last executing test programs:

34.060448777s ago: executing program 1 (id=83):
r0 = openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/smaps\x00', 0x0, 0x0)
r1 = bpf$auto_BPF_OBJ_GET(0x7, &(0x7f0000000040)=@iter_create={r0, 0x4}, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000040), 0x12a382, 0x0)
write$auto_split_huge_pages_fops_huge_memory(r2, &(0x7f0000000100)='1', 0x1)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0xc800)
mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000a, 0x40010, r1, 0x0)
r3 = ioctl$auto_TUNSETVNETLE2(0xffffffffffffffff, 0x400454dc, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_L2TP_CMD_SESSION_DELETE(r3, 0x0, 0x20000000)
pread64$auto(0xffffffffffffffff, 0x0, 0x2, 0x100000005)
openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x121900, 0x0)
r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
ioctl$auto(0xffffffffffffffff, 0x5410, 0xffffffffffffffff)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x10000, 0x7, 0xf, 0x40000000008fd6, 0x948b, 0x7, 0x15f4da0a, 0x3, 0x3, 0x62, 0x4, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000001100)=""/192, 0xc0)
write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
madvise$auto(0x0, 0x2000040080000004, 0xe)
mmap$auto(0x0, 0x2, 0xffffffffffffffff, 0x40eb1, 0x602, 0x300000000000)
move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2)

24.427019391s ago: executing program 1 (id=109):
socket(0x10, 0x2, 0x4)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'dummy0\x00'})
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0)
sendfile$auto(r1, r1, 0x0, 0x7)
mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000)
mmap$auto(0xffffffffffffff00, 0x400008, 0xe2, 0x9b72, r0, 0x0)
migrate_pages$auto(0x0, 0x99, 0x0, &(0x7f00000001c0)=0x7b)
r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80e42, 0x0)
ioctl$auto_SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f00000001c0))
r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0)
ioctl$auto_SNDCTL_DSP_SYNC(r3, 0x5001, 0x0)
close_range$auto(0x2, 0x8, 0x0)

11.64550529s ago: executing program 0 (id=134):
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyd8\x00', 0x1, 0x0)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sda1\x00', 0x0, 0x0)
preadv2$auto(0x3, 0x0, 0x5, 0xffffffffffffffff, 0x7, 0x2e)
write$auto_tty_fops_tty_io(r0, &(0x7f0000000200)="352c8efa610c0bcf83a4ebdb040000000000000021cb244b19a48bb5e0d12df9735b745b9554dfb0ad77a37be296ebe6f598901d632a206d9bb056d8c8d9a5b4cf165c931477ba53f3a80c522fc11555ea", 0x51)
mmap$auto(0x0, 0x6, 0x2, 0x40eb4, r1, 0x308000000000)
ioctl$auto(0xffffffffffffffff, 0x8912, 0x38)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000)
ustat$auto(0x801, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
writev$auto(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x40}, 0x8)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x9)
madvise$auto(0x0, 0x2003f0, 0x15)
mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0xff1, 0x8000)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000)
process_vm_readv$auto(0x0, &(0x7f0000000180)={&(0x7f0000000140)="6845cf66e03cd0cb755f33db61d1604f3e161c3135a05672911b206d8bcb", 0xf1}, 0x0, 0x0, 0xfffffffffffffffc, 0x21)
sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3, 0x0)
getpid()
r3 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/usb/usbmon/0u\x00', 0x32082, 0x0)
pread64$auto(r3, 0x0, 0x3fffffd, 0x9)
read$auto_mon_fops_text_t_mon_text(r3, 0x0, 0x60)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x103581, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0x0, 0x0)
openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/numa_maps\x00', 0x200, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
memfd_create$auto(0x0, 0xe)
socket(0xa, 0x801, 0x106)

10.49278191s ago: executing program 0 (id=136):
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000)
socket(0x1b, 0x3, 0x1)
madvise$auto(0x0, 0x2000040080000004, 0xe)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
r0 = openat$auto_event_inject_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/inject\x00', 0x391400, 0x0)
write$auto(r0, &(0x7f0000000040), 0x80000003)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0)
readv$auto(0x3, 0x0, 0x1)
mmap$auto(0xf728, 0x8000000000000, 0xfffffffffffffffe, 0x11, r2, 0x1)
socket(0x5, 0xa, 0x2000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x1000, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
sendfile$auto(0x1, 0x3, 0x0, 0xd551)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001180)='/sys/devices/virtual/block/zram0/compact\x00', 0x20001, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r4 = setfsuid$auto(0xee00)
setresuid$auto(r4, 0x0, r4)
write$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000000)="b2", 0x1)

9.149140841s ago: executing program 0 (id=138):
socket(0x2, 0x801, 0x100)
bind$auto(0x3, &(0x7f0000000040)=@l2tp={0x2, 0x0, @private=0xa010102, 0x3}, 0x6a)
mmap$auto(0x0, 0x400008, 0xb23, 0x9b72, 0x2, 0x8000)
socket(0x25, 0x1, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x800, 0x0)
r0 = fcntl$auto(0x3, 0x4, 0xa553)
sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x1, 0x9}, 0x80000001}, 0x7, 0x0)
connect$auto(0x3, &(0x7f0000000180)=@in={0x2, 0x3, @empty}, 0x51)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto_TCFLSH2(r0, 0x540b, 0xfffffffffffffffd)
socket(0xf, 0x3, 0x2)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/midiC2D0\x00', 0x20a843, 0x0)
r2 = prctl$auto(0x3c, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0)
ioctl$auto_SNDRV_PCM_IOCTL_CHANNEL_INFO(r2, 0x80184132, &(0x7f0000000140)={0x8000, 0xa14c, 0x1, 0x5})
write$auto(r1, &(0x7f00000001c0)='/`ev/audio1\xddY\xcd\xff\xbem\xd510\xce\xe2vk\"\xf9%\xff\xeb~J\x81\x84\x8b\xa1\xcf)\x1a;\b\xa6\x139f\xb0r&\xad\"N\xacY1\xc6\xc06\"\x89\xe6<\x8b\xffp-\x0e\xcbS\xcf]E\x91\x822!\"\a', 0x100000a3d9)
select$auto(0x200000f, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3, 0x8000001f, 0x2, 0x6d3e, 0x9, 0xff, 0x6]}, 0x0)
r3 = fsopen$auto(0x0, 0x1)
syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff)
socket(0xa, 0x5, 0x94)
mmap$auto(0x0, 0x400108, 0xdf, 0x4009b72, r3, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x1, 0x84)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0x10, 0x2, 0x14)
socket(0x11, 0x80003, 0x300)
socket(0x1d, 0x2, 0x7)

8.185739857s ago: executing program 0 (id=142):
r0 = socket(0x10, 0x2, 0x0)
r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_NL802154_CMD_NEW_INTERFACE(r0, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="01ffffff7f00fcdbdf2507"], 0x14}, 0x1, 0x0, 0x0, 0x2400c860}, 0x4000)

7.842437139s ago: executing program 0 (id=144):
r0 = openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/smaps\x00', 0x0, 0x0)
r1 = bpf$auto_BPF_OBJ_GET(0x7, &(0x7f0000000040)=@iter_create={<r2=>r0, 0x4}, 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000040), 0x12a382, 0x0)
write$auto_split_huge_pages_fops_huge_memory(r4, &(0x7f0000000100)='1', 0x1)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0xc800)
mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000a, 0x40010, r1, 0x0)
ioctl$auto_TUNSETVNETLE2(0xffffffffffffffff, 0x400454dc, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000140), r2)
sendmsg$auto_L2TP_CMD_SESSION_CREATE(r5, 0x0, 0x40)
pread64$auto(0xffffffffffffffff, 0x0, 0x2, 0x100000005)
ioctl$auto_SW_SYNC_GET_DEADLINE(0xffffffffffffffff, 0xc0105702, 0x0)
openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x121900, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dmmidi2\x00', 0x4c6a81, 0x0)
prctl$auto(0x1003e, 0x1, 0x0, 0x1, 0x0)
ioctl$auto(0xffffffffffffffff, 0x6, r2)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/can/rcvlist_sff\x00', 0x400, 0x0)
pread64$auto(r0, 0x0, 0x101fb, 0x8800000005)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x10000, 0x7, 0xf, 0x40000000008fd6, 0x948b, 0x7, 0x15f4da0a, 0x3, 0x3, 0x8000, 0x4, 0xffffffffffffff00, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
close_range$auto(r1, 0xfffffffffffff000, 0xa)
openat$auto_fuse_conn_congestion_threshold_ops_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x42000, 0x0)
socket(0x10, 0x2, 0xc)
r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
r7 = ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$auto(r3, 0x9, r7)
socket(0x25, 0x3, 0x6)
socket(0x1a, 0x2, 0x100)
openat$auto_event_trigger_fops_trace(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/trigger\x00', 0x3, 0x0)

7.149673997s ago: executing program 2 (id=145):
r0 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0)
ioctl$auto_SNAPSHOT_UNFREEZE(r0, 0x3302, 0x0)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x1, 0x0)
ioctl$auto(r1, 0x5408, r1)
r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x48041, 0x0)
sendmsg$auto_NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="000427bd7000fddf253a000000c85411c73ab3080000"], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x80)
write$auto_proc_reg_file_ops_compat_inode(r2, 0x0, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = open(&(0x7f0000000100)='./file0\x00', 0x402002, 0xb8)
read$auto_proc_single_file_operations_base(r3, &(0x7f00000000c0)=""/41, 0x29)
mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/platform/vhci_hcd.12/usb33/33-0:1.0/usb33-port3/location\x00', 0x1a1842, 0x0)
write$auto(r4, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x8)
writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000340), 0x7111}, 0x8)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
setitimer$auto(0x1, 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x200000000eb1, 0x401, 0x8000)
socket(0x10, 0x2, 0x0)
r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_MODULE_EEPROM_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000180)={0x14, r5, 0xb77b02080cac5bcb, 0x70bd2c, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x84}, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
r6 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0)
ioctl$auto_PPPIOCSMRU(r6, 0xc004743e, 0x0)
ioctl$auto_PPPIOCGIDLE64(r6, 0x8010743f, 0x0)
fadvise64$auto_POSIX_FADV_SEQUENTIAL(r0, 0x40, 0x3, 0x2)

6.288298799s ago: executing program 2 (id=147):
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000)
socket(0x1b, 0x3, 0x1)
madvise$auto(0x0, 0x2000040080000004, 0xe)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
r0 = openat$auto_event_inject_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/inject\x00', 0x391400, 0x0)
write$auto(r0, &(0x7f0000000040), 0x80000003)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0)
readv$auto(0x3, 0x0, 0x1)
mmap$auto(0xf728, 0x8000000000000, 0xfffffffffffffffe, 0x11, r2, 0x1)
socket(0x5, 0xa, 0x2000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x1000, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
sendfile$auto(0x1, 0x3, 0x0, 0xd551)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001180)='/sys/devices/virtual/block/zram0/compact\x00', 0x20001, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r4 = setfsuid$auto(0xee00)
setresuid$auto(r4, 0x0, r4)
write$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000000)="b2", 0x1)

5.605274362s ago: executing program 3 (id=148):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NFSD_CMD_LISTENER_SET(0xffffffffffffffff, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000000000)={0x1c, 0x0, 0x1, 0x870bd2b, 0x25dfdbfc, {}, [@NFSD_A_SERVER_SOCK_ADDR={0x8, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_ADDR={0x4}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc000}, 0x20000000)
socket(0x10, 0x3, 0x15)
mmap$auto(0x0, 0x20008, 0x4000000000df, 0xeb1, 0x401, 0x8000)
ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3)
r0 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r0, 0x107, 0x1ff, 0x0, 0x4)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_trace_dev_match\x00', 0x20080, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000280), r0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'dummy0\x00', <r4=>0x0})
sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002dbd7000fddbdf250c8008000100"/26, @ANYRES32=r4, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x24004840}, 0x20000044)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000380)=""/175, 0xaf)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0)
mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0x80283, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
ustat$auto(0x801, 0x0)
r5 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
ioctl$auto_TUNATTACHFILTER(r5, 0x401054d5, &(0x7f0000000180)={0x4, &(0x7f0000000140)={0x6, 0x51, 0x6, @raw=0x2}})
write$auto(0xffffffffffffffff, 0x0, 0x8)
r6 = socket(0x11, 0xa, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000001c0)={'tunl0\x00'})
listmount$auto(&(0x7f0000000040)={0x200, @inferred=r6, 0x7f, 0x2, 0x400}, 0x0, 0x6, 0x5)
r7 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/afs/rootcell\x00', 0x1cb842, 0x0)
write$auto(r7, 0x0, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000340), r6)
mbind$auto(0x7fffffff, 0x1ff, 0xc000, 0x0, 0x8, 0x6)

4.571759718s ago: executing program 2 (id=149):
r0 = openat$auto_vsock_device_ops_af_vsock(0xffffffffffffff9c, &(0x7f0000000640), 0x80, 0x0)
socket(0x25, 0x1, 0x3)
setsockopt$auto(0x3, 0x10000000084, 0x14, 0x0, 0x8)
mknod$auto(&(0x7f00000000c0)='./file0\x00', 0x1001, 0x804)
socket(0x1f, 0x6, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, 0x0, 0xa8200, 0x0)
mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'vcan0\x00', <r1=>0x0})
connect$auto(0x3, &(0x7f00000000c0)=@can={0x1d, r1}, 0x18)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0x4)
r2 = socket(0x1d, 0x2, 0x7)
r3 = socket(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r4=>0x0})
bind$auto(r2, &(0x7f0000000000)=@can={0x1d, r4}, 0x6a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'vcan0\x00', <r5=>0x0})
ioctl$auto_SOUND_MIXER_READ_DEVMASK2(0xffffffffffffffff, 0x80044dfe, &(0x7f0000000040))
connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r5}, 0x18)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x687ca0b, &(0x7f00000002c0)={0x0, 0xffcc}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0xe, 0x940, 0x1ffde, 0x3, 0x2000000000000006, 0x3, 0x8, 0x5, 0x2, 0x7, 0x1, 0x9, 0x2, 0x3, 0x7, 0xfffffffffffffffa, 0x0, 0x0, 0x0, 0x0, 0x3bc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0xd, 0xf66b]}, 0x5, 0x2)
socket(0xf, 0x2, 0x7ff)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r6 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0xffffff9e}, 0x40000)
socket(0x10, 0x2, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
poll$auto(&(0x7f0000000f80)={<r7=>r0, 0x2}, 0x98, 0x5)
ioctl$auto_IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r7, 0x7a6, 0x0)
read$auto_rfcomm_sock_debugfs_fops_(r7, &(0x7f0000000000)=""/34, 0x22)

4.5191931s ago: executing program 3 (id=150):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video0\x00', 0xc0400, 0x0)
ioctl$auto(0x3, 0x4020565a, 0x38)
r0 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binderfs/binder0\x00', 0x800, 0x0)
mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
io_uring_setup$auto(0x1, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/virtual/tty/ptys8/power/runtime_active_time\x00', 0x404140, 0x0)
pipe$auto(0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$auto(0x3, 0x4048aec9, r1)
socket(0xa, 0x1, 0x100)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen_full\x00', 0x4e8200, 0x0)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x101, 0x0)
r4 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x10303f, 0x0)
ioctl$auto_SNAPSHOT_ATOMIC_RESTORE(r4, 0x3304, 0x0)
r5 = prctl$auto(0x20000002, 0xfffffffffffffffe, 0x0, 0x9, 0x400)
ioctl$auto_OSS_GETVERSION2(r5, 0x80044d76, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3739aae7, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xd, 0x1, 0x948b, 0x1, 0x15f4da0a, 0x1, 0xffffffffd09d8d67, 0x62, 0x80000023, 0x7, 0x6d3e, 0x9, 0x2, 0x2]}, 0x0)
r6 = getpid()
process_vm_readv$auto(r6, &(0x7f0000000000)={0x0, 0xfff}, 0x3fffffffffd, &(0x7f0000000180)={&(0x7f0000000240)="5b2c581a4859a8edecd693bbb34b92869f7df2f4c29b0cadc40d85161d1540c23000e3f3262cd5ea00c7e09ac4b9770ba12872c5178614d717d3756c291f880eeb1988f3d9f407f0942d", 0x40000000001241}, 0x7, 0x0)
r7 = socket(0x23, 0x5, 0x0)
bind$auto(0xffffffffffffffff, &(0x7f0000000140)=@vsock={0x28, 0x0, 0x2710, @local}, 0x6eb)
bpf$auto_BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000340)=@task_fd_query={r6, r7, 0x8, 0xc, 0x80000000, 0x7, <r8=>r0, 0xef77, 0xff}, 0x2)
ioctl$auto_CEC_ADAP_S_PHYS_ADDR(r8, 0x40026102, &(0x7f00000001c0)=0x3)

3.482660822s ago: executing program 2 (id=151):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000002500), 0xffffffffffffffff)
keyctl$auto(0x6, 0xfffffffe, 0x0, 0x0, 0xe)
unshare$auto(0x40000080)
prctl$auto_SECCOMP_MODE_FILTER(0x4786, 0x2, 0xffffffffffffffff, 0x80000001, 0x81)
mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
read$auto(0xffffffffffffffff, 0x0, 0x20)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x183941, 0x0)
prctl$auto_PR_SET_SECCOMP(0x16, 0x7, 0xffffffffffffffff, 0xbc, 0xfff)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x80)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008)
r0 = socket(0x29, 0x2, 0x0)
r1 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000)
recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0)
ioctl$auto(r0, 0x89f0, 0x24)
socket(0xa, 0x5, 0x84)
bpf$auto(0xfffffffd, &(0x7f0000000000)=@bpf_attr_5={@target_fd=<r2=>0xffffffffffffffff, 0xffffffffffffffff, 0x1d30, 0x6, 0xffffffffffffffff, @relative_id=0x2, 0x47}, 0xa3)
sendto$auto(r2, 0x0, 0x800000000000401, 0x7f, &(0x7f00000000c0)=@generic={0xb, "e2e18340cba8fe8000"}, 0x1c)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x42000, 0x0)
ioctl$auto_NVRAM_SETCKS(r3, 0x7041, 0x0)
socket(0xa, 0x2, 0x0)
getsockopt$auto(0x3, 0x11, 0xe, 0x0, 0x0)

3.417461688s ago: executing program 1 (id=109):
socket(0x10, 0x2, 0x4)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'dummy0\x00'})
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0)
sendfile$auto(r1, r1, 0x0, 0x7)
mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000)
mmap$auto(0xffffffffffffff00, 0x400008, 0xe2, 0x9b72, r0, 0x0)
migrate_pages$auto(0x0, 0x99, 0x0, &(0x7f00000001c0)=0x7b)
r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80e42, 0x0)
ioctl$auto_SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f00000001c0))
r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0)
ioctl$auto_SNDCTL_DSP_SYNC(r3, 0x5001, 0x0)
close_range$auto(0x2, 0x8, 0x0)

3.009200668s ago: executing program 3 (id=152):
socket(0xa, 0x3, 0x100)
socket(0x2a, 0x2, 0x0)
pipe$auto(&(0x7f0000000040))
r0 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8, 0x0)
r1 = socket(0x10, 0x2, 0xc)
sendmsg$auto_TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000003740)={&(0x7f0000000000)=ANY=[@ANYBLOB="b1000000", @ANYBLOB="01002dbd70"], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x4000011)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r1, @ANYRES8=r0], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050)

2.741817594s ago: executing program 1 (id=153):
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
socket(0xa, 0x801, 0x84)
bpf$auto(0x8000000000000020, 0xffffffffffffffff, 0x0)
sendfile$auto(0x1, 0xffffffffffffffff, 0x0, 0x8fb5)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mincore$auto(0x1000, 0x2, 0x0)
mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0xa, 0x3, 0x3b)
getsockopt$auto(r0, 0x80029, 0x33, 0x0, 0x0)
setsockopt$auto(0x3, 0x10000000084, 0x16, 0x0, 0x8)

2.737230598s ago: executing program 3 (id=154):
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x60201, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000)
r0 = socket(0x1d, 0x80000, 0x0)
sendmmsg$auto(r0, 0x0, 0x7, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0x7, 0x0, 0x0, 0x0, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
r3 = getpid()
process_vm_readv$auto(r3, &(0x7f00000002c0)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0)
ioctl$auto(0x3, 0x400454ca, 0x38)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x400, 0x0)
mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000)
sysfs$auto(0x2, 0x2b, 0x0)
r4 = fsopen$auto(0x0, 0x1)
fsconfig$auto(r4, 0x8, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), r0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket(0x1, 0x800, 0x3a)
io_uring_setup$auto(0x6, 0x0)
setsockopt$auto(0x400000000000003, 0x29, 0x24, 0x0, 0x40020000)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/018/001\x00', 0x802, 0x0)
acct$auto(&(0x7f0000002a80)='/dev/binderfs/features/freeze_notification\xfe')
ioctl$auto_USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000240)={0x23, 0x83, 0x14, 0x10, 0x8, 0x2, &(0x7f00000002c0)})
fsopen$auto(0x0, 0x1)
capset$auto(&(0x7f0000000140)={0x8, r3}, &(0x7f0000000200)={0x100, 0x7, 0x2})
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x80502, 0x0)

2.257358086s ago: executing program 2 (id=155):
r0 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0)
ioctl$auto_SNAPSHOT_UNFREEZE(r0, 0x3302, 0x0)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x1, 0x0)
ioctl$auto(r1, 0x5408, r1)
r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x48041, 0x0)
sendmsg$auto_NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="000427bd7000fddf253a000000c85411c73ab3080000"], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x80)
write$auto_proc_reg_file_ops_compat_inode(r2, 0x0, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = open(&(0x7f0000000100)='./file0\x00', 0x402002, 0xb8)
read$auto_proc_single_file_operations_base(r3, &(0x7f00000000c0)=""/41, 0x29)
mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/platform/vhci_hcd.12/usb33/33-0:1.0/usb33-port3/location\x00', 0x1a1842, 0x0)
write$auto(r4, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x8)
writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000340), 0x7111}, 0x8)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
setitimer$auto(0x1, 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x200000000eb1, 0x401, 0x8000)
socket(0x10, 0x2, 0x0)
r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_MODULE_EEPROM_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000180)={0x14, r5, 0xb77b02080cac5bcb, 0x70bd2c, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x84}, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
r6 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0)
ioctl$auto_PPPIOCSMRU(r6, 0xc004743e, 0x0)
ioctl$auto_PPPIOCGIDLE64(r6, 0x8010743f, 0x0)
fadvise64$auto_POSIX_FADV_SEQUENTIAL(r0, 0x40, 0x3, 0x2)

2.200294703s ago: executing program 1 (id=156):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
rt_sigprocmask$auto(0x40, 0x0, &(0x7f0000000040)={0x6}, 0x8)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
unshare$auto(0x40000080)
r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40040, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, 0x0, 0xfff)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
r3 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, 0x0, 0x20a02, 0x0)
msync$auto(0x1ffff000, 0x1800000ff010000, 0x400000004)
listmount$auto(0x0, &(0x7f00000001c0)=0x6, 0x4, 0x101)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000100), 0xffffffffffffffff)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000062c0), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000840), r4)
openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, 0x0, 0x42a120, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
fsopen$auto(&(0x7f00000000c0)=',/\\\x00', 0x7)
sendmsg$auto_NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f0000000880)={0x1038, 0x0, 0x4, 0x70bd25, 0x3, {}, [@NL80211_ATTR_REG_INDOOR={0x4}, @NL80211_ATTR_PMK={0x2a, 0xfe, "e088cf61a66b7b8eff95763c3a980bdc5448f16e5d85f1c311ae52caeca00400cafc4ad82499"}, @NL80211_ATTR_REG_ALPHA2={0xff3, 0x21, "dada8a95d9e66b0de1655a962db68fc995fbe1733065fac1aee3d7feab922ab673a06b9bf3ebc344c56bd115f38ccb5114ca365a0675896e54fe688cc26e74100e1ce5cefa492cf026f3b7a119dae41d1781e3e5b9efbb9dd1e33653a3ef505da4018da1ea537eee98ee09321e12032256c121c32dbfad31a345f8f00c8ccbf7c24eed2755fec3be978f3928efff6c9bc540cc29d60ff25dac82bfa556626679605eb4de4aae2ec4db94e50ce2c98e863a71b4c1882d8713cfa5332899a412ab2cc0c0a7ce8f146dbf98237701e302e124e1cd5e1d4fdfcb2ab04671194ac967853c812e66d6977730acf8383af4479b1d1af3d5c3952b106fdf38780e08ee7267c0e8d6bc9e7df4f0bdc5ba8b6fb2072c07636b8088759b87a0682bccf037af3ea304bc5ccf42d1f5b9d50525885933df3cb55b68b241a03af8e41e27955c60a5d50141550aaf1d2f9da97a0dd2d11baae9a1db45825d9c9db319ae5670595766d12e927f378e185d580f668d1d0d70bcd128553f235175928fae4b72da22e1eb7713297d588054608667058c13b91dd7e4eff422780d48bff716055da7b753cd3db1d79ee5419fe64d2135bf5a582dd5846e7774e5780137fe07ae9e4b6e2414b035ada9df060df79802f07cb88fb70456fe0eeb22eed5ad256fd4df568c6f8d9824c038f158baa12d0a55b3ed3650dcd1608051ba1cfd9b1e2df5eb9982938903d8a4075a812ab02c18f192c9c45770f93379171fd0b3cc373682e8e43e67477f1ec2790874d39cd3108f9cd0e7185310afe4442c30e83c7048d49b9cc594cbea1909a459209e252cbcf5cd795f4800a9d6cc3ea0e3d4b64610f61d0906acf5347f7bc1b08f3e01f7494664e639ee5347455ff87af83dfc3556baf8b8d48111276d1c41036816e063a5a1d83e2b37ab21d11a9e06c6d452c9132a730123c73abdb3e93e4f69343c779930e042c4cfd4b0236bc7598313821ca1c52510b8fc2f622558caf2d410ef403026c0a16dc4e53674636d5710aa53ef890f7d47af5106f17d530daee18664e64e5fd44cf152af59c2facf2a4f053d61d261b8196696af91afaa2f7f7ef791812b10be7920bc053ec560d28e6e51cfe354b196a575f01731a102082b8c904bf0ae3865eac6624815de3c1159d49f84e2452ad965376c55d43f15badca4619435a982c9e337e2aebfc0dd9fcf698f7e5da4cafebbecc609e880926abc94d3917c019c66cf1032b359a0ff04374c16de692216379c9577925703a12e3a4beef6d13a7c4252ebb3bec683d5ce82a3a20fc582cc37349ed10cad6327254d24f672fc4420fc441ccdb1dc98f86c9beb06e75525efa0399a2aa00243a3a35572e06b91832fe2328075ce58b8657c1b67669f9d8ca200e382583bf95ff1bbedac7130baf4162236658736f5e6a0cb1bf7a17e7aebac078c9fbf90613160e011c935535f9692bc10463b1b1d082390a780b5f5992fc95c2d9e356d3beb6f40d99c65ead1d4d16a255d794715408c25f70039b5bbc58e8ef25a53fb6dd5162e6a1476cc8e38f81710b6143db55490d0d7d93f80c22b941c4b76c0e68764c83721fa1abc964f3794c2135dbf3c6297b13b6f610bc8fee980a43757b2d21b1a08780ae8eaeff8bfe61fb4e888413b48ce5f23885e3fa6d61807e6b79ed7d0282eef21c8cecbbb5046967d9f7be27aa1c70822da3c83f2612a02f0120230575aa9fbd9ecfe319c8ad5d927ed72e5623c1d9c926e15c24b7be7b7b4929d3b74f968e43248ca453f65e02c1a2e7a0d14fdf882c2fe3a43e4681845fea045e9df24ef344f331918abcbeecc5b7470b3cdf8ba63244c52f424bca2740c769e4076d31565b76ff625bfef6acaf1846be19e58c65083ef5574e152181a77636bc5684d3b077e641f041b9ada804509adbd68a5407e6f51d79feff0117ea665a5ec6084104ece6bc0abd2e90e3d087cfface83756a672c9fe1148e5dc0ab32a8e603f6bc33ecbbb51ba0064d44607806d910f2d73dc188ecb2f1ad2241e8b09bcc757f62473c0b7be08c16fb94fea95775fb470f8987f9f257296b90b335d8688fc75e55e5bdcb3573d1f58313a35a46ca22f5c91f512b8562048d3266b51ba4575879076698a893f503e8eced26b72592010437c0b87410e4d1276997ffd27dcdd34394b1c7834fa7e64e0ac3413b07ddee24cbfda3b37883f074b0489f6fb76b456704d2c4390ddd52307ef23e9dbce57a6f3ef7dcb570d83c8c0d2ed232d7ecbd3594673c2b4a9498a04897ea2ad595165346933a9fddf0bb022267a3fd56bde1e48b60ab3c2b16e32ab0058bac283ae0ff02b9004c304f0742f16ac7276b7eb1c2811f30c5c9bd2e2b20b3a83fa40ceed6463c477817616488e572e9a03ed42a73e978753e51d032832e2db32c9bf115827cdfeb34079e99cdebb3010d11cdc27ec91f2b23c3575a92b7c1e901cc3ea932620cdbde77b55279ffd6992e87787bc38d59cdefda74fdf2ef2db53dafb81be56ef99f2e9c8e6265696b48a0a4a29493f339dd4550dc99d590c171e790a567ffc426df7b5b7ede08ee39d4715e0d4398b4798c7396925c9dd252c7668e1d8f0740ce09a595229510abea3b6861643510ed721c6969c4ce8a9eced1b9d3a92c8ccdc0871fdf88eb1a24a871ee89739765569b866c2158ad79fee81eeb08939d6d9abdb5706b7d52bd4200dce5802f9812555e300fbe9c4dfdff90831de585544e37994e361d07c24fbcd829defbfa91c296ce129978592b1230e9c3847c156e8e8bc07d92b850cf339b18940d7b61f9568759c6974ec4cd3ab1bc4ac0f7e05137e9304bbb14e7e5a86352f491f7d02555764ec890ea17bbafbe604e9ff7986b53015ed2ba92dc222044c7ee510a15378e2c9af51b0f18a56e0a6814a0169fe9941d8b33dfac8a482a98c699ea6757f3bdd571e214ef3d64512c91841b3b81030cb815a501e59b1f9f04977e6bcde696967de9669daa990b81fdd2a160fa72787cd1a5f63d4e4afc28228ea14f77b6fcc13e8553d6c7b5c6e5ed75d379bc67985352fa4f0ef011dd5dc28e57d6564dfa92305ef6b35dcdbdc1af809e89db0a9ed70a3213a0e7eb284b2cc1c35afa92baf8a563b498daa5b80ad7a6f30f74125dd855c15df08a336b4d79d4e71a325df9e9ef370ca8a9ab7b8f4926b4bc386c60fc1f97a606e64617be9588e3a63fb9a2d24719f605683303066c0b92a89ee6b67b81cdc6dff25ea0a112a8007d74220c54db768d348ac55f504df7f48a422fa7a45e07cf0cb9a8e691210b65266dd90eb2b338bef736f72cffec81d86619109a65cab14069ca41a76427b5b00b83b754806675f57f86d39e0eccb9c51e23d9cbf5801d08032c1d0e74ed468346038f067ba6beeb5719e8208ce9947631e4efa6b0e81df0af55a5ceb52fb1f731870ff04cdcef7dd5a14cafbfb089f4e5e3e5554b603a048bd5f2de69bbeae90ffe001b8c49269b8d75a665b719fe7ba704171f88b92c838411b5cfecb359857c730b77a463dc3d7f4937ad5a3598bfefadcfbb84a794a77825fc58bd80261c44ebd07eb65a4fa754a32434075f2896c92b93f7da7b9540031d3a82cfee85ea8ea330a94d39a4574f391d60d18ad62c7c82d2a09825491945855a08fa68e1f57fec3b862f0e24af0dd186d3984d6bcc6d16bf10f7e2fee3c3df1caf9042e113d0464e7600a483423a8185e165c47655a793ff0a55df3920985bb8f3e2d6ab1adf335b57f8908528171bc18b08ed01e6a9e5fd2313f6ea8e87e15202b953837eed89d89d7c32ca22efdcca06fb46a3dd32b28a1ca86281e15370b0dba4472ef5b2dc8a7bc334d6d7bf24e174dc3c5d5bd382768ced224f63e9c861ce8845bb3df35df0d85e0e0cf35b49e8abbd5286d341e40b6ecaaeb2eb2d8116956fe88d6f162da861fbe3ae57f535d3ce084e2ebfe74f8aa788f86df08f4fcb7f60c92273815be68c9d3e202e1ab8c5455a66d1955e90f108ff1e8794e182a46aeaa661f06eca8ccc9fcf21f1c2e0f0d952111dae3ddc4d3795c6a42b8543e94569113111fc16b9916801d9045c06e2230b9be589b2b6fcca07ce7b5344892226f40dd4f3c9d9a043e5dc6c6dbb6dab0941eacb255cfedaffb5f06f91d1bff252ac0442385482f4afe65ca5e1c58f0e51ff4b3be997fe143e583d8333fd21842e3eb0f6bf50ea171a732e580178370ebf986e1c3d199c98800bd04cd9f3dc33666222cfa35f6298e233ac1d968dc1f8feb82ccbed12d2f4b1c06c0ebc48f1189dcb6f59b85a51d4583baa1c888c6a30d645f9dd7342fb82f3c235f83a3de8143d79e3272eadf75b06f0bf83fb6625a582895f44c987987b6f45c9c1b43fd088b1f8b3fc5e086a18957cdb4c06ee192ffe90736651ae3e8601742466aa27bf39be69783d529a0e5b0381d56e08ceb987e09481a7fa3d800e940cfd51ec118689b2019186642ce3504a03ac25ca9c51f9f3b1da2a4186ac7a38693ef5a1f30566a57223e03b11987509fdeaaf6d6368939aa007d0bf4f1393ec92d53079c0d22e9ea4e06f0c2fe66424e2db7fbdb57312e9f2a506ae435ff46cf9bc5ef05d212af1964378eb6074f48110810853e5c5574c43641969894c85bcd91e3aa577efd4b2424baba976fb7070e49a8efe9902f803e46f4c8c7ae47e8cbacd9b7ff94d45e51d64ff904fcd674628a90da76f2f6ce079c73efab11474483930237dc3d7f43dd8449d48178870d97d52cd1d0e187c36047f874e3213d8d3342fb6799804ae9fd72dd27c7f569081f5127c6bdffb8d41fc882824a214b5d3fbffc5fd489a38e8b9b7053956241cabd23d1b7c94e6dbe418e326d5052dfc4f689b41074d30ccd4aa23ca991c037909f79b20b892e3eeb8c68fd21e175ed01ac0a20634b14cadfcbbd119dcd608b4fbee6bd99c70a3053a3a8a6a11c32ca06bf36e3eb446d7aa06f7c7a8d087f393da49662a0a5df83a6cdc5178d5ea4b74ba817012ea13e817f350959c7dec7dfc6c098efff0348631d3fd8e3533a79b39d8ae67ce7c101d3126b4db1e9d66820ef1bb12cf03a7080cee5339a2093cd85d6326657301739285cf13397a9e6d4a06b7e456c6a14fbcc6ac6a9431b02b1c3a31357c1f060e16b637a55e37e1a0166c048d50b842d3d8daf499b4912578024a62b7ed5cba53e438f72523b6d62bfd1ba6937feb3c12ee2cc2480e809cc1c183626593f15b4d1d98c49815312f4f1db3791aa4922f206d3f6d58007568c7a214ed3e6e354867dca24820f3e26c2c625261e03eaad4ee392d328e53db575ce49cc1f94047fb12fa5506cbb0fe97051366a4181928cb1630db5bd112092f7d022c0d093f081d1fb4adac90bc9c8a7e6f45729530ed8642a782c80b2154db81805a8f4149f8b0d25314d6b45c8a651a0bb01cb41e2573ff230723dbcb8961fd6afef8ae1a031c34d1f99331dc25028e21696df42ec968c6caded9232ca2f3eae2f6dfc61efc4e81246f18e8064da8abab9d2ecbc46aa819061a9aa6e1daa2c61ea326d228d0a19029bdf8598954e0f2df58730bc584bbd9b0d4a2ce642e67faa03554e6b6fdaf04072bf506e546a81542aaf0c532a0ff73b943ad442f53734317f0f7a8d11e3a23cf0d168b2a8cf4bf68240a0fbada1543f51eaec059188470d2464e51b62be37f2721e6f9938d217b79807f0f04bcece1eeee7de9e295f3b50162cf4f5920660bd315757fabbb2522f61c239839e7ab010e7d643c62caa3d"}]}, 0x1038}}, 0x4004)
r6 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r7=>0x0})
sendmsg$auto_BATADV_CMD_GET_DAT_CACHE(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000000)={0x1c, r6, 0x99bc9625bdb7e757, 0x70bd2b, 0x25dfdbff, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x10)
splice$auto(r3, &(0x7f0000000040)=0xffffffffffffc148, r5, &(0x7f0000000080)=0x3, 0x5, 0xffffffff)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x2020009, 0x2, 0xf8, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0x2003f0, 0x11)
io_uring_setup$auto(0x3, 0x0)
r8 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0)
ioctl$auto_IOCTL_VMCI_VERSION2(r8, 0x7a7, 0x0)

1.488514818s ago: executing program 3 (id=157):
r0 = openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000480)='/dev/mixer1\x00', 0x500, 0x0)
ioctl$auto_SOUND_OLD_MIXER_INFO(r0, 0x80304d65, &(0x7f00000004c0))
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x60201, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000)
r1 = socket(0x1d, 0x80000, 0x0)
sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3f, 0x1, 0x0, 0x2, 0xffff7fffffff2ea9)
select$auto(0x7, 0x0, 0x0, &(0x7f0000000100)={[0x8, 0x800000407, 0xfffffffffdfffffb, 0xfffffffffffffff8, 0x9487, 0x81, 0x4e6a, 0x3, 0x5, 0x80000001, 0x31e1bd94, 0x1000007, 0xd, 0x8000000000000001, 0x2, 0x6]}, 0x0)
write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
r3 = getpid()
process_vm_readv$auto(r3, &(0x7f00000002c0)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0)
ioctl$auto(0x3, 0x400454ca, 0x38)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x400, 0x0)
mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000)
sysfs$auto(0x2, 0x2b, 0x0)
r4 = fsopen$auto(0x0, 0x1)
fsconfig$auto(r4, 0x8, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), r1)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket(0x1, 0x800, 0x3a)
process_madvise$auto(r4, &(0x7f00000000c0)={&(0x7f0000000040)="9c0b000000000000e57ed61aac6ff036f14ee2a514cab4f704228d65aad45065be072be3a3b2009c6f0547d5e83ed5b77c14a1ddbc90f89dfcf9e70db2991506acb5ee479a65a18a1515b4d90ea53d472b3a74dd1cb08b333d000000", 0x8}, 0x8, 0xe, 0xfa5)
io_uring_setup$auto(0x6, 0x0)
setsockopt$auto(0x400000000000003, 0x29, 0x24, 0x0, 0x40020000)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/018/001\x00', 0x802, 0x0)
acct$auto(&(0x7f0000002a80)='/dev/binderfs/features/freeze_notification\x00')
fsopen$auto(0x0, 0x1)

869.8404ms ago: executing program 2 (id=158):
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000)
socket(0x1b, 0x3, 0x1)
madvise$auto(0x0, 0x2000040080000004, 0xe)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
r0 = openat$auto_event_inject_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/inject\x00', 0x391400, 0x0)
write$auto(r0, &(0x7f0000000040), 0x80000003)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0)
readv$auto(0x3, 0x0, 0x1)
mmap$auto(0xf728, 0x8000000000000, 0xfffffffffffffffe, 0x11, r2, 0x1)
socket(0x5, 0xa, 0x2000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x1000, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
sendfile$auto(0x1, 0x3, 0x0, 0xd551)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001180)='/sys/devices/virtual/block/zram0/compact\x00', 0x20001, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r4 = setfsuid$auto(0xee00)
setresuid$auto(r4, 0x0, r4)
write$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000000)="b2", 0x1)

502.324333ms ago: executing program 0 (id=159):
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x60201, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000)
r0 = socket(0x1d, 0x80000, 0x0)
sendmmsg$auto(r0, 0x0, 0x7, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0x7, 0x0, 0x0, &(0x7f0000000380)={[0x9, 0x407, 0x9, 0xfffffffffffffffd, 0x948b, 0xfffffffffffffff8, 0x15f4da4a, 0x3, 0xffffffff80000001, 0x65, 0x2, 0x7, 0xfffffffffffffff9, 0x8000000009, 0x2, 0x40]}, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
r3 = getpid()
process_vm_readv$auto(r3, &(0x7f00000002c0)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0xf4)
ioctl$auto(0x3, 0x400454ca, 0x38)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x400, 0x0)
mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000)
sysfs$auto(0x2, 0x2b, 0x0)
r4 = fsopen$auto(0x0, 0x1)
fsconfig$auto(r4, 0x8, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), r0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket(0x1, 0x800, 0x3a)
io_uring_setup$auto(0x6, 0x0)
setsockopt$auto(0x400000000000003, 0x29, 0x24, 0x0, 0x40020000)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/018/001\x00', 0x802, 0x0)
acct$auto(&(0x7f0000002a80)='/dev/binderfs/features/freeze_notification\x00')
ioctl$auto_USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000240)={0x23, 0x83, 0x14, 0x10, 0x8, 0x2, &(0x7f00000002c0)})
fsopen$auto(0x0, 0x1)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x80502, 0x0)

57.586225ms ago: executing program 3 (id=160):
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/afs/addr_prefs\x00', 0x102, 0x0)
writev$auto(r0, &(0x7f0000000080)={&(0x7f0000000040), 0x6}, 0x3) (async)
r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
mmap$auto(0xfffffffffffffff8, 0xef3f, 0x0, 0x17, r1, 0x7) (async)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async)
mmap$auto(0x0, 0x20009, 0xdf, 0x400eb1, 0x401, 0x8000)
close_range$auto(0x2, 0xa, 0x0) (async)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0)
openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40602, 0x0) (async)
preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5)
write$auto(0x3, 0x0, 0x5c8)
getdents$auto(0xffffffffffffffff, 0x0, 0xc08) (async)
write$auto(0x3, 0x0, 0x5c8) (async)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r2, 0x4b47, 0x1)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/usbmon6\x00', 0x2, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0) (async)
r3 = socket(0x2, 0x5, 0x0) (async)
connect$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55)
sendto$auto(0x3, 0x0, 0x2000f, 0x13f, &(0x7f0000000000)=@in={0x2, 0x4e22, @loopback}, 0x1c)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000000700), 0xffffffffffffffff)
sendmsg$auto_WG_CMD_SET_DEVICE(r4, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000c40)={0x38, r5, 0x1, 0x70bd28, 0x25dfdbff, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, "7729ecac5e9239d0c4058eac0405576c2cd59ffc84b3098afa677190f34d1790"}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x10) (async)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'veth1_macvtap\x00'}) (async)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'vlan0\x00'})

0s ago: executing program 1 (id=161):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aab4)
flock$auto(r0, 0x1)
read$auto_urandom_fops_random(r0, &(0x7f0000000540)=""/4096, 0x1000)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0)
read$auto(r1, 0x0, 0xd13d)
r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3)
mmap$auto(0x0, 0x3, 0xb, 0x55becab1, 0x5, 0x0)
mmap$auto(0x0, 0xf2, 0xdf, 0xeb1, 0xf6f6, 0x8000)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r3, 0x0, 0x20)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/tty/ttyud/power/runtime_active_time\x00', 0x0, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x171e02, 0x0)
ppoll$auto(&(0x7f0000000040)={r3, 0x2}, 0x10, &(0x7f00000000c0)={0x7, 0x65a29aea}, &(0x7f0000000100)={0x4}, 0x8)
openat$auto_state_fops_(0xffffffffffffff9c, 0x0, 0x450003, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=ANY=[@ANYBLOB="b8f4fff12decf107000000e6de61ef64b87a02ac7f34d1617f7059fc80d83813c4f6705d841dcf82ebdf710acbd38edc6141a2f5bc4426980c5da8328952fcf29ce13f25ba57e6207bc6bf7481a74cf33734334205a08c789faa5414ebdfaaa285ffea80ed9207216ff37aaca85d7117d103557afca5cdb620000efcb04e3189966168e3088669e37e838d82df7ce2d8507eff527ecfe0959efc6ee3251eebed1151aa16d56113242aa1bba127b09902bae42120968d9282079fc88263d80087d4e9d78bee309288023f5e2f528584bc7996e37886ebe426db7968a9155631a25be32e622527a92ce8f62e803ec7ab3b88d5227e8bfe256a7693ebbf08933783ae650d80470e7864a23f4e4a0fa5f37deee8fc0bc823a3f5123d3d3d4b57f77bb9b9ead1964e936e9416bde50eb3be3349c6efc4f5a3c06b", @ANYRES16=r5, @ANYBLOB="1b0026bd7000fddbdf25030000002c00038028000180240006801d0074804cfe4d8088a8d00088a80000040003002a9d272f66040033800000000400038004000280"], 0x48}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800)
r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/virt_wifi0/router_solicitations\x00', 0x101202, 0x0)
r7 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/neigh/veth0_to_bridge/interval_probe_time_ms\x00', 0x202, 0x0)
sendfile$auto(r7, r6, 0x0, 0x48)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0)
sysfs$auto(0x2, 0x11, 0x0)
fsopen$auto(0x0, 0x1)
mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0x2, 0x8000)
io_uring_setup$auto(0x4, 0x0)
r8 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r8, 0x0, 0xe) (fail_nth: 4)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.71' (ED25519) to the list of known hosts.
[   99.478255][ T5835] cgroup: Unknown subsys name 'net'
[   99.612913][ T5835] cgroup: Unknown subsys name 'cpuset'
[   99.623007][ T5835] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  101.545803][ T5835] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  102.459704][  T978] cfg80211: failed to load regulatory.db
[  103.952129][ T5848] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  103.961774][ T5848] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  103.970719][ T5848] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  103.979333][ T5848] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  103.989679][ T5848] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  103.998318][ T5848] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  104.006376][ T5848] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  104.032044][   T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  104.042731][   T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  104.056660][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  104.067514][ T5860] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  104.075434][ T5860] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  104.078383][ T5857] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  104.092146][ T5857] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  104.099440][ T5855] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  104.112289][ T5857] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  104.122596][ T5857] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  104.131237][ T5855] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  104.140740][ T5167] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  104.159458][ T5167] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  104.611569][ T5847] chnl_net:caif_netlink_parms(): no params data found
[  104.812608][ T5850] chnl_net:caif_netlink_parms(): no params data found
[  104.953128][ T5846] chnl_net:caif_netlink_parms(): no params data found
[  104.965805][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.973803][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.982108][ T5847] bridge_slave_0: entered allmulticast mode
[  104.990129][ T5847] bridge_slave_0: entered promiscuous mode
[  105.004959][ T5851] chnl_net:caif_netlink_parms(): no params data found
[  105.023426][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.030772][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.038401][ T5847] bridge_slave_1: entered allmulticast mode
[  105.045789][ T5847] bridge_slave_1: entered promiscuous mode
[  105.185624][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  105.210297][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.217702][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.224926][ T5850] bridge_slave_0: entered allmulticast mode
[  105.232864][ T5850] bridge_slave_0: entered promiscuous mode
[  105.264906][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  105.276367][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.284085][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.291491][ T5850] bridge_slave_1: entered allmulticast mode
[  105.299862][ T5850] bridge_slave_1: entered promiscuous mode
[  105.391033][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.398581][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.406076][ T5851] bridge_slave_0: entered allmulticast mode
[  105.414175][ T5851] bridge_slave_0: entered promiscuous mode
[  105.440341][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  105.454117][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  105.478993][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.486211][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.493685][ T5846] bridge_slave_0: entered allmulticast mode
[  105.501907][ T5846] bridge_slave_0: entered promiscuous mode
[  105.510006][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.517938][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.525182][ T5851] bridge_slave_1: entered allmulticast mode
[  105.532932][ T5851] bridge_slave_1: entered promiscuous mode
[  105.543531][ T5847] team0: Port device team_slave_0 added
[  105.587154][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.594493][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.605733][ T5846] bridge_slave_1: entered allmulticast mode
[  105.613792][ T5846] bridge_slave_1: entered promiscuous mode
[  105.653956][ T5847] team0: Port device team_slave_1 added
[  105.670763][ T5850] team0: Port device team_slave_0 added
[  105.680258][ T5850] team0: Port device team_slave_1 added
[  105.719061][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  105.765304][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  105.780940][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  105.840186][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  105.866888][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0
[  105.876488][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.902750][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  105.915281][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0
[  105.922677][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.948937][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  106.001259][ T5851] team0: Port device team_slave_0 added
[  106.012536][ T5851] team0: Port device team_slave_1 added
[  106.020776][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1
[  106.031865][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  106.058802][ T5167] Bluetooth: hci1: command tx timeout
[  106.064368][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  106.078543][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1
[  106.085575][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  106.112122][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  106.126360][ T5846] team0: Port device team_slave_0 added
[  106.140606][ T5167] Bluetooth: hci3: command tx timeout
[  106.170557][ T5846] team0: Port device team_slave_1 added
[  106.194296][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0
[  106.201886][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  106.217325][ T5853] Bluetooth: hci0: command tx timeout
[  106.228811][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  106.234203][ T5167] Bluetooth: hci2: command tx timeout
[  106.299331][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1
[  106.306345][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  106.333305][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  106.366845][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0
[  106.374481][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  106.401484][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  106.456507][ T5850] hsr_slave_0: entered promiscuous mode
[  106.463887][ T5850] hsr_slave_1: entered promiscuous mode
[  106.478827][ T5847] hsr_slave_0: entered promiscuous mode
[  106.485481][ T5847] hsr_slave_1: entered promiscuous mode
[  106.492224][ T5847] debugfs: 'hsr0' already exists in 'hsr'
[  106.498753][ T5847] Cannot create hsr debugfs directory
[  106.505223][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1
[  106.512733][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  106.538993][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  106.658139][ T5846] hsr_slave_0: entered promiscuous mode
[  106.664790][ T5846] hsr_slave_1: entered promiscuous mode
[  106.671717][ T5846] debugfs: 'hsr0' already exists in 'hsr'
[  106.677664][ T5846] Cannot create hsr debugfs directory
[  106.703878][ T5851] hsr_slave_0: entered promiscuous mode
[  106.713262][ T5851] hsr_slave_1: entered promiscuous mode
[  106.720177][ T5851] debugfs: 'hsr0' already exists in 'hsr'
[  106.725994][ T5851] Cannot create hsr debugfs directory
[  107.239502][ T5847] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  107.255959][ T5847] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  107.269670][ T5847] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  107.282729][ T5847] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  107.360465][ T5850] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  107.376997][ T5850] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  107.393187][ T5850] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  107.418688][ T5850] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  107.530501][ T5851] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  107.544013][ T5851] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  107.556934][ T5851] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  107.599121][ T5851] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  107.718453][ T5846] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  107.732698][ T5846] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  107.752045][ T5846] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  107.765353][ T5846] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  107.815807][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0
[  107.915401][ T5847] 8021q: adding VLAN 0 to HW filter on device team0
[  107.942335][ T1158] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.949992][ T1158] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.000124][ T1158] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.007844][ T1158] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.038379][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0
[  108.093321][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0
[  108.119650][ T5850] 8021q: adding VLAN 0 to HW filter on device team0
[  108.137402][ T5167] Bluetooth: hci1: command tx timeout
[  108.170427][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.178165][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.204994][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0
[  108.217710][ T5167] Bluetooth: hci3: command tx timeout
[  108.225434][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.232739][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.274348][ T5851] 8021q: adding VLAN 0 to HW filter on device team0
[  108.297613][ T5853] Bluetooth: hci0: command tx timeout
[  108.303173][ T5167] Bluetooth: hci2: command tx timeout
[  108.329972][ T1308] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.337252][ T1308] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.381622][ T1308] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.389132][ T1308] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.471066][ T5846] 8021q: adding VLAN 0 to HW filter on device team0
[  108.521723][ T1308] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.528996][ T1308] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.596763][ T1308] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.604111][ T1308] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.751022][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.771865][ T5846] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  108.893402][ T5847] veth0_vlan: entered promiscuous mode
[  108.960236][ T5847] veth1_vlan: entered promiscuous mode
[  109.081879][ T5847] veth0_macvtap: entered promiscuous mode
[  109.120294][ T5847] veth1_macvtap: entered promiscuous mode
[  109.228135][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0
[  109.246728][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.285471][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0
[  109.304620][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.334633][ T5847] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.344593][ T5847] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.354685][ T5847] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.364538][ T5847] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.449423][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0
[  109.523479][ T5850] veth0_vlan: entered promiscuous mode
[  109.560957][ T5850] veth1_vlan: entered promiscuous mode
[  109.568654][ T5851] veth0_vlan: entered promiscuous mode
[  109.615079][ T5851] veth1_vlan: entered promiscuous mode
[  109.625201][ T1158] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.641354][ T1158] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.749166][ T1158] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.758078][ T1158] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.765990][ T5850] veth0_macvtap: entered promiscuous mode
[  109.787896][ T5851] veth0_macvtap: entered promiscuous mode
[  109.795297][ T5846] veth0_vlan: entered promiscuous mode
[  109.826193][ T5851] veth1_macvtap: entered promiscuous mode
[  109.835949][ T5850] veth1_macvtap: entered promiscuous mode
[  109.850967][ T5846] veth1_vlan: entered promiscuous mode
[  109.894457][ T5847] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  109.947395][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.992923][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0
[  110.011112][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1
[  110.041773][ T5846] veth0_macvtap: entered promiscuous mode
[  110.069733][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1
[  110.083146][ T5851] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  110.093913][ T5851] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  110.103005][ T5851] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  110.112133][ T5851] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  110.128487][ T5846] veth1_macvtap: entered promiscuous mode
[  110.145600][ T5850] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  110.156107][ T5850] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  110.165894][ T5850] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  110.180494][ T5850] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  110.217745][ T5167] Bluetooth: hci1: command tx timeout
[  110.282751][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0
[  110.297661][ T5167] Bluetooth: hci3: command tx timeout
[  110.350405][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1
[  110.377396][ T5853] Bluetooth: hci0: command tx timeout
[  110.383067][ T5167] Bluetooth: hci2: command tx timeout
[  110.392393][ T5846] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  110.430959][ T5846] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  110.443020][ T5846] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  110.455369][ T5846] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  110.619695][ T1158] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.652307][ T1158] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.766230][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.805267][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.830839][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.873324][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.999654][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.038000][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.134160][ T1323] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.166214][ T1323] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.336637][ T1323] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.381907][ T1323] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.556389][ T5945] FAULT_INJECTION: forcing a failure.
[  111.556389][ T5945] name failslab, interval 1, probability 0, space 0, times 1
[  111.588037][ T5945] CPU: 0 UID: 0 PID: 5945 Comm: syz.0.1 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) 
[  111.588080][ T5945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  111.588104][ T5945] Call Trace:
[  111.588113][ T5945]  <TASK>
[  111.588130][ T5945]  dump_stack_lvl+0x16c/0x1f0
[  111.588173][ T5945]  should_fail_ex+0x512/0x640
[  111.588211][ T5945]  ? __kmalloc_node_noprof+0xc5/0x500
[  111.588259][ T5945]  should_failslab+0xc2/0x120
[  111.588299][ T5945]  __kmalloc_node_noprof+0xd8/0x500
[  111.588333][ T5945]  ? find_held_lock+0x2b/0x80
[  111.588369][ T5945]  ? alloc_slab_obj_exts+0x41/0xa0
[  111.588425][ T5945]  alloc_slab_obj_exts+0x41/0xa0
[  111.588478][ T5945]  __memcg_slab_post_alloc_hook+0x255/0x960
[  111.588549][ T5945]  ? kasan_save_track+0x14/0x30
[  111.588589][ T5945]  kmem_cache_alloc_lru_noprof+0x30f/0x3b0
[  111.588630][ T5945]  ? __d_alloc+0x32/0xae0
[  111.588673][ T5945]  __d_alloc+0x32/0xae0
[  111.588715][ T5945]  d_alloc_pseudo+0x1c/0xc0
[  111.588762][ T5945]  alloc_file_pseudo+0xcf/0x230
[  111.588811][ T5945]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  111.588879][ T5945]  __shmem_file_setup+0x1a3/0x330
[  111.588937][ T5945]  shmem_zero_setup+0x93/0x1a0
[  111.588979][ T5945]  __mmap_region+0x1ece/0x25e0
[  111.589023][ T5945]  ? __pfx___mmap_region+0x10/0x10
[  111.589060][ T5945]  ? rcu_is_watching+0x12/0xc0
[  111.589105][ T5945]  ? rcu_is_watching+0x12/0xc0
[  111.589142][ T5945]  ? trace_sched_exit_tp+0xde/0x130
[  111.589187][ T5945]  ? __schedule+0x1181/0x5dd0
[  111.589222][ T5945]  ? kernel_text_address+0x8d/0x100
[  111.589261][ T5945]  ? __lock_acquire+0xb8a/0x1c90
[  111.589324][ T5945]  ? __pfx___schedule+0x10/0x10
[  111.589411][ T5945]  ? trace_cap_capable+0x18d/0x200
[  111.589471][ T5945]  mmap_region+0x1ab/0x3f0
[  111.589519][ T5945]  ? __get_unmapped_area+0x267/0x440
[  111.589573][ T5945]  do_mmap+0xa3e/0x1210
[  111.589629][ T5945]  ? __pfx_do_mmap+0x10/0x10
[  111.589678][ T5945]  ? __pfx_down_write_killable+0x10/0x10
[  111.589735][ T5945]  vm_mmap_pgoff+0x281/0x450
[  111.589817][ T5945]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  111.589873][ T5945]  ? __x64_sys_futex+0x1e0/0x4c0
[  111.589915][ T5945]  ? __x64_sys_futex+0x1e9/0x4c0
[  111.589966][ T5945]  ksys_mmap_pgoff+0x7d/0x5c0
[  111.590011][ T5945]  ? xfd_validate_state+0x61/0x180
[  111.590066][ T5945]  __x64_sys_mmap+0x125/0x190
[  111.590121][ T5945]  do_syscall_64+0xcd/0x490
[  111.590168][ T5945]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.590201][ T5945] RIP: 0033:0x7f210bb8e9a9
[  111.590236][ T5945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  111.590268][ T5945] RSP: 002b:00007f210cab3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  111.590300][ T5945] RAX: ffffffffffffffda RBX: 00007f210bdb5fa0 RCX: 00007f210bb8e9a9
[  111.590320][ T5945] RDX: 00000000000000df RSI: 0000000000020009 RDI: 0000000000000000
[  111.590340][ T5945] RBP: 00007f210bc10d69 R08: 0000000000000401 R09: 0000000000008000
[  111.590365][ T5945] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000
[  111.590384][ T5945] R13: 0000000000000000 R14: 00007f210bdb5fa0 R15: 00007fff152aec08
[  111.590426][ T5945]  </TASK>
[  111.680319][ T5942] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  112.031793][ T5948] can: request_module (can-proto-0) failed.
[  112.068989][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  112.246427][ T5959] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7'.
[  112.309421][ T5167] Bluetooth: hci1: command tx timeout
[  112.339675][ T5953] can: request_module (can-proto-0) failed.
[  112.378798][ T5167] Bluetooth: hci3: command tx timeout
[  112.458383][ T5167] Bluetooth: hci2: command tx timeout
[  112.464389][ T5853] Bluetooth: hci0: command tx timeout
[  112.768963][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  112.779579][    T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!!
[  112.790084][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  112.879596][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  113.292439][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  113.301658][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  113.494680][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  113.505448][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  113.857790][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  114.236997][   T30] audit: type=1800 audit(1753814090.564:2): pid=5979 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="" name="lu_gp_id" dev="configfs" ino=7411 res=0 errno=0
[  115.289024][ T6000] random: crng reseeded on system resumption
[  115.636715][ T6001] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  116.019610][ T6000] syz.2.15 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  118.897694][ T6044] vivid-003: =================  START STATUS  =================
[  118.925445][ T6044] vivid-003: Radio HW Seek Mode: Bounded
[  118.945597][ T6044] vivid-003: Radio Programmable HW Seek: false
[  118.985902][ T6044] vivid-003: RDS Rx I/O Mode: Block I/O
[  119.005149][ T6044] vivid-003: Generate RBDS Instead of RDS: false
[  119.062509][ T6044] vivid-003: RDS Reception: true
[  119.087515][ T6044] vivid-003: RDS Program Type: 0 inactive
[  119.114773][ T6047] FAULT_INJECTION: forcing a failure.
[  119.114773][ T6047] name failslab, interval 1, probability 0, space 0, times 0
[  119.124618][ T6044] vivid-003: RDS PS Name:  inactive
[  119.137943][ T6047] CPU: 1 UID: 0 PID: 6047 Comm: syz.1.24 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) 
[  119.137992][ T6047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  119.138012][ T6047] Call Trace:
[  119.138022][ T6047]  <TASK>
[  119.138035][ T6047]  dump_stack_lvl+0x16c/0x1f0
[  119.138089][ T6047]  should_fail_ex+0x512/0x640
[  119.138132][ T6047]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  119.138176][ T6047]  should_failslab+0xc2/0x120
[  119.138220][ T6047]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  119.138259][ T6047]  ? proc_alloc_inode+0x25/0x200
[  119.138303][ T6047]  ? __pfx_proc_alloc_inode+0x10/0x10
[  119.138340][ T6047]  proc_alloc_inode+0x25/0x200
[  119.138379][ T6047]  alloc_inode+0x64/0x240
[  119.138422][ T6047]  new_inode+0x22/0x1c0
[  119.138470][ T6047]  proc_sys_make_inode+0x47/0x5c0
[  119.138516][ T6047]  proc_sys_lookup+0x273/0x400
[  119.138558][ T6047]  ? __pfx_proc_sys_lookup+0x10/0x10
[  119.138607][ T6047]  ? lockdep_init_map_type+0x5c/0x280
[  119.138660][ T6047]  ? lockdep_init_map_type+0x5c/0x280
[  119.138717][ T6047]  __lookup_slow+0x251/0x460
[  119.138767][ T6047]  ? __pfx___lookup_slow+0x10/0x10
[  119.138850][ T6047]  ? lookup_fast+0x156/0x610
[  119.138901][ T6047]  ? _raw_spin_unlock+0x28/0x50
[  119.138944][ T6047]  walk_component+0x353/0x5b0
[  119.138979][ T6047]  link_path_walk+0x627/0xe20
[  119.139025][ T6047]  path_openat+0x1b0/0x2cb0
[  119.139057][ T6047]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.139105][ T6047]  ? __pfx_path_openat+0x10/0x10
[  119.139143][ T6047]  ? __lock_acquire+0xb8a/0x1c90
[  119.139196][ T6047]  do_filp_open+0x20b/0x470
[  119.139232][ T6047]  ? __pfx_do_filp_open+0x10/0x10
[  119.139300][ T6047]  ? alloc_fd+0x471/0x7d0
[  119.139344][ T6047]  do_sys_openat2+0x11b/0x1d0
[  119.139392][ T6047]  ? __pfx_do_sys_openat2+0x10/0x10
[  119.139442][ T6047]  ? __sys_sendmsg+0x18c/0x220
[  119.139500][ T6047]  __x64_sys_openat+0x174/0x210
[  119.139548][ T6047]  ? __pfx___x64_sys_openat+0x10/0x10
[  119.139615][ T6047]  do_syscall_64+0xcd/0x490
[  119.139663][ T6047]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.139696][ T6047] RIP: 0033:0x7fa07e18e9a9
[  119.139734][ T6047] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  119.139770][ T6047] RSP: 002b:00007fa07f0af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  119.139800][ T6047] RAX: ffffffffffffffda RBX: 00007fa07e3b5fa0 RCX: 00007fa07e18e9a9
[  119.139820][ T6047] RDX: 0000000000101202 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  119.139848][ T6047] RBP: 00007fa07e210d69 R08: 0000000000000000 R09: 0000000000000000
[  119.139867][ T6047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  119.139885][ T6047] R13: 0000000000000000 R14: 00007fa07e3b5fa0 R15: 00007fff6409d368
[  119.139928][ T6047]  </TASK>
[  119.445508][ T6044] vivid-003: RDS Radio Text:  inactive
[  119.749210][ T6044] vivid-003: RDS Traffic Announcement: false inactive
[  119.756212][ T6044] vivid-003: RDS Traffic Program: false inactive
[  119.831289][ T6044] vivid-003: RDS Music: false inactive
[  119.885894][ T6044] vivid-003: ==================  END STATUS  ==================
[  120.553449][ T6063] netlink: 4 bytes leftover after parsing attributes in process `syz.1.26'.
[  120.857897][ T6067] random: crng reseeded on system resumption

syzkaller
syzkaller login: [  126.143581][ T6134] process 'syz.0.41' launched './file0' with NULL argv: empty string added
[  126.516315][ T6141] FAULT_INJECTION: forcing a failure.
[  126.516315][ T6141] name failslab, interval 1, probability 0, space 0, times 0
[  126.577713][ T6141] CPU: 0 UID: 0 PID: 6141 Comm: syz.1.44 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) 
[  126.577760][ T6141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  126.577780][ T6141] Call Trace:
[  126.577790][ T6141]  <TASK>
[  126.577803][ T6141]  dump_stack_lvl+0x16c/0x1f0
[  126.577853][ T6141]  should_fail_ex+0x512/0x640
[  126.577898][ T6141]  ? fs_reclaim_acquire+0xae/0x150
[  126.577953][ T6141]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  126.577989][ T6141]  should_failslab+0xc2/0x120
[  126.578031][ T6141]  __kmalloc_noprof+0xd2/0x510
[  126.578080][ T6141]  tomoyo_realpath_from_path+0xc2/0x6e0
[  126.578137][ T6141]  tomoyo_check_open_permission+0x2ab/0x3c0
[  126.578194][ T6141]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  126.578294][ T6141]  ? find_held_lock+0x2b/0x80
[  126.578345][ T6141]  tomoyo_file_open+0x6b/0x90
[  126.578391][ T6141]  security_file_open+0x84/0x1e0
[  126.578449][ T6141]  do_dentry_open+0x596/0x1c10
[  126.578501][ T6141]  vfs_open+0x82/0x3f0
[  126.578555][ T6141]  path_openat+0x1de4/0x2cb0
[  126.578604][ T6141]  ? __pfx_path_openat+0x10/0x10
[  126.578645][ T6141]  ? __lock_acquire+0xb8a/0x1c90
[  126.578701][ T6141]  do_filp_open+0x20b/0x470
[  126.578739][ T6141]  ? __pfx_do_filp_open+0x10/0x10
[  126.578808][ T6141]  ? alloc_fd+0x471/0x7d0
[  126.578854][ T6141]  do_sys_openat2+0x11b/0x1d0
[  126.578902][ T6141]  ? __pfx_do_sys_openat2+0x10/0x10
[  126.578954][ T6141]  ? __sys_sendmsg+0x18c/0x220
[  126.579012][ T6141]  __x64_sys_openat+0x174/0x210
[  126.579073][ T6141]  ? __pfx___x64_sys_openat+0x10/0x10
[  126.579151][ T6141]  do_syscall_64+0xcd/0x490
[  126.579202][ T6141]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  126.579236][ T6141] RIP: 0033:0x7fa07e18e9a9
[  126.579264][ T6141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  126.579296][ T6141] RSP: 002b:00007fa07f0af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  126.579327][ T6141] RAX: ffffffffffffffda RBX: 00007fa07e3b5fa0 RCX: 00007fa07e18e9a9
[  126.579348][ T6141] RDX: 0000000000000202 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  126.579368][ T6141] RBP: 00007fa07e210d69 R08: 0000000000000000 R09: 0000000000000000
[  126.579387][ T6141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  126.579407][ T6141] R13: 0000000000000000 R14: 00007fa07e3b5fa0 R15: 00007fff6409d368
[  126.579450][ T6141]  </TASK>
[  126.836100][ T6141] ERROR: Out of memory at tomoyo_realpath_from_path.
[  127.648174][ T6165] FAULT_INJECTION: forcing a failure.
[  127.648174][ T6165] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  127.672633][ T6165] CPU: 0 UID: 0 PID: 6165 Comm: syz.2.47 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) 
[  127.672679][ T6165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  127.672703][ T6165] Call Trace:
[  127.672714][ T6165]  <TASK>
[  127.672726][ T6165]  dump_stack_lvl+0x16c/0x1f0
[  127.672773][ T6165]  should_fail_ex+0x512/0x640
[  127.672823][ T6165]  _copy_from_user+0x2e/0xd0
[  127.672870][ T6165]  split_huge_pages_write+0x232/0x22e0
[  127.672917][ T6165]  ? __pfx_split_huge_pages_write+0x10/0x10
[  127.672951][ T6165]  ? is_bpf_text_address+0x8a/0x1a0
[  127.673004][ T6165]  ? bpf_ksym_find+0x124/0x1c0
[  127.673046][ T6165]  ? is_bpf_text_address+0x94/0x1a0
[  127.673095][ T6165]  ? kernel_text_address+0x8d/0x100
[  127.673127][ T6165]  ? __kernel_text_address+0xd/0x40
[  127.673159][ T6165]  ? unwind_get_return_address+0x59/0xa0
[  127.673193][ T6165]  ? arch_stack_walk+0xa6/0x100
[  127.673233][ T6165]  ? __lock_acquire+0x622/0x1c90
[  127.673318][ T6165]  ? aa_file_perm+0x495/0xf70
[  127.673355][ T6165]  ? register_lock_class+0x41/0x4c0
[  127.673410][ T6165]  ? __pfx_aa_file_perm+0x10/0x10
[  127.673450][ T6165]  ? __lock_acquire+0xb8a/0x1c90
[  127.673502][ T6165]  ? get_pid_task+0xfc/0x250
[  127.673551][ T6165]  ? __debugfs_file_get+0x1fe/0x840
[  127.673589][ T6165]  ? __pfx___debugfs_file_get+0x10/0x10
[  127.673639][ T6165]  full_proxy_write+0x13c/0x200
[  127.673681][ T6165]  ? __pfx_full_proxy_write+0x10/0x10
[  127.673719][ T6165]  vfs_write+0x2a0/0x1150
[  127.673760][ T6165]  ? __pfx___mutex_lock+0x10/0x10
[  127.673805][ T6165]  ? __pfx_vfs_write+0x10/0x10
[  127.673853][ T6165]  ? __fget_files+0x20e/0x3c0
[  127.673897][ T6165]  ksys_write+0x12a/0x250
[  127.673932][ T6165]  ? __pfx_ksys_write+0x10/0x10
[  127.673980][ T6165]  do_syscall_64+0xcd/0x490
[  127.674034][ T6165]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.674067][ T6165] RIP: 0033:0x7f2ccab8e9a9
[  127.674092][ T6165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  127.674122][ T6165] RSP: 002b:00007f2ccbad2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  127.674152][ T6165] RAX: ffffffffffffffda RBX: 00007f2ccadb5fa0 RCX: 00007f2ccab8e9a9
[  127.674173][ T6165] RDX: 0000000000000001 RSI: 0000200000000100 RDI: 0000000000000005
[  127.674192][ T6165] RBP: 00007f2ccbad2090 R08: 0000000000000000 R09: 0000000000000000
[  127.674211][ T6165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  127.674229][ T6165] R13: 0000000000000000 R14: 00007f2ccadb5fa0 R15: 00007ffc8ef128d8
[  127.674272][ T6165]  </TASK>
[  127.998310][ T6155] sctp: failed to load transform for md5: -2
[  128.771571][ T6178] can: request_module (can-proto-0) failed.
[  129.354196][ T5167] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  131.146451][ T5167] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260
[  131.146483][ T5167] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260
[  131.167264][ T5167] Bluetooth: hci3: Unknown advertising packet type: 0x7f
[  131.175494][ T5167] Bluetooth: hci3: adv larger than maximum supported
[  131.183164][ T5167] Bluetooth: hci3: adv larger than maximum supported
[  131.189975][ T5167] Bluetooth: hci3: Malformed LE Event: 0x0d
[  131.397738][ T5167] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260
[  131.397782][ T5167] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260
[  131.414309][ T5167] Bluetooth: hci3: Unknown advertising packet type: 0x7f
[  131.414347][ T5167] Bluetooth: hci3: adv larger than maximum supported
[  131.422594][ T5167] Bluetooth: hci3: adv larger than maximum supported
[  131.429907][ T5167] Bluetooth: hci3: Malformed LE Event: 0x0d
[  131.578303][ T5167] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260
[  131.578348][ T5167] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260
[  131.593484][ T5167] Bluetooth: hci0: Unknown advertising packet type: 0x7f
[  131.593537][ T5167] Bluetooth: hci0: adv larger than maximum supported
[  131.601037][ T5167] Bluetooth: hci0: adv larger than maximum supported
[  131.608001][ T5167] Bluetooth: hci0: Malformed LE Event: 0x0d
[  131.809579][ T5167] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260
[  131.809630][ T5167] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260
[  131.827108][ T5167] Bluetooth: hci0: Unknown advertising packet type: 0x7f
[  131.827166][ T5167] Bluetooth: hci0: Malformed LE Event: 0x0d
[  133.269397][ T6263] FAULT_INJECTION: forcing a failure.
[  133.269397][ T6263] name failslab, interval 1, probability 0, space 0, times 0
[  133.296864][ T6263] CPU: 0 UID: 0 PID: 6263 Comm: syz.2.62 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) 
[  133.296908][ T6263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  133.296926][ T6263] Call Trace:
[  133.296935][ T6263]  <TASK>
[  133.296946][ T6263]  dump_stack_lvl+0x16c/0x1f0
[  133.296993][ T6263]  should_fail_ex+0x512/0x640
[  133.297039][ T6263]  ? fs_reclaim_acquire+0xae/0x150
[  133.297089][ T6263]  ? tomoyo_encode2+0x100/0x3e0
[  133.297119][ T6263]  should_failslab+0xc2/0x120
[  133.297172][ T6263]  __kmalloc_noprof+0xd2/0x510
[  133.297209][ T6263]  ? d_absolute_path+0x136/0x1a0
[  133.297261][ T6263]  tomoyo_encode2+0x100/0x3e0
[  133.297300][ T6263]  tomoyo_encode+0x29/0x50
[  133.297332][ T6263]  tomoyo_realpath_from_path+0x18f/0x6e0
[  133.297381][ T6263]  tomoyo_path_number_perm+0x245/0x580
[  133.297431][ T6263]  ? tomoyo_path_number_perm+0x237/0x580
[  133.297484][ T6263]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  133.297535][ T6263]  ? find_held_lock+0x2b/0x80
[  133.297605][ T6263]  ? find_held_lock+0x2b/0x80
[  133.297640][ T6263]  ? hook_file_ioctl_common+0x145/0x410
[  133.297697][ T6263]  ? __fget_files+0x20e/0x3c0
[  133.297735][ T6263]  security_file_ioctl+0x9b/0x240
[  133.297788][ T6263]  __x64_sys_ioctl+0xb7/0x210
[  133.297839][ T6263]  do_syscall_64+0xcd/0x490
[  133.297887][ T6263]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.297919][ T6263] RIP: 0033:0x7f2ccab8e9a9
[  133.297944][ T6263] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  133.297973][ T6263] RSP: 002b:00007f2ccbad2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  133.298001][ T6263] RAX: ffffffffffffffda RBX: 00007f2ccadb5fa0 RCX: 00007f2ccab8e9a9
[  133.298020][ T6263] RDX: 0000200000000040 RSI: 000000008004510a RDI: 0000000000000004
[  133.298039][ T6263] RBP: 00007f2ccbad2090 R08: 0000000000000000 R09: 0000000000000000
[  133.298057][ T6263] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  133.298076][ T6263] R13: 0000000000000000 R14: 00007f2ccadb5fa0 R15: 00007ffc8ef128d8
[  133.298117][ T6263]  </TASK>
[  133.531219][ T6263] ERROR: Out of memory at tomoyo_realpath_from_path.
[  133.939393][ T6268] FAULT_INJECTION: forcing a failure.
[  133.939393][ T6268] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  133.956393][ T6268] CPU: 1 UID: 0 PID: 6268 Comm: syz.1.64 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) 
[  133.956436][ T6268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  133.956450][ T6268] Call Trace:
[  133.956457][ T6268]  <TASK>
[  133.956466][ T6268]  dump_stack_lvl+0x16c/0x1f0
[  133.956500][ T6268]  should_fail_ex+0x512/0x640
[  133.956535][ T6268]  core_sys_select+0x4c5/0xc10
[  133.956564][ T6268]  ? __pfx_core_sys_select+0x10/0x10
[  133.956591][ T6268]  ? proc_fail_nth_write+0x9f/0x250
[  133.956637][ T6268]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  133.956675][ T6268]  kern_select+0x15d/0x1e0
[  133.956696][ T6268]  ? __pfx_kern_select+0x10/0x10
[  133.956721][ T6268]  ? __pfx_ksys_write+0x10/0x10
[  133.956749][ T6268]  __x64_sys_select+0xbd/0x160
[  133.956769][ T6268]  ? do_syscall_64+0x91/0x490
[  133.956798][ T6268]  ? lockdep_hardirqs_on+0x7c/0x110
[  133.956826][ T6268]  do_syscall_64+0xcd/0x490
[  133.956858][ T6268]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.956886][ T6268] RIP: 0033:0x7fa07e18e9a9
[  133.956903][ T6268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  133.956925][ T6268] RSP: 002b:00007fa07f0af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017
[  133.956945][ T6268] RAX: ffffffffffffffda RBX: 00007fa07e3b5fa0 RCX: 00007fa07e18e9a9
[  133.956960][ T6268] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e
[  133.956973][ T6268] RBP: 00007fa07f0af090 R08: 0000000000000000 R09: 0000000000000000
[  133.956987][ T6268] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[  133.957001][ T6268] R13: 0000000000000000 R14: 00007fa07e3b5fa0 R15: 00007fff6409d368
[  133.957034][ T6268]  </TASK>
[  134.409289][ T6284] blktrace: Concurrent blktraces are not allowed on loop2
[  134.799037][ T6290] blktrace: Concurrent blktraces are not allowed on loop2
[  134.822627][ T6290] FAULT_INJECTION: forcing a failure.
[  134.822627][ T6290] name failslab, interval 1, probability 0, space 0, times 0
[  134.872935][ T6290] CPU: 1 UID: 0 PID: 6290 Comm: syz.1.67 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) 
[  134.873087][ T6290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  134.873106][ T6290] Call Trace:
[  134.873117][ T6290]  <TASK>
[  134.873129][ T6290]  dump_stack_lvl+0x16c/0x1f0
[  134.873178][ T6290]  should_fail_ex+0x512/0x640
[  134.873219][ T6290]  ? fs_reclaim_acquire+0xae/0x150
[  134.873269][ T6290]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  134.873304][ T6290]  should_failslab+0xc2/0x120
[  134.873344][ T6290]  __kmalloc_noprof+0xd2/0x510
[  134.873391][ T6290]  tomoyo_realpath_from_path+0xc2/0x6e0
[  134.873431][ T6290]  ? tomoyo_profile+0x47/0x60
[  134.873475][ T6290]  tomoyo_path_number_perm+0x245/0x580
[  134.873524][ T6290]  ? tomoyo_path_number_perm+0x237/0x580
[  134.873580][ T6290]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  134.873633][ T6290]  ? find_held_lock+0x2b/0x80
[  134.873707][ T6290]  ? find_held_lock+0x2b/0x80
[  134.873742][ T6290]  ? hook_file_ioctl_common+0x145/0x410
[  134.873796][ T6290]  ? __fget_files+0x20e/0x3c0
[  134.873824][ T6290]  security_file_ioctl+0x9b/0x240
[  134.873862][ T6290]  __x64_sys_ioctl+0xb7/0x210
[  134.873899][ T6290]  do_syscall_64+0xcd/0x490
[  134.873933][ T6290]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.873963][ T6290] RIP: 0033:0x7fa07e18e9a9
[  134.873988][ T6290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  134.874010][ T6290] RSP: 002b:00007fa07f08e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  134.874031][ T6290] RAX: ffffffffffffffda RBX: 00007fa07e3b6080 RCX: 00007fa07e18e9a9
[  134.874046][ T6290] RDX: 0000000000000000 RSI: 0000000000001274 RDI: 0000000000000003
[  134.874059][ T6290] RBP: 00007fa07f08e090 R08: 0000000000000000 R09: 0000000000000000
[  134.874073][ T6290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  134.874086][ T6290] R13: 0000000000000000 R14: 00007fa07e3b6080 R15: 00007fff6409d368
[  134.874115][ T6290]  </TASK>
[  134.874124][ T6290] ERROR: Out of memory at tomoyo_realpath_from_path.
[  135.259528][ T6292] FAULT_INJECTION: forcing a failure.
[  135.259528][ T6292] name failslab, interval 1, probability 0, space 0, times 0
[  135.289360][ T6292] CPU: 1 UID: 0 PID: 6292 Comm: syz.3.68 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) 
[  135.289407][ T6292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  135.289428][ T6292] Call Trace:
[  135.289439][ T6292]  <TASK>
[  135.289452][ T6292]  dump_stack_lvl+0x16c/0x1f0
[  135.289502][ T6292]  should_fail_ex+0x512/0x640
[  135.289546][ T6292]  ? __kvmalloc_node_noprof+0x124/0x620
[  135.289585][ T6292]  should_failslab+0xc2/0x120
[  135.289628][ T6292]  __kvmalloc_node_noprof+0x137/0x620
[  135.289662][ T6292]  ? lockdep_init_map_type+0x5c/0x280
[  135.289713][ T6292]  ? alloc_netdev_mqs+0xcf8/0x1570
[  135.289765][ T6292]  ? alloc_netdev_mqs+0xcf8/0x1570
[  135.289811][ T6292]  alloc_netdev_mqs+0xcf8/0x1570
[  135.289869][ T6292]  internal_dev_create+0x8a/0x520
[  135.289932][ T6292]  ovs_vport_add+0x144/0x4d0
[  135.289983][ T6292]  new_vport+0x16/0x1d0
[  135.290020][ T6292]  ovs_dp_cmd_new+0x6ba/0xe60
[  135.290070][ T6292]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[  135.290120][ T6292]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  135.290160][ T6292]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  135.290207][ T6292]  genl_family_rcv_msg_doit+0x206/0x2f0
[  135.290247][ T6292]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  135.290283][ T6292]  ? trace_cap_capable+0x18d/0x200
[  135.290347][ T6292]  ? bpf_lsm_capable+0x9/0x10
[  135.290375][ T6292]  ? security_capable+0x7e/0x260
[  135.290420][ T6292]  ? ns_capable+0xd7/0x110
[  135.290461][ T6292]  genl_rcv_msg+0x55c/0x800
[  135.290501][ T6292]  ? __pfx_genl_rcv_msg+0x10/0x10
[  135.290537][ T6292]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[  135.290593][ T6292]  netlink_rcv_skb+0x155/0x420
[  135.290645][ T6292]  ? __pfx_genl_rcv_msg+0x10/0x10
[  135.290682][ T6292]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  135.290755][ T6292]  ? netlink_deliver_tap+0x1ae/0xd30
[  135.290810][ T6292]  genl_rcv+0x28/0x40
[  135.290838][ T6292]  netlink_unicast+0x58d/0x850
[  135.290894][ T6292]  ? __pfx_netlink_unicast+0x10/0x10
[  135.290959][ T6292]  netlink_sendmsg+0x8d1/0xdd0
[  135.291020][ T6292]  ? __pfx_netlink_sendmsg+0x10/0x10
[  135.291090][ T6292]  ____sys_sendmsg+0xa98/0xc70
[  135.291125][ T6292]  ? copy_msghdr_from_user+0x10a/0x160
[  135.291172][ T6292]  ? __pfx_____sys_sendmsg+0x10/0x10
[  135.291217][ T6292]  ? __pfx_futex_wake_mark+0x10/0x10
[  135.291276][ T6292]  ___sys_sendmsg+0x134/0x1d0
[  135.291333][ T6292]  ? __pfx____sys_sendmsg+0x10/0x10
[  135.291377][ T6292]  ? __lock_acquire+0x622/0x1c90
[  135.291481][ T6292]  __sys_sendmsg+0x16d/0x220
[  135.291529][ T6292]  ? __pfx___sys_sendmsg+0x10/0x10
[  135.291573][ T6292]  ? __x64_sys_futex+0x1e0/0x4c0
[  135.291643][ T6292]  do_syscall_64+0xcd/0x490
[  135.291691][ T6292]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.291724][ T6292] RIP: 0033:0x7f0da4f8e9a9
[  135.291750][ T6292] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  135.291781][ T6292] RSP: 002b:00007f0da5eb8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  135.291812][ T6292] RAX: ffffffffffffffda RBX: 00007f0da51b5fa0 RCX: 00007f0da4f8e9a9
[  135.291833][ T6292] RDX: 0000000022008004 RSI: 0000200000000080 RDI: 0000000000000009
[  135.291853][ T6292] RBP: 00007f0da5010d69 R08: 0000000000000000 R09: 0000000000000000
[  135.291872][ T6292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  135.291891][ T6292] R13: 0000000000000000 R14: 00007f0da51b5fa0 R15: 00007ffda2c991f8
[  135.291933][ T6292]  </TASK>
[  135.700848][ T6294] netlink: 28 bytes leftover after parsing attributes in process `syz.2.69'.
[  135.758695][ T6294] ipvlan1: entered allmulticast mode
[  135.764100][ T6294] veth0_vlan: entered allmulticast mode
[  136.013771][ T6294] Zero length message leads to an empty skb
[  136.037948][ T6302] random: crng reseeded on system resumption
[  136.438466][ T6307] random: crng reseeded on system resumption
[  136.587495][ T6307] FAULT_INJECTION: forcing a failure.
[  136.587495][ T6307] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  136.638391][ T6307] CPU: 1 UID: 0 PID: 6307 Comm: syz.2.72 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) 
[  136.638435][ T6307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  136.638453][ T6307] Call Trace:
[  136.638463][ T6307]  <TASK>
[  136.638475][ T6307]  dump_stack_lvl+0x16c/0x1f0
[  136.638549][ T6307]  should_fail_ex+0x512/0x640
[  136.638600][ T6307]  _copy_to_user+0x32/0xd0
[  136.638650][ T6307]  simple_read_from_buffer+0xcb/0x170
[  136.638728][ T6307]  proc_fail_nth_read+0x197/0x270
[  136.638784][ T6307]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  136.638841][ T6307]  ? rw_verify_area+0xcf/0x680
[  136.638887][ T6307]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  136.638931][ T6307]  vfs_read+0x1e1/0xc60
[  136.638969][ T6307]  ? __pfx___mutex_lock+0x10/0x10
[  136.639013][ T6307]  ? __pfx_vfs_read+0x10/0x10
[  136.639058][ T6307]  ? __fget_files+0x20e/0x3c0
[  136.639102][ T6307]  ksys_read+0x12a/0x250
[  136.639141][ T6307]  ? __pfx_ksys_read+0x10/0x10
[  136.639172][ T6307]  ? syscall_user_dispatch+0x78/0x140
[  136.639204][ T6307]  ? ksys_fadvise64_64+0xcd/0x130
[  136.639252][ T6307]  do_syscall_64+0xcd/0x490
[  136.639299][ T6307]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.639330][ T6307] RIP: 0033:0x7f2ccab8d3bc
[  136.639356][ T6307] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  136.639386][ T6307] RSP: 002b:00007f2ccbad2030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  136.639415][ T6307] RAX: ffffffffffffffda RBX: 00007f2ccadb5fa0 RCX: 00007f2ccab8d3bc
[  136.639436][ T6307] RDX: 000000000000000f RSI: 00007f2ccbad20a0 RDI: 0000000000000004
[  136.639455][ T6307] RBP: 00007f2ccbad2090 R08: 0000000000000000 R09: 0000000000000000
[  136.639475][ T6307] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[  136.639493][ T6307] R13: 0000000000000000 R14: 00007f2ccadb5fa0 R15: 00007ffc8ef128d8
[  136.639534][ T6307]  </TASK>
[  138.635157][ T6350] netlink: 22784 bytes leftover after parsing attributes in process `syz.2.80'.
[  139.408981][ T6365] can: request_module (can-proto-0) failed.

syzkaller
syzkaller login: [  140.653800][ T6388] can: request_module (can-proto-0) failed.
[  142.135335][ T6407] can: request_module (can-proto-0) failed.
[  142.730452][ T6415] can: request_module (can-proto-0) failed.
[  143.426373][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  143.433462][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  144.424751][ T6438] FAULT_INJECTION: forcing a failure.
[  144.424751][ T6438] name failslab, interval 1, probability 0, space 0, times 0
[  144.447294][ T6438] CPU: 0 UID: 0 PID: 6438 Comm: syz.3.95 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) 
[  144.447345][ T6438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  144.447373][ T6438] Call Trace:
[  144.447384][ T6438]  <TASK>
[  144.447395][ T6438]  dump_stack_lvl+0x16c/0x1f0
[  144.447444][ T6438]  should_fail_ex+0x512/0x640
[  144.447486][ T6438]  ? fs_reclaim_acquire+0xae/0x150
[  144.447539][ T6438]  should_failslab+0xc2/0x120
[  144.447580][ T6438]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  144.447619][ T6438]  ? security_inode_alloc+0x3b/0x2b0
[  144.447672][ T6438]  security_inode_alloc+0x3b/0x2b0
[  144.447720][ T6438]  inode_init_always_gfp+0xce4/0x1030
[  144.447760][ T6438]  alloc_inode+0x86/0x240
[  144.447802][ T6438]  new_inode+0x22/0x1c0
[  144.447848][ T6438]  proc_sys_make_inode+0x47/0x5c0
[  144.447893][ T6438]  proc_sys_lookup+0x273/0x400
[  144.447936][ T6438]  ? __pfx_proc_sys_lookup+0x10/0x10
[  144.447982][ T6438]  ? lockdep_init_map_type+0x5c/0x280
[  144.448034][ T6438]  ? lockdep_init_map_type+0x5c/0x280
[  144.448092][ T6438]  __lookup_slow+0x251/0x460
[  144.448140][ T6438]  ? __pfx___lookup_slow+0x10/0x10
[  144.448212][ T6438]  ? lookup_fast+0x156/0x610
[  144.448262][ T6438]  ? _raw_spin_unlock+0x28/0x50
[  144.448302][ T6438]  walk_component+0x353/0x5b0
[  144.448335][ T6438]  link_path_walk+0x627/0xe20
[  144.448388][ T6438]  path_openat+0x1b0/0x2cb0
[  144.448419][ T6438]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.448467][ T6438]  ? __pfx_path_openat+0x10/0x10
[  144.448505][ T6438]  ? __lock_acquire+0xb8a/0x1c90
[  144.448558][ T6438]  do_filp_open+0x20b/0x470
[  144.448594][ T6438]  ? __pfx_do_filp_open+0x10/0x10
[  144.448660][ T6438]  ? alloc_fd+0x471/0x7d0
[  144.448704][ T6438]  do_sys_openat2+0x11b/0x1d0
[  144.448750][ T6438]  ? __pfx_do_sys_openat2+0x10/0x10
[  144.448801][ T6438]  ? __sys_sendmsg+0x18c/0x220
[  144.448857][ T6438]  __x64_sys_openat+0x174/0x210
[  144.448905][ T6438]  ? __pfx___x64_sys_openat+0x10/0x10
[  144.448971][ T6438]  do_syscall_64+0xcd/0x490
[  144.449017][ T6438]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.449049][ T6438] RIP: 0033:0x7f0da4f8e9a9
[  144.449075][ T6438] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  144.449106][ T6438] RSP: 002b:00007f0da5eb8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  144.449135][ T6438] RAX: ffffffffffffffda RBX: 00007f0da51b5fa0 RCX: 00007f0da4f8e9a9
[  144.449156][ T6438] RDX: 0000000000101202 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  144.449175][ T6438] RBP: 00007f0da5010d69 R08: 0000000000000000 R09: 0000000000000000
[  144.449193][ T6438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  144.449211][ T6438] R13: 0000000000000000 R14: 00007f0da51b5fa0 R15: 00007ffda2c991f8
[  144.449251][ T6438]  </TASK>
[  145.275179][ T6442] can: request_module (can-proto-0) failed.

syzkaller
syzkaller login: [  145.901534][ T6453] netlink: 'syz.0.99': attribute type 1 has an invalid length.
[  146.209482][ T6454] vivid-003: =================  START STATUS  =================
[  146.315772][ T6454] vivid-003: Radio HW Seek Mode: Bounded
[  146.401257][ T6454] vivid-003: Radio Programmable HW Seek: false
[  146.424581][ T6454] vivid-003: RDS Rx I/O Mode: Block I/O
[  146.438097][ T6454] vivid-003: Generate RBDS Instead of RDS: false
[  146.444686][ T6454] vivid-003: RDS Reception: true
[  146.466495][ T6454] vivid-003: RDS Program Type: 0 inactive
[  146.517982][ T6454] vivid-003: RDS PS Name:  inactive
[  146.527120][ T6454] vivid-003: RDS Radio Text:  inactive
[  146.543508][ T6454] vivid-003: RDS Traffic Announcement: false inactive
[  146.563406][ T6454] vivid-003: RDS Traffic Program: false inactive
[  146.628029][ T6454] vivid-003: RDS Music: false inactive
[  146.649138][ T6454] vivid-003: ==================  END STATUS  ==================
[  148.913470][ T1308] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.275373][ T1308] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.654424][ T1308] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.665842][ T6501] FAULT_INJECTION: forcing a failure.
[  149.665842][ T6501] name failslab, interval 1, probability 0, space 0, times 0
[  149.697277][ T6501] CPU: 0 UID: 0 PID: 6501 Comm: syz.0.112 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) 
[  149.697322][ T6501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  149.697340][ T6501] Call Trace:
[  149.697351][ T6501]  <TASK>
[  149.697363][ T6501]  dump_stack_lvl+0x16c/0x1f0
[  149.697432][ T6501]  should_fail_ex+0x512/0x640
[  149.697474][ T6501]  ? fs_reclaim_acquire+0xae/0x150
[  149.697524][ T6501]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  149.697558][ T6501]  should_failslab+0xc2/0x120
[  149.697600][ T6501]  __kmalloc_noprof+0xd2/0x510
[  149.697663][ T6501]  tomoyo_realpath_from_path+0xc2/0x6e0
[  149.697703][ T6501]  ? tomoyo_profile+0x47/0x60
[  149.697746][ T6501]  tomoyo_path_number_perm+0x245/0x580
[  149.697794][ T6501]  ? tomoyo_path_number_perm+0x237/0x580
[  149.697846][ T6501]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  149.697900][ T6501]  ? find_held_lock+0x2b/0x80
[  149.697975][ T6501]  ? find_held_lock+0x2b/0x80
[  149.698010][ T6501]  ? hook_file_ioctl_common+0x145/0x410
[  149.698067][ T6501]  ? __fget_files+0x20e/0x3c0
[  149.698106][ T6501]  security_file_ioctl+0x9b/0x240
[  149.698160][ T6501]  __x64_sys_ioctl+0xb7/0x210
[  149.698211][ T6501]  do_syscall_64+0xcd/0x490
[  149.698257][ T6501]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.698289][ T6501] RIP: 0033:0x7f210bb8e9a9
[  149.698313][ T6501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  149.698343][ T6501] RSP: 002b:00007f210cab3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  149.698373][ T6501] RAX: ffffffffffffffda RBX: 00007f210bdb5fa0 RCX: 00007f210bb8e9a9
[  149.698392][ T6501] RDX: 0000000000000038 RSI: 00000000402c542c RDI: 0000000000000003
[  149.698410][ T6501] RBP: 00007f210cab3090 R08: 0000000000000000 R09: 0000000000000000
[  149.698429][ T6501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  149.698446][ T6501] R13: 0000000000000000 R14: 00007f210bdb5fa0 R15: 00007fff152aec08
[  149.698487][ T6501]  </TASK>
[  149.698500][ T6501] ERROR: Out of memory at tomoyo_realpath_from_path.
[  150.009723][ T1308] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.347017][ T5853] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  150.366313][ T5853] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  150.377506][ T5853] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  150.387480][ T5853] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  150.396394][ T5853] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  151.254421][ T1308] bridge_slave_1: left allmulticast mode
[  151.357264][ T1308] bridge_slave_1: left promiscuous mode
[  151.364357][ T1308] bridge0: port 2(bridge_slave_1) entered disabled state
[  151.520231][ T1308] bridge_slave_0: left allmulticast mode
[  151.526032][ T1308] bridge_slave_0: left promiscuous mode
[  151.532816][ T1308] bridge0: port 1(bridge_slave_0) entered disabled state
[  152.457160][ T5167] Bluetooth: hci4: command tx timeout
[  152.941697][ T6548] random: crng reseeded on system resumption
[  154.117937][ T1308] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  154.173301][ T1308] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  154.215841][ T1308] bond0 (unregistering): Released all slaves
[  154.547265][ T5167] Bluetooth: hci4: command tx timeout
[  155.146056][ T6580] FAULT_INJECTION: forcing a failure.
[  155.146056][ T6580] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  155.160581][ T6580] CPU: 1 UID: 0 PID: 6580 Comm: syz.0.124 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) 
[  155.160622][ T6580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  155.160640][ T6580] Call Trace:
[  155.160650][ T6580]  <TASK>
[  155.160661][ T6580]  dump_stack_lvl+0x16c/0x1f0
[  155.160708][ T6580]  should_fail_ex+0x512/0x640
[  155.160757][ T6580]  _copy_from_user+0x2e/0xd0
[  155.160806][ T6580]  kstrtouint_from_user+0xd6/0x1d0
[  155.160843][ T6580]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  155.160878][ T6580]  ? __lock_acquire+0xb8a/0x1c90
[  155.160946][ T6580]  proc_fail_nth_write+0x83/0x250
[  155.160979][ T6580]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  155.161023][ T6580]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  155.161052][ T6580]  vfs_write+0x2a0/0x1150
[  155.161094][ T6580]  ? __pfx___mutex_lock+0x10/0x10
[  155.161139][ T6580]  ? __pfx_vfs_write+0x10/0x10
[  155.161186][ T6580]  ? __fget_files+0x20e/0x3c0
[  155.161231][ T6580]  ksys_write+0x12a/0x250
[  155.161265][ T6580]  ? __pfx_ksys_write+0x10/0x10
[  155.161320][ T6580]  do_syscall_64+0xcd/0x490
[  155.161368][ T6580]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.161402][ T6580] RIP: 0033:0x7f210bb8d45f
[  155.161428][ T6580] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  155.161458][ T6580] RSP: 002b:00007f210ca92030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  155.161488][ T6580] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f210bb8d45f
[  155.161507][ T6580] RDX: 0000000000000001 RSI: 00007f210ca920a0 RDI: 0000000000000004
[  155.161526][ T6580] RBP: 00007f210ca92090 R08: 0000000000000000 R09: 0000000000000000
[  155.161544][ T6580] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  155.161562][ T6580] R13: 0000000000000000 R14: 00007f210bdb6080 R15: 00007fff152aec08
[  155.161604][ T6580]  </TASK>
[  156.443395][ T6511] chnl_net:caif_netlink_parms(): no params data found
[  156.617502][ T5167] Bluetooth: hci4: command tx timeout
[  156.660804][ T1308] hsr_slave_0: left promiscuous mode
[  156.696892][ T1308] hsr_slave_1: left promiscuous mode
[  156.724750][ T1308] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  156.747118][ T1308] batman_adv: batadv0: Removing interface: batadv_slave_0
[  156.852913][ T1308] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  156.874938][ T1308] batman_adv: batadv0: Removing interface: batadv_slave_1
[  156.970887][ T1308] veth1_macvtap: left promiscuous mode
[  157.014247][ T1308] veth0_macvtap: left promiscuous mode
[  157.026009][ T1308] veth1_vlan: left promiscuous mode
[  157.052406][ T1308] veth0_vlan: left promiscuous mode
[  158.368919][ T1308] team0 (unregistering): Port device team_slave_1 removed
[  158.472474][ T1308] team0 (unregistering): Port device team_slave_0 removed
[  158.707444][ T5167] Bluetooth: hci4: command tx timeout
[  159.601855][ T6511] bridge0: port 1(bridge_slave_0) entered blocking state
[  159.615721][ T6511] bridge0: port 1(bridge_slave_0) entered disabled state
[  159.623135][ T6511] bridge_slave_0: entered allmulticast mode
[  159.648294][ T6511] bridge_slave_0: entered promiscuous mode
[  159.672447][ T6511] bridge0: port 2(bridge_slave_1) entered blocking state
[  159.685649][ T6511] bridge0: port 2(bridge_slave_1) entered disabled state
[  159.693311][ T6511] bridge_slave_1: entered allmulticast mode
[  159.725948][ T6511] bridge_slave_1: entered promiscuous mode
[  160.053599][ T6511] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  160.113921][ T6511] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  160.143985][ T6619] netlink: 4 bytes leftover after parsing attributes in process `syz.0.129'.
[  160.432025][ T6511] team0: Port device team_slave_0 added
[  160.454397][ T6511] team0: Port device team_slave_1 added
[  161.090795][ T6511] batman_adv: batadv0: Adding interface: batadv_slave_0
[  161.114917][ T6511] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  161.217063][ T6511] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  161.248437][ T6511] batman_adv: batadv0: Adding interface: batadv_slave_1
[  161.271484][ T6511] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  161.356166][ T6511] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  161.399786][ T5167] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260
[  161.399831][ T5167] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260
[  161.416931][ T5167] bt_err_ratelimited: 2 callbacks suppressed
[  161.416957][ T5167] Bluetooth: hci1: Unknown advertising packet type: 0x7f
[  161.428056][ T5167] Bluetooth: hci1: adv larger than maximum supported
[  161.435478][ T5167] Bluetooth: hci1: adv larger than maximum supported
[  161.442300][ T5167] Bluetooth: hci1: Malformed LE Event: 0x0d
[  161.560369][ T5167] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260
[  161.560414][ T5167] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260
[  161.576496][ T5167] Bluetooth: hci1: Unknown advertising packet type: 0x7f
[  161.576533][ T5167] Bluetooth: hci1: adv larger than maximum supported
[  161.583736][ T5167] Bluetooth: hci1: adv larger than maximum supported
[  161.590725][ T5167] Bluetooth: hci1: Malformed LE Event: 0x0d
[  162.101706][ T6651] netlink: 20 bytes leftover after parsing attributes in process `syz.2.135'.
[  162.136109][ T6511] hsr_slave_0: entered promiscuous mode
[  162.143769][ T6511] hsr_slave_1: entered promiscuous mode
[  162.220765][ T6511] debugfs: 'hsr0' already exists in 'hsr'
[  162.233892][ T6511] Cannot create hsr debugfs directory
[  163.570589][ T6680] blktrace: Concurrent blktraces are not allowed on loop2
[  163.587231][ T6680] FAULT_INJECTION: forcing a failure.
[  163.587231][ T6680] name failslab, interval 1, probability 0, space 0, times 0
[  163.628350][ T6680] CPU: 0 UID: 0 PID: 6680 Comm: syz.2.137 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) 
[  163.628396][ T6680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  163.628415][ T6680] Call Trace:
[  163.628426][ T6680]  <TASK>
[  163.628448][ T6680]  dump_stack_lvl+0x16c/0x1f0
[  163.628498][ T6680]  should_fail_ex+0x512/0x640
[  163.628543][ T6680]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  163.628587][ T6680]  should_failslab+0xc2/0x120
[  163.628629][ T6680]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  163.628670][ T6680]  ? __d_alloc+0x32/0xae0
[  163.628711][ T6680]  __d_alloc+0x32/0xae0
[  163.628754][ T6680]  d_alloc_pseudo+0x1c/0xc0
[  163.628801][ T6680]  alloc_file_pseudo+0xcf/0x230
[  163.628849][ T6680]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  163.628897][ T6680]  ? alloc_fd+0x471/0x7d0
[  163.628935][ T6680]  sock_alloc_file+0x50/0x210
[  163.628987][ T6680]  __sys_socket+0x1c0/0x260
[  163.629022][ T6680]  ? __pfx___sys_socket+0x10/0x10
[  163.629057][ T6680]  ? xfd_validate_state+0x61/0x180
[  163.629107][ T6680]  __x64_sys_socket+0x72/0xb0
[  163.629140][ T6680]  ? lockdep_hardirqs_on+0x7c/0x110
[  163.629180][ T6680]  do_syscall_64+0xcd/0x490
[  163.629227][ T6680]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.629260][ T6680] RIP: 0033:0x7f2ccab8e9a9
[  163.629286][ T6680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  163.629317][ T6680] RSP: 002b:00007f2ccbab1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  163.629347][ T6680] RAX: ffffffffffffffda RBX: 00007f2ccadb6080 RCX: 00007f2ccab8e9a9
[  163.629367][ T6680] RDX: 0000000000000002 RSI: 0000000000000003 RDI: 0000000000000011
[  163.629385][ T6680] RBP: 00007f2ccac10d69 R08: 0000000000000000 R09: 0000000000000000
[  163.629402][ T6680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  163.629419][ T6680] R13: 0000000000000000 R14: 00007f2ccadb6080 R15: 00007ffc8ef128d8
[  163.629468][ T6680]  </TASK>
[  164.243041][ T6692] random: crng reseeded on system resumption
[  166.047665][ T6511] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  166.078816][ T6511] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  166.088920][ T6728] random: crng reseeded on system resumption
[  166.179932][ T6511] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  166.290806][ T6511] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  166.832141][ T6511] 8021q: adding VLAN 0 to HW filter on device bond0
[  166.906976][ T6511] 8021q: adding VLAN 0 to HW filter on device team0
[  166.950738][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  166.958191][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  167.039051][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  167.046414][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  168.484169][ T6511] 8021q: adding VLAN 0 to HW filter on device batadv0
[  168.655519][ T6511] veth0_vlan: entered promiscuous mode
[  168.719478][ T6511] veth1_vlan: entered promiscuous mode
[  168.815233][ T6788] netlink: 28 bytes leftover after parsing attributes in process `syz.2.149'.
[  168.850115][ T6511] veth0_macvtap: entered promiscuous mode
[  168.965785][ T6511] veth1_macvtap: entered promiscuous mode
[  169.042571][ T6511] batman_adv: batadv0: Interface activated: batadv_slave_0
[  169.071944][ T6787] random: crng reseeded on system resumption
[  169.087315][ T6511] batman_adv: batadv0: Interface activated: batadv_slave_1
[  169.112537][ T6511] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  169.126153][ T6511] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  169.147486][ T6511] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  169.156443][ T6511] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  169.363600][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  169.389459][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  169.483408][ T3566] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  169.503783][ T3566] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  170.237345][ T6807] netlink: 4 bytes leftover after parsing attributes in process `syz.3.152'.
[  170.748045][ T6817] can: request_module (can-proto-0) failed.
[  171.056395][ T6829] random: crng reseeded on system resumption
[  172.037673][ T6844] can: request_module (can-proto-0) failed.
[  173.098443][ T6865] can: request_module (can-proto-0) failed.
[  173.324833][ T6881] FAULT_INJECTION: forcing a failure.
[  173.324833][ T6881] name failslab, interval 1, probability 0, space 0, times 0
[  173.337894][ T6881] CPU: 1 UID: 0 PID: 6881 Comm: syz.1.161 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) 
[  173.337928][ T6881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  173.337942][ T6881] Call Trace:
[  173.337950][ T6881]  <TASK>
[  173.337959][ T6881]  dump_stack_lvl+0x16c/0x1f0
[  173.337998][ T6881]  should_fail_ex+0x512/0x640
[  173.338032][ T6881]  ? fs_reclaim_acquire+0xae/0x150
[  173.338075][ T6881]  should_failslab+0xc2/0x120
[  173.338108][ T6881]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  173.338138][ T6881]  ? security_inode_alloc+0x3b/0x2b0
[  173.338180][ T6881]  security_inode_alloc+0x3b/0x2b0
[  173.338219][ T6881]  inode_init_always_gfp+0xce4/0x1030
[  173.338251][ T6881]  alloc_inode+0x86/0x240
[  173.338328][ T6881]  new_inode+0x22/0x1c0
[  173.338366][ T6881]  proc_sys_make_inode+0x47/0x5c0
[  173.338402][ T6881]  proc_sys_lookup+0x273/0x400
[  173.338435][ T6881]  ? __pfx_proc_sys_lookup+0x10/0x10
[  173.338472][ T6881]  ? lockdep_init_map_type+0x5c/0x280
[  173.338514][ T6881]  ? lockdep_init_map_type+0x5c/0x280
[  173.338559][ T6881]  __lookup_slow+0x251/0x460
[  173.338597][ T6881]  ? __pfx___lookup_slow+0x10/0x10
[  173.338673][ T6881]  ? lookup_fast+0x156/0x610
[  173.338729][ T6881]  ? _raw_spin_unlock+0x28/0x50
[  173.338772][ T6881]  walk_component+0x353/0x5b0
[  173.338809][ T6881]  link_path_walk+0x627/0xe20
[  173.338860][ T6881]  path_openat+0x1b0/0x2cb0
[  173.338895][ T6881]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.338946][ T6881]  ? __pfx_path_openat+0x10/0x10
[  173.338987][ T6881]  ? __lock_acquire+0xb8a/0x1c90
[  173.339042][ T6881]  do_filp_open+0x20b/0x470
[  173.339082][ T6881]  ? __pfx_do_filp_open+0x10/0x10
[  173.339154][ T6881]  ? alloc_fd+0x471/0x7d0
[  173.339200][ T6881]  do_sys_openat2+0x11b/0x1d0
[  173.339252][ T6881]  ? __pfx_do_sys_openat2+0x10/0x10
[  173.339319][ T6881]  ? __sys_sendmsg+0x18c/0x220
[  173.339379][ T6881]  __x64_sys_openat+0x174/0x210
[  173.339429][ T6881]  ? __pfx___x64_sys_openat+0x10/0x10
[  173.339514][ T6881]  do_syscall_64+0xcd/0x490
[  173.339560][ T6881]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.339592][ T6881] RIP: 0033:0x7f38e498e9a9
[  173.339619][ T6881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  173.339651][ T6881] RSP: 002b:00007f38e58a9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  173.339680][ T6881] RAX: ffffffffffffffda RBX: 00007f38e4bb5fa0 RCX: 00007f38e498e9a9
[  173.339702][ T6881] RDX: 0000000000101202 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  173.339722][ T6881] RBP: 00007f38e4a10d69 R08: 0000000000000000 R09: 0000000000000000
[  173.339741][ T6881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  173.339760][ T6881] R13: 0000000000000000 R14: 00007f38e4bb5fa0 R15: 00007ffe424e25d8
[  173.339803][ T6881]  </TASK>
[  173.963585][ T6881] ==================================================================
[  173.971816][ T6881] BUG: KASAN: slab-use-after-free in force_devcd_write+0x312/0x340
[  173.979888][ T6881] Read of size 8 at addr ffff88814d1e0800 by task syz.1.161/6881
[  173.987732][ T6881] 
[  173.990087][ T6881] CPU: 0 UID: 0 PID: 6881 Comm: syz.1.161 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) 
[  173.990122][ T6881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  173.990138][ T6881] Call Trace:
[  173.990147][ T6881]  <TASK>
[  173.990156][ T6881]  dump_stack_lvl+0x116/0x1f0
[  173.990196][ T6881]  print_report+0xcd/0x630
[  173.990229][ T6881]  ? __virt_addr_valid+0x81/0x610
[  173.990261][ T6881]  ? __phys_addr+0xe8/0x180
[  173.990293][ T6881]  ? force_devcd_write+0x312/0x340
[  173.990332][ T6881]  kasan_report+0xe0/0x110
[  173.990366][ T6881]  ? force_devcd_write+0x312/0x340
[  173.990409][ T6881]  force_devcd_write+0x312/0x340
[  173.990449][ T6881]  ? __pfx_force_devcd_write+0x10/0x10
[  173.990496][ T6881]  ? __debugfs_file_get+0x1fe/0x840
[  173.990527][ T6881]  ? __pfx___debugfs_file_get+0x10/0x10
[  173.990563][ T6881]  full_proxy_write+0x13c/0x200
[  173.990595][ T6881]  ? __pfx_full_proxy_write+0x10/0x10
[  173.990626][ T6881]  vfs_write+0x2a0/0x1150
[  173.990655][ T6881]  ? __pfx___mutex_lock+0x10/0x10
[  173.990691][ T6881]  ? __pfx_vfs_write+0x10/0x10
[  173.990723][ T6881]  ? __fget_files+0x20e/0x3c0
[  173.990753][ T6881]  ksys_write+0x12a/0x250
[  173.990780][ T6881]  ? __pfx_ksys_write+0x10/0x10
[  173.990813][ T6881]  do_syscall_64+0xcd/0x490
[  173.990850][ T6881]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.990877][ T6881] RIP: 0033:0x7f38e498e9a9
[  173.990898][ T6881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  173.990923][ T6881] RSP: 002b:00007f38e58a9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  173.990947][ T6881] RAX: ffffffffffffffda RBX: 00007f38e4bb5fa0 RCX: 00007f38e498e9a9
[  173.990965][ T6881] RDX: 000000000000000e RSI: 0000000000000000 RDI: 000000000000000d
[  173.990981][ T6881] RBP: 00007f38e58a9090 R08: 0000000000000000 R09: 0000000000000000
[  173.990997][ T6881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  173.991012][ T6881] R13: 0000000000000000 R14: 00007f38e4bb5fa0 R15: 00007ffe424e25d8
[  173.991038][ T6881]  </TASK>
[  173.991046][ T6881] 
[  174.203367][ T6881] Allocated by task 5846:
[  174.207803][ T6881]  kasan_save_stack+0x33/0x60
[  174.212619][ T6881]  kasan_save_track+0x14/0x30
[  174.217429][ T6881]  __kasan_kmalloc+0xaa/0xb0
[  174.222163][ T6881]  vhci_open+0x4c/0x430
[  174.226380][ T6881]  misc_open+0x35a/0x420
[  174.230848][ T6881]  chrdev_open+0x234/0x6a0
[  174.235472][ T6881]  do_dentry_open+0x744/0x1c10
[  174.240272][ T6881]  vfs_open+0x82/0x3f0
[  174.244377][ T6881]  path_openat+0x1de4/0x2cb0
[  174.249096][ T6881]  do_filp_open+0x20b/0x470
[  174.253630][ T6881]  do_sys_openat2+0x11b/0x1d0
[  174.258379][ T6881]  __x64_sys_openat+0x174/0x210
[  174.263290][ T6881]  do_syscall_64+0xcd/0x490
[  174.267919][ T6881]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  174.273941][ T6881] 
[  174.276321][ T6881] Freed by task 5846:
[  174.280341][ T6881]  kasan_save_stack+0x33/0x60
[  174.285182][ T6881]  kasan_save_track+0x14/0x30
[  174.289985][ T6881]  kasan_save_free_info+0x3b/0x60
[  174.295075][ T6881]  __kasan_slab_free+0x51/0x70
[  174.299974][ T6881]  kfree+0x2b4/0x4d0
[  174.304283][ T6881]  vhci_release+0xbb/0xf0
[  174.308923][ T6881]  __fput+0x3ff/0xb70
[  174.312946][ T6881]  task_work_run+0x150/0x240
[  174.317756][ T6881]  do_exit+0x86c/0x2bd0
[  174.321957][ T6881]  do_group_exit+0xd3/0x2a0
[  174.326624][ T6881]  __x64_sys_exit_group+0x3e/0x50
[  174.331701][ T6881]  x64_sys_call+0x14fa/0x1720
[  174.336417][ T6881]  do_syscall_64+0xcd/0x490
[  174.341268][ T6881]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  174.347478][ T6881] 
[  174.349844][ T6881] The buggy address belongs to the object at ffff88814d1e0800
[  174.349844][ T6881]  which belongs to the cache kmalloc-1k of size 1024
[  174.364362][ T6881] The buggy address is located 0 bytes inside of
[  174.364362][ T6881]  freed 1024-byte region [ffff88814d1e0800, ffff88814d1e0c00)
[  174.378910][ T6881] 
[  174.381260][ T6881] The buggy address belongs to the physical page:
[  174.387704][ T6881] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88814d1e0800 pfn:0x14d1e0
[  174.397987][ T6881] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  174.406606][ T6881] flags: 0x57ff00000000240(workingset|head|node=1|zone=2|lastcpupid=0x7ff)
[  174.415268][ T6881] page_type: f5(slab)
[  174.419297][ T6881] raw: 057ff00000000240 ffff88801b841dc0 ffffea000535c610 ffffea000533d810
[  174.428018][ T6881] raw: ffff88814d1e0800 000000000010000d 00000000f5000000 0000000000000000
[  174.436737][ T6881] head: 057ff00000000240 ffff88801b841dc0 ffffea000535c610 ffffea000533d810
[  174.446178][ T6881] head: ffff88814d1e0800 000000000010000d 00000000f5000000 0000000000000000
[  174.455339][ T6881] head: 057ff00000000003 ffffea0005347801 00000000ffffffff 00000000ffffffff
[  174.464295][ T6881] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  174.473191][ T6881] page dumped because: kasan: bad access detected
[  174.479723][ T6881] page_owner tracks the page as allocated
[  174.485765][ T6881] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 34520722768, free_ts 0
[  174.507464][ T6881]  post_alloc_hook+0x1c0/0x230
[  174.512525][ T6881]  get_page_from_freelist+0x1321/0x3890
[  174.518207][ T6881]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  174.524150][ T6881]  alloc_pages_mpol+0x1fb/0x550
[  174.529048][ T6881]  new_slab+0x23b/0x330
[  174.533239][ T6881]  ___slab_alloc+0xd9c/0x1940
[  174.537945][ T6881]  __slab_alloc.constprop.0+0x56/0xb0
[  174.543447][ T6881]  __kmalloc_node_track_caller_noprof+0x2ee/0x510
[  174.549902][ T6881]  krealloc_noprof+0x156/0x370
[  174.554705][ T6881]  add_sysfs_param+0xd3/0xa00
[  174.559504][ T6881]  param_sysfs_builtin_init+0x307/0x4c0
[  174.565096][ T6881]  do_one_initcall+0x120/0x6e0
[  174.570002][ T6881]  kernel_init_freeable+0x5c2/0x900
[  174.575326][ T6881]  kernel_init+0x1c/0x2b0
[  174.580050][ T6881]  ret_from_fork+0x5d7/0x6f0
[  174.584684][ T6881]  ret_from_fork_asm+0x1a/0x30
[  174.589575][ T6881] page_owner free stack trace missing
[  174.595049][ T6881] 
[  174.597390][ T6881] Memory state around the buggy address:
[  174.603042][ T6881]  ffff88814d1e0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  174.611305][ T6881]  ffff88814d1e0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  174.619480][ T6881] >ffff88814d1e0800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  174.627594][ T6881]                    ^
[  174.631773][ T6881]  ffff88814d1e0880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  174.640034][ T6881]  ffff88814d1e0900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  174.648480][ T6881] ==================================================================
[  174.758681][ T6881] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  174.766156][ T6881] CPU: 1 UID: 0 PID: 6881 Comm: syz.1.161 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) 
[  174.778224][ T6881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  174.788591][ T6881] Call Trace:
[  174.791978][ T6881]  <TASK>
[  174.795063][ T6881]  dump_stack_lvl+0x3d/0x1f0
[  174.799722][ T6881]  panic+0x71c/0x800
[  174.803747][ T6881]  ? __pfx_panic+0x10/0x10
[  174.808349][ T6881]  ? mark_held_locks+0x49/0x80
[  174.813206][ T6881]  ? preempt_schedule_thunk+0x16/0x30
[  174.818670][ T6881]  ? force_devcd_write+0x312/0x340
[  174.823838][ T6881]  ? preempt_schedule_common+0x44/0xc0
[  174.829357][ T6881]  ? check_panic_on_warn+0x1f/0xb0
[  174.834529][ T6881]  ? force_devcd_write+0x312/0x340
[  174.839708][ T6881]  check_panic_on_warn+0xab/0xb0
[  174.844707][ T6881]  end_report+0x107/0x170
[  174.849110][ T6881]  kasan_report+0xee/0x110
[  174.853576][ T6881]  ? force_devcd_write+0x312/0x340
[  174.858825][ T6881]  force_devcd_write+0x312/0x340
[  174.863807][ T6881]  ? __pfx_force_devcd_write+0x10/0x10
[  174.869317][ T6881]  ? __debugfs_file_get+0x1fe/0x840
[  174.874651][ T6881]  ? __pfx___debugfs_file_get+0x10/0x10
[  174.880243][ T6881]  full_proxy_write+0x13c/0x200
[  174.885229][ T6881]  ? __pfx_full_proxy_write+0x10/0x10
[  174.890729][ T6881]  vfs_write+0x2a0/0x1150
[  174.895122][ T6881]  ? __pfx___mutex_lock+0x10/0x10
[  174.900627][ T6881]  ? __pfx_vfs_write+0x10/0x10
[  174.905466][ T6881]  ? __fget_files+0x20e/0x3c0
[  174.910181][ T6881]  ksys_write+0x12a/0x250
[  174.914635][ T6881]  ? __pfx_ksys_write+0x10/0x10
[  174.919625][ T6881]  do_syscall_64+0xcd/0x490
[  174.924274][ T6881]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  174.930316][ T6881] RIP: 0033:0x7f38e498e9a9
[  174.934882][ T6881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  174.955249][ T6881] RSP: 002b:00007f38e58a9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  174.963707][ T6881] RAX: ffffffffffffffda RBX: 00007f38e4bb5fa0 RCX: 00007f38e498e9a9
[  174.971890][ T6881] RDX: 000000000000000e RSI: 0000000000000000 RDI: 000000000000000d
[  174.979890][ T6881] RBP: 00007f38e58a9090 R08: 0000000000000000 R09: 0000000000000000
[  174.988088][ T6881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  174.996224][ T6881] R13: 0000000000000000 R14: 00007f38e4bb5fa0 R15: 00007ffe424e25d8
[  175.004690][ T6881]  </TASK>
[  175.007897][ T6881] Kernel Offset: disabled
[  175.012422][ T6881] Rebooting in 86400 seconds..