592.345976][   T31]  ? genl_get_cmd+0x3ef/0x720
[  592.361806][   T31]  ? bpf_lsm_capable+0x9/0x10
[  592.377242][   T31]  ? security_capable+0x80/0x260
[  592.394272][   T31]  genl_rcv_msg+0x560/0x800
[  592.407712][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  592.427426][   T31]  ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10
[  592.447963][   T31]  netlink_rcv_skb+0x159/0x420
[  592.463746][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  592.480979][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  592.506816][   T31]  ? netlink_deliver_tap+0x1ae/0xcc0
[  592.513289][   T31]  genl_rcv+0x28/0x40
[  592.530379][   T31]  netlink_unicast+0x5aa/0x870
[  592.548681][   T31]  ? __pfx_netlink_unicast+0x10/0x10
[  592.564907][   T31]  netlink_sendmsg+0x8b0/0xda0
[  592.581242][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  592.598609][   T31]  ? __import_iovec+0x1d2/0x640
[  592.608994][   T31]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  592.622522][   T31]  ____sys_sendmsg+0xa54/0xc30
[  592.632835][   T31]  ? __pfx_____sys_sendmsg+0x10/0x10
[  592.647057][   T31]  ? __pfx___futex_wait+0x10/0x10
[  592.658192][   T31]  ? __pfx_futex_wake_mark+0x10/0x10
[  592.669048][   T31]  ___sys_sendmsg+0x190/0x1e0
[  592.679377][   T31]  ? __pfx____sys_sendmsg+0x10/0x10
[  592.695835][   T31]  ? find_held_lock+0x2b/0x80
[  592.701699][   T31]  __sys_sendmsg+0x170/0x220
[  592.711830][   T31]  ? __pfx___sys_sendmsg+0x10/0x10
[  592.723010][   T31]  ? __x64_sys_futex+0x34f/0x4d0
[  592.733731][   T31]  do_syscall_64+0xc9/0xf80
[  592.743868][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  592.762755][   T31] RIP: 0033:0x7ff8d0f9aeb9
[  592.772952][   T31] RSP: 002b:00007ff8d1dab028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  592.795340][   T31] RAX: ffffffffffffffda RBX: 00007ff8d1215fa0 RCX: 00007ff8d0f9aeb9
[  592.808831][   T31] RDX: 0000000006000000 RSI: 0000200000003140 RDI: 0000000000000003
[  592.826205][   T31] RBP: 00007ff8d1008c1f R08: 0000000000000000 R09: 0000000000000000
[  592.845218][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  592.862068][   T31] R13: 00007ff8d1216038 R14: 00007ff8d1215fa0 R15: 00007ffc1c4f5f88
[  592.880460][   T31]  </TASK>
[  592.887417][   T31] 
[  592.887417][   T31] Showing all locks held in the system:
[  592.933652][   T31] 1 lock held by pool_workqueue_/3:
[  592.943369][   T31]  #0: ffffffff8e5ef8f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x27f/0x3c0
[  592.967111][   T31] 1 lock held by khungtaskd/31:
[  592.983954][   T31]  #0: ffffffff8e5e3120 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184
[  593.006515][   T31] 2 locks held by getty/9799:
[  593.016697][   T31]  #0: ffff88814dd810a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  593.039644][   T31]  #1: ffffc9000f9252f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500
[  593.060779][   T31] 2 locks held by syz.3.1295/12147:
[  593.071564][   T31]  #0: ffffffff904a2850 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  593.096741][   T31]  #1: ffffffff8ea470e8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x687/0xbc0
[  593.118405][   T31] 2 locks held by syz.2.1301/12166:
[  593.131530][   T31]  #0: ffffffff904a2850 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  593.149063][   T31]  #1: ffffffff8ea470e8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0xd5/0x1b20
[  593.170042][   T31] 6 locks held by kworker/u8:22/14056:
[  593.181115][   T31]  #0: ffff88801c29f148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x11ae/0x1840
[  593.208806][   T31]  #1: ffffc9000ad7fc98 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x927/0x1840
[  593.231382][   T31]  #2: ffffffff903dd0b0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xab/0x830
[  593.253247][   T31]  #3: ffffffff903f59e8 (rtnl_mutex){+.+.}-{4:4}, at: caif_exit_net+0x60/0x3a0
[  593.269936][   T31]  #4: ffff88814236c580 (&caifn->caifdevs.lock){+.+.}-{4:4}, at: caif_exit_net+0x77/0x3a0
[  593.290631][   T31]  #5: ffffffff8e5ef8f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0
[  593.316587][   T31] 3 locks held by syz.4.1845/14866:
[  593.330860][   T31] 1 lock held by syz.1.1854/14871:
[  593.341738][   T31]  #0: ffffffff903dd0b0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0
[  593.362790][   T31] 2 locks held by syz.4.1863/14904:
[  593.376498][   T31] 
[  593.404128][   T31] =============================================
[  593.404128][   T31] 
[  593.438831][   T31] NMI backtrace for cpu 0
[  593.438851][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  593.438874][   T31] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  593.438880][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  593.438889][   T31] Call Trace:
[  593.438894][   T31]  <TASK>
[  593.438901][   T31]  dump_stack_lvl+0x100/0x190
[  593.438923][   T31]  nmi_cpu_backtrace.cold+0x12d/0x151
[  593.438948][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  593.438973][   T31]  nmi_trigger_cpumask_backtrace+0x1d7/0x230
[  593.438998][   T31]  sys_info+0x141/0x190
[  593.439016][   T31]  watchdog+0xcc3/0xfe0
[  593.439037][   T31]  ? __pfx_watchdog+0x10/0x10
[  593.439052][   T31]  ? __kthread_parkme+0x18c/0x230
[  593.439070][   T31]  ? __pfx_watchdog+0x10/0x10
[  593.439086][   T31]  ? __pfx_watchdog+0x10/0x10
[  593.439099][   T31]  kthread+0x3b3/0x730
[  593.439120][   T31]  ? __pfx_kthread+0x10/0x10
[  593.439139][   T31]  ? ret_from_fork+0x79/0xaf0
[  593.439152][   T31]  ? ret_from_fork+0x79/0xaf0
[  593.439165][   T31]  ? rcu_is_watching+0x12/0xc0
[  593.439179][   T31]  ? __pfx_kthread+0x10/0x10
[  593.439200][   T31]  ret_from_fork+0x754/0xaf0
[  593.439214][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  593.439229][   T31]  ? __switch_to+0x7b9/0x10c0
[  593.439247][   T31]  ? __pfx_kthread+0x10/0x10
[  593.439268][   T31]  ret_from_fork_asm+0x1a/0x30
[  593.439297][   T31]  </TASK>
[  593.895192][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  593.902070][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  593.912733][   T31] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  593.917905][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  593.927938][   T31] Call Trace:
[  593.931200][   T31]  <TASK>
[  593.934112][   T31]  dump_stack_lvl+0x100/0x190
[  593.938776][   T31]  vpanic+0x20d/0x630
[  593.942751][   T31]  panic+0xd1/0xd1
[  593.946456][   T31]  ? __pfx_panic+0x10/0x10
[  593.950856][   T31]  ? nmi_trigger_cpumask_backtrace+0x1b5/0x230
[  593.957000][   T31]  ? nmi_trigger_cpumask_backtrace+0x1f6/0x230
[  593.963143][   T31]  ? nmi_trigger_cpumask_backtrace+0x200/0x230
[  593.969310][   T31]  ? watchdog.cold+0x198/0x1ca
[  593.974060][   T31]  ? watchdog+0xcd3/0xfe0
[  593.978375][   T31]  watchdog.cold+0x1a9/0x1ca
[  593.982952][   T31]  ? __pfx_watchdog+0x10/0x10
[  593.987621][   T31]  ? __kthread_parkme+0x18c/0x230
[  593.992631][   T31]  ? __pfx_watchdog+0x10/0x10
[  593.997290][   T31]  ? __pfx_watchdog+0x10/0x10
[  594.001948][   T31]  kthread+0x3b3/0x730
[  594.006006][   T31]  ? __pfx_kthread+0x10/0x10
[  594.010598][   T31]  ? ret_from_fork+0x79/0xaf0
[  594.015257][   T31]  ? ret_from_fork+0x79/0xaf0
[  594.019916][   T31]  ? rcu_is_watching+0x12/0xc0
[  594.024665][   T31]  ? __pfx_kthread+0x10/0x10
[  594.029243][   T31]  ret_from_fork+0x754/0xaf0
[  594.033816][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  594.038911][   T31]  ? __switch_to+0x7b9/0x10c0
[  594.043576][   T31]  ? __pfx_kthread+0x10/0x10
[  594.048154][   T31]  ret_from_fork_asm+0x1a/0x30
[  594.052916][   T31]  </TASK>
[  594.055977][   T31] Kernel Offset: disabled
[  594.060286][   T31] Rebooting in 86400 seconds..