last executing test programs:

2m9.284159139s ago: executing program 3 (id=457):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
io_uring_setup$auto(0xc, 0x0)
io_uring_setup$auto(0x4, 0x0)
open(0x0, 0x4242, 0xe1d2b27bdc14aab8)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ovs_flow(0x0, 0xffffffffffffffff)
mmap$auto(0x3, 0x5, 0x2000006, 0xeb1, r0, 0xfd87)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0xa02, 0x0)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0)
read$auto(r2, 0x0, 0x20)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x3}, 0x3)
ioctl$auto_USBDEVFS_REAPURBNDELAY(0xffffffffffffffff, 0x4008550d, 0x0)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000)
openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x2002, 0x0)
mmap$auto(0x0, 0x2020002, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socketpair$auto(0x9, 0x4, 0xfffa, 0x0)
r3 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r3, 0x107, 0x17, 0x0, 0x4)
r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xd, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x6, 0x62, 0x80000000, 0x9, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0)
write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
getpid()
mlockall$auto(0x5)
rt_sigprocmask$auto(0x6, &(0x7f0000000080)={0x6}, 0xffffffffffffffff, 0x8)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)

2m7.596778873s ago: executing program 3 (id=463):
prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0xe)
socket(0x10, 0x4, 0xffffffc0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x6, 0x0, 0x8fd6, 0x948b, 0x3, 0x15f4da0c, 0x4000000000005, 0x6, 0x62, 0x8, 0x8000000007, 0x1, 0xb, 0x5, 0x17]}, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) (async)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) (async)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0)
write$auto(r1, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) (async)
write$auto(r1, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
write$auto(r1, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0x4, 0x15)
socket(0x10, 0x2, 0xffffffff) (async)
socket(0x10, 0x2, 0xffffffff)
r2 = openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/dri/vkms/Writeback-1/edid_override\x00', 0x40901, 0x0)
write$auto(r2, &(0x7f0000000100)='/sys/kernel/debug\xd4\x00\x00\x00/vkms/Writeback-1/edid_override\x00&\x9c\xabdj\xaa\x87\xe6[J!y\x80r', 0x80) (async)
write$auto(r2, &(0x7f0000000100)='/sys/kernel/debug\xd4\x00\x00\x00/vkms/Writeback-1/edid_override\x00&\x9c\xabdj\xaa\x87\xe6[J!y\x80r', 0x80)
r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/timers\x00', 0x109500, 0x0)
pread64$auto(r3, 0x0, 0x8, 0xffff)
mmap$auto(0x0, 0x2020009, 0x3, 0x17, 0xfffffffffffffffa, 0x8000) (async)
mmap$auto(0x0, 0x2020009, 0x3, 0x17, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/core/rps_default_mask\x00', 0x82, 0x0)
r4 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/oom_adj\x00', 0x0, 0x0)
sendmsg$auto_NL80211_CMD_ABORT_SCAN(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x4008010)
r5 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48442, 0x0)
read$auto(r5, 0x0, 0x1f40)
writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3) (async)
writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3)
read$auto(r4, 0x0, 0x1f40)
write$auto(0x3, 0x0, 0xfdef)
madvise$auto(0xffdffffffffffffc, 0x200006, 0x0) (async)
madvise$auto(0xffdffffffffffffc, 0x200006, 0x0)
setresuid$auto(0x2, 0x7, 0x8080)
socket(0x2b, 0x2, 0x20a) (async)
socket(0x2b, 0x2, 0x20a)

2m7.191970929s ago: executing program 3 (id=464):
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/loop15\x00', 0x200002, 0x0)
ioctl$auto_IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000340)={0xfffffffffffffffd, 0x10000, 0x4, 0x9}) (async)
r1 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0)
ioctl$auto_CEC_ADAP_G_LOG_ADDRS(r1, 0x805c6103, &(0x7f00000001c0)={"8911bd3a", 0x1, 0x0, 0x6, 0x4, 0x6, "feaf587cdf4d2f534a1c88d3e40a00", "e6cf6512", "f34cae3a", "10a991b3", ["3ae887a128f1d8c79420d880", "b11feafce4d296d8c985d069", "0149f0a7102c3fffab592db0", "0059c09dca7de9bdbbc6be07"]})
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x80703, 0x0)
unshare$auto(0x40000080)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async)
madvise$auto(0x0, 0x2003f0, 0x15) (async)
madvise$auto(0x0, 0x200007, 0x19) (async, rerun: 32)
syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e</\xfd\x9b\xe4\x99G\xeaS\x9a\xadu(:\x94:\xaf\x06c=3>1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) (async, rerun: 32)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async)
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x1, 0x0) (async)
mmap$auto(0x0, 0x20009, 0x4000000000de, 0x19, 0x1, 0x6013) (async)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8000, 0x0) (async)
socket(0x2, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0)
ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) (async)
ioctl$auto(0x3, 0xae41, r4)
rename$auto(0x0, 0x0)
ioctl$auto_XFS_IOC_FSBULKSTAT(r3, 0xc0205865, &(0x7f00000002c0)={&(0x7f0000000040)=0x1, 0x10001, 0x0, &(0x7f0000000280)=0x2}) (async)
io_uring_setup$auto(0x2, 0x0)

2m5.60273284s ago: executing program 3 (id=467):
mmap$auto(0x0, 0x3, 0x1000df, 0x9b72, 0x7, 0x28000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x2200, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa001, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1)
clone$auto(0x1002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9)
mlockall$auto(0x7)
mmap$auto(0x0, 0x20009, 0xb, 0xeb1, 0x7, 0x8000)
prctl$auto(0x23, 0x7, 0x7fffffffefff, 0x0, 0x0)
brk$auto(0x7fffffffafff)
openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/query\x00', 0x100, 0x0)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0)
write$auto(r0, 0x0, 0x7ef)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x84202, 0x0)
socket(0xa, 0x1, 0x100)
r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
pread64$auto(r1, 0x0, 0x7ff, 0x400)
socket(0xf, 0x1, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x202, 0x0)
mmap$auto(0xe, 0x20009, 0x9, 0x14, 0xffffffffffffffff, 0x7ff)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd14/queue/nomerges\x00', 0x80000, 0x0)

2m2.143830997s ago: executing program 3 (id=476):
mmap$auto(0x0, 0x2000c, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x155)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
r0 = socket(0x2b, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000)
futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0)
setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x7)
sendto$auto(0x3, 0x0, 0xfdef, 0x101, 0x0, 0x1c)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0xc0502, 0x0)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000200)='/dev/fb0\x00', 0x0, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x800, 0x8000d, 0x1, 0x948b, 0x0, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x2, 0x6d42, 0x5, 0x2000, 0xfffffffffffffffe]}, 0x0)

2m1.419959743s ago: executing program 3 (id=479):
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
ioctl$auto(0x3, 0x400454ca, 0x38)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
write$auto(0x3, 0x0, 0xffd8)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x8f3b7a51b8162d21, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/bdi/43:384/max_bytes\x00', 0x181482, 0x0)
adjtimex$auto(0x0)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
ioctl$auto_FS_IOC_GETFSUUID(0xffffffffffffffff, 0x80111500, 0xffffffffffffffff)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
futex$auto(0x0, 0x8d, 0x0, 0x0, 0x0, 0x100)
mmap$auto(0x100000000, 0x4, 0x4000000000df, 0x40eb2, 0xffffffffffffffff, 0x300000000000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x182, 0x0)
r0 = openat$auto_cpu_latency_qos_fops_qos(0xffffffffffffff9c, 0x0, 0x2, 0x0)
readv$auto(r0, &(0x7f0000000040)={0x0, 0x36a}, 0x6)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8000, 0x0)

1m46.368825996s ago: executing program 32 (id=479):
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
ioctl$auto(0x3, 0x400454ca, 0x38)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
write$auto(0x3, 0x0, 0xffd8)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x8f3b7a51b8162d21, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/bdi/43:384/max_bytes\x00', 0x181482, 0x0)
adjtimex$auto(0x0)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
ioctl$auto_FS_IOC_GETFSUUID(0xffffffffffffffff, 0x80111500, 0xffffffffffffffff)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
futex$auto(0x0, 0x8d, 0x0, 0x0, 0x0, 0x100)
mmap$auto(0x100000000, 0x4, 0x4000000000df, 0x40eb2, 0xffffffffffffffff, 0x300000000000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x182, 0x0)
r0 = openat$auto_cpu_latency_qos_fops_qos(0xffffffffffffff9c, 0x0, 0x2, 0x0)
readv$auto(r0, &(0x7f0000000040)={0x0, 0x36a}, 0x6)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8000, 0x0)

10.9344519s ago: executing program 1 (id=2293):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) (async, rerun: 64)
r0 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/pcmC0D0c\x00', 0xe40, 0x0) (rerun: 64)
mmap$auto(0xffffffffffffffff, 0x40009, 0xdf, 0x9b72, r0, 0x28001) (async)
write$auto(0x3, 0x0, 0x7fffffff)
write$auto(0x1, 0x0, 0x80000000) (async)
openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) (async, rerun: 32)
preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) (async, rerun: 32)
r1 = socket(0x2b, 0x1, 0x1)
openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) (async)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2) (async)
sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(r1, 0x0, 0x20000001) (async)
madvise$auto(0x0, 0xffffffffffff0004, 0x19) (async)
kill$auto(0x0, 0x21) (async)
madvise$auto(0x0, 0x200007, 0x8) (async, rerun: 32)
madvise$auto(0x0, 0x2003f0, 0x15) (rerun: 32)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
r2 = socket(0x2, 0x2, 0x0)
bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) (async)
connect$auto(r2, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
shmctl$auto(0xa0000000, 0x6, 0x0) (async)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async, rerun: 64)
execve$auto(0x0, 0x0, 0x0) (async, rerun: 64)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/zram0/mem_limit\x00', 0x183841, 0x0)
pwrite64$auto(r3, &(0x7f0000000280)='Mdev/loop-control\x00', 0x80000000, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x5, 0x14, 0x944, 0x1ffe0, 0x3, 0x6, 0x7, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0x2, 0x5, 0x3, 0x40, 0x7, 0x21, 0x309, 0x6, 0x0, 0x0, 0x200000, 0x0, 0x0, 0xffffffff, 0x0, 0x0, [0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x81)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)

9.575992687s ago: executing program 0 (id=2299):
r0 = openat$auto_sc_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000080), 0x42000, 0x0)
recvfrom$auto(r0, &(0x7f00000000c0)="0c358e0555a0adfef012ed2641bcd6069b8c96313e77b5d4c919e45807202f877541ba73ab", 0x2, 0x2, &(0x7f0000000100)=@llc={0x1a, 0x206, 0x0, 0x5, 0x9, 0xe3, @multicast}, &(0x7f0000000140)=0x9)
socket(0x15, 0x5, 0x0)
mmap$auto(0x0, 0xc, 0x4000000000e1, 0xc71, 0x10006, 0x300000000000)
r1 = socket(0x15, 0x5, 0x0)
openat$auto_tracing_saved_tgids_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/saved_tgids\x00', 0x101000, 0x0)
r2 = ioctl$auto_SW_SYNC_GET_DEADLINE(0xffffffffffffffff, 0xc0105702, &(0x7f0000000040)={0x121, 0x0, r1})
getsockopt$auto(r2, 0x203, 0xd, 0xfffffffffffffffc, 0x0)

9.325932312s ago: executing program 2 (id=2300):
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0)
read$auto(r0, 0x0, 0x20)
mkdir$auto(&(0x7f00000002c0)='./file0\x00', 0x3)
mkdir$auto(&(0x7f0000000340)='./file0\x00', 0x7f)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1/file0\x00', 0x101040, 0x149)
rename$auto(&(0x7f0000000040)='./file1/file0\x00', &(0x7f0000000280)='./file0/file0\x00')
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x80000, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000001c0)={0x18, r2, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_DYN_ACK={0x4}]}, 0x18}, 0x1, 0x68, 0x0, 0x4000000}, 0x20084000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x28, 0x5, 0x0)
setsockopt$auto(0x400000000000003, 0x28, 0x0, 0x0, 0x56b)
mmap$auto(0xa, 0x20009, 0x6, 0xeb1, 0x401, 0x8000)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r3, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000240)={&(0x7f00000017c0)=ANY=[@ANYBLOB="4f333e146408b651b6c20a3ffe1481208200edc3c034b2601bccb81758426e993d049661b9cdd41a740b49d8f740890c3ba039f9ee9e3d8501513be2c9a152d25f74493073afa4d5f5a53445cfb72d09f50dc838e6f903dff91290d5b954834e8a6554e220", @ANYRES16=0x0, @ANYBLOB="010029bd7000fedbdf25280000003800ac00530add744eb464c5dd65e70f0d4f81011872ae24050b9dc4815c6f0655ecda67937234bb522f26f889e2c7734568a53f350ef0795810248052101e80302c5cfc7882f17cf672b69b878af5db59ed90fc2bda6b8c9345ac6c9ca5c0850ac347ff565ec366c7f9bf9314ace23d857f520c77d87ca265afbda78234f3d842cfc2a0bb3978770510d65a558c33a384d1264fd1972930223dd89f8f9257878003709344429e8886bdc94c44717fd253341db50f5976bb9a8a4a57c53241f443ededa4ce48c53d7987d8222c714d4fd642dab6d0bda34ad9de10f0ab363d125fb3dc9645384cfd7ae38681d696b105bc28cb5d947cb114947e543bcfebd70de572d5d1a6af37a95bcf7442ad1ad80b1c12b38c962902c3669c9a892ed10393e8951b07970981d1ba2c5543448b9cb01d0867b6dcde0c3b75c0be2aaf22cd0d1d0de09f1ff8fbaec35a86bde6ef13fe00ac7bfd428ba89f5ca1747d95cc201010aeb0149012feaca252d4d44c4f2f81dd7559e16a88f9e6200676c3e3e8cce324f6ac1f0a852a23f4b4f7e57fe2a06d237991781efc1771dfc5f22c0865c93603c3b0dfbd96f082c48e8e4fecdf003f51a221a671eb361cd93d65a48fdd26132bb79e85844da7ee9fe4548ab88b654cc447c1a7120b1f77247e85e39c9f4b5c15c46fb9ba6b051307c41b9ff9a95d3e6e662c7313d598ffeaab1f7bd8ac7c52e4284107f359c637a8c50abc088ec05830609e0911fb9e87a439f619019e66f6cb689255b2cc91b6e0a7861d1ba64245460e936cc5f32a289733bfad0e0a688c6b32f8a4b03bc2439b0c98e90e73aa83b14133afd075b6162e488ed9c7c36461b3647159632a9ab5efdea38df043f1251bae733171001954987cb96846810b82b1046ee2c331fb3e4ec646acd1d461180258b5170e056d51e4872e6c671704d0997f760afa0f790de496607ab6fd40222394bfdbba282284c870fb2bf4ac640a0298a277053452fe1698d17a51711aac937ec4165e01ef0d9d5d8cd7beab63a71c87e77ce18a822588fbd9db70d042cf2d3c134150e49c2850e063aa325130de42def970b6b15d1fbcb3f763ed577ecf8602dd51606a1560c1f21dcfee498303461d056c51d639180f7c5c238a4fed3d39a61e631256176a95f097325359b9a1f922a4d9a511f1a50c1db49644c00f25b537908c21625056c1ef4868d4e68090f58713da5f081f12e6a28b3cf4a0cf817466f0088266ed01518967d15ef4d7d9bb37b60a3af3d1d380eec0fef4e331288b18ba4ac1d06c71ff0df1f5cf9ee27e25e3f8d4100ab331ac6b45145c7b15057c157db995a2aed5af5913f646d60e51d1d4a950eeb9d5c4d69c45477b242e42805c7a0c00fe1b73058d5bb5621d543fa33f9ecf9c8924e4c195420cb95e188621ae000579f8fc62eb7a27e14039064593dd1cd0d7416660b7df2f4f8a3290818063846b5cedce365d22578641146baa872588629f0758b445167cd55a5396484a07c51778714e5d969460f8c2d6ab0301a95fd9cf18691e2fb19091dbb19827072595b7ae3e11db502b998d42c013f44df73e83e6e79af81ccbab50f7943eb0f0949024d6fe90c34bddbb8ddb5a969ae907bba3d5131ccda8d8a68378a0391de74ea37bfe651b69073f9cce085d6f9c5b83bc6b858313087e97f7ff687a2294c05993c94ac721e17a3b450dd8c1dcc869ee6ee1e330589db452e6033937fc2a0044061a50070e6e4090058bc887a6df46ee3f3e3efc3d69394b3a2d89c33657975857acd40adb096cef01a923be2eb20697b8fa15f206e1f84cf4dedf815c2ad952b9d7f9f9c52ed1b20b24fcef3d931a22db8aa0afebe4cf2e9da8f85cc0fe294b3ce6638e14f611d1ee3a81bdfbb2d03283a6a2fa96d6596f70d1c804a5d84015eaafbd6b40bafe925cc3e20c8fda0601964c680c5dce8f488f86e5c19099f72b489eedfb485cea399b9a9a7b9884cef601e2fb0f169f40a70046ddc998d041086bcdf9ec7db2be400afadd3142323f8b28498cef0a2886bcd5e08f188224d3eb0fddced5d9d4f8c600cbe5e90a171bd333f3d26ad90784067739ada742512e5af6f047d031aa261c2344f71111b761b64f410d22da8e5c008ff96efaaf31f70038000eab6d3c772a4009cb6b425c3a902d67b7883b8774b1035d2538c3aac784504e9dc3c8b53a0c423bb4eed32efe83a2a791cebd9ccb16f986492a31bdf0952fdb89bb22f0722ae3ffc64c9b633dc71ad8708873d68b53dda8999a441c60d038fc9f9e5d82518051b00bcf4a38b55de6c1f124ccf79a2ee2e6f5738e103e8b6df23a3743baf0e6ced09a506c17bf7f8de7a646b08d72660ff5ee30c3e38b930e79534a6dad34a19fc31c88cc9979a0e23ae5630bad634fd2e6ab76594a57d543d6879ecb5b541f4918a1a20cd01c126ff6c568cdf5a0a417f7602499fbacacf809f1632e24e43f94539444422c58e9fecb03649dda82cd9f9be5312ef90605314ea6298be2cef8cf9756de970bb4b46cbd8321b4ebd46e2aa883edff02b5ce59772ed869b6c2babedc1e01002d993665347ff6617c0720107c73b018d373049df2ae9f3dfe2dd0a2c20def0a77ab2fd36ed7c6255c3cac576dc3fca433bb9574efe24b91dfc58cfd0066c84d4bb419cb4deea57f55ce465e303168f9248b6f34e0bbb6529daaa553dfd53207a9331a150da2251b12e88d8fc62d5a4e9562fb66f176bb3cc15e61a190b3e9e294150f39b074ea21c61ca47268c8c2610daf63509fa6261d0a3fbf12b5f33b515f4cee22ace3e46c5aa3e4a62ed9313c04fb64b15df10ec4b82f3c3eb172f8a968f1ad8ff41808026ecbe586711c2c148334c3b7f7b781165b1a8dc77dcd28646e842e4fbe3eb152129ea4d95fafd8036bf7c4923a935df6acb2d43a0f918e051bd6e8c12ce107dfeebc3af36b8361522f888f26ad04b1a088982b65088d84687a89c245ab14892e99ffbcca10bcbd210278e32fe11945039d867cb623d80558dfc3e8fc2b771ed30690c9ea22392a7315cf05676910b75bba611181131e0496f8a72e16c5af79531eb3a42c9c0a06f0f73e62f69ec8c4168e3ccc8d5613c8be8c5d7dd4d67aea91c7153c093a2bf80643644d0bd84fd26c72476d557d3713fb166a952541c4721eb73822a60728814b90ebb9e15ce3269f5c4172b5407e4548fb83894c57a4a29c371e3e322ce236db35fbff27e23e86b5370f6ba8a2f9e8c68d2416fe9d5bc22e7aaaec7473f42672bc43c805d65c090ca631e8bc7a01bca91f7d67ba58a261539751c9cc9b342b89b1c8cef2b38f102bc42d508d88b0c68dab19865a2911a18b235538c74b39bc7e6e80ba10ecd4a06cfc92cf5420ef53c9d6b6e4a1b303cd31d70cb0253a11d8080ead1d602a03e1d495c04fa6092439570c4b3539e65f723463da728ef5c437d809fc4521c565ec7880ee55663a8c147d9b2711d1ce65ee21533b94395053b7fb7a21d16cb7210bc95754133c6f037843bb5c309afa7ecf273bb8a69e87e6313786869e75e1f8170fc95d8c017b3a302a7eaa00c68382ff3888ead139e29bcddaabf7e97bc313e063fa98c0cfe516c4caf14434b09ccc604cd1dc82d371655af575f175b6a4c478cd6e3abca167ae4586beaa6674e8bbc863b08ad81795ac3ec0a4842ec5ac66671982d3907b3e94dd937b5f57c20bbb927ef7a9b4c1a9b4c54ac16fd17d12ab28fda6b01db694739d2a029ccf794e9e27b20aa16b2e04f9f2bec09a491f3510fa7ae3ac47c0b7c816f4def76f494232e3cf91cfb4bb296a7769df9b71e23d9700facc8f407a1b7a2cb261cc42f0364f9386773db86623f8ad16f67f56f3ea13688ba8cff1b71256ac96bf631dfde4d5f4125a213e36759a768d13c0c499abb2da89894c3ab9bd8c7c29dfb59c64245a4c35c36d8a290b812a2868e1a19f8f48998d755478274caa59593728cbc0f5ada5a87937a2fbfade1c082e3e500dff6e39d2933f32000b846071600a17b77a17e3300590e1c4cae8f9d571778bc2570e5a25a522401896dbf439442ed086694e029f38c105bd5d7570128f7b873a019170c98e625256bb927a536fd86e6ed8d5d9a3a7932590aabae5596ecba2a5d558abcde4f35de630c0a2113c2855a1c1966391cbac79e2f5e352c8bdace922d8525ea7fde25d3c6bf0f7238265f69bf3df23234f05568bb3d8f89a321cdd2fc5d6bb90184791d95676c183cddb200af7b844409758f52cc8eb5fba44ddc34801c5aa8ad3aac7475baff282d849faabf81de63d64fbda307df564852624d662c911d2cd2419d4c4b520ffc64f7ab26f057e69ecc8098ec97a04a6d37b099582e20077fdfd8d7312fe7221d7655ed94b8bce96748b39ddb9e63dbbe7f7ff80f8b09227ac8e92925cfffb137880723e0e445747e210765b22b463b69f312ea9949a49b2fd37f891ebd3213f6157c32b230661dd42a61136c3bc1688ef44e48f123351a248de64358c3ff041a403d43f8a609dbc5b58bc0af3926f8147966aed010829b0e6655c27b876d377cd28146ff5dd6bd15551b1a306f1303bb99253e308471cdcc9d46cbceafe5102fb3702952cceec88c631847596d24835821e16fa561af13328edde19acf5dfdf3db1b326057ae4953c5a8865f1b2d218d21d4a2b3842f818b3cca476f6aaaaa7c65168140cb15d974a0add80f7bd6336f645a66d9d836e0911bbbac1a01f279a653699067958d713d21f3bc4e9ac7400359829f884fd65581fc0c6f39b4563669b9c9463a553fcc7ea1918bb9ede29237b5a2112cd57dde4bc37889ea8cc0dbdeec8fcee9e413ff22c34daf48bc9ef2a6ea0a8d12b9240347181d81142481c87e8fa5c9b092a1682a8d9bf28ff7439c5b31b8f969799bbc2617e98d5a0ce87a9c67567f156500bc8e8a76a19842de6e60648af4e70864d3460b8a3085f986b83aa9200c2bcdd20bf845cf9fd66a5e4ab71c6d9a76a8479ba6cb98f6aa656755a71ab73b8bcec7d83ffd466c10f9047a89cea9bd5ff58d88c921eb7c4d1e2a9f59b3813e61f18661c67b822302acea344dae22e98dae26cedaf919cb7d66e7fe603d166b06556c7afa16ab1e6898b7ee1df43fae1073f0361e77ce6831f999ff6d97e92d4f1a2e4a3bc1b9bf77090aae88cbf72f62db626c9ec04eddd70bedef073f50c90174bc0c9adc6c55119ac73e138f75d7fd19fb93cefb9a8ecf2feebc78fcd79f35dfa28b4bfab5f92f87f04037fe77b544b9c51c2103a6b1b27fb88b14625599edbeee09ed2d7dabb89038527daf41efb8ba0030900e13856eca66c483dca74d355d2648fdb71ee67c475215bc88f2113f50e80699de892863c56e688af450563080840d51228c382fd15d8bcf0dc9875c1e59d63e85bfc1e38e20715d0b15a90b26a292edd43c1beb6021d6388ef1c1c2d3bf430f0d4750d2e7bd19e7bdc785a66c66b331e330732891fa402041acbbccb5689ef9c80845edc696bbc92926aff5cecd43fbc6fe1d835f2b2711323aacb17eaba9770619191a21a38703af5d47fa88b4d70d4c985e49ad4f5d4351a63aa138655d285688765714047d918d2fed7d7a8b38b5b2b7e929967ff205fb8c5fef1c3524875869efad75be59f9f134b21a848633cdc28f60af9511e030b683827f5b8d29dd55b76828797c173efd6e3bd3dca922f3edad6c41fdcd0dbe8e59b9f659606d611b48331afe0fc0956252a2b3d0b9028425c1191fb761c99a33edc9dfdc4cba254abfd635184be9e3158ceefc5ccae850b5374814c1fc80e5d7f00cb16009f89e6814c21572186c8f589b1d8f94efb798dead2dbb2122742655584e3dfe080d8ecad9ead89ff7a16ad780400398004001c80b3bbdfe84da92709cae37d0622509291bc60455f1253698eae621578fd0270805b5319baf9a59ccac800db35f73c364e10f1f021b30516da0a9a0742af9d2b385dd89ef28cb600008f00cd008244725e120a79d7ce114f40c90567c9d84292f918f94f72b58280639aac8f2ffb78fa6a4d56b45cf60782e9e6c7c8c30aa360a862d9f8998d4ac68170467cb0b3e47cf0d27a76c78fcea063ad78398c832863bffddcb78bdd629d7a2e668767d6ac98935053598fc8d6ae6744aa6127b86705d8d152559d7b8f7bfad4e91096787d4e57179ca7e77ab798009d00c8009ad6886bb98deb20b69300b0309bc362bb6bf245ed946d46acc3e4c1227a75f638e1b902be1ad4816356aa1f32eab5d843703dc5433606d8aef7f7c59fbf3732e4dbefcbc4f474cd48973109a30a7bf71bbf137159961f8acbd277c1942b795dadb4b9861210f1eb1ac609e91be58fdda971fb48bda4a05c6cd670f5a31f29c3f27f673392b204253ee519c5ae9f3bbeac78ac5cc20dd5c787000000"], 0x11d4}, 0x1, 0x0, 0x0, 0x40000}, 0x24040010)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x382, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
inotify_init1$auto(0x3000000000000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0xffffffffffffffff, 0x0)
open(0x0, 0xe6302, 0x55)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r5 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP_CLEAR_HALT(r5, 0x4004550e, &(0x7f0000000080)=0x2)
ioctl$auto_PPPIOCSPASS(r5, 0x40107447, &(0x7f0000000100)={0x0, &(0x7f00000000c0)={0x1, 0x8, 0x8, @raw=0x7}})
ioctl$auto(0x3, 0x80106f53, r4)

9.249083241s ago: executing program 0 (id=2301):
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd5/queue/iosched/front_merges\x00', 0xc0202, 0x0)
mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x2, 0x8000)
write$auto(0x3, 0x0, 0xfdef)
r0 = socket(0xa, 0x2, 0xfffffffc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'veth1_virt_wifi\x00'})
mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(r0, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
r1 = openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
read$auto_nvram_misc_fops_nvram(r1, 0x0, 0x0)
r2 = socket(0x2, 0x5, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9)
sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311)
sendto$auto(r0, 0x0, 0x402, 0xacfc, &(0x7f0000000080)=@phonet={0x23, 0x3, 0xff, 0x4}, 0x1b)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd5/queue/iosched/front_merges\x00', 0xc0202, 0x0) (async)
mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x2, 0x8000) (async)
write$auto(0x3, 0x0, 0xfdef) (async)
socket(0xa, 0x2, 0xfffffffc) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'veth1_virt_wifi\x00'}) (async)
mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) (async)
close_range$auto(r0, 0x8, 0x0) (async)
io_uring_setup$auto(0x6, 0x0) (async)
openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
read$auto_nvram_misc_fops_nvram(r1, 0x0, 0x0) (async)
socket(0x2, 0x5, 0x0) (async)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) (async)
setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) (async)
sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) (async)
sendto$auto(r0, 0x0, 0x402, 0xacfc, &(0x7f0000000080)=@phonet={0x23, 0x3, 0xff, 0x4}, 0x1b) (async)

9.164213165s ago: executing program 1 (id=2303):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
open(0x0, 0x4242, 0xe1d2b27bdc14aab8)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ovs_flow(0x0, 0xffffffffffffffff)
mmap$auto(0x3, 0x5, 0x2000006, 0xeb1, r0, 0xfd87)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0xa02, 0x0)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0)
read$auto(r2, 0x0, 0x20)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x3}, 0x3)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000)
openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x2002, 0x0)
mmap$auto(0x0, 0x2020002, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socketpair$auto(0x9, 0x4, 0xfffa, 0x0)
r3 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r3, 0x107, 0x17, 0x0, 0x4)
r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xd, 0x0, 0x0, 0x0, 0x0)
write$auto(r4, 0x0, 0x100000a3d9)
getpid()
mlockall$auto(0x5)
rt_sigprocmask$auto(0x6, 0x0, 0xffffffffffffffff, 0x8)
close_range$auto(0x2, 0x8, 0x0)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)

7.536792217s ago: executing program 2 (id=2305):
syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff)
prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x3, 0x0, 0x800000000001, 0x0) (async)
prctl$auto(0x3e, 0x3, 0x0, 0x800000000001, 0x0)
write$auto(r0, &(0x7f00000005c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D_#\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc^:\xd1\xe3\xf1@\xc0\x93^:Mn#Oi\xaa[X\x93)\x8f\x03K\xe6\xa4\x11?\xf1\x02+\\\xf9\x8b\xe5l5\x11\x006c\x907E\xeb\x81\fB\xe3\xf8n\x8f\x94V\xbcB\x9cm\x9f\x15\x00Q\xf8\x8fFW#?\xd5Z~\xa51\x832\xbd|\x19\xda\x8e\xff\x17\r\x96\xa3\xcc+\xf4a\xffN\xd2\x02\xe5\\\xf8Lzc\xd4\xa0\x1f\x04_\xf1\xc6\fO\xbe?)Q\xc7\\B\xdb\xeaI\xde\xe9m\xf5\xf9\x19\xd3@IK\xe3c\x0ek\x8drZ\xad\xdc\xbb\xfc\xd4\x1f\xdaOW\x87\xb6Fm\x12\xadw(z\\j\xcc0P\xaeC\x9f\xbf\xd5\xf9\xe3\x85~cG\f\x85\xd6\x84ma\xfd\xdayNj\x80\xdd3^\x87,\x14\x8eRl\x95\b\xd9\x8b\xbcBq\x9e\x82{\xcb\xe1\xbe$\x05\x8a\xb0 M\xf6$B TCs\xa9\x91dilS\xfc\a\xbfD\xd9\x8d(F\x1e\f\xec\xe9K|h\xf5\xcaUI\x18#\xbed\xa8C\x8a\xbb\fE\xe6\xa3|\xf7\xa8\xbb\xd3\x97l.V/uc\xb5Q\x1eY\xe0\x03\xa1\xc1\xc8\xe2=RK\x7fWV\x7f;\xccTsf\xa7[\xdd\x9cR\xab\xf81s\xbc\x9c\xaaSGH\x9al\xb9%u\v\xb4\x9d\x95\x16\x01\xbbT\x99S\xf8A\xcd\bRC\xf4\xb0\x1a%\xdd+1\x81\x9d6\x90\xe8\xc6\xc1\x1e\xf0~\xaf\x10g&\xd6\x01l', 0x100000a3d9)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0)
write$auto(r1, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
read$auto(0xffffffffffffffff, &(0x7f0000000040)='\x00', 0x3) (async)
read$auto(0xffffffffffffffff, &(0x7f0000000040)='\x00', 0x3)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000b80), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_GET_WOWLAN(r2, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000000)=ANY=[@ANYBLOB="c2833000", @ANYRES16=r3, @ANYBLOB="01002bbd7000fedbdf254900000019000d019bfcc642fb8222e81879d39dc6fd94f765ecdeabfd000000"], 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/rpc/nfs4.idtoname/content\x00', 0x181000, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2a, 0x80000, 0x8100084) (async)
r4 = socket(0x2a, 0x80000, 0x8100084)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @multicast1}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) (async)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
getsockopt$auto(r4, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x98) (async)
getsockopt$auto(r4, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x98)
read$auto(0x3, 0x0, 0x5)
iopl$auto(0x1)
modify_ldt$auto(0x8000400, 0x0, 0xfffffffffffffffc)
pread64$auto(r2, 0x0, 0x3, 0x8) (async)
pread64$auto(r2, 0x0, 0x3, 0x8)
madvise$auto(0x0, 0x200007, 0x8) (async)
madvise$auto(0x0, 0x200007, 0x8)
openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/usb/usbmon/3t\x00', 0x8a80, 0x0)
close_range$auto(0x2, 0x8, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000180)='/dev/usbmon9\x00', 0x80000, 0x0) (async)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000180)='/dev/usbmon9\x00', 0x80000, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x630001, 0x0)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)

7.432134122s ago: executing program 0 (id=2306):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0x141401, 0x0)
socket(0x2, 0x3, 0x1)
r0 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
clock_adjtime$auto(0xfffffffffffffffb, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/mac802154_hwsim/ieee802154/phy0/net/wpan0/queues/tx-0/tx_maxrate\x00', 0x10b142, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40342, 0x22)
mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
fanotify_init$auto(0x5, 0x2000000000002)
close_range$auto(0x0, 0xfffffffffffff001, 0x2)
socket(0x2, 0x1, 0x0)
socket(0x1e, 0x1, 0x0)
mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
r3 = syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f00000000c0), r0)
sendmsg$auto_IEEE802154_LLSEC_DEL_SECLEVEL(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x34, r3, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_SECLEVEL={0x5, 0x2a, 0x1}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0x5}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_CAPABILITY={0x5, 0x11, 0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x8001}, 0x40000)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$auto(0x3, 0x4018aebd, 0x38)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x26, 0x80805, 0x0)
socket(0xa, 0x3, 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
utimensat$auto(r1, &(0x7f0000001c80)='\x00', 0x0, 0x1000)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00'})

7.055018663s ago: executing program 0 (id=2307):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
getpid()
ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0)
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0)
readv$auto(r1, &(0x7f0000000680)={0x0, 0x40200}, 0x3)
ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, 0x0)
ppoll$auto(&(0x7f0000000000)={<r2=>r0, 0x40}, 0x2, 0x0, 0x0, 0x8)
ioctl$auto_SG_GET_ACCESS_COUNT(r2, 0x2289, &(0x7f00000001c0)="748c71542be98e770ba5c6ba43dff2587884738ab8c9fd79566afe07fed0766d2e8bd35c75d932c63b808ac700554d6a78d7bbe34b9917458bbc021fdb7ee40383d779897f9063e4b275c918f0673b89058d76baf95d9101d716f1deb20e64fb1855a6998b29bb21f4557521a2e6b09332284f8a1c410f8cb5237a2c2dfdf413c7896d1dbd0321cc7b0d144d5d53515e268687110969051804deb3cce3b2b0f81123e08f43a5d7120934107ad931d62e53d861d3f5e79eb900e9f537cc2f62eca0b4348aec16bb8ab6ad1463b157d37dbef4b455fead5a81a4f5149a5cd1c4")
modify_ldt$auto(0x1, 0x0, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0)
r3 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/lru_gen_full\x00', 0x0, 0x0)
pread64$auto(r3, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x400)
r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
getpid()
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0)
write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f00000002c0), 0x24401, 0x0)
openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/pcmC0D0c\x00', 0x494580, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r6)
ioctl$auto_KVM_GET_MSRS(r5, 0x4188aea7, &(0x7f0000000100)={0x2, 0x0, [{0x0, 0x5, 0x9}]})
openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/trace_options\x00', 0x40000, 0x0)

6.488769679s ago: executing program 1 (id=2308):
mmap$auto(0x0, 0x20009, 0x4000000000db, 0xeb1, 0x400, 0x8000)
r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0)
read$auto(r1, 0x0, 0x20)
msgctl$auto_IPC_INFO(0xfffffff7, 0x3, &(0x7f0000000600)={{0x81, 0x0, 0x0, 0x8215, 0xae5, 0x3ff, 0x16}, 0x0, &(0x7f00000005c0)=0xd9, 0x2, 0x3, 0x9, 0x7, 0x101, 0x3, 0xe, 0x8, @raw=0x2, @raw=0x2})
r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_LISTENER_SET(0xffffffffffffffff, &(0x7f00000020c0)={0x0, 0x0, &(0x7f0000002080)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="010028bd7000ffdadf2506e18f3a1ceafc1919ca613552f90f87"], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x4000)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x100)
r3 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000180), 0xffffffffffffffff)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x9)
openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
r4 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x8a403, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0x11, 0x80003, 0x300)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
setsockopt$auto(0x3, 0x1, 0x28, 0x0, 0x808)
read$auto(0x3, 0x0, 0x80)
openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/kernel/debug/ieee80211/phy6/statistics/dot11ACKFailureCount\x00', 0x16081, 0x0)
read$auto(r4, &(0x7f0000000580)='\x00', 0xa3eb)
r5 = socket(0x10, 0x2, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0xa, 0x3, 0xb, 0x5, 0x3, 0x4, 0x6, 0x2, 0x6c8, 0x5, 0x20000000003, 0x5, 0xb0, 0x7, 0x10000002, 0x3, 0x5, 0x7, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x1fe, 0x81)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0xc20f0000, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x8)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYRESOCT=r3, @ANYRESDEC=r3, @ANYBLOB="8806016c387be5a4bfec88b48a243bf2e080b05b73539afbf58a742a5846df78667d0dd4f04512b2dd570e762fbffb0521c665b353393c1efb97f3334fdb02d7c367421fa728f2cf31ec40882a2d1e549506a00d9cade8e0f21531aa271922", @ANYRESOCT, @ANYRESDEC, @ANYRES8], 0x20}}, 0x2000c004)
writev$auto(r0, &(0x7f0000000200)={0x0, 0x3}, 0x3)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/007/001\x00', 0x80000, 0x0)

5.952132954s ago: executing program 2 (id=2309):
r0 = socketcall$auto_SYS_ACCEPT4(0x12, &(0x7f0000000040))
mmap$auto(0x5, 0x400008, 0xdf, 0x9b72, r0, 0x6)
r1 = bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, <r2=>0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, <r3=>0x5f, 0x0, 0x3}, 0x6f3)
openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec10\x00', 0x900, 0x0)
sendmsg$auto_NCSI_CMD_SEND_CMD(r3, &(0x7f00000009c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000980)={&(0x7f0000000440)={0x530, 0x0, 0x300, 0x70bd29, 0x25dfdbfe, {}, [@NCSI_ATTR_PACKAGE_ID={0x8, 0x3, 0x2}, @NCSI_ATTR_PACKAGE_ID={0x8, 0x3, 0xfffffffa}, @NCSI_ATTR_MULTI_FLAG={0x4}, @NCSI_ATTR_DATA={0x505, 0x5, "4b4d75c62d18af7879fc2d3c3eeec4c79440046754774beaa8d65ba460c12b702b8932bda6a756635235d9fb3f2cd76294055c35274c6219b6bf3af228402168032451d4238b7acd717d06223932ea185ae359615a1878a76939177197aa272ece91b4461264d75d446a0179a7da44b356a9afcba5548e035d5dd16b35eda69f9f4ceab0aac119bedf9213c0faeda6b23986d4ced7d45056696ffa6ea57c498109826158b30ef85e17caa5a834d465ee5d2f5d977a15829c35ff91839acc905e166fbb48d0d450bbc64f5e5fef8816df1d32078ba591884d8aa7bc38872bf3af49d5d74193fd766289a95e93025045abb0711303692afab10740848959a8ae5d4b8b2b007e6fa8b16bd60b85908b547c7e5f837be356fff3dedbbf41bf566b9eab16bf960af3339f7be5c6b6d4cf369f8972e0a8d715199ed36deed83dd5cb7cb64d5f048d8de2ca671c10edec49f0dd1bc6140271970a10fb57f5e373dcb7851809e1e857c22bd5fad7681ab54f6bb6ad84c4e2fdeaba7f4ac6c656ba3ef9de2ffe013ab8f879a18487fce5ae4f9fdef10ba20e66dc3a7e27039f11b250cfc0ecefb34f018baf0c29d93aa1cc0b92ff2f269960177ad7e448cebe17f3aa6cfbe1961888b26aaaaa5d2dd46066f36b959b9d81b2dd93c0d63e9b5eeaaeda672e3b1746c6e21754eeded2d571f1c71e930f59413c97b43ab55a1f9d416f4cb2e0c5cd761f32efff8d0d03e3692c01668d3431f4768afc777cd4f5bb6f13968cbb135806acc1939775e5e6b06b73f6be6b86c8b7209c3a512954018fa97f6b33520612ba0ad563798729c2d4c9ff40e636bd57742b5123eecb2e4a7a94ca89ab3b2a908c421a2110830d299434d138a44cc61d70355fa3add3ac557bc9dce0bf963fe0416b89544d0db524c1058292a18de38b3429871b113061be792526d0b7a20242dfc699e0aaabfc2d25d8449c6929a445500e6779321846414ad14cf43a6090e46dabc5efd81b4f4a4766f2375dc3a49061bedd406d08072f99094e0c930be1854d2b73f6519f69525c59d8548ca1b410e51d9a336ebd5ed9407bed3b49271671b1f44b8f125280ffc8d216d43b0f0f2364f135b58c348d9f867d36bc607cfdef7ac54adab73ecc3355aaf82a76aaed1be4ab3d49e1211da21f389666a608415e094b1d129ddbd2b29492f9c417e3c319162435cf1581c8ad4b2d72ae9d32c1e858f39afad459a239d00a201e05299bad0c70991a15ee5fcd6b538a3dd74f6385b37b28924228b8730b4f981280490920881981a2f2217ba4fcffdb4d0e57db438fc1b76ae6784c71ab656e17add3681745515da3f1a503f21099b5fc218133852ea8d0924f2defaf5c0021b7aae7e455c66b967f6f22e215a002a5eb158dc2a6cb1ab756e1f18f04144758edea84168493b408ad7578a308630eaaa7147990685fe7a849409797987a0d87803a794eb0d2c96f23735b203f17bb7d83cf1ca528ab165bdf5fea6161ffed71a251fc1a7ea157580bb1f6d92b1d03856058b1c134e1c7c39238bff3f2131100b5fab661839ba0ff58c8f7fa70f404deaca4dcb13a384913345d2385ab17772fd83cd263b55fe2f01277a94f5ea9e3a1acda1981a15acd04308ffad51038de4a49a95e171aa54fb67abb972a481c8bbacb64865cc32b5e7dfa2a1ce34f6dfc3fc183ccaf4f6fe1e4a53514c3c60675ef1952d764f5595f736e27fecf9726e2d25948e79ea4ba8d4c7d65fb826a7838e1e14eeac826c050bfe48d2546a31b22944679f918f6cf5335c88742b008293b18108fedc7"}]}, 0x530}}, 0x4c010)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC2\x00', 0x282c01, 0x0)
r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x109001, 0x0)
ioctl$auto_UI_SET_ABSBIT(r0, 0x40045567, &(0x7f0000000140)=0x2)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x8402, 0x0)
futex_wake$auto(&(0x7f0000000300)="194777f28f0f5235", 0x1, 0x1, 0x200)
r5 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000)
recvmmsg$auto(r5, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0)
setgroups$auto(0xe32, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000240), 0x40801, 0x0)
close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x0, 0x80000001, 0x7, 0x6d39, 0x5, 0x2, 0x1]}, 0x0)
r6 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/vlan/vlan0\x00', 0x2280, 0x0)
bind$auto(r4, &(0x7f0000000a00)=@tipc=@id={0x1e, 0x3, 0x0, {0x4e24, 0x1}}, 0x8)
pread64$auto(r6, &(0x7f0000000340)='/proc\xdd\x84O\xae\xe7(RH\x00\x00\x00\x00\x00\x00\x00\x00\xbb', 0x100000001, 0x100)
close_range$auto(0x0, 0xffffeffe, 0x2)
getsockopt$auto_SO_LINGER(r1, 0x7, 0xd, &(0x7f0000000a40)='\\[}\x00', &(0x7f0000000a80)=0x3)
gettimeofday$auto(&(0x7f0000000380)={0x1, 0x5e18b3a0}, &(0x7f00000003c0)={0x2, 0x1000})
pipe$auto(0x0)
socket(0xa, 0x3, 0xff)
pipe$auto(0x0)
bpf$auto(0x0, &(0x7f0000000280)=@bpf_attr_4={0x1e, r2, 0xffffffff}, 0xd)

5.347488981s ago: executing program 4 (id=2311):
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
mmap$auto(0x0, 0x40009, 0xdf, 0x297, 0x7, 0x28000) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x400, 0x0) (rerun: 64)
ioctl$auto_UI_SET_LEDBIT(0xffffffffffffffff, 0x40045569, &(0x7f0000000280)=0x1) (async, rerun: 32)
mmap$auto(0x7f, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) (async, rerun: 32)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async)
mmap$auto(0x2, 0x0, 0x7, 0x12, r0, 0xffffffff) (async)
open(&(0x7f0000000180)='./cgroup\x00', 0x51d080, 0xa7) (async)
r2 = socket(0x6, 0x2, 0x2)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
close_range$auto(0x2, 0x8, 0x0) (async)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/tty/ptys6/uevent\x00', 0x20000, 0x0) (async)
mount_setattr$auto(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000640)={0x10002c, 0x7c, 0x4, @raw=0xac3}, 0x284) (async)
open(&(0x7f00000001c0)='./cgroup\x00', 0x800, 0x8a) (async)
r3 = bpf$auto(0x6, &(0x7f0000000440)=@link_detach={r2}, 0x0) (async, rerun: 64)
socket(0x29, 0x2, 0x0) (async, rerun: 64)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0x15, 0x5, 0x0) (async)
io_uring_setup$auto(0x7, 0x0) (async)
clone$auto(0x1ff00, 0x0, 0x0, 0x0, 0x9)
exit$auto(0x7) (async)
r4 = socket(0x2, 0x801, 0x84)
getsockopt$auto(r4, 0x84, 0x6f, 0x0, &(0x7f0000000000)=0x9000c) (async, rerun: 64)
r5 = socket(0x10, 0x2, 0x0) (rerun: 64)
sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x2000000}, 0x4004) (async)
sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYRESOCT=r3], 0x1ac}, 0x1, 0x0, 0x0, 0x880}, 0x40000)

5.253184849s ago: executing program 2 (id=2312):
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x60201, 0x0) (async)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x60201, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) (async)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000)
r0 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r0, 0x0, 0x7, 0x8)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
getcwd$auto(0x0, 0xffffffffffffffff) (async)
getcwd$auto(0x0, 0xffffffffffffffff)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) (async)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0)
ioctl$auto(r2, 0x4b47, 0x1)
mount_setattr$auto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x283)
bpf$auto(0x0, 0x0, 0x6f4)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, 0x0, 0x0)
kexec_load$auto(0xff, 0x2, 0x0, 0x4) (async)
kexec_load$auto(0xff, 0x2, 0x0, 0x4)
bpf$auto_BPF_ITER_CREATE(0x21, 0x0, 0xc)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2d, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
sendmsg$auto_NL80211_CMD_GET_WIPHY(0xffffffffffffffff, 0x0, 0x0)
umask$auto(0x6)
r4 = open(&(0x7f0000000080)='./file0\x00', 0x22ac2, 0x5d745cb200ae4d7b)
fchown$auto(r4, 0xe5a, 0x5)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0x7, 0x0, 0x0, &(0x7f0000000080)={[0x9, 0x7, 0xd, 0xfffffffffffffffd, 0x948b, 0x8, 0x15f4da0a, 0x3, 0xffffffff80000001, 0x62, 0x40000080000001, 0x7, 0xfffffffffffffff9, 0x8000000009, 0x2, 0x40]}, 0x0)
prctl$auto_PR_SET_SHADOW_STACK_STATUS(0x4b, 0x4, 0x11e00000, 0x8000000000000001, 0x7)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
r5 = getpid()
process_vm_readv$auto(r5, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) (async)
process_vm_readv$auto(r5, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0)
ioctl$auto(0x3, 0x400454ca, 0x38)

5.108676858s ago: executing program 1 (id=2313):
mmap$auto(0x400, 0x7, 0x400000000840003, 0xeb5, 0xfffffffffffffffa, 0x0)
r0 = openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, 0x0, 0x204282, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
madvise$auto(0x108ae, 0x100000001, 0x7ff)
sysfs$auto(0x2, 0x41, 0x0)
fsconfig$auto(0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0)
ioctl$auto_TIOCNXCL2(0xffffffffffffffff, 0x540d, &(0x7f0000000500))
close_range$auto(0x2, r0, 0x8000)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000), 0xc, 0x0, 0x1, 0x0, 0x0, 0x8001}, 0xa11dddf18e97be08)
io_uring_setup$auto(0x6, 0x0)
r1 = socket(0xcece029392a7cecc, 0x1, 0x400)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_HWSIM_CMD_DEL_RADIO(r1, 0x0, 0x10)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
io_uring_register$auto(0x2, 0x0, &(0x7f0000000180)="effb659ca8c82a7858be89ff6959c0f6ca24330011f5ef2db0cbfc0b90c5ffa31d728e2362084175a450b85a36f65f81fbfa967ab11f42b889b0ea031df0e0b44b34e4dc87f678bd698d9be47440724624ff2e7f5e0e0e92304800aa7b746aa0d464eac298c68cc9bcc7226bc5089c618c340a66cd2dcd87f9d28f2d4917e00e15fcc26d8c17651ee457ee3df1b8e323c896112d640743cf0e42c0464d61e41b23dd400004631df93c5888ed34a52c51c6033d99e9d4920000000000000000000000000000000000000000002cfb3e1cc91a094421fce8848e5e7ebe8b7bc5af8c6b527af607c00000000000000000", 0x5)
unshare$auto(0x40000080)
madvise$auto(0x0, 0x200004, 0x15)
set_mempolicy_home_node$auto(0x299f, 0x10001, 0x2000084a, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0)
openat$auto_vga_arb_device_fops_vgaarb(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x8a83, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x600, 0x0)
setsockopt$auto_SO_DEVMEM_DONTNEED(r2, 0x75c30053, 0x50, 0x0, 0x7)
clock_nanosleep$auto(0x400000, 0x1, 0x0, 0x0)
r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0)
ioctl$auto_BLKFLSBUF(r3, 0x1261, 0x0)
ioctl$auto_BLKFLSBUF(r3, 0x1261, 0x0)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)

4.261480601s ago: executing program 4 (id=2314):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYRES16=r1, @ANYRES16=r1, @ANYRESDEC=r1], 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004)

3.748732722s ago: executing program 4 (id=2315):
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$auto_IOCTL_VMCI_DATAGRAM_RECEIVE(r0, 0x7ac, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$auto(r1, 0x10e, 0xb, 0x0, 0x0)
r2 = openat$auto_percpu_stats_fops_(0xffffffffffffff9c, 0x0, 0x200, 0x0)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto(0x3, 0xae41, r3)
mmap$auto(0x0, 0x2, 0x2, 0xeb2, r3, 0x100000001)
capget$auto(0x0, 0xfffffffffffffffe)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
r4 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
sendmsg$auto_ETHTOOL_MSG_RSS_GET(r4, 0x0, 0x8010)
writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x1}, 0x8)
sendmmsg$auto(r2, 0x0, 0x4, 0x6)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000005800), 0xffffffffffffffff)
sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(0xffffffffffffffff, &(0x7f0000006940)={0x0, 0x0, &(0x7f0000006900)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010027bd7000ffdbdf250300000008000400010000000a000200a060292f83d900000c0008000000000000000000", @ANYRES16=r3], 0x34}, 0x1, 0x0, 0x0, 0x20000041}, 0x800)
mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001)
mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0)
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
socket(0x2, 0x1, 0x106)
pipe$auto(&(0x7f0000000500))
flock$auto(r4, 0xfffffffe)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/locks\x00', 0x0, 0x0)
close_range$auto(0x2, 0x8000, 0x0)

3.640889072s ago: executing program 0 (id=2316):
mmap$auto(0x0, 0x20009, 0xe2, 0x111, 0x405, 0x8000)
unshare$auto(0x40000080) (async)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x7, 0x9) (async)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x7, 0x9)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x80202, 0x0)
madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
fchown$auto(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0)
ioctl$auto(0x3, 0x4020565a, 0x38)
openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000340)='/dev/binderfs/binder1\x00', 0x8080, 0x0) (async)
openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000340)='/dev/binderfs/binder1\x00', 0x8080, 0x0)
socket(0xa, 0x1, 0x100) (async)
socket(0xa, 0x1, 0x100)
socket(0x1e, 0x1, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x101, 0x0) (async)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x101, 0x0)
prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x6)
socket(0x10, 0x4, 0xffffffc0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
write$auto(0xffffffffffffffff, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$auto_CTRL_CMD_GETPOLICY(r2, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="28001d00", @ANYRES16=r3, @ANYBLOB="010325bd7040ffdbdf250a0000000c0002006e6c38303231310008000a00ef010000"], 0x28}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040810)
write$auto(r0, &(0x7f00000005c0)='0\x00\xa6\xcc}QQU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\xb3x\xe5\f\x94\xf7\xb4\xcdm\x89\x7f\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\x93\xfe>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf*A)W\xac2\x93\xf2\x00\x00\x00r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\b\x00\x00\x00\x00\x00\x00\x00(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x8)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)

3.286687632s ago: executing program 4 (id=2317):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, 0x0, 0x440640, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x3, 0x0)
openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x102, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
io_uring_setup$auto(0xa, 0x0)
openat$auto_binder_ctl_fops_binderfs(0xffffffffffffff9c, 0x0, 0x82c00, 0x0)
landlock_create_ruleset$auto(0x0, 0x9, 0x0)
r0 = socket(0x29, 0x2, 0x0)
setsockopt$auto(r0, 0x119, 0x1, 0x0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
ioctl$auto(0x3, 0x560a, 0x38)

2.29039071s ago: executing program 4 (id=2318):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
open(0x0, 0x4242, 0xe1d2b27bdc14aab8)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ovs_flow(0x0, 0xffffffffffffffff)
mmap$auto(0x3, 0x5, 0x2000006, 0xeb1, r0, 0xfd87)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0xa02, 0x0)
read$auto(0xffffffffffffffff, 0x0, 0x20)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x3}, 0x3)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000)
openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x2002, 0x0)
mmap$auto(0x0, 0x2020002, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socketpair$auto(0x9, 0x4, 0xfffa, 0x0)
r2 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r2, 0x107, 0x17, 0x0, 0x4)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xd, 0x0, 0x0, 0x0, 0x0)
write$auto(r3, 0x0, 0x100000a3d9)
getpid()
mlockall$auto(0x5)
rt_sigprocmask$auto(0x6, 0x0, 0xffffffffffffffff, 0x8)
close_range$auto(0x2, 0x8, 0x0)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)

2.216259381s ago: executing program 2 (id=2319):
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ram1\x00', 0x0, 0x0)
r0 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/cuse\x00', 0x1c1041, 0x0)
sendfile$auto(r0, 0x3, 0x0, 0x7ffff000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/block/nbd12/sched/batching\x00', 0x143642, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff001, 0x2)
socket(0x11, 0x80003, 0x300)
socket(0x29, 0x5, 0x0)
r2 = open(&(0x7f00000000c0)='./cgroup\x00', 0x80400, 0xb5d1af1605322dd2)
open_by_handle_at$auto(r2, &(0x7f0000001280)={0x8, 0x2, "0200000000000000"}, 0x6)
sendfile$auto(r1, r1, 0x0, 0x2)
unshare$auto(0x40000080)

1.897175489s ago: executing program 2 (id=2320):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x400005, 0x4000000000000df, 0x9b72, 0x2, 0x7ffc)
read$auto_fake_panic_fops_(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC1D0c\x00', 0x9003, 0x0)
ioctl$auto_SNDRV_PCM_IOCTL_HW_REFINE2(r0, 0xc2604110, &(0x7f0000000040)={0x6, [{[0x2, 0xf5e, 0xf, 0xd, 0x7f, 0x8, 0x4, 0x663d349e]}, {[0x2, 0xa6, 0x5c915993, 0xfffffffd, 0x6, 0xe, 0x80000001, 0x3]}, {[0x2, 0xe, 0x2, 0x579c8feb, 0x9, 0x6, 0x7, 0xa53]}], [{[0x75d, 0x9, 0x6, 0x17f29ee4, 0x400, 0x7, 0xc, 0x44]}, {[0x1, 0xeade, 0x1, 0x3, 0xf0, 0x5, 0x101, 0x1]}, {[0x7e61, 0x6, 0x7, 0x0, 0x5, 0x5, 0x100, 0x9]}, {[0x4, 0x5, 0x1, 0xfffffff7, 0x5, 0x0, 0xfffffffb, 0x1]}, {[0x3, 0x1000, 0x8, 0x8, 0x2, 0xe8c, 0xf, 0xd403]}], [{0xfffffffa, 0x4, 0x0, 0x0, 0x1, 0x1}, {0x7b, 0x6, 0x1, 0x0, 0x0, 0x1}, {0x3, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x61, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x5, 0x49c5fc8b, 0x0, 0x0, 0x0, 0x1}, {0x7ff, 0x7, 0x0, 0x1, 0x1, 0x1}, {0x6, 0x9, 0x0, 0x1, 0x1}, {0x9, 0x6, 0x0, 0x1}, {0x7fd, 0x7, 0x0, 0x1, 0x0, 0x1}, {0x7, 0xfffffffd, 0x1, 0x1, 0x1}, {0x8, 0x4, 0x0, 0x0, 0x1, 0x1}, {0x3, 0x5, 0x1, 0x1, 0x0, 0x1}], [{0xbe, 0xd2, 0x0, 0x1, 0x0, 0x1}, {0xc2, 0x7fffffff, 0x1, 0x1, 0x1}, {0xbc, 0xbb5e, 0x1, 0x0, 0x0, 0x1}, {0x8, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x102, 0x12e800, 0x1, 0x1, 0x1, 0x1}, {0x2, 0xf, 0x0, 0x1, 0x1}, {0xffff, 0x8, 0x0, 0x0, 0x0, 0x1}, {0x9, 0x3, 0x1, 0x1, 0x0, 0x1}, {0x80000000, 0x6, 0x0, 0x1}], 0x100, 0x2, 0x4, 0x9, 0x5, 0x1, 0x8, "938f570ba48ab1df6ea169301a0f4b75", "16fef137d6f6aa1d93e7fd319170d04be4063eb16bddc7a41e5782dfff02104539c9b5e571a002e14933724526d0c013"})
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dri/card2\x00', 0x200100, 0x0)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, 0x0, 0x40000)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x5, 0x0)
socket(0xa, 0x801, 0x84)
socket(0x21, 0x2, 0x2)
move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
accept$auto(0x3, 0xffffffffffffffff, 0xffffffffffffffff)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
msgctl$auto_IPC_INFO(0x100, 0x3, &(0x7f00000012c0)={{0x632, 0xffffffffffffffff, 0xee00, 0x1, 0x5, 0x1, 0x80}, 0x0, 0x0, 0x1, 0x7, 0x5, 0x7, 0x1, 0xdd34, 0x7, 0x8, @raw=0xffff, @raw=0x40})
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000040)=""/44, 0x2c)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
get_robust_list$auto(0x0, 0x0, 0x0)
lsm_list_modules$auto(0x0, 0x0, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x6c, 0x697c}, 0xed71390}, 0x9a6, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x1102, 0x0)
read$auto(0x3, 0x0, 0xfdef)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mbind$auto(0x0, 0xfa9d, 0x5, &(0x7f0000000280)=0xfb, 0x400, 0x3)
openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000100), 0x80, 0x0)

1.71725932s ago: executing program 0 (id=2321):
r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0)
ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, &(0x7f0000000100)={{@raw=0x2, 0x85, 0x20e, 0x9, "669cbbd9e9756f22fdffa188e0f106000000000000000b2f4ab8633824f2d2252ca5f200", @raw=0x6}, 0x0, @integer=@value_ptr=&(0x7f0000000680)=0x4, "282f77b07e718ed4d99a34617774e3a82f982e0f05e516c299a28a585e87e0d908e2c8e50de5016f1de5d432da2cc20e951d8fcdc4f791a11996aad5af504c0d9927e62ef70b23a13735a4fe805c1ce1b6b1d83d21bb42794ec925b4547a3d52d4b5210392111e181719fef9d685b6534b171d76ad633f94a608b818600a6c85"})
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
pread64$auto(r1, 0x0, 0x7ff, 0x400)
openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0)
openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000380)='/dev/psaux\x00', 0x48100, 0x0)
socket(0x1a, 0x1, 0x0)
ioctl$auto(0xffffffffffffffff, 0x2, r1)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x101b80, 0x0)
pread64$auto(r4, 0x0, 0xf469, 0xbc3ab41)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1fc, 0x7, 0xd, 0x1, 0xc5e1, 0x3, 0x87, 0x2000000000000002, 0x0, 0x62, 0x8, 0x10, 0x6d3e, 0xc, 0x2, 0x6]}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x200000000000404, 0x0)
madvise$auto(0x0, 0x2003f0, 0x17)
ioctl$auto_SNDRV_PCM_IOCTL_REWIND2(0xffffffffffffffff, 0x40084146, &(0x7f0000000040)=0x80000001)
msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004)
gettimeofday$auto(&(0x7f0000000640)={0x4, 0xeb1}, &(0x7f00000006c0)={0x6, 0x81})
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000600)='/dev/audio1\x00', 0x8000, 0x0)
ioctl$auto_SNDRV_TIMER_IOCTL_START_OLD(r3, 0x5420, 0x0)
close_range$auto(0x2, 0x8, 0x0)

1.319243488s ago: executing program 1 (id=2322):
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/config/target/dbroot\x00', 0x80200, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x2a, 0x2, 0x0)
set_mempolicy$auto(0x6, &(0x7f0000000100)=0x83, 0x4)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
ppoll$auto(&(0x7f00000000c0)={<r2=>r1, 0xddee, 0x6}, 0x8, &(0x7f0000000140)={0x8000, 0xfffffffffffffff8}, &(0x7f0000000180)={0x4}, 0x8)
ioctl$auto_IOCTL_VMCI_CTX_ADD_NOTIFICATION(r2, 0x7af, 0x0)
setsockopt$auto(r0, 0x9, 0x1, &(0x7f0000000040)='/sys/devices/virtual/tty/ptyw6/uevent\x00', 0x6)
socket(0x11, 0x800000003, 0x0)
ioctl$auto(0x3, 0x800005411, 0x38)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/tty/ptyw6/uevent\x00', 0x5c3080, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'tunl0\x00'})
r4 = openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, &(0x7f0000000040)='/dev/media1\x00', 0x28202, 0x0)
readv$auto(r4, &(0x7f00000000c0)={0x0, 0x547e0dec}, 0x9)
pwritev$auto(r3, &(0x7f0000000100)={&(0x7f0000000000), 0x2}, 0x3, 0x11, 0x3)

982.014864ms ago: executing program 4 (id=2323):
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/fs/cifs/LinuxExtensionsEnabled\x00', 0x842, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa0440, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
adjtimex$auto(&(0x7f00000004c0)={0xf332b6c, 0x0, 0x0, 0xfffffffffffffffd, 0x4ea, 0x1, 0x6, 0x0, 0x1, 0x0, 0x8, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x6, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804})
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0xc0282, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000500)='/dev/video0\x00', 0x0, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x6483, 0x0)
clock_adjtime$auto(0x6bc8, &(0x7f00000005c0)={0x9, 0x0, 0x8, 0x8000000000000001, 0x7, 0xfffffffffffffff7, 0x6, 0x0, 0x2, 0x2, 0x1, {0xf, 0xb}, 0x82ba, 0x7fd, 0x59d, 0x5, 0x0, 0x8000000000000000, 0x100000000, 0x1, 0x9, 0x7, 0x81000})
select$auto(0x6, 0x0, 0x0, &(0x7f00000002c0)={[0x1fc, 0x200000000807, 0xd, 0x1, 0x948b, 0x3, 0x7f, 0x3, 0x3, 0x9, 0x4, 0x5, 0x6d3f, 0xc, 0x9, 0xfffffffffffffffd]}, 0x0)
llistxattr$auto(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='!\xe5^@\x00', 0x8)
socket(0xf, 0x3, 0x2)
close_range$auto(0x2, 0x8, 0x0)
r1 = open(0x0, 0x22240, 0x155)
socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55)
setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
ioctl$auto_VHOST_SET_VRING_CALL2(r1, 0x4008af21, &(0x7f0000000040)={0x3, r0})

0s ago: executing program 1 (id=2324):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd10/queue/nr_requests\x00', 0x82942, 0x0)
sendfile$auto(r0, r0, 0x0, 0x200)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x3498c2, 0x0)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r3 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r2)
ioctl$auto_KVM_GET_MSRS(r1, 0x4008ae89, &(0x7f0000000080)={0x2, 0x0, [{0x4b564d06, 0xe3, 0x100000007f}]})
openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/audit\x00', 0x40, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000002e40), 0xffffffffffffffff)
sendmsg$auto_SEG6_CMD_SET_TUNSRC(r4, &(0x7f0000002f00)={0x0, 0x0, &(0x7f0000002ec0)={&(0x7f0000002e80)={0x14, r5, 0x1, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4048c40}, 0x4)
sendmsg$auto_SEG6_CMD_DUMPHMAC(r3, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x2c, r5, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x6}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x7d}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x4000040)
pselect6$auto(0x5, &(0x7f0000000400)={[0x8, 0x5, 0x0, 0x5, 0x8001, 0x6, 0xac, 0x2000009, 0x3, 0xffffffff, 0x7fffffffffffffff, 0x0, 0x1000, 0x2, 0x8, 0x3ff]}, 0x0, 0x0, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/fs/ext4/sda1/inode_readahead_blks\x00', 0xe0801, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/tty/ttyd0/power/runtime_suspended_time\x00', 0x42100, 0x0)
read$auto(r7, 0x0, 0x20)
write$auto(0x3, 0x0, 0xfdef)
landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0)
landlock_restrict_self$auto(r6, 0x0)
execve$auto(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=&(0x7f0000000080)=',{\x00', &(0x7f0000000140)=&(0x7f0000000100)='}.\x00')
move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000)

kernel console output (not intermixed with test programs):

 RBP: 00007f7919610b39 R08: 0000000000000000 R09: 0000000000000000
[  126.601983][ T6515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  126.602001][ T6515] R13: 0000000000000000 R14: 00007f79197b6080 R15: 00007ffebab8e5d8
[  126.602038][ T6515]  </TASK>
[  126.722262][ T5168] Bluetooth: hci2: command 0x0c1a tx timeout
[  126.947509][ T5852] Bluetooth: hci3: command 0x0c1a tx timeout
[  126.947569][ T5862] Bluetooth: hci1: command 0x0c1a tx timeout
[  127.423046][ T6525] perf: Dynamic interrupt throttling disabled, can hang your system!
ÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆ[  131.366448][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  131.375292][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  131.389658][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  131.406487][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  131.423882][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  131.430240][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  131.445877][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  131.463295][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  132.134005][ T6616] FAULT_INJECTION: forcing a failure.
[  132.134005][ T6616] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  132.203857][ T6616] CPU: 0 UID: 0 PID: 6616 Comm: syz.0.134 Tainted: G     U              6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  132.203904][ T6616] Tainted: [U]=USER
[  132.203913][ T6616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  132.203928][ T6616] Call Trace:
[  132.203937][ T6616]  <TASK>
[  132.203947][ T6616]  dump_stack_lvl+0x16c/0x1f0
[  132.204006][ T6616]  should_fail_ex+0x512/0x640
[  132.204051][ T6616]  _copy_from_user+0x2e/0xd0
[  132.204089][ T6616]  do_sock_getsockopt+0x5f4/0x800
[  132.204118][ T6616]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  132.204141][ T6616]  ? __fget_files+0x204/0x3c0
[  132.204188][ T6616]  __sys_getsockopt+0x123/0x1b0
[  132.204228][ T6616]  __x64_sys_getsockopt+0xbd/0x160
[  132.204260][ T6616]  ? do_syscall_64+0x91/0x490
[  132.204294][ T6616]  ? lockdep_hardirqs_on+0x7c/0x110
[  132.204327][ T6616]  do_syscall_64+0xcd/0x490
[  132.204363][ T6616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.204386][ T6616] RIP: 0033:0x7fa834d8e929
[  132.204404][ T6616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  132.204426][ T6616] RSP: 002b:00007fa835b28038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  132.204447][ T6616] RAX: ffffffffffffffda RBX: 00007fa834fb6240 RCX: 00007fa834d8e929
[  132.204462][ T6616] RDX: 0000000000000023 RSI: 0000000000000006 RDI: 0000000000000009
[  132.204477][ T6616] RBP: 00007fa835b28090 R08: 0000200000000100 R09: 0000000000000000
[  132.204492][ T6616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  132.204506][ T6616] R13: 0000000000000000 R14: 00007fa834fb6240 R15: 00007ffd21cb4078
[  132.204535][ T6616]  </TASK>
[  135.864711][ T6680] FAULT_INJECTION: forcing a failure.
[  135.864711][ T6680] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  135.879091][ T6680] CPU: 1 UID: 0 PID: 6680 Comm: syz.2.145 Tainted: G     U              6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  135.879133][ T6680] Tainted: [U]=USER
[  135.879142][ T6680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  135.879157][ T6680] Call Trace:
[  135.879166][ T6680]  <TASK>
[  135.879175][ T6680]  dump_stack_lvl+0x16c/0x1f0
[  135.879220][ T6680]  should_fail_ex+0x512/0x640
[  135.879267][ T6680]  _copy_from_user+0x2e/0xd0
[  135.879312][ T6680]  copy_from_sockptr_offset+0x15c/0x1b0
[  135.879347][ T6680]  ? __pfx_copy_from_sockptr_offset+0x10/0x10
[  135.879371][ T6680]  ? find_held_lock+0x2b/0x80
[  135.879395][ T6680]  do_tcp_getsockopt+0x165/0x2600
[  135.879435][ T6680]  ? __pfx_do_tcp_getsockopt+0x10/0x10
[  135.879463][ T6680]  ? unwind_get_return_address+0x59/0xa0
[  135.879501][ T6680]  ? __lock_acquire+0x622/0x1c90
[  135.879530][ T6680]  ? _parse_integer_limit+0x17f/0x1d0
[  135.879557][ T6680]  ? _kstrtoull+0x145/0x200
[  135.879578][ T6680]  ? __pfx__kstrtoull+0x10/0x10
[  135.879600][ T6680]  ? aa_label_sk_perm+0x19b/0x5a0
[  135.879627][ T6680]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  135.879651][ T6680]  ? __lock_acquire+0x622/0x1c90
[  135.879691][ T6680]  ? __lock_acquire+0xb8a/0x1c90
[  135.879719][ T6680]  ? __pfx___might_resched+0x10/0x10
[  135.879748][ T6680]  ? find_held_lock+0x2b/0x80
[  135.879766][ T6680]  ? __might_fault+0xe3/0x190
[  135.879794][ T6680]  ? __might_fault+0xe3/0x190
[  135.879819][ T6680]  ? __might_fault+0x13b/0x190
[  135.879849][ T6680]  tcp_getsockopt+0xdf/0x100
[  135.879878][ T6680]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  135.879900][ T6680]  do_sock_getsockopt+0x3fc/0x800
[  135.879927][ T6680]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  135.879954][ T6680]  ? __fget_files+0x204/0x3c0
[  135.880011][ T6680]  __sys_getsockopt+0x123/0x1b0
[  135.880045][ T6680]  __x64_sys_getsockopt+0xbd/0x160
[  135.880072][ T6680]  ? do_syscall_64+0x91/0x490
[  135.880101][ T6680]  ? lockdep_hardirqs_on+0x7c/0x110
[  135.880129][ T6680]  do_syscall_64+0xcd/0x490
[  135.880159][ T6680]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.880179][ T6680] RIP: 0033:0x7f791958e929
[  135.880194][ T6680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  135.880213][ T6680] RSP: 002b:00007f7917393038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  135.880231][ T6680] RAX: ffffffffffffffda RBX: 00007f79197b6240 RCX: 00007f791958e929
[  135.880243][ T6680] RDX: 0000000000000023 RSI: 0000000000000006 RDI: 0000000000000009
[  135.880255][ T6680] RBP: 00007f7917393090 R08: 0000200000000100 R09: 0000000000000000
[  135.880267][ T6680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  135.880278][ T6680] R13: 0000000000000000 R14: 00007f79197b6240 R15: 00007ffebab8e5d8
[  135.880302][ T6680]  </TASK>
[  137.858078][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  137.865026][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  138.224499][ T6702] sd 0:0:1:0: PR command failed: 1026
[  138.229986][ T6702] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  138.243549][ T6702] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  140.388474][ T6719] FAULT_INJECTION: forcing a failure.
[  140.388474][ T6719] name failslab, interval 1, probability 0, space 0, times 0
[  140.420782][ T6736] FAULT_INJECTION: forcing a failure.
[  140.420782][ T6736] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  140.440151][ T6719] CPU: 0 UID: 0 PID: 6719 Comm: syz.0.154 Tainted: G     U              6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  140.440199][ T6719] Tainted: [U]=USER
[  140.440208][ T6719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  140.440224][ T6719] Call Trace:
[  140.440234][ T6719]  <TASK>
[  140.440263][ T6719]  dump_stack_lvl+0x16c/0x1f0
[  140.440319][ T6719]  should_fail_ex+0x512/0x640
[  140.440365][ T6719]  ? __kmalloc_noprof+0xbf/0x510
[  140.440418][ T6719]  ? fib_default_rule_add+0x4f/0x420
[  140.440467][ T6719]  should_failslab+0xc2/0x120
[  140.440499][ T6719]  __kmalloc_noprof+0xd2/0x510
[  140.440546][ T6719]  ? lockdep_init_map_type+0x5c/0x280
[  140.440605][ T6719]  fib_default_rule_add+0x4f/0x420
[  140.440652][ T6719]  ? __pfx_ipmr_net_init+0x10/0x10
[  140.440685][ T6719]  ipmr_net_init+0x1ee/0x4e0
[  140.440718][ T6719]  ? __pfx_ipmr_net_init+0x10/0x10
[  140.440751][ T6719]  ops_init+0x1e2/0x5f0
[  140.440807][ T6719]  setup_net+0x1ff/0x510
[  140.440855][ T6719]  ? lockdep_init_map_type+0x5c/0x280
[  140.440901][ T6719]  ? __pfx_setup_net+0x10/0x10
[  140.440954][ T6719]  ? debug_mutex_init+0x37/0x70
[  140.440993][ T6719]  copy_net_ns+0x2a6/0x5f0
[  140.441049][ T6719]  create_new_namespaces+0x3ea/0xa90
[  140.441097][ T6719]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  140.441140][ T6719]  ksys_unshare+0x45b/0xa40
[  140.441190][ T6719]  ? __pfx_ksys_unshare+0x10/0x10
[  140.441236][ T6719]  ? xfd_validate_state+0x61/0x180
[  140.441292][ T6719]  __x64_sys_unshare+0x31/0x40
[  140.441333][ T6719]  do_syscall_64+0xcd/0x490
[  140.441385][ T6719]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.441416][ T6719] RIP: 0033:0x7fa834d8e929
[  140.441442][ T6719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  140.441472][ T6719] RSP: 002b:00007fa835b6a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  140.441501][ T6719] RAX: ffffffffffffffda RBX: 00007fa834fb6080 RCX: 00007fa834d8e929
[  140.441521][ T6719] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  140.441540][ T6719] RBP: 00007fa834e10b39 R08: 0000000000000000 R09: 0000000000000000
[  140.441559][ T6719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  140.441577][ T6719] R13: 0000000000000000 R14: 00007fa834fb6080 R15: 00007ffd21cb4078
[  140.441619][ T6719]  </TASK>
[  140.733729][ T6736] CPU: 1 UID: 0 PID: 6736 Comm: syz.3.155 Tainted: G     U              6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  140.733778][ T6736] Tainted: [U]=USER
[  140.733788][ T6736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  140.733805][ T6736] Call Trace:
[  140.733815][ T6736]  <TASK>
[  140.733826][ T6736]  dump_stack_lvl+0x16c/0x1f0
[  140.733880][ T6736]  should_fail_ex+0x512/0x640
[  140.733933][ T6736]  _copy_from_user+0x2e/0xd0
[  140.733985][ T6736]  copy_from_sockptr_offset+0x15c/0x1b0
[  140.734026][ T6736]  ? __pfx_copy_from_sockptr_offset+0x10/0x10
[  140.734078][ T6736]  ? find_held_lock+0x2b/0x80
[  140.734131][ T6736]  do_tcp_getsockopt+0x1008/0x2600
[  140.734181][ T6736]  ? __pfx_do_tcp_getsockopt+0x10/0x10
[  140.734221][ T6736]  ? unwind_get_return_address+0x59/0xa0
[  140.734275][ T6736]  ? __lock_acquire+0x622/0x1c90
[  140.734333][ T6736]  ? _kstrtoull+0x145/0x200
[  140.734365][ T6736]  ? __pfx__kstrtoull+0x10/0x10
[  140.734396][ T6736]  ? aa_label_sk_perm+0x19b/0x5a0
[  140.734435][ T6736]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  140.734471][ T6736]  ? __lock_acquire+0x622/0x1c90
[  140.734528][ T6736]  ? __lock_acquire+0xb8a/0x1c90
[  140.734570][ T6736]  ? __pfx___might_resched+0x10/0x10
[  140.734614][ T6736]  ? find_held_lock+0x2b/0x80
[  140.734642][ T6736]  ? __might_fault+0xe3/0x190
[  140.734682][ T6736]  ? __might_fault+0xe3/0x190
[  140.734721][ T6736]  ? __might_fault+0x13b/0x190
[  140.734767][ T6736]  tcp_getsockopt+0xdf/0x100
[  140.734810][ T6736]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  140.734843][ T6736]  do_sock_getsockopt+0x3fc/0x800
[  140.734877][ T6736]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  140.734906][ T6736]  ? __fget_files+0x204/0x3c0
[  140.734962][ T6736]  __sys_getsockopt+0x123/0x1b0
[  140.735010][ T6736]  __x64_sys_getsockopt+0xbd/0x160
[  140.735049][ T6736]  ? do_syscall_64+0x91/0x490
[  140.735091][ T6736]  ? lockdep_hardirqs_on+0x7c/0x110
[  140.735130][ T6736]  do_syscall_64+0xcd/0x490
[  140.735175][ T6736]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.735204][ T6736] RIP: 0033:0x7fdc86b8e929
[  140.735225][ T6736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  140.735251][ T6736] RSP: 002b:00007fdc87a05038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  140.735276][ T6736] RAX: ffffffffffffffda RBX: 00007fdc86db6160 RCX: 00007fdc86b8e929
[  140.735299][ T6736] RDX: 0000000000000023 RSI: 0000000000000006 RDI: 0000000000000009
[  140.735315][ T6736] RBP: 00007fdc87a05090 R08: 0000200000000100 R09: 0000000000000000
[  140.735332][ T6736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  140.735347][ T6736] R13: 0000000000000000 R14: 00007fdc86db6160 R15: 00007ffe770f8bb8
[  140.735383][ T6736]  </TASK>
[  141.011918][    C1] vkms_vblank_simulate: vblank timer overrun
[  143.599187][ T6783] FAULT_INJECTION: forcing a failure.
[  143.599187][ T6783] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  143.648766][ T6783] CPU: 1 UID: 0 PID: 6783 Comm: syz.3.166 Tainted: G     U              6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  143.648813][ T6783] Tainted: [U]=USER
[  143.648822][ T6783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  143.648839][ T6783] Call Trace:
[  143.648848][ T6783]  <TASK>
[  143.648858][ T6783]  dump_stack_lvl+0x16c/0x1f0
[  143.648907][ T6783]  should_fail_ex+0x512/0x640
[  143.648957][ T6783]  should_fail_alloc_page+0xe7/0x130
[  143.649000][ T6783]  prepare_alloc_pages+0x3c2/0x610
[  143.649057][ T6783]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  143.649104][ T6783]  ? __pfx_stack_trace_save+0x10/0x10
[  143.649153][ T6783]  ? __lock_acquire+0x622/0x1c90
[  143.649196][ T6783]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  143.649236][ T6783]  ? __update_page_owner_handle+0x395/0x550
[  143.649313][ T6783]  ? __page_table_check_zero+0x33c/0x5d0
[  143.649369][ T6783]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  143.649419][ T6783]  ? policy_nodemask+0xea/0x4e0
[  143.649451][ T6783]  alloc_pages_mpol+0x1fb/0x550
[  143.649482][ T6783]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  143.649522][ T6783]  ? __lock_acquire+0x622/0x1c90
[  143.649586][ T6783]  folio_alloc_mpol_noprof+0x36/0x2f0
[  143.649624][ T6783]  shmem_alloc_folio+0x135/0x160
[  143.649663][ T6783]  shmem_alloc_and_add_folio+0x499/0xc20
[  143.649716][ T6783]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  143.649772][ T6783]  ? shmem_allowable_huge_orders+0xcb/0x2f0
[  143.649824][ T6783]  shmem_get_folio_gfp+0x67f/0x1600
[  143.649877][ T6783]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  143.649925][ T6783]  ? filemap_map_pages+0xf6f/0x1680
[  143.649975][ T6783]  shmem_fault+0x1fe/0xa30
[  143.650020][ T6783]  ? __pfx_shmem_fault+0x10/0x10
[  143.650071][ T6783]  ? __pfx_filemap_map_pages+0x10/0x10
[  143.650129][ T6783]  __do_fault+0x10d/0x490
[  143.650177][ T6783]  __handle_mm_fault+0x3c2a/0x5490
[  143.650227][ T6783]  ? __pfx___handle_mm_fault+0x10/0x10
[  143.650265][ T6783]  ? __pfx_mt_find+0x10/0x10
[  143.650313][ T6783]  ? find_vma+0xbf/0x140
[  143.650354][ T6783]  ? __pfx_find_vma+0x10/0x10
[  143.650386][ T6783]  handle_mm_fault+0x589/0xd10
[  143.650424][ T6783]  ? __pkru_allows_pkey+0x51/0xb0
[  143.650467][ T6783]  do_user_addr_fault+0x7a6/0x1370
[  143.650511][ T6783]  ? rcu_is_watching+0x12/0xc0
[  143.650546][ T6783]  exc_page_fault+0x5c/0xb0
[  143.650587][ T6783]  asm_exc_page_fault+0x26/0x30
[  143.650614][ T6783] RIP: 0010:check_zeroed_user+0x10c/0x1c0
[  143.650659][ T6783] Code: 3a 81 e2 fc 31 ff 48 89 de e8 a0 7c e2 fc 48 85 db 0f 85 9d 00 00 00 e8 22 81 e2 fc 4b 8d 44 35 00 31 ed 4c 29 e0 49 83 ec 08 <48> 8b 00 31 ff 89 ee 48 89 c3 e8 45 7c e2 fc 85 ed 74 a6 e8 fc 80
[  143.650684][ T6783] RSP: 0018:ffffc90004d3f8e8 EFLAGS: 00050216
[  143.650705][ T6783] RAX: 0000000000001000 RBX: 0000000000000000 RCX: ffffffff84d8e240
[  143.650722][ T6783] RDX: ffff888027035a00 RSI: ffffffff84d8e24e RDI: 0000000000000007
[  143.650738][ T6783] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000
[  143.650762][ T6783] R10: 0000000000000000 R11: 0000000000000001 R12: 00000000001ff039
[  143.650778][ T6783] R13: 0000000000000048 R14: 00000000001ffff9 R15: 0000000000000000
[  143.650804][ T6783]  ? check_zeroed_user+0xf0/0x1c0
[  143.650847][ T6783]  ? check_zeroed_user+0xfe/0x1c0
[  143.650895][ T6783]  ? check_zeroed_user+0xfe/0x1c0
[  143.650942][ T6783]  do_tcp_getsockopt+0x1bb0/0x2600
[  143.650993][ T6783]  ? __pfx_do_tcp_getsockopt+0x10/0x10
[  143.651034][ T6783]  ? unwind_get_return_address+0x59/0xa0
[  143.651088][ T6783]  ? __lock_acquire+0x622/0x1c90
[  143.651140][ T6783]  ? _kstrtoull+0x145/0x200
[  143.651172][ T6783]  ? __pfx__kstrtoull+0x10/0x10
[  143.651203][ T6783]  ? aa_label_sk_perm+0x19b/0x5a0
[  143.651243][ T6783]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  143.651279][ T6783]  ? __lock_acquire+0x622/0x1c90
[  143.651335][ T6783]  ? __lock_acquire+0xb8a/0x1c90
[  143.651378][ T6783]  ? __pfx___might_resched+0x10/0x10
[  143.651422][ T6783]  ? find_held_lock+0x2b/0x80
[  143.651450][ T6783]  ? __might_fault+0xe3/0x190
[  143.651489][ T6783]  ? __might_fault+0xe3/0x190
[  143.651526][ T6783]  ? __might_fault+0x13b/0x190
[  143.651571][ T6783]  tcp_getsockopt+0xdf/0x100
[  143.651614][ T6783]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  143.651647][ T6783]  do_sock_getsockopt+0x3fc/0x800
[  143.651681][ T6783]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  143.651709][ T6783]  ? __fget_files+0x204/0x3c0
[  143.651771][ T6783]  __sys_getsockopt+0x123/0x1b0
[  143.651820][ T6783]  __x64_sys_getsockopt+0xbd/0x160
[  143.651859][ T6783]  ? do_syscall_64+0x91/0x490
[  143.651900][ T6783]  ? lockdep_hardirqs_on+0x7c/0x110
[  143.651939][ T6783]  do_syscall_64+0xcd/0x490
[  143.651984][ T6783]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.652012][ T6783] RIP: 0033:0x7fdc86b8e929
[  143.652033][ T6783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  143.652059][ T6783] RSP: 002b:00007fdc87a26038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  143.652083][ T6783] RAX: ffffffffffffffda RBX: 00007fdc86db6080 RCX: 00007fdc86b8e929
[  143.652100][ T6783] RDX: 0000000000000023 RSI: 0000000000000006 RDI: 0000000000000009
[  143.652116][ T6783] RBP: 00007fdc87a26090 R08: 0000200000000100 R09: 0000000000000000
[  143.652132][ T6783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  143.652147][ T6783] R13: 0000000000000000 R14: 00007fdc86db6080 R15: 00007ffe770f8bb8
[  143.652183][ T6783]  </TASK>
[  144.174965][    C1] vkms_vblank_simulate: vblank timer overrun
[  144.471821][ T6800] netlink: 338 bytes leftover after parsing attributes in process `syz.2.170'.
[  144.482404][ T6800] netlink: 338 bytes leftover after parsing attributes in process `syz.2.170'.
[  148.887358][ T6916] capability: warning: `syz.2.190' uses 32-bit capabilities (legacy support in use)
[  149.093061][ T6921] FAULT_INJECTION: forcing a failure.
[  149.093061][ T6921] name failslab, interval 1, probability 0, space 0, times 0
[  149.124518][ T6921] CPU: 1 UID: 0 PID: 6921 Comm: syz.0.191 Tainted: G     U              6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  149.124556][ T6921] Tainted: [U]=USER
[  149.124563][ T6921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  149.124577][ T6921] Call Trace:
[  149.124584][ T6921]  <TASK>
[  149.124593][ T6921]  dump_stack_lvl+0x16c/0x1f0
[  149.124631][ T6921]  should_fail_ex+0x512/0x640
[  149.124665][ T6921]  ? fs_reclaim_acquire+0xae/0x150
[  149.124694][ T6921]  ? ima_alloc_init_template+0xb5/0x720
[  149.124715][ T6921]  should_failslab+0xc2/0x120
[  149.124737][ T6921]  __kmalloc_noprof+0xd2/0x510
[  149.124772][ T6921]  ? find_held_lock+0x2b/0x80
[  149.124801][ T6921]  ima_alloc_init_template+0xb5/0x720
[  149.124825][ T6921]  ? take_dentry_name_snapshot+0x319/0x7d0
[  149.124854][ T6921]  ima_store_measurement+0x1eb/0x5c0
[  149.124879][ T6921]  ? __pfx_ima_store_measurement+0x10/0x10
[  149.124904][ T6921]  ? vfs_getxattr_alloc+0xec/0x340
[  149.124945][ T6921]  ? __pfx_ima_get_hash_algo+0x10/0x10
[  149.124983][ T6921]  process_measurement+0x1ddb/0x23e0
[  149.125029][ T6921]  ? __pfx_process_measurement+0x10/0x10
[  149.125069][ T6921]  ? alloc_empty_file+0x73/0x1e0
[  149.125092][ T6921]  ? hugetlb_file_setup+0x4cd/0x620
[  149.125116][ T6921]  ? ksys_mmap_pgoff+0x189/0x5c0
[  149.125138][ T6921]  ? __x64_sys_mmap+0x125/0x190
[  149.125211][ T6921]  ima_file_mmap+0x1b1/0x1d0
[  149.125245][ T6921]  ? __pfx_ima_file_mmap+0x10/0x10
[  149.125288][ T6921]  security_mmap_file+0x88c/0x990
[  149.125325][ T6921]  vm_mmap_pgoff+0xec/0x450
[  149.125353][ T6921]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  149.125374][ T6921]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  149.125401][ T6921]  ? hugetlbfs_get_inode+0x31f/0x730
[  149.125432][ T6921]  ksys_mmap_pgoff+0x1c8/0x5c0
[  149.125486][ T6921]  __x64_sys_mmap+0x125/0x190
[  149.125524][ T6921]  do_syscall_64+0xcd/0x490
[  149.125565][ T6921]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.125589][ T6921] RIP: 0033:0x7fa834d8e929
[  149.125607][ T6921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  149.125629][ T6921] RSP: 002b:00007fa835b8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  149.125650][ T6921] RAX: ffffffffffffffda RBX: 00007fa834fb5fa0 RCX: 00007fa834d8e929
[  149.125666][ T6921] RDX: 00004000000000df RSI: 0000000000000004 RDI: 0000000000000000
[  149.125680][ T6921] RBP: 00007fa834e10b39 R08: 0000000000000401 R09: 0000300000000000
[  149.125694][ T6921] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000
[  149.125708][ T6921] R13: 0000000000000000 R14: 00007fa834fb5fa0 R15: 00007ffd21cb4078
[  149.125738][ T6921]  </TASK>
[  149.436923][   T30] audit: type=1804 audit(1752236500.297:3): pid=6921 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.0.191" name="anon_hugepage" dev="hugetlbfs" ino=10580 res=0 errno=0
[  150.042268][ T6936] netlink: 338 bytes leftover after parsing attributes in process `syz.0.193'.
[  154.155701][ T7033] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjEùrõ£Ò„yù*›"¤l-ý¤ôy–ú„
[  155.663304][ T7047] bcache: register_bcache() error : Not a bcache superblock (bad offset)
[  157.934266][ T7088] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9
[  159.905771][ T7107] loop6: detected capacity change from 0 to 8192
[  160.568754][ T7135] sd 0:0:1:0: PR command failed: 1026
[  160.582937][ T7135] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  160.629401][ T7135] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  165.314854][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805ba58000: rx timeout, send abort
[  165.823191][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805ba58000: abort rx timeout. Force session deactivation
[  166.289054][ T7200] sd 0:0:1:0: PR command failed: 1026
[  166.328682][ T7200] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  166.362870][ T7200] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  168.845507][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  168.853462][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  168.863517][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  168.870101][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  168.879903][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  168.890859][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  168.906155][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  168.913064][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  170.020506][ T7256] netlink: 342 bytes leftover after parsing attributes in process `syz.1.261'.
[  173.090972][ T7304] FAULT_INJECTION: forcing a failure.
[  173.090972][ T7304] name failslab, interval 1, probability 0, space 0, times 0
[  173.103896][ T7304] CPU: 1 UID: 0 PID: 7304 Comm: syz.0.273 Tainted: G     U              6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  173.103939][ T7304] Tainted: [U]=USER
[  173.103948][ T7304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  173.103964][ T7304] Call Trace:
[  173.103973][ T7304]  <TASK>
[  173.103984][ T7304]  dump_stack_lvl+0x16c/0x1f0
[  173.104033][ T7304]  should_fail_ex+0x512/0x640
[  173.104074][ T7304]  ? fs_reclaim_acquire+0xae/0x150
[  173.104111][ T7304]  ? tomoyo_encode2+0x100/0x3e0
[  173.104149][ T7304]  should_failslab+0xc2/0x120
[  173.104176][ T7304]  __kmalloc_noprof+0xd2/0x510
[  173.104217][ T7304]  ? d_absolute_path+0x136/0x1a0
[  173.104254][ T7304]  tomoyo_encode2+0x100/0x3e0
[  173.104298][ T7304]  tomoyo_encode+0x29/0x50
[  173.104353][ T7304]  tomoyo_realpath_from_path+0x18f/0x6e0
[  173.104409][ T7304]  tomoyo_check_open_permission+0x2ab/0x3c0
[  173.104469][ T7304]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  173.104543][ T7304]  ? do_raw_spin_lock+0x12c/0x2b0
[  173.104607][ T7304]  tomoyo_file_open+0x6b/0x90
[  173.104655][ T7304]  security_file_open+0x84/0x1e0
[  173.104695][ T7304]  do_dentry_open+0x596/0x1c10
[  173.104750][ T7304]  vfs_open+0x82/0x3f0
[  173.104786][ T7304]  path_openat+0x1de4/0x2cb0
[  173.104841][ T7304]  ? __pfx_path_openat+0x10/0x10
[  173.104885][ T7304]  ? __lock_acquire+0xb8a/0x1c90
[  173.104929][ T7304]  do_filp_open+0x20b/0x470
[  173.104972][ T7304]  ? __pfx_do_filp_open+0x10/0x10
[  173.105042][ T7304]  ? alloc_fd+0x471/0x7d0
[  173.105093][ T7304]  do_sys_openat2+0x11b/0x1d0
[  173.105125][ T7304]  ? __pfx_do_sys_openat2+0x10/0x10
[  173.105159][ T7304]  ? find_held_lock+0x2b/0x80
[  173.105199][ T7304]  __x64_sys_openat+0x174/0x210
[  173.105232][ T7304]  ? __pfx___x64_sys_openat+0x10/0x10
[  173.105281][ T7304]  do_syscall_64+0xcd/0x490
[  173.105327][ T7304]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.105357][ T7304] RIP: 0033:0x7fa834d8e929
[  173.105380][ T7304] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  173.105407][ T7304] RSP: 002b:00007fa835b8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  173.105433][ T7304] RAX: ffffffffffffffda RBX: 00007fa834fb5fa0 RCX: 00007fa834d8e929
[  173.105451][ T7304] RDX: 0000000000002002 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  173.105468][ T7304] RBP: 00007fa834e10b39 R08: 0000000000000000 R09: 0000000000000000
[  173.105489][ T7304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  173.105505][ T7304] R13: 0000000000000000 R14: 00007fa834fb5fa0 R15: 00007ffd21cb4078
[  173.105577][ T7304]  </TASK>
[  173.105614][ T7304] ERROR: Out of memory at tomoyo_realpath_from_path.
[  173.492355][ T7315] netlink: 342 bytes leftover after parsing attributes in process `syz.1.276'.
[  174.352786][ T7314] ima: policy update failed
[  174.386877][   T30] audit: type=1802 audit(1752236525.277:4): pid=7314 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.276" res=0 errno=0
[  177.700087][ T7381] FAULT_INJECTION: forcing a failure.
[  177.700087][ T7381] name failslab, interval 1, probability 0, space 0, times 0
[  177.729170][ T7381] CPU: 0 UID: 0 PID: 7381 Comm: syz.1.289 Tainted: G     U              6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  177.729211][ T7381] Tainted: [U]=USER
[  177.729218][ T7381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  177.729232][ T7381] Call Trace:
[  177.729240][ T7381]  <TASK>
[  177.729248][ T7381]  dump_stack_lvl+0x16c/0x1f0
[  177.729289][ T7381]  should_fail_ex+0x512/0x640
[  177.729323][ T7381]  ? fs_reclaim_acquire+0xae/0x150
[  177.729354][ T7381]  ? tomoyo_encode2+0x100/0x3e0
[  177.729385][ T7381]  should_failslab+0xc2/0x120
[  177.729407][ T7381]  __kmalloc_noprof+0xd2/0x510
[  177.729442][ T7381]  ? d_absolute_path+0x136/0x1a0
[  177.729470][ T7381]  tomoyo_encode2+0x100/0x3e0
[  177.729506][ T7381]  tomoyo_encode+0x29/0x50
[  177.729537][ T7381]  tomoyo_realpath_from_path+0x18f/0x6e0
[  177.729579][ T7381]  tomoyo_check_open_permission+0x2ab/0x3c0
[  177.729609][ T7381]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  177.729667][ T7381]  ? do_raw_spin_lock+0x12c/0x2b0
[  177.729713][ T7381]  tomoyo_file_open+0x6b/0x90
[  177.729767][ T7381]  security_file_open+0x84/0x1e0
[  177.729800][ T7381]  do_dentry_open+0x596/0x1c10
[  177.729845][ T7381]  vfs_open+0x82/0x3f0
[  177.729874][ T7381]  path_openat+0x1de4/0x2cb0
[  177.729925][ T7381]  ? __pfx_path_openat+0x10/0x10
[  177.729964][ T7381]  ? __lock_acquire+0xb8a/0x1c90
[  177.730000][ T7381]  do_filp_open+0x20b/0x470
[  177.730035][ T7381]  ? __pfx_do_filp_open+0x10/0x10
[  177.730091][ T7381]  ? alloc_fd+0x471/0x7d0
[  177.730131][ T7381]  do_sys_openat2+0x11b/0x1d0
[  177.730157][ T7381]  ? __pfx_do_sys_openat2+0x10/0x10
[  177.730185][ T7381]  ? find_held_lock+0x2b/0x80
[  177.730216][ T7381]  __x64_sys_openat+0x174/0x210
[  177.730244][ T7381]  ? __pfx___x64_sys_openat+0x10/0x10
[  177.730283][ T7381]  do_syscall_64+0xcd/0x490
[  177.730321][ T7381]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  177.730344][ T7381] RIP: 0033:0x7f3a87d8e929
[  177.730363][ T7381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  177.730385][ T7381] RSP: 002b:00007f3a88bf7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  177.730406][ T7381] RAX: ffffffffffffffda RBX: 00007f3a87fb6080 RCX: 00007f3a87d8e929
[  177.730422][ T7381] RDX: 0000000000002002 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  177.730436][ T7381] RBP: 00007f3a87e10b39 R08: 0000000000000000 R09: 0000000000000000
[  177.730450][ T7381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  177.730464][ T7381] R13: 0000000000000000 R14: 00007f3a87fb6080 R15: 00007ffd0040f538
[  177.730493][ T7381]  </TASK>
[  177.730517][ T7381] ERROR: Out of memory at tomoyo_realpath_from_path.
[  178.035472][ T7385] netlink: 342 bytes leftover after parsing attributes in process `syz.2.290'.
[  179.005768][ T7384] ima: policy update failed
[  179.052136][   T30] audit: type=1802 audit(1752236529.907:5): pid=7384 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.290" res=0 errno=0
[  179.558850][ T7410] netlink: 8 bytes leftover after parsing attributes in process `syz.1.294'.
[  182.596899][ T7470] FAULT_INJECTION: forcing a failure.
[  182.596899][ T7470] name failslab, interval 1, probability 0, space 0, times 0
[  182.642309][ T7470] CPU: 1 UID: 0 PID: 7470 Comm: syz.1.303 Tainted: G     U              6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  182.642358][ T7470] Tainted: [U]=USER
[  182.642368][ T7470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  182.642386][ T7470] Call Trace:
[  182.642396][ T7470]  <TASK>
[  182.642429][ T7470]  dump_stack_lvl+0x16c/0x1f0
[  182.642487][ T7470]  should_fail_ex+0x512/0x640
[  182.642536][ T7470]  ? fs_reclaim_acquire+0xae/0x150
[  182.642578][ T7470]  ? tomoyo_encode2+0x100/0x3e0
[  182.642627][ T7470]  should_failslab+0xc2/0x120
[  182.642659][ T7470]  __kmalloc_noprof+0xd2/0x510
[  182.642708][ T7470]  ? d_absolute_path+0x136/0x1a0
[  182.642750][ T7470]  tomoyo_encode2+0x100/0x3e0
[  182.642801][ T7470]  tomoyo_encode+0x29/0x50
[  182.642851][ T7470]  tomoyo_realpath_from_path+0x18f/0x6e0
[  182.642912][ T7470]  tomoyo_check_open_permission+0x2ab/0x3c0
[  182.642955][ T7470]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  182.643042][ T7470]  ? do_raw_spin_lock+0x12c/0x2b0
[  182.643108][ T7470]  tomoyo_file_open+0x6b/0x90
[  182.643163][ T7470]  security_file_open+0x84/0x1e0
[  182.643207][ T7470]  do_dentry_open+0x596/0x1c10
[  182.643271][ T7470]  vfs_open+0x82/0x3f0
[  182.643316][ T7470]  path_openat+0x1de4/0x2cb0
[  182.643380][ T7470]  ? __pfx_path_openat+0x10/0x10
[  182.643432][ T7470]  ? __lock_acquire+0xb8a/0x1c90
[  182.643483][ T7470]  do_filp_open+0x20b/0x470
[  182.643533][ T7470]  ? __pfx_do_filp_open+0x10/0x10
[  182.643615][ T7470]  ? alloc_fd+0x471/0x7d0
[  182.643673][ T7470]  do_sys_openat2+0x11b/0x1d0
[  182.643710][ T7470]  ? __pfx_do_sys_openat2+0x10/0x10
[  182.643749][ T7470]  ? find_held_lock+0x2b/0x80
[  182.643795][ T7470]  __x64_sys_openat+0x174/0x210
[  182.643844][ T7470]  ? __pfx___x64_sys_openat+0x10/0x10
[  182.643901][ T7470]  do_syscall_64+0xcd/0x490
[  182.643955][ T7470]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.643988][ T7470] RIP: 0033:0x7f3a87d8e929
[  182.644015][ T7470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  182.644046][ T7470] RSP: 002b:00007f3a88bf7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  182.644077][ T7470] RAX: ffffffffffffffda RBX: 00007f3a87fb6080 RCX: 00007f3a87d8e929
[  182.644098][ T7470] RDX: 0000000000002002 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  182.644119][ T7470] RBP: 00007f3a87e10b39 R08: 0000000000000000 R09: 0000000000000000
[  182.644138][ T7470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  182.644157][ T7470] R13: 0000000000000000 R14: 00007f3a87fb6080 R15: 00007ffd0040f538
[  182.644200][ T7470]  </TASK>
[  182.932404][ T7470] ERROR: Out of memory at tomoyo_realpath_from_path.
[  187.919820][ T7556] netlink: 28 bytes leftover after parsing attributes in process `syz.2.324'.
[  187.979524][ T7556] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  187.989111][ T7556] batman_adv: batadv0: Removing interface: batadv_slave_0
[  188.000112][ T7556] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  188.020980][ T7573] netlink: 28 bytes leftover after parsing attributes in process `syz.0.326'.
[  188.032155][ T7556] batman_adv: batadv0: Removing interface: batadv_slave_1
[  188.112530][ T7573] bond0: entered allmulticast mode
[  188.260825][ T7573] bond_slave_0: entered allmulticast mode
[  188.382303][ T7573] bond_slave_1: entered allmulticast mode
[  189.747151][ T7597] netlink: 12 bytes leftover after parsing attributes in process `syz.1.331'.
[  190.986037][ T7617] unchecked MSR access error: WRMSR to 0x418 (tried to write 0x0000000000000322) at rIP: 0xffffffff8163ece9 (__mcheck_cpu_init_clear_banks+0x109/0x1f0)
[  191.001570][ T7617] Call Trace:
[  191.004857][ T7617]  <TASK>
[  191.007802][ T7617]  ? __pfx_mce_cpu_restart+0x10/0x10
[  191.013118][ T7617]  mce_cpu_restart+0x98/0xb0
[  191.017732][ T7617]  smp_call_function_many_cond+0xef9/0x1510
[  191.023632][ T7617]  ? __pfx_mce_cpu_restart+0x10/0x10
[  191.028948][ T7617]  ? lockdep_hardirqs_on+0x7c/0x110
[  191.034173][ T7617]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  191.039995][ T7617]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  191.046342][ T7617]  ? __pfx___try_to_del_timer_sync+0x10/0x10
[  191.052386][ T7617]  ? __pfx_mce_cpu_restart+0x10/0x10
[  191.057736][ T7617]  on_each_cpu_cond_mask+0x40/0x90
[  191.062875][ T7617]  set_bank+0x240/0x3a0
[  191.067092][ T7617]  ? __pfx_set_bank+0x10/0x10
[  191.071794][ T7617]  ? find_held_lock+0x2b/0x80
[  191.076499][ T7617]  ? __pfx_set_bank+0x10/0x10
[  191.081204][ T7617]  dev_attr_store+0x58/0x80
[  191.085737][ T7617]  ? __pfx_dev_attr_store+0x10/0x10
[  191.090947][ T7617]  sysfs_kf_write+0xef/0x150
[  191.095575][ T7617]  kernfs_fop_write_iter+0x354/0x510
[  191.100880][ T7617]  ? __pfx_sysfs_kf_write+0x10/0x10
[  191.106107][ T7617]  vfs_write+0x6c4/0x1150
[  191.110466][ T7617]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  191.116290][ T7617]  ? __pfx___mutex_lock+0x10/0x10
[  191.121344][ T7617]  ? __pfx_vfs_write+0x10/0x10
[  191.126151][ T7617]  ksys_write+0x12a/0x250
[  191.130513][ T7617]  ? __pfx_ksys_write+0x10/0x10
[  191.135409][ T7617]  do_syscall_64+0xcd/0x490
[  191.139946][ T7617]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.145870][ T7617] RIP: 0033:0x7f791958e929
[  191.150299][ T7617] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  191.169923][ T7617] RSP: 002b:00007f79173f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  191.178348][ T7617] RAX: ffffffffffffffda RBX: 00007f79197b5fa0 RCX: 00007f791958e929
[  191.186332][ T7617] RDX: 0000000000000003 RSI: 0000200000000240 RDI: 0000000000000003
[  191.194314][ T7617] RBP: 00007f7919610b39 R08: 0000000000000000 R09: 0000000000000000
[  191.202292][ T7617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  191.210276][ T7617] R13: 0000000000000000 R14: 00007f79197b5fa0 R15: 00007ffebab8e5d8
[  191.218268][ T7617]  </TASK>
[  192.078610][ T7617] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  192.188150][ T7617] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  192.303470][ T7617] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  192.356328][ T7617] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  193.853903][ T5862] Bluetooth: hci0: command 0x0c1a tx timeout
[  194.242071][ T5862] Bluetooth: hci2: command 0x0c1a tx timeout
[  194.322181][ T5862] Bluetooth: hci1: command 0x0c1a tx timeout
[  194.328344][ T5862] Bluetooth: hci3: command 0x0c1a tx timeout
[  195.235649][ T7666] sd 0:0:1:0: PR command failed: 1026
[  195.241142][ T7666] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  195.314610][ T7666] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  196.998716][ T7672] netlink: 4 bytes leftover after parsing attributes in process `syz.2.344'.
[  197.180313][ T7669] netlink: 'syz.2.344': attribute type 1 has an invalid length.
[  197.188409][ T7669] netlink: 13 bytes leftover after parsing attributes in process `syz.2.344'.
[  198.196197][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.205124][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.214689][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.224485][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.231916][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.239477][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.246853][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.254177][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.261470][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.268794][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.276150][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.283511][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.290767][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.299745][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.307027][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.322110][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.330543][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.337934][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.345286][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.352748][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.360099][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.367460][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.374849][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.382227][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.389544][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.396955][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.404365][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.411633][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.419020][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.428056][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.435413][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.442690][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.449954][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.459083][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.467142][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.474588][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.481914][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.489424][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.499445][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.506832][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.514255][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.521584][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.529632][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.536992][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.544292][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.551555][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.558874][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.566172][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.573520][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.581462][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.588781][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.596124][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.604122][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.611451][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.618855][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.626243][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.634823][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.648769][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.656227][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.663563][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.670817][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.678164][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.685471][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.692818][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  198.700073][ T5862] Bluetooth: hci0: unexpected subevent 0x1d length: 4 < 14
[  199.227486][ T7739] vhci_hcd: invalid port number 21
[  199.290523][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  199.297089][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  201.741441][ T7775] can: request_module (can-proto-3) failed.
[  202.593530][ T7789] ALSA: mixer_oss: invalid OSS volume '0'
[  202.786150][ T7789] ALSA: mixer_oss: invalid OSS volume ''
[  203.833746][ T7811] ptrace attach of "./syz-executor exec"[5848] was attempted by "./syz-executor exec"[7811]
[  204.215478][ T7817] Process accounting resumed
[  206.204662][ T7852] netlink: 'syz.1.379': attribute type 22 has an invalid length.
[  206.252143][ T7852] netlink: 330 bytes leftover after parsing attributes in process `syz.1.379'.
[  206.569610][ T7864] FAULT_INJECTION: forcing a failure.
[  206.569610][ T7864] name failslab, interval 1, probability 0, space 0, times 0
[  206.603591][ T7864] CPU: 1 UID: 0 PID: 7864 Comm: syz.1.382 Tainted: G     U              6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  206.603634][ T7864] Tainted: [U]=USER
[  206.603642][ T7864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  206.603658][ T7864] Call Trace:
[  206.603666][ T7864]  <TASK>
[  206.603676][ T7864]  dump_stack_lvl+0x16c/0x1f0
[  206.603728][ T7864]  should_fail_ex+0x512/0x640
[  206.603768][ T7864]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  206.603815][ T7864]  should_failslab+0xc2/0x120
[  206.603841][ T7864]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  206.603884][ T7864]  ? __d_alloc+0x31/0xaa0
[  206.603933][ T7864]  __d_alloc+0x31/0xaa0
[  206.603980][ T7864]  d_alloc_pseudo+0x1c/0xc0
[  206.604011][ T7864]  alloc_file_pseudo+0xcf/0x230
[  206.604044][ T7864]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  206.604075][ T7864]  ? alloc_fd+0x471/0x7d0
[  206.604119][ T7864]  sock_alloc_file+0x50/0x210
[  206.604165][ T7864]  __sys_socket+0x1c0/0x260
[  206.604195][ T7864]  ? fput+0x70/0xf0
[  206.604220][ T7864]  ? __pfx___sys_socket+0x10/0x10
[  206.604252][ T7864]  ? xfd_validate_state+0x61/0x180
[  206.604288][ T7864]  ? __pfx_ksys_write+0x10/0x10
[  206.604336][ T7864]  __x64_sys_socket+0x72/0xb0
[  206.604367][ T7864]  ? lockdep_hardirqs_on+0x7c/0x110
[  206.604406][ T7864]  do_syscall_64+0xcd/0x490
[  206.604452][ T7864]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.604479][ T7864] RIP: 0033:0x7f3a87d8e929
[  206.604501][ T7864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  206.604527][ T7864] RSP: 002b:00007f3a88c18038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  206.604551][ T7864] RAX: ffffffffffffffda RBX: 00007f3a87fb5fa0 RCX: 00007f3a87d8e929
[  206.604568][ T7864] RDX: 0000000000000000 RSI: 0000000000000805 RDI: 0000848000000015
[  206.604584][ T7864] RBP: 00007f3a87e10b39 R08: 0000000000000000 R09: 0000000000000000
[  206.604600][ T7864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  206.604620][ T7864] R13: 0000000000000000 R14: 00007f3a87fb5fa0 R15: 00007ffd0040f538
[  206.604656][ T7864]  </TASK>
[  206.957420][ T7844] kexec: Could not allocate control_code_buffer
[  207.535323][ T7870] netlink: 186 bytes leftover after parsing attributes in process `syz.1.384'.
[  207.714066][ T7893] __vm_enough_memory: pid: 7893, comm: syz.2.390, bytes: 4398046511104 not enough memory for the allocation
[  210.705959][ T7950] KVM: debugfs: duplicate directory 7950-3
[  210.957940][ T7961] FAULT_INJECTION: forcing a failure.
[  210.957940][ T7961] name failslab, interval 1, probability 0, space 0, times 0
[  210.974554][ T7961] CPU: 1 UID: 0 PID: 7961 Comm: syz.0.404 Tainted: G     U              6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  210.974605][ T7961] Tainted: [U]=USER
[  210.974615][ T7961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  210.974633][ T7961] Call Trace:
[  210.974643][ T7961]  <TASK>
[  210.974654][ T7961]  dump_stack_lvl+0x16c/0x1f0
[  210.974707][ T7961]  should_fail_ex+0x512/0x640
[  210.974751][ T7961]  ? __kmalloc_noprof+0xbf/0x510
[  210.974801][ T7961]  ? kobject_get_path+0xd2/0x2a0
[  210.974846][ T7961]  should_failslab+0xc2/0x120
[  210.974875][ T7961]  __kmalloc_noprof+0xd2/0x510
[  210.974930][ T7961]  kobject_get_path+0xd2/0x2a0
[  210.974986][ T7961]  kobject_uevent_env+0x289/0x1870
[  210.975031][ T7961]  ? internal_create_groups+0x11a/0x150
[  210.975081][ T7961]  netdev_queue_update_kobjects+0x1a7/0x720
[  210.975135][ T7961]  netdev_register_kobject+0x28c/0x3a0
[  210.975173][ T7961]  register_netdevice+0x13dc/0x2270
[  210.975209][ T7961]  ? idr_alloc+0xdd/0x130
[  210.975250][ T7961]  ? __pfx_register_netdevice+0x10/0x10
[  210.975292][ T7961]  ppp_dev_configure+0x99b/0xc80
[  210.975340][ T7961]  ppp_ioctl+0x17e0/0x2660
[  210.975380][ T7961]  ? find_held_lock+0x2b/0x80
[  210.975412][ T7961]  ? __pfx_ppp_ioctl+0x10/0x10
[  210.975458][ T7961]  ? __fget_files+0x20e/0x3c0
[  210.975512][ T7961]  ? __pfx_ppp_ioctl+0x10/0x10
[  210.975572][ T7961]  __x64_sys_ioctl+0x18e/0x210
[  210.975616][ T7961]  do_syscall_64+0xcd/0x490
[  210.975671][ T7961]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  210.975706][ T7961] RIP: 0033:0x7fa834d8e929
[  210.975733][ T7961] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  210.975766][ T7961] RSP: 002b:00007fa835b8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  210.975797][ T7961] RAX: ffffffffffffffda RBX: 00007fa834fb5fa0 RCX: 00007fa834d8e929
[  210.975819][ T7961] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000005
[  210.975839][ T7961] RBP: 00007fa834e10b39 R08: 0000000000000000 R09: 0000000000000000
[  210.975859][ T7961] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  210.975879][ T7961] R13: 0000000000000000 R14: 00007fa834fb5fa0 R15: 00007ffd21cb4078
[  210.975924][ T7961]  </TASK>
[  211.406515][ T7967] FAULT_INJECTION: forcing a failure.
[  211.406515][ T7967] name failslab, interval 1, probability 0, space 0, times 0
[  211.553401][ T7967] CPU: 1 UID: 0 PID: 7967 Comm: syz.2.405 Tainted: G     U              6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  211.553467][ T7967] Tainted: [U]=USER
[  211.553477][ T7967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  211.553495][ T7967] Call Trace:
[  211.553504][ T7967]  <TASK>
[  211.553516][ T7967]  dump_stack_lvl+0x16c/0x1f0
[  211.553567][ T7967]  should_fail_ex+0x512/0x640
[  211.553613][ T7967]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  211.553661][ T7967]  should_failslab+0xc2/0x120
[  211.553690][ T7967]  __kmalloc_cache_noprof+0x6a/0x3e0
[  211.553734][ T7967]  ? percpu_ref_init+0xec/0x410
[  211.553776][ T7967]  ? __pfx_io_ring_ctx_ref_free+0x10/0x10
[  211.553826][ T7967]  percpu_ref_init+0xec/0x410
[  211.553869][ T7967]  io_uring_setup+0x453/0x2080
[  211.553913][ T7967]  ? __pfx_io_uring_setup+0x10/0x10
[  211.553962][ T7967]  ? do_futex+0x122/0x350
[  211.554000][ T7967]  ? __pfx_do_futex+0x10/0x10
[  211.554033][ T7967]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  211.554102][ T7967]  ? xfd_validate_state+0x61/0x180
[  211.554141][ T7967]  ? __pfx_do_writev+0x10/0x10
[  211.554188][ T7967]  __x64_sys_io_uring_setup+0xc2/0x170
[  211.554228][ T7967]  do_syscall_64+0xcd/0x490
[  211.554276][ T7967]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  211.554306][ T7967] RIP: 0033:0x7f791958e929
[  211.554336][ T7967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  211.554364][ T7967] RSP: 002b:00007f79173d5038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[  211.554391][ T7967] RAX: ffffffffffffffda RBX: 00007f79197b6080 RCX: 00007f791958e929
[  211.554409][ T7967] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  211.554424][ T7967] RBP: 00007f7919610b39 R08: 0000000000000000 R09: 0000000000000000
[  211.554441][ T7967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  211.554456][ T7967] R13: 0000000000000000 R14: 00007f79197b6080 R15: 00007ffebab8e5d8
[  211.554493][ T7967]  </TASK>
[  211.979654][   T30] audit: type=1800 audit(1752236562.767:6): pid=7966 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.403" name="dbroot" dev="configfs" ino=16018 res=0 errno=0
[  212.597541][ T7986] FAULT_INJECTION: forcing a failure.
[  212.597541][ T7986] name failslab, interval 1, probability 0, space 0, times 0
[  212.669681][ T7986] CPU: 0 UID: 0 PID: 7986 Comm: syz.0.407 Tainted: G     U              6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  212.669734][ T7986] Tainted: [U]=USER
[  212.669746][ T7986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  212.669764][ T7986] Call Trace:
[  212.669775][ T7986]  <TASK>
[  212.669787][ T7986]  dump_stack_lvl+0x16c/0x1f0
[  212.669840][ T7986]  should_fail_ex+0x512/0x640
[  212.669885][ T7986]  ? fs_reclaim_acquire+0xae/0x150
[  212.669932][ T7986]  ? tomoyo_encode2+0x100/0x3e0
[  212.669974][ T7986]  should_failslab+0xc2/0x120
[  212.670004][ T7986]  __kmalloc_noprof+0xd2/0x510
[  212.670049][ T7986]  ? d_absolute_path+0x136/0x1a0
[  212.670087][ T7986]  tomoyo_encode2+0x100/0x3e0
[  212.670135][ T7986]  tomoyo_encode+0x29/0x50
[  212.670177][ T7986]  tomoyo_realpath_from_path+0x18f/0x6e0
[  212.670254][ T7986]  tomoyo_check_open_permission+0x2ab/0x3c0
[  212.670294][ T7986]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  212.670371][ T7986]  ? do_raw_spin_lock+0x12c/0x2b0
[  212.670446][ T7986]  tomoyo_file_open+0x6b/0x90
[  212.670492][ T7986]  security_file_open+0x84/0x1e0
[  212.670530][ T7986]  do_dentry_open+0x596/0x1c10
[  212.670581][ T7986]  vfs_open+0x82/0x3f0
[  212.670614][ T7986]  path_openat+0x1de4/0x2cb0
[  212.670666][ T7986]  ? __pfx_path_openat+0x10/0x10
[  212.670708][ T7986]  ? __lock_acquire+0xb8a/0x1c90
[  212.670749][ T7986]  do_filp_open+0x20b/0x470
[  212.670789][ T7986]  ? __pfx_do_filp_open+0x10/0x10
[  212.670854][ T7986]  ? alloc_fd+0x471/0x7d0
[  212.670901][ T7986]  do_sys_openat2+0x11b/0x1d0
[  212.670930][ T7986]  ? __pfx_do_sys_openat2+0x10/0x10
[  212.670962][ T7986]  ? find_held_lock+0x2b/0x80
[  212.671000][ T7986]  __x64_sys_openat+0x174/0x210
[  212.671031][ T7986]  ? __pfx___x64_sys_openat+0x10/0x10
[  212.671076][ T7986]  do_syscall_64+0xcd/0x490
[  212.671121][ T7986]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  212.671148][ T7986] RIP: 0033:0x7fa834d8e929
[  212.671170][ T7986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  212.671196][ T7986] RSP: 002b:00007fa835b6a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  212.671228][ T7986] RAX: ffffffffffffffda RBX: 00007fa834fb6080 RCX: 00007fa834d8e929
[  212.671246][ T7986] RDX: 0000000000002002 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  212.671264][ T7986] RBP: 00007fa834e10b39 R08: 0000000000000000 R09: 0000000000000000
[  212.671280][ T7986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  212.671296][ T7986] R13: 0000000000000000 R14: 00007fa834fb6080 R15: 00007ffd21cb4078
[  212.671332][ T7986]  </TASK>
[  212.671364][ T7986] ERROR: Out of memory at tomoyo_realpath_from_path.
[  215.273303][ T8019] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  215.951045][ T8033] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12
[  216.631260][ T8037] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13
[  217.057495][ T8050] FAULT_INJECTION: forcing a failure.
[  217.057495][ T8050] name failslab, interval 1, probability 0, space 0, times 0
[  217.124929][ T8050] CPU: 1 UID: 0 PID: 8050 Comm: syz.3.419 Tainted: G     U              6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  217.124981][ T8050] Tainted: [U]=USER
[  217.124991][ T8050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  217.125009][ T8050] Call Trace:
[  217.125018][ T8050]  <TASK>
[  217.125030][ T8050]  dump_stack_lvl+0x16c/0x1f0
[  217.125082][ T8050]  should_fail_ex+0x512/0x640
[  217.125126][ T8050]  ? __kmalloc_noprof+0xbf/0x510
[  217.125175][ T8050]  ? sk_prot_alloc+0x1a8/0x2a0
[  217.125204][ T8050]  should_failslab+0xc2/0x120
[  217.125232][ T8050]  __kmalloc_noprof+0xd2/0x510
[  217.125277][ T8050]  ? __pfx___mutex_lock+0x10/0x10
[  217.125332][ T8050]  sk_prot_alloc+0x1a8/0x2a0
[  217.125367][ T8050]  sk_alloc+0x36/0xc20
[  217.125410][ T8050]  tun_chr_open+0x80/0x5e0
[  217.125457][ T8050]  ? __pfx_tun_chr_open+0x10/0x10
[  217.125508][ T8050]  misc_open+0x35d/0x420
[  217.125575][ T8050]  ? __pfx_misc_open+0x10/0x10
[  217.125616][ T8050]  chrdev_open+0x234/0x6a0
[  217.125677][ T8050]  ? __pfx_apparmor_file_open+0x10/0x10
[  217.125723][ T8050]  ? __pfx_chrdev_open+0x10/0x10
[  217.125782][ T8050]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  217.125837][ T8050]  do_dentry_open+0x741/0x1c10
[  217.125890][ T8050]  ? __pfx_chrdev_open+0x10/0x10
[  217.125954][ T8050]  vfs_open+0x82/0x3f0
[  217.125997][ T8050]  path_openat+0x1de4/0x2cb0
[  217.126062][ T8050]  ? __pfx_path_openat+0x10/0x10
[  217.126116][ T8050]  ? __lock_acquire+0xb8a/0x1c90
[  217.126170][ T8050]  do_filp_open+0x20b/0x470
[  217.126222][ T8050]  ? __pfx_do_filp_open+0x10/0x10
[  217.126306][ T8050]  ? alloc_fd+0x471/0x7d0
[  217.126367][ T8050]  do_sys_openat2+0x11b/0x1d0
[  217.126406][ T8050]  ? __pfx_do_sys_openat2+0x10/0x10
[  217.126447][ T8050]  ? find_held_lock+0x2b/0x80
[  217.126512][ T8050]  __x64_sys_openat+0x174/0x210
[  217.126554][ T8050]  ? __pfx___x64_sys_openat+0x10/0x10
[  217.126613][ T8050]  do_syscall_64+0xcd/0x490
[  217.126677][ T8050]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.126713][ T8050] RIP: 0033:0x7fdc86b8e929
[  217.126751][ T8050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  217.126782][ T8050] RSP: 002b:00007fdc87a26038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  217.126813][ T8050] RAX: ffffffffffffffda RBX: 00007fdc86db6080 RCX: 00007fdc86b8e929
[  217.126834][ T8050] RDX: 0000000000002002 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  217.126854][ T8050] RBP: 00007fdc86c10b39 R08: 0000000000000000 R09: 0000000000000000
[  217.126874][ T8050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  217.126893][ T8050] R13: 0000000000000000 R14: 00007fdc86db6080 R15: 00007ffe770f8bb8
[  217.126935][ T8050]  </TASK>
[  218.376243][ T8054] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.770943][ T8074] input: f¬
 as /devices/virtual/input/input14
[  221.913289][ T8123] FAULT_INJECTION: forcing a failure.
[  221.913289][ T8123] name failslab, interval 1, probability 0, space 0, times 0
[  221.949257][ T8123] CPU: 0 UID: 0 PID: 8123 Comm: syz.0.435 Tainted: G     U              6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  221.949308][ T8123] Tainted: [U]=USER
[  221.949316][ T8123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  221.949329][ T8123] Call Trace:
[  221.949337][ T8123]  <TASK>
[  221.949346][ T8123]  dump_stack_lvl+0x16c/0x1f0
[  221.949386][ T8123]  should_fail_ex+0x512/0x640
[  221.949421][ T8123]  ? __kvmalloc_node_noprof+0x124/0x620
[  221.949461][ T8123]  should_failslab+0xc2/0x120
[  221.949483][ T8123]  __kvmalloc_node_noprof+0x137/0x620
[  221.949519][ T8123]  ? io_alloc_cache_init+0x33/0x170
[  221.949560][ T8123]  ? io_alloc_cache_init+0x33/0x170
[  221.949593][ T8123]  io_alloc_cache_init+0x33/0x170
[  221.949630][ T8123]  io_uring_setup+0x63b/0x2080
[  221.949664][ T8123]  ? __pfx_io_uring_setup+0x10/0x10
[  221.949694][ T8123]  ? do_futex+0x122/0x350
[  221.949723][ T8123]  ? __pfx_do_futex+0x10/0x10
[  221.949749][ T8123]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  221.949803][ T8123]  ? __pfx_do_writev+0x10/0x10
[  221.949841][ T8123]  __x64_sys_io_uring_setup+0xc2/0x170
[  221.949873][ T8123]  do_syscall_64+0xcd/0x490
[  221.949911][ T8123]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.949934][ T8123] RIP: 0033:0x7fa834d8e929
[  221.949952][ T8123] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  221.949975][ T8123] RSP: 002b:00007fa835b8b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[  221.949996][ T8123] RAX: ffffffffffffffda RBX: 00007fa834fb5fa0 RCX: 00007fa834d8e929
[  221.950011][ T8123] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  221.950024][ T8123] RBP: 00007fa834e10b39 R08: 0000000000000000 R09: 0000000000000000
[  221.950038][ T8123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  221.950051][ T8123] R13: 0000000000000000 R14: 00007fa834fb5fa0 R15: 00007ffd21cb4078
[  221.950080][ T8123]  </TASK>
[  224.294172][ T8151] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  224.300808][ T8151] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  224.369842][ T8151] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  224.382337][ T8151] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  225.316231][ T5168] Bluetooth: hci2: unexpected event 0x23 length: 127 > 13
[  226.185626][ T8201] netlink: 148 bytes leftover after parsing attributes in process `syz.0.451'.
[  226.263040][ T8201] netlink: 148 bytes leftover after parsing attributes in process `syz.0.451'.
[  226.315221][ T8207] netlink: 8 bytes leftover after parsing attributes in process `syz.2.452'.
[  226.324805][ T5168] Bluetooth: hci2: command 0x0c1a tx timeout
[  226.330869][ T5168] Bluetooth: hci0: command 0x0c1a tx timeout
[  226.402232][ T5168] Bluetooth: hci1: command 0x0c1a tx timeout
[  226.408455][ T5862] Bluetooth: hci3: command 0x0c1a tx timeout
[  226.725318][ T8215] netlink: 28 bytes leftover after parsing attributes in process `syz.3.455'.
[  226.967017][ T8215] team0: Port device team_slave_0 removed
[  227.209724][ T5903] Process accounting resumed
[  227.664228][ T8234] FAULT_INJECTION: forcing a failure.
[  227.664228][ T8234] name failslab, interval 1, probability 0, space 0, times 0
[  227.759273][ T8234] CPU: 0 UID: 0 PID: 8234 Comm: syz.3.457 Tainted: G     U              6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  227.759327][ T8234] Tainted: [U]=USER
[  227.759338][ T8234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  227.759357][ T8234] Call Trace:
[  227.759367][ T8234]  <TASK>
[  227.759379][ T8234]  dump_stack_lvl+0x16c/0x1f0
[  227.759434][ T8234]  should_fail_ex+0x512/0x640
[  227.759493][ T8234]  ? fs_reclaim_acquire+0xae/0x150
[  227.759532][ T8234]  ? tomoyo_encode2+0x100/0x3e0
[  227.759572][ T8234]  should_failslab+0xc2/0x120
[  227.759602][ T8234]  __kmalloc_noprof+0xd2/0x510
[  227.759648][ T8234]  ? d_absolute_path+0x136/0x1a0
[  227.759687][ T8234]  tomoyo_encode2+0x100/0x3e0
[  227.759735][ T8234]  tomoyo_encode+0x29/0x50
[  227.759775][ T8234]  tomoyo_realpath_from_path+0x18f/0x6e0
[  227.759830][ T8234]  tomoyo_check_open_permission+0x2ab/0x3c0
[  227.759870][ T8234]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  227.759971][ T8234]  ? do_raw_spin_lock+0x12c/0x2b0
[  227.760060][ T8234]  tomoyo_file_open+0x6b/0x90
[  227.760115][ T8234]  security_file_open+0x84/0x1e0
[  227.760184][ T8234]  do_dentry_open+0x596/0x1c10
[  227.760245][ T8234]  vfs_open+0x82/0x3f0
[  227.760289][ T8234]  path_openat+0x1de4/0x2cb0
[  227.760349][ T8234]  ? __pfx_path_openat+0x10/0x10
[  227.760397][ T8234]  ? __lock_acquire+0xb8a/0x1c90
[  227.760443][ T8234]  do_filp_open+0x20b/0x470
[  227.760490][ T8234]  ? __pfx_do_filp_open+0x10/0x10
[  227.760566][ T8234]  ? alloc_fd+0x471/0x7d0
[  227.760620][ T8234]  do_sys_openat2+0x11b/0x1d0
[  227.760654][ T8234]  ? __pfx_do_sys_openat2+0x10/0x10
[  227.760690][ T8234]  ? find_held_lock+0x2b/0x80
[  227.760734][ T8234]  __x64_sys_openat+0x174/0x210
[  227.760764][ T8234]  ? __pfx___x64_sys_openat+0x10/0x10
[  227.760809][ T8234]  do_syscall_64+0xcd/0x490
[  227.760871][ T8234]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.760899][ T8234] RIP: 0033:0x7fdc86b8e929
[  227.760921][ T8234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  227.760946][ T8234] RSP: 002b:00007fdc87a26038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  227.760972][ T8234] RAX: ffffffffffffffda RBX: 00007fdc86db6080 RCX: 00007fdc86b8e929
[  227.760990][ T8234] RDX: 0000000000002002 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  227.761006][ T8234] RBP: 00007fdc86c10b39 R08: 0000000000000000 R09: 0000000000000000
[  227.761028][ T8234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  227.761044][ T8234] R13: 0000000000000000 R14: 00007fdc86db6080 R15: 00007ffe770f8bb8
[  227.761079][ T8234]  </TASK>
[  227.761111][ T8234] ERROR: Out of memory at tomoyo_realpath_from_path.
[  231.688531][ T8311] lo: entered allmulticast mode
[  232.025460][ T8311] lo: left allmulticast mode
[  232.178947][   T60] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.398057][   T60] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.705840][   T60] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  233.294711][   T60] bridge_slave_1: left allmulticast mode
[  233.315082][   T60] bridge_slave_1: left promiscuous mode
[  233.322302][   T60] bridge0: port 2(bridge_slave_1) entered disabled state
[  233.504734][   T60] bridge_slave_0: left allmulticast mode
[  233.510458][   T60] bridge_slave_0: left promiscuous mode
[  233.520085][ T5862] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  233.532836][ T5862] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  233.540768][ T5862] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  233.557239][   T60] bridge0: port 1(bridge_slave_0) entered disabled state
[  233.566312][ T5862] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  233.587918][ T5862] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  235.031892][   T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  235.073570][   T60] bond_slave_0: left allmulticast mode
[  235.104433][   T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  235.126824][   T60] bond_slave_1: left allmulticast mode
[  235.160524][   T60] bond0 (unregistering): Released all slaves
[  235.624151][ T8364] FAULT_INJECTION: forcing a failure.
[  235.624151][ T8364] name failslab, interval 1, probability 0, space 0, times 0
[  235.642128][ T8364] CPU: 0 UID: 0 PID: 8364 Comm: syz.1.480 Tainted: G     U              6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  235.642181][ T8364] Tainted: [U]=USER
[  235.642192][ T8364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  235.642211][ T8364] Call Trace:
[  235.642222][ T8364]  <TASK>
[  235.642234][ T8364]  dump_stack_lvl+0x16c/0x1f0
[  235.642291][ T8364]  should_fail_ex+0x512/0x640
[  235.642341][ T8364]  ? fs_reclaim_acquire+0xae/0x150
[  235.642386][ T8364]  ? tomoyo_encode2+0x100/0x3e0
[  235.642430][ T8364]  should_failslab+0xc2/0x120
[  235.642479][ T8364]  __kmalloc_noprof+0xd2/0x510
[  235.642527][ T8364]  ? d_absolute_path+0x136/0x1a0
[  235.642567][ T8364]  tomoyo_encode2+0x100/0x3e0
[  235.642618][ T8364]  tomoyo_encode+0x29/0x50
[  235.642661][ T8364]  tomoyo_realpath_from_path+0x18f/0x6e0
[  235.642721][ T8364]  tomoyo_check_open_permission+0x2ab/0x3c0
[  235.642764][ T8364]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  235.642850][ T8364]  ? do_raw_spin_lock+0x12c/0x2b0
[  235.642916][ T8364]  tomoyo_file_open+0x6b/0x90
[  235.642969][ T8364]  security_file_open+0x84/0x1e0
[  235.643013][ T8364]  do_dentry_open+0x596/0x1c10
[  235.643077][ T8364]  vfs_open+0x82/0x3f0
[  235.643110][ T8364]  path_openat+0x1de4/0x2cb0
[  235.643162][ T8364]  ? __pfx_path_openat+0x10/0x10
[  235.643215][ T8364]  ? __lock_acquire+0xb8a/0x1c90
[  235.643253][ T8364]  do_filp_open+0x20b/0x470
[  235.643290][ T8364]  ? __pfx_do_filp_open+0x10/0x10
[  235.643351][ T8364]  ? alloc_fd+0x471/0x7d0
[  235.643394][ T8364]  do_sys_openat2+0x11b/0x1d0
[  235.643421][ T8364]  ? __pfx_do_sys_openat2+0x10/0x10
[  235.643451][ T8364]  ? find_held_lock+0x2b/0x80
[  235.643485][ T8364]  __x64_sys_openat+0x174/0x210
[  235.643514][ T8364]  ? __pfx___x64_sys_openat+0x10/0x10
[  235.643556][ T8364]  do_syscall_64+0xcd/0x490
[  235.643597][ T8364]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  235.643622][ T8364] RIP: 0033:0x7f3a87d8e929
[  235.643641][ T8364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  235.643665][ T8364] RSP: 002b:00007f3a88bf7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  235.643688][ T8364] RAX: ffffffffffffffda RBX: 00007f3a87fb6080 RCX: 00007f3a87d8e929
[  235.643705][ T8364] RDX: 0000000000002002 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  235.643721][ T8364] RBP: 00007f3a87e10b39 R08: 0000000000000000 R09: 0000000000000000
[  235.643736][ T8364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  235.643751][ T8364] R13: 0000000000000000 R14: 00007f3a87fb6080 R15: 00007ffd0040f538
[  235.643784][ T8364]  </TASK>
[  235.643814][ T8364] ERROR: Out of memory at tomoyo_realpath_from_path.
[  235.682198][ T5168] Bluetooth: hci3: command tx timeout
[  236.398728][ T8341] Process accounting paused
[  236.734178][ T8384] netlink: 330 bytes leftover after parsing attributes in process `syz.2.481'.
[  236.759869][   T60] hsr_slave_0: left promiscuous mode
[  236.771288][   T60] hsr_slave_1: left promiscuous mode
[  236.780198][   T60] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  236.790456][   T60] batman_adv: batadv0: Removing interface: batadv_slave_0
[  236.800207][   T60] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  236.810691][   T60] batman_adv: batadv0: Removing interface: batadv_slave_1
[  236.849372][   T60] veth1_macvtap: left promiscuous mode
[  236.858498][   T60] veth0_macvtap: left promiscuous mode
[  236.864433][   T60] veth1_vlan: left promiscuous mode
[  236.870105][   T60] veth0_vlan: left promiscuous mode
[  237.121907][ T8391] netlink: 246 bytes leftover after parsing attributes in process `syz.1.483'.
[  237.922988][ T5168] Bluetooth: hci3: command tx timeout
[  238.027877][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  238.034350][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  238.044259][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  238.050560][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  238.061010][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  238.067364][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  238.075569][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  238.084186][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  238.240877][   T60] team0 (unregistering): Port device team_slave_1 removed
[  238.309894][   T60] team0 (unregistering): Port device team_slave_0 removed
[  240.004300][ T5168] Bluetooth: hci3: command tx timeout
[  240.235820][ T8342] chnl_net:caif_netlink_parms(): no params data found
[  240.897915][ T8342] bridge0: port 1(bridge_slave_0) entered blocking state
[  240.922147][ T8342] bridge0: port 1(bridge_slave_0) entered disabled state
[  240.963947][ T8342] bridge_slave_0: entered allmulticast mode
[  240.975255][ T8342] bridge_slave_0: entered promiscuous mode
[  241.014335][ T8342] bridge0: port 2(bridge_slave_1) entered blocking state
[  241.034844][ T8342] bridge0: port 2(bridge_slave_1) entered disabled state
[  241.044596][ T8342] bridge_slave_1: entered allmulticast mode
[  241.063501][ T8342] bridge_slave_1: entered promiscuous mode
[  241.289296][ T8342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  241.345984][ T8342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  241.578153][ T8342] team0: Port device team_slave_0 added
[  241.614141][ T8342] team0: Port device team_slave_1 added
[  241.862712][ T8342] batman_adv: batadv0: Adding interface: batadv_slave_0
[  241.885755][ T8342] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  241.946750][ T8342] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  241.992429][ T8342] batman_adv: batadv0: Adding interface: batadv_slave_1
[  241.999426][ T8342] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  242.076734][ T8342] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  242.090410][ T5168] Bluetooth: hci3: command tx timeout
[  242.460527][ T8342] hsr_slave_0: entered promiscuous mode
[  242.487248][ T8342] hsr_slave_1: entered promiscuous mode
[  244.585936][ T8342] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  244.636562][ T8342] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  244.661433][ T8342] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  244.738340][ T8342] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  245.089154][ T8342] 8021q: adding VLAN 0 to HW filter on device bond0
[  245.171268][ T8342] 8021q: adding VLAN 0 to HW filter on device team0
[  245.246903][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  245.254133][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  245.362757][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  245.370006][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  246.385967][ T8342] 8021q: adding VLAN 0 to HW filter on device batadv0
[  246.550708][ T8342] veth0_vlan: entered promiscuous mode
[  246.623377][ T8342] veth1_vlan: entered promiscuous mode
[  246.705718][ T8342] veth0_macvtap: entered promiscuous mode
[  246.747085][ T8342] veth1_macvtap: entered promiscuous mode
[  246.867166][ T8342] batman_adv: batadv0: Interface activated: batadv_slave_0
[  246.946760][ T8342] batman_adv: batadv0: Interface activated: batadv_slave_1
[  246.996460][ T8342] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  247.030736][ T8342] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  247.070825][ T8342] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  247.102448][ T8342] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  247.390710][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  247.450749][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  247.654771][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  247.715001][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  251.496617][ T5862] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  251.506582][ T5862] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  251.516540][ T5862] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  251.548395][ T5862] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  251.557537][ T5862] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  252.617209][ T8836] chnl_net:caif_netlink_parms(): no params data found
[  253.179376][ T8836] bridge0: port 1(bridge_slave_0) entered blocking state
[  253.187388][ T8836] bridge0: port 1(bridge_slave_0) entered disabled state
[  253.212170][ T8836] bridge_slave_0: entered allmulticast mode
[  253.233310][ T8836] bridge_slave_0: entered promiscuous mode
[  253.263506][ T8836] bridge0: port 2(bridge_slave_1) entered blocking state
[  253.270773][ T8836] bridge0: port 2(bridge_slave_1) entered disabled state
[  253.312942][ T8836] bridge_slave_1: entered allmulticast mode
[  253.338243][ T8836] bridge_slave_1: entered promiscuous mode
[  253.549485][ T8836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  253.595413][ T8836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  253.693268][ T5862] Bluetooth: hci0: command tx timeout
[  253.819351][ T8836] team0: Port device team_slave_0 added
[  253.840022][ T8836] team0: Port device team_slave_1 added
[  254.062937][ T8836] batman_adv: batadv0: Adding interface: batadv_slave_0
[  254.069961][ T8836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  254.203447][ T8836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  254.267793][ T8836] batman_adv: batadv0: Adding interface: batadv_slave_1
[  254.309882][ T8836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  254.421555][ T8836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  255.013904][ T8836] hsr_slave_0: entered promiscuous mode
[  255.047660][ T8836] hsr_slave_1: entered promiscuous mode
[  255.085584][ T8836] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  255.130894][ T8836] Cannot create hsr debugfs directory
[  255.762921][ T5862] Bluetooth: hci0: command tx timeout
[  256.219834][ T8836] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  256.275995][ T8836] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  256.301626][ T8836] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  256.387151][ T8836] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  256.829738][ T8836] 8021q: adding VLAN 0 to HW filter on device bond0
[  256.913414][ T8836] 8021q: adding VLAN 0 to HW filter on device team0
[  256.947966][ T1330] bridge0: port 1(bridge_slave_0) entered blocking state
[  256.955168][ T1330] bridge0: port 1(bridge_slave_0) entered forwarding state
[  257.033749][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  257.040928][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  257.845902][ T5862] Bluetooth: hci0: command tx timeout
[  257.918767][ T8836] 8021q: adding VLAN 0 to HW filter on device batadv0
[  259.140307][ T8836] veth0_vlan: entered promiscuous mode
[  259.206238][ T8836] veth1_vlan: entered promiscuous mode
[  259.332573][ T8836] veth0_macvtap: entered promiscuous mode
[  259.365418][ T8836] veth1_macvtap: entered promiscuous mode
[  259.463209][ T8836] batman_adv: batadv0: Interface activated: batadv_slave_0
[  259.501152][ T8836] batman_adv: batadv0: Interface activated: batadv_slave_1
[  259.561191][ T8836] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  259.592177][ T8836] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  259.606088][ T8836] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  259.642050][ T8836] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  259.922040][ T5862] Bluetooth: hci0: command tx timeout
[  259.976259][ T3516] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  260.031111][ T3516] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  260.203187][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  260.211089][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  260.733477][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  260.739839][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  266.578030][ T9409] Process accounting resumed
[  270.599274][   T30] audit: type=1800 audit(6047203917.478:7): pid=9565 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1281" name="dbroot" dev="configfs" ino=23788 res=0 errno=0
[  273.171068][ T9641] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15
[  273.613756][ T9645] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16
[  278.384921][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  278.391293][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  278.423725][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  278.430151][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  278.467201][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  278.473851][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  278.493976][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  278.500346][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  284.188375][T10035] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17
[  285.462042][   T30] audit: type=1800 audit(6047203932.348:8): pid=10092 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1640" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0
[  288.389693][   T49] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  288.728894][   T49] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  289.128185][   T49] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  289.357548][   T49] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  290.036817][   T49] bridge_slave_1: left allmulticast mode
[  290.042640][   T49] bridge_slave_1: left promiscuous mode
[  290.058663][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.095660][   T49] bridge_slave_0: left allmulticast mode
[  290.141702][   T49] bridge_slave_0: left promiscuous mode
[  290.170469][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  292.482537][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  292.543284][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  292.666124][   T49] bond0 (unregistering): Released all slaves
[  293.270630][ T5168] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  293.278944][ T5168] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  293.286775][ T5168] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  293.297134][ T5168] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  293.307911][ T5168] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  294.235053][   T49] hsr_slave_0: left promiscuous mode
[  294.282607][   T49] hsr_slave_1: left promiscuous mode
[  294.288741][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  294.324393][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  294.362626][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  294.371496][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  294.488008][   T49] veth1_macvtap: left promiscuous mode
[  294.522050][   T49] veth0_macvtap: left promiscuous mode
[  294.527762][   T49] veth1_vlan: left promiscuous mode
[  294.567840][   T49] veth0_vlan: left promiscuous mode
[  295.015698][   T49] team0 (unregistering): Port device team_slave_1 removed
[  295.452390][ T5862] Bluetooth: hci2: command tx timeout
[  295.773414][T10401] chnl_net:caif_netlink_parms(): no params data found
[  295.835894][   T49] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  295.927995][   T49] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  296.116190][   T49] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  296.183333][T10401] bridge0: port 1(bridge_slave_0) entered blocking state
[  296.207598][T10401] bridge0: port 1(bridge_slave_0) entered disabled state
[  296.232155][T10401] bridge_slave_0: entered allmulticast mode
[  296.250680][T10401] bridge_slave_0: entered promiscuous mode
[  296.295046][T10401] bridge0: port 2(bridge_slave_1) entered blocking state
[  296.325911][T10401] bridge0: port 2(bridge_slave_1) entered disabled state
[  296.342176][T10401] bridge_slave_1: entered allmulticast mode
[  296.350344][T10401] bridge_slave_1: entered promiscuous mode
[  296.414189][   T49] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  296.771544][T10487] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1907'.
[  296.785745][T10401] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  296.817170][T10401] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  296.988166][T10401] team0: Port device team_slave_0 added
[  297.028633][T10401] team0: Port device team_slave_1 added
[  297.431304][T10401] batman_adv: batadv0: Adding interface: batadv_slave_0
[  297.454521][T10401] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  297.518679][T10401] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  297.532775][ T5862] Bluetooth: hci2: command tx timeout
[  297.564367][T10401] batman_adv: batadv0: Adding interface: batadv_slave_1
[  297.571470][T10401] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  297.599569][T10401] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  297.963951][   T49] bridge_slave_1: left allmulticast mode
[  297.969779][   T49] bridge_slave_1: left promiscuous mode
[  297.986686][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  298.008834][   T49] bridge_slave_0: left allmulticast mode
[  298.027103][   T49] bridge_slave_0: left promiscuous mode
[  298.040696][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  298.494963][T10576] FAULT_INJECTION: forcing a failure.
[  298.494963][T10576] name failslab, interval 1, probability 0, space 0, times 0
[  298.557006][T10576] CPU: 1 UID: 0 PID: 10576 Comm: syz.4.1965 Tainted: G     U              6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  298.557070][T10576] Tainted: [U]=USER
[  298.557079][T10576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  298.557106][T10576] Call Trace:
[  298.557116][T10576]  <TASK>
[  298.557127][T10576]  dump_stack_lvl+0x16c/0x1f0
[  298.557191][T10576]  should_fail_ex+0x512/0x640
[  298.557243][T10576]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  298.557295][T10576]  should_failslab+0xc2/0x120
[  298.557328][T10576]  __kmalloc_cache_noprof+0x6a/0x3e0
[  298.557376][T10576]  ? refill_pi_state_cache+0x89/0x250
[  298.557433][T10576]  refill_pi_state_cache+0x89/0x250
[  298.557481][T10576]  futex_lock_pi+0x173/0x740
[  298.557533][T10576]  ? futex_unqueue+0x13d/0x2c0
[  298.557571][T10576]  ? __pfx_futex_lock_pi+0x10/0x10
[  298.557638][T10576]  ? __futex_wait+0x24c/0x2f0
[  298.557689][T10576]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  298.557772][T10576]  ? __pfx_futex_wake_mark+0x10/0x10
[  298.557830][T10576]  ? __lock_acquire+0x622/0x1c90
[  298.557896][T10576]  do_futex+0x11a/0x350
[  298.557934][T10576]  ? __pfx_do_futex+0x10/0x10
[  298.557974][T10576]  ? find_held_lock+0x2b/0x80
[  298.558017][T10576]  __x64_sys_futex+0x1e0/0x4c0
[  298.558060][T10576]  ? __fget_files+0x20e/0x3c0
[  298.558102][T10576]  ? __pfx___x64_sys_futex+0x10/0x10
[  298.558141][T10576]  ? xfd_validate_state+0x61/0x180
[  298.558195][T10576]  do_syscall_64+0xcd/0x490
[  298.558245][T10576]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.558276][T10576] RIP: 0033:0x7ff1a8b8e929
[  298.558301][T10576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  298.558331][T10576] RSP: 002b:00007ff1a9998038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  298.558361][T10576] RAX: ffffffffffffffda RBX: 00007ff1a8db5fa0 RCX: 00007ff1a8b8e929
[  298.558380][T10576] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000
[  298.558397][T10576] RBP: 00007ff1a8c10b39 R08: 0000000000000000 R09: 0000000080000001
[  298.558415][T10576] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  298.558432][T10576] R13: 0000000000000000 R14: 00007ff1a8db5fa0 R15: 00007ffcdfad1518
[  298.558471][T10576]  </TASK>
[  299.369924][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  299.383607][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  299.405779][   T49] bond0 (unregistering): Released all slaves
[  299.486570][T10401] hsr_slave_0: entered promiscuous mode
[  299.516598][T10401] hsr_slave_1: entered promiscuous mode
[  299.531230][T10401] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  299.562336][T10401] Cannot create hsr debugfs directory
[  299.602967][ T5862] Bluetooth: hci2: command tx timeout
[  300.057837][T10637] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2005'.
[  300.867527][   T49] hsr_slave_0: left promiscuous mode
[  300.889281][   T49] hsr_slave_1: left promiscuous mode
[  300.988276][   T49] veth1_macvtap: left promiscuous mode
[  301.025401][   T49] veth0_macvtap: left promiscuous mode
[  301.031459][   T49] veth1_vlan: left promiscuous mode
[  301.682044][ T5862] Bluetooth: hci2: command tx timeout
[  302.437322][   T49] team0 (unregistering): Port device team_slave_1 removed
[  302.486012][   T49] team0 (unregistering): Port device team_slave_0 removed
[  305.231493][T10401] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  305.285316][T10755] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18
[  305.304319][T10401] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  305.329408][T10401] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  305.378555][T10401] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  305.649200][T10401] 8021q: adding VLAN 0 to HW filter on device bond0
[  305.690227][T10401] 8021q: adding VLAN 0 to HW filter on device team0
[  305.731783][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[  305.738981][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[  305.758674][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[  305.765853][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[  306.317839][T10401] 8021q: adding VLAN 0 to HW filter on device batadv0
[  306.390384][T10401] veth0_vlan: entered promiscuous mode
[  306.408756][T10401] veth1_vlan: entered promiscuous mode
[  306.453949][T10401] veth0_macvtap: entered promiscuous mode
[  306.471435][T10401] veth1_macvtap: entered promiscuous mode
[  306.505769][T10401] batman_adv: batadv0: Interface activated: batadv_slave_0
[  306.529327][T10401] batman_adv: batadv0: Interface activated: batadv_slave_1
[  306.545854][T10401] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  306.557469][T10401] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  306.571884][T10401] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  306.583724][T10401] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  306.693233][ T3516] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  306.701099][ T3516] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  306.760105][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  306.770817][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  307.839518][ T5168] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  307.851706][ T5168] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  307.863986][ T5168] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  307.889419][ T5168] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  307.916858][ T5168] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  308.168110][ T1330] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  308.375075][ T1330] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  308.556402][ T1330] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  308.759976][ T1330] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  309.147826][ T1330] bridge_slave_1: left allmulticast mode
[  309.169028][ T1330] bridge_slave_1: left promiscuous mode
[  309.183709][ T1330] bridge0: port 2(bridge_slave_1) entered disabled state
[  309.212817][ T1330] bridge_slave_0: left allmulticast mode
[  309.218843][ T1330] bridge_slave_0: left promiscuous mode
[  309.236552][ T1330] bridge0: port 1(bridge_slave_0) entered disabled state
[  310.014230][ T5168] Bluetooth: hci1: command tx timeout
[  310.048466][T10876] Line length is too long: Should be less than 4094
[  310.474877][ T1330] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  310.497051][ T1330] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  310.517899][ T1330] bond0 (unregistering): Released all slaves
[  310.589733][T10819] chnl_net:caif_netlink_parms(): no params data found
[  310.926968][T10909] FAULT_INJECTION: forcing a failure.
[  310.926968][T10909] name failslab, interval 1, probability 0, space 0, times 0
[  310.964607][T10909] CPU: 1 UID: 0 PID: 10909 Comm: syz.4.2121 Tainted: G     U              6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  310.964656][T10909] Tainted: [U]=USER
[  310.964666][T10909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  310.964684][T10909] Call Trace:
[  310.964694][T10909]  <TASK>
[  310.964706][T10909]  dump_stack_lvl+0x16c/0x1f0
[  310.964757][T10909]  should_fail_ex+0x512/0x640
[  310.964802][T10909]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  310.964866][T10909]  should_failslab+0xc2/0x120
[  310.964894][T10909]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  310.964935][T10909]  ? __proc_create+0xc3/0x8c0
[  310.964980][T10909]  ? __proc_create+0x2ce/0x8c0
[  310.965035][T10909]  __proc_create+0x2ce/0x8c0
[  310.965084][T10909]  ? __pfx___proc_create+0x10/0x10
[  310.965136][T10909]  ? _raw_write_unlock+0x28/0x50
[  310.965176][T10909]  ? proc_register+0x314/0x5f0
[  310.965227][T10909]  proc_create_reg+0x7d/0x180
[  310.965255][T10909]  ? __pfx_rt_acct_proc_show+0x10/0x10
[  310.965291][T10909]  proc_create_single_data+0x86/0x190
[  310.965320][T10909]  ? __pfx_proc_create_single_data+0x10/0x10
[  310.965349][T10909]  ? __pfx_nl_fib_input+0x10/0x10
[  310.965388][T10909]  ? __pfx_ip_rt_do_proc_init+0x10/0x10
[  310.965421][T10909]  ip_rt_do_proc_init+0xf4/0x1b0
[  310.965457][T10909]  ops_init+0x1e2/0x5f0
[  310.965506][T10909]  setup_net+0x1ff/0x510
[  310.965550][T10909]  ? lockdep_init_map_type+0x5c/0x280
[  310.965612][T10909]  ? __pfx_setup_net+0x10/0x10
[  310.965670][T10909]  ? debug_mutex_init+0x37/0x70
[  310.965710][T10909]  copy_net_ns+0x2a6/0x5f0
[  310.965750][T10909]  create_new_namespaces+0x3ea/0xa90
[  310.965801][T10909]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  310.965845][T10909]  ksys_unshare+0x45b/0xa40
[  310.965893][T10909]  ? __pfx_ksys_unshare+0x10/0x10
[  310.965944][T10909]  ? xfd_validate_state+0x61/0x180
[  310.966004][T10909]  __x64_sys_unshare+0x31/0x40
[  310.966058][T10909]  do_syscall_64+0xcd/0x490
[  310.966115][T10909]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.966149][T10909] RIP: 0033:0x7ff1a8b8e929
[  310.966175][T10909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  310.966206][T10909] RSP: 002b:00007ff1a9998038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  310.966237][T10909] RAX: ffffffffffffffda RBX: 00007ff1a8db5fa0 RCX: 00007ff1a8b8e929
[  310.966259][T10909] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  310.966279][T10909] RBP: 00007ff1a8c10b39 R08: 0000000000000000 R09: 0000000000000000
[  310.966299][T10909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  310.966318][T10909] R13: 0000000000000000 R14: 00007ff1a8db5fa0 R15: 00007ffcdfad1518
[  310.966361][T10909]  </TASK>
[  311.384377][T10819] bridge0: port 1(bridge_slave_0) entered blocking state
[  311.391776][T10819] bridge0: port 1(bridge_slave_0) entered disabled state
[  311.403679][T10819] bridge_slave_0: entered allmulticast mode
[  311.411641][T10819] bridge_slave_0: entered promiscuous mode
[  311.492173][T10819] bridge0: port 2(bridge_slave_1) entered blocking state
[  311.521316][T10819] bridge0: port 2(bridge_slave_1) entered disabled state
[  311.534708][T10819] bridge_slave_1: entered allmulticast mode
[  311.542799][T10819] bridge_slave_1: entered promiscuous mode
[  311.606636][ T1330] hsr_slave_0: left promiscuous mode
[  311.684017][ T1330] hsr_slave_1: left promiscuous mode
[  311.713670][ T1330] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  311.721152][ T1330] batman_adv: batadv0: Removing interface: batadv_slave_0
[  311.737275][T10929] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2124'.
[  311.749167][ T1330] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  311.758959][ T1330] batman_adv: batadv0: Removing interface: batadv_slave_1
[  311.779899][ T1330] veth1_macvtap: left promiscuous mode
[  311.785932][ T1330] veth0_macvtap: left promiscuous mode
[  311.792624][ T1330] veth1_vlan: left promiscuous mode
[  311.798053][ T1330] veth0_vlan: left promiscuous mode
[  312.115370][ T5168] Bluetooth: hci1: command tx timeout
[  313.314186][ T1330] team0 (unregistering): Port device team_slave_1 removed
[  313.357684][ T1330] team0 (unregistering): Port device team_slave_0 removed
[  313.643545][T10969] vivid-003: =================  START STATUS  =================
[  313.651427][T10969] vivid-003: Radio HW Seek Mode: Bounded
[  313.664414][T10969] vivid-003: Radio Programmable HW Seek: false
[  313.691791][T10969] vivid-003: RDS Rx I/O Mode: Block I/O
[  313.697939][T10969] vivid-003: Generate RBDS Instead of RDS: false
[  313.707501][T10969] vivid-003: RDS Reception: true
[  313.737695][T10969] vivid-003: RDS Program Type: 0 inactive
[  313.758023][T10969] vivid-003: RDS PS Name:  inactive
[  313.777833][T10969] vivid-003: RDS Radio Text:  inactive
[  313.790357][T10969] vivid-003: RDS Traffic Announcement: false inactive
[  313.846906][T10969] vivid-003: RDS Traffic Program: false inactive
[  313.877120][T10969] vivid-003: RDS Music: false inactive
[  313.986333][T10969] vivid-003: ==================  END STATUS  ==================
[  314.054596][T10929] ›: renamed from hsr0 (while UP)
[  314.085721][T10819] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  314.196849][ T5168] Bluetooth: hci1: command tx timeout
[  314.391140][T10819] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  314.666078][T10819] team0: Port device team_slave_0 added
[  314.674470][T10819] team0: Port device team_slave_1 added
[  315.146264][T10819] batman_adv: batadv0: Adding interface: batadv_slave_0
[  315.266075][T10819] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  315.292269][T10819] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  315.305995][T10819] batman_adv: batadv0: Adding interface: batadv_slave_1
[  315.313164][T10819] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  315.358716][T10819] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  315.701848][T10819] hsr_slave_0: entered promiscuous mode
[  315.723019][T10819] hsr_slave_1: entered promiscuous mode
[  315.729460][T10819] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  315.882381][T10819] Cannot create hsr debugfs directory
[  316.248017][ T5168] Bluetooth: hci1: command tx timeout
[  316.485928][T11021] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2175'.
[  316.535176][T11021] ›: renamed from hsr0 (while UP)
[  317.033912][T10819] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  317.061879][T10819] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  317.097934][T10819] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  317.269034][T10819] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  317.429310][T11034] vivid-003: =================  START STATUS  =================
[  317.456826][T11034] vivid-003: Radio HW Seek Mode: Bounded
[  317.482116][T11034] vivid-003: Radio Programmable HW Seek: false
[  317.514331][T11034] vivid-003: RDS Rx I/O Mode: Block I/O
[  317.552757][T11034] vivid-003: Generate RBDS Instead of RDS: false
[  317.563958][T11034] vivid-003: RDS Reception: true
[  317.616793][T11034] vivid-003: RDS Program Type: 0 inactive
[  317.623832][T11034] vivid-003: RDS PS Name:  inactive
[  317.629664][T11034] vivid-003: RDS Radio Text:  inactive
[  317.635446][T11034] vivid-003: RDS Traffic Announcement: false inactive
[  317.689298][T11034] vivid-003: RDS Traffic Program: false inactive
[  317.729025][T11034] vivid-003: RDS Music: false inactive
[  317.888719][T11034] vivid-003: ==================  END STATUS  ==================
[  317.983110][T10819] 8021q: adding VLAN 0 to HW filter on device bond0
[  319.027304][T10819] 8021q: adding VLAN 0 to HW filter on device team0
[  319.249071][T10819] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  319.260121][T10819] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  319.388051][ T1330] bridge0: port 1(bridge_slave_0) entered blocking state
[  319.395463][ T1330] bridge0: port 1(bridge_slave_0) entered forwarding state
[  319.465020][ T1330] bridge0: port 2(bridge_slave_1) entered blocking state
[  319.472281][ T1330] bridge0: port 2(bridge_slave_1) entered forwarding state
[  320.452492][T10819] 8021q: adding VLAN 0 to HW filter on device batadv0
[  320.710867][T10819] veth0_vlan: entered promiscuous mode
[  320.837042][T10819] veth1_vlan: entered promiscuous mode
[  321.158031][T10819] veth0_macvtap: entered promiscuous mode
[  321.170036][T10819] veth1_macvtap: entered promiscuous mode
[  321.277011][T10819] batman_adv: batadv0: Interface activated: batadv_slave_0
[  321.290809][T10819] batman_adv: batadv0: Interface activated: batadv_slave_1
[  321.319600][T10819] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  321.328616][T10819] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  321.338508][T10819] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  321.350220][T10819] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  321.461236][ T3516] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  321.482095][ T3516] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  321.537248][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  321.560140][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  322.169335][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  322.175917][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  323.208487][ T5862] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  323.217342][ T5862] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  323.225569][ T5862] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  323.233443][ T5862] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  323.241185][ T5862] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  323.332357][T11161] FAULT_INJECTION: forcing a failure.
[  323.332357][T11161] name fail_futex, interval 1, probability 0, space 0, times 1
[  323.383360][T11161] CPU: 0 UID: 0 PID: 11161 Comm: syz.4.2230 Tainted: G     U              6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  323.383422][T11161] Tainted: [U]=USER
[  323.383433][T11161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  323.383451][T11161] Call Trace:
[  323.383461][T11161]  <TASK>
[  323.383472][T11161]  dump_stack_lvl+0x16c/0x1f0
[  323.383524][T11161]  should_fail_ex+0x512/0x640
[  323.383587][T11161]  get_futex_key+0x1d0/0x1540
[  323.383645][T11161]  ? __pfx_get_futex_key+0x10/0x10
[  323.383691][T11161]  ? stack_trace_save+0x8e/0xc0
[  323.383724][T11161]  ? __pfx_stack_trace_save+0x10/0x10
[  323.383755][T11161]  ? stack_depot_save_flags+0x28/0xa40
[  323.383802][T11161]  futex_wait_setup+0x84/0x510
[  323.383852][T11161]  __futex_wait+0x194/0x2f0
[  323.383895][T11161]  ? __pfx___futex_wait+0x10/0x10
[  323.383952][T11161]  ? __pfx_futex_wake_mark+0x10/0x10
[  323.384011][T11161]  ? __futex_hash.constprop.0+0x1e9/0x440
[  323.384051][T11161]  futex_wait+0xe8/0x380
[  323.384094][T11161]  ? __pfx_futex_wait+0x10/0x10
[  323.384145][T11161]  ? kmem_cache_free+0x2d1/0x4d0
[  323.384188][T11161]  ? find_held_lock+0x2b/0x80
[  323.384216][T11161]  ? putname+0x154/0x1a0
[  323.384243][T11161]  ? do_sys_openat2+0x1b0/0x1d0
[  323.384280][T11161]  do_futex+0x229/0x350
[  323.384317][T11161]  ? __pfx_do_futex+0x10/0x10
[  323.384364][T11161]  __x64_sys_futex+0x1e0/0x4c0
[  323.384404][T11161]  ? __x64_sys_openat+0x174/0x210
[  323.384438][T11161]  ? __pfx___x64_sys_futex+0x10/0x10
[  323.384490][T11161]  do_syscall_64+0xcd/0x490
[  323.384538][T11161]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.384568][T11161] RIP: 0033:0x7ff1a8b8e929
[  323.384590][T11161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  323.384619][T11161] RSP: 002b:00007ff1a99980e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  323.384646][T11161] RAX: ffffffffffffffda RBX: 00007ff1a8db5fa8 RCX: 00007ff1a8b8e929
[  323.384665][T11161] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007ff1a8db5fa8
[  323.384683][T11161] RBP: 00007ff1a8db5fa0 R08: 0000000000000000 R09: 0000000000000000
[  323.384700][T11161] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff1a8db5fac
[  323.384717][T11161] R13: 0000000000000000 R14: 00007ffcdfad1430 R15: 00007ffcdfad1518
[  323.384754][T11161]  </TASK>
[  323.826490][T11177] vivid-007: =================  START STATUS  =================
[  323.834235][T11177] vivid-007: Generate PTS: true
[  323.839266][T11177] vivid-007: Generate SCR: true
[  323.844461][T11177] tpg source WxH: 320x240 (Y'CbCr)
[  323.849579][T11177] tpg field: 1
[  323.852998][T11177] tpg crop: (0,0)/320x240
[  323.857331][T11177] tpg compose: (0,0)/320x240
[  323.862036][T11177] tpg colorspace: 8
[  323.867076][T11177] tpg transfer function: 0/0
[  323.871673][T11177] tpg Y'CbCr encoding: 0/0
[  323.876121][T11177] tpg quantization: 0/0
[  323.881164][T11177] tpg RGB range: 0/2
[  323.885166][T11177] vivid-007: ==================  END STATUS  ==================
[  324.469991][ T2952] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  324.821368][ T2952] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  325.146058][ T2952] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  325.292497][ T5862] Bluetooth: hci3: command tx timeout
[  325.475681][ T2952] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  326.012859][T11172] chnl_net:caif_netlink_parms(): no params data found
[  326.116865][T11227] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2240'.
[  326.143463][ T2952] bridge_slave_1: left allmulticast mode
[  326.149176][ T2952] bridge_slave_1: left promiscuous mode
[  326.186443][ T2952] bridge0: port 2(bridge_slave_1) entered disabled state
[  326.209480][ T2952] bridge_slave_0: left allmulticast mode
[  326.226720][ T2952] bridge_slave_0: left promiscuous mode
[  326.257524][ T2952] bridge0: port 1(bridge_slave_0) entered disabled state
[  326.395606][T11245] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2243'.
[  326.744540][T11252] FAULT_INJECTION: forcing a failure.
[  326.744540][T11252] name failslab, interval 1, probability 0, space 0, times 0
[  326.765968][T11252] CPU: 0 UID: 0 PID: 11252 Comm: syz.4.2244 Tainted: G     U              6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  326.766020][T11252] Tainted: [U]=USER
[  326.766031][T11252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  326.766050][T11252] Call Trace:
[  326.766062][T11252]  <TASK>
[  326.766073][T11252]  dump_stack_lvl+0x16c/0x1f0
[  326.766127][T11252]  should_fail_ex+0x512/0x640
[  326.766177][T11252]  ? __kmalloc_noprof+0xbf/0x510
[  326.766230][T11252]  ? sk_prot_alloc+0x1a8/0x2a0
[  326.766263][T11252]  should_failslab+0xc2/0x120
[  326.766296][T11252]  __kmalloc_noprof+0xd2/0x510
[  326.766346][T11252]  ? __pfx___mutex_lock+0x10/0x10
[  326.766407][T11252]  sk_prot_alloc+0x1a8/0x2a0
[  326.766447][T11252]  sk_alloc+0x36/0xc20
[  326.766495][T11252]  tun_chr_open+0x80/0x5e0
[  326.766546][T11252]  ? __pfx_tun_chr_open+0x10/0x10
[  326.766598][T11252]  misc_open+0x35d/0x420
[  326.766641][T11252]  ? __pfx_misc_open+0x10/0x10
[  326.766692][T11252]  chrdev_open+0x234/0x6a0
[  326.766758][T11252]  ? __pfx_apparmor_file_open+0x10/0x10
[  326.766814][T11252]  ? __pfx_chrdev_open+0x10/0x10
[  326.766875][T11252]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  326.766923][T11252]  do_dentry_open+0x741/0x1c10
[  326.766968][T11252]  ? __pfx_chrdev_open+0x10/0x10
[  326.767022][T11252]  vfs_open+0x82/0x3f0
[  326.767058][T11252]  path_openat+0x1de4/0x2cb0
[  326.767132][T11252]  ? __pfx_path_openat+0x10/0x10
[  326.767179][T11252]  ? __lock_acquire+0xb8a/0x1c90
[  326.767228][T11252]  do_filp_open+0x20b/0x470
[  326.767274][T11252]  ? __pfx_do_filp_open+0x10/0x10
[  326.767350][T11252]  ? alloc_fd+0x471/0x7d0
[  326.767442][T11252]  do_sys_openat2+0x11b/0x1d0
[  326.767480][T11252]  ? __pfx_do_sys_openat2+0x10/0x10
[  326.767537][T11252]  __x64_sys_openat+0x174/0x210
[  326.767577][T11252]  ? __pfx___x64_sys_openat+0x10/0x10
[  326.767636][T11252]  do_syscall_64+0xcd/0x490
[  326.767697][T11252]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.767731][T11252] RIP: 0033:0x7ff1a8b8e929
[  326.767757][T11252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  326.767792][T11252] RSP: 002b:00007ff1a9977038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  326.767824][T11252] RAX: ffffffffffffffda RBX: 00007ff1a8db6080 RCX: 00007ff1a8b8e929
[  326.767846][T11252] RDX: 0000000000002002 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  326.767867][T11252] RBP: 00007ff1a8c10b39 R08: 0000000000000000 R09: 0000000000000000
[  326.767887][T11252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  326.767906][T11252] R13: 0000000000000000 R14: 00007ff1a8db6080 R15: 00007ffcdfad1518
[  326.767951][T11252]  </TASK>
[  327.362387][ T5862] Bluetooth: hci3: command tx timeout
[  327.984592][ T2952] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  328.001679][ T2952] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  328.015431][ T2952] bond0 (unregistering): Released all slaves
[  328.613790][T11172] bridge0: port 1(bridge_slave_0) entered blocking state
[  328.622557][T11172] bridge0: port 1(bridge_slave_0) entered disabled state
[  328.658840][T11172] bridge_slave_0: entered allmulticast mode
[  328.702849][T11172] bridge_slave_0: entered promiscuous mode
[  328.823452][T11172] bridge0: port 2(bridge_slave_1) entered blocking state
[  328.847672][T11172] bridge0: port 2(bridge_slave_1) entered disabled state
[  328.872244][T11172] bridge_slave_1: entered allmulticast mode
[  328.898714][T11172] bridge_slave_1: entered promiscuous mode
[  329.068370][ T2952] hsr_slave_0: left promiscuous mode
[  329.106440][ T2952] hsr_slave_1: left promiscuous mode
[  329.142714][ T2952] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  329.150163][ T2952] batman_adv: batadv0: Removing interface: batadv_slave_0
[  329.199531][ T2952] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  329.212134][ T2952] batman_adv: batadv0: Removing interface: batadv_slave_1
[  329.246899][T11304] mtrr: base(0x100000000) is not aligned on a size(0x0000) boundary
[  329.289823][ T2952] veth1_macvtap: left promiscuous mode
[  329.316597][ T2952] veth0_macvtap: left promiscuous mode
[  329.327862][ T2952] veth1_vlan: left promiscuous mode
[  329.337986][ T2952] veth0_vlan: left promiscuous mode
[  329.442015][ T5862] Bluetooth: hci3: command tx timeout
[  330.267533][ T2952] team0 (unregistering): Port device team_slave_1 removed
[  330.359270][ T2952] team0 (unregistering): Port device team_slave_0 removed
[  331.146721][T11172] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  331.198148][T11172] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  331.291449][T11172] team0: Port device team_slave_0 added
[  331.338682][T11172] team0: Port device team_slave_1 added
[  331.511582][T11172] batman_adv: batadv0: Adding interface: batadv_slave_0
[  331.524593][ T5862] Bluetooth: hci3: command tx timeout
[  331.541698][T11172] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  331.594396][T11172] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  331.614782][T11172] batman_adv: batadv0: Adding interface: batadv_slave_1
[  331.621767][T11172] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  331.685407][T11172] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  331.775977][T11339] vhci_hcd: invalid port number 16
[  331.792942][T11339] vhci_hcd: invalid port number 16
[  331.904587][T11172] hsr_slave_0: entered promiscuous mode
[  331.913235][T11172] hsr_slave_1: entered promiscuous mode
[  333.270237][T11172] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  333.359182][T11172] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  333.405021][T11172] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  333.454319][T11172] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  333.680634][T11172] 8021q: adding VLAN 0 to HW filter on device bond0
[  333.727040][T11388] random: crng reseeded on system resumption
[  333.776771][T11172] 8021q: adding VLAN 0 to HW filter on device team0
[  333.796961][ T3516] bridge0: port 1(bridge_slave_0) entered blocking state
[  333.804145][ T3516] bridge0: port 1(bridge_slave_0) entered forwarding state
[  333.843438][ T3516] bridge0: port 2(bridge_slave_1) entered blocking state
[  333.850583][ T3516] bridge0: port 2(bridge_slave_1) entered forwarding state
[  334.051634][T11172] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  334.651234][T11407] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  334.686999][T11407] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  334.789439][T11407] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  334.878981][T11407] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  334.912302][T11407] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  334.993322][T11407] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  335.043357][T11407] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  335.049388][T11407] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  335.086781][T11407] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  335.182394][T11407] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  335.188450][T11407] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  335.307137][T11407] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  335.696301][T11426] FAULT_INJECTION: forcing a failure.
[  335.696301][T11426] name fail_futex, interval 1, probability 0, space 0, times 0
[  335.716770][T11172] 8021q: adding VLAN 0 to HW filter on device batadv0
[  335.792125][T11426] CPU: 1 UID: 0 PID: 11426 Comm: syz.2.2264 Tainted: G     U              6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  335.792176][T11426] Tainted: [U]=USER
[  335.792186][T11426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  335.792205][T11426] Call Trace:
[  335.792214][T11426]  <TASK>
[  335.792226][T11426]  dump_stack_lvl+0x16c/0x1f0
[  335.792279][T11426]  should_fail_ex+0x512/0x640
[  335.792327][T11426]  get_futex_key+0x1d0/0x1540
[  335.792367][T11426]  ? __pfx_get_futex_key+0x10/0x10
[  335.792416][T11426]  futex_wake+0xe7/0x4e0
[  335.792461][T11426]  ? __pfx_futex_wake+0x10/0x10
[  335.792508][T11426]  ? kmem_cache_free+0x2d1/0x4d0
[  335.792549][T11426]  ? fd_install+0x225/0x750
[  335.792586][T11426]  ? putname+0x154/0x1a0
[  335.792620][T11426]  do_futex+0x1e3/0x350
[  335.792731][T11426]  ? __pfx_do_futex+0x10/0x10
[  335.792782][T11426]  __x64_sys_futex+0x1e0/0x4c0
[  335.792823][T11426]  ? __x64_sys_openat+0x174/0x210
[  335.792857][T11426]  ? __pfx___x64_sys_futex+0x10/0x10
[  335.792914][T11426]  ? xfd_validate_state+0x61/0x180
[  335.792967][T11426]  do_syscall_64+0xcd/0x490
[  335.793015][T11426]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.793044][T11426] RIP: 0033:0x7f89c5b8e929
[  335.793068][T11426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  335.793098][T11426] RSP: 002b:00007f89c69540e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  335.793125][T11426] RAX: ffffffffffffffda RBX: 00007f89c5db6088 RCX: 00007f89c5b8e929
[  335.793145][T11426] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f89c5db608c
[  335.793163][T11426] RBP: 00007f89c5db6080 R08: 00007f89c6976000 R09: 0000000000000000
[  335.793180][T11426] R10: 0000000000000007 R11: 0000000000000246 R12: 00007f89c5db608c
[  335.793197][T11426] R13: 0000000000000000 R14: 00007ffddfbe2af0 R15: 00007ffddfbe2bd8
[  335.793233][T11426]  </TASK>
[  336.299620][T11172] veth0_vlan: entered promiscuous mode
[  336.430181][T11172] veth1_vlan: entered promiscuous mode
[  336.474696][T11442] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2266'.
[  336.547077][T11442] team0: Port device team_slave_0 removed
[  336.673739][T11172] veth0_macvtap: entered promiscuous mode
[  336.696636][T11172] veth1_macvtap: entered promiscuous mode
[  336.723361][ T5168] Bluetooth: hci0: command 0x0c1a tx timeout
[  336.766278][T11172] batman_adv: batadv0: Interface activated: batadv_slave_0
[  336.779254][T11172] batman_adv: batadv0: Interface activated: batadv_slave_1
[  336.795135][T11172] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  336.810558][T11172] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  336.820062][T11172] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  336.862051][T11172] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  336.886067][ T5168] Bluetooth: hci2: command 0x0c1a tx timeout
[  337.122424][ T5168] Bluetooth: hci1: command 0x0c1a tx timeout
[  337.202349][ T5168] Bluetooth: hci3: command 0x0c1a tx timeout
[  337.360984][T11390] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  337.409777][T11390] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  337.648773][T11390] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  337.719802][T11390] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  338.595612][ T5168] Bluetooth: hci3: unexpected event 0x20 length: 123 > 7
[  338.802553][ T5168] Bluetooth: hci0: command 0x0c1a tx timeout
[  338.962243][ T5168] Bluetooth: hci2: command 0x0c1a tx timeout
[  339.217112][ T5168] Bluetooth: hci1: command 0x0c1a tx timeout
[  339.292619][ T5168] Bluetooth: hci3: command 0x0c1a tx timeout
[  339.471176][T11520] FAULT_INJECTION: forcing a failure.
[  339.471176][T11520] name failslab, interval 1, probability 0, space 0, times 0
[  339.540940][T11520] CPU: 1 UID: 0 PID: 11520 Comm: syz.0.2275 Tainted: G     U              6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  339.540991][T11520] Tainted: [U]=USER
[  339.541002][T11520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  339.541020][T11520] Call Trace:
[  339.541029][T11520]  <TASK>
[  339.541040][T11520]  dump_stack_lvl+0x16c/0x1f0
[  339.541089][T11520]  should_fail_ex+0x512/0x640
[  339.541170][T11520]  ? __kmalloc_noprof+0xbf/0x510
[  339.541223][T11520]  ? lsm_blob_alloc+0x68/0x90
[  339.541292][T11520]  should_failslab+0xc2/0x120
[  339.541325][T11520]  __kmalloc_noprof+0xd2/0x510
[  339.541388][T11520]  lsm_blob_alloc+0x68/0x90
[  339.541442][T11520]  security_sk_alloc+0x30/0x270
[  339.541481][T11520]  sk_prot_alloc+0x1c7/0x2a0
[  339.541521][T11520]  sk_alloc+0x36/0xc20
[  339.541580][T11520]  tun_chr_open+0x80/0x5e0
[  339.541632][T11520]  ? __pfx_tun_chr_open+0x10/0x10
[  339.541683][T11520]  misc_open+0x35d/0x420
[  339.541727][T11520]  ? __pfx_misc_open+0x10/0x10
[  339.541769][T11520]  chrdev_open+0x234/0x6a0
[  339.541822][T11520]  ? __pfx_apparmor_file_open+0x10/0x10
[  339.541866][T11520]  ? __pfx_chrdev_open+0x10/0x10
[  339.541927][T11520]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  339.541982][T11520]  do_dentry_open+0x741/0x1c10
[  339.542034][T11520]  ? __pfx_chrdev_open+0x10/0x10
[  339.542128][T11520]  vfs_open+0x82/0x3f0
[  339.542170][T11520]  path_openat+0x1de4/0x2cb0
[  339.542237][T11520]  ? __pfx_path_openat+0x10/0x10
[  339.542289][T11520]  ? __lock_acquire+0xb8a/0x1c90
[  339.542349][T11520]  do_filp_open+0x20b/0x470
[  339.542400][T11520]  ? __pfx_do_filp_open+0x10/0x10
[  339.542484][T11520]  ? alloc_fd+0x471/0x7d0
[  339.542544][T11520]  do_sys_openat2+0x11b/0x1d0
[  339.542598][T11520]  ? __pfx_do_sys_openat2+0x10/0x10
[  339.542656][T11520]  __x64_sys_openat+0x174/0x210
[  339.542697][T11520]  ? __pfx___x64_sys_openat+0x10/0x10
[  339.542757][T11520]  do_syscall_64+0xcd/0x490
[  339.542813][T11520]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.542861][T11520] RIP: 0033:0x7f294fd8e929
[  339.542888][T11520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  339.542922][T11520] RSP: 002b:00007f2950b76038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  339.542955][T11520] RAX: ffffffffffffffda RBX: 00007f294ffb6080 RCX: 00007f294fd8e929
[  339.542977][T11520] RDX: 0000000000002002 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  339.542998][T11520] RBP: 00007f294fe10b39 R08: 0000000000000000 R09: 0000000000000000
[  339.543018][T11520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  339.543038][T11520] R13: 0000000000000000 R14: 00007f294ffb6080 R15: 00007ffddf552aa8
[  339.543081][T11520]  </TASK>
[  340.882121][ T5168] Bluetooth: hci0: command 0x0c1a tx timeout
[  341.042172][ T5168] Bluetooth: hci2: command 0x0c1a tx timeout
[  341.282660][ T5168] Bluetooth: hci1: command 0x0c1a tx timeout
[  341.363780][ T5168] Bluetooth: hci3: command 0x0c1a tx timeout
[  341.565137][T11551] can: request_module (can-proto-3) failed.
[  343.042024][T11599] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  343.048218][T11599] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  343.128966][T11599] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  343.192252][T11599] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  343.773928][T11625] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  343.780239][T11625] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  343.789425][T11625] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  344.021411][T11625] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  345.162152][ T5862] Bluetooth: hci2: Unable to find connection for big 0xd2
[  345.843188][ T5862] Bluetooth: hci3: command 0x0c1a tx timeout
[  345.849280][ T5862] Bluetooth: hci1: command 0x0c1a tx timeout
[  345.855487][ T5168] Bluetooth: hci2: command 0x0c1a tx timeout
[  345.861540][ T5168] Bluetooth: hci0: command 0x0c1a tx timeout
[  348.437409][T11699] FAULT_INJECTION: forcing a failure.
[  348.437409][T11699] name failslab, interval 1, probability 0, space 0, times 0
[  348.605197][T11699] CPU: 0 UID: 0 PID: 11699 Comm: syz.1.2303 Tainted: G     U              6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  348.605237][T11699] Tainted: [U]=USER
[  348.605245][T11699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  348.605259][T11699] Call Trace:
[  348.605266][T11699]  <TASK>
[  348.605275][T11699]  dump_stack_lvl+0x16c/0x1f0
[  348.605317][T11699]  should_fail_ex+0x512/0x640
[  348.605351][T11699]  ? __kmalloc_noprof+0xbf/0x510
[  348.605388][T11699]  ? lsm_blob_alloc+0x68/0x90
[  348.605422][T11699]  should_failslab+0xc2/0x120
[  348.605444][T11699]  __kmalloc_noprof+0xd2/0x510
[  348.605485][T11699]  lsm_blob_alloc+0x68/0x90
[  348.605520][T11699]  security_sk_alloc+0x30/0x270
[  348.605546][T11699]  sk_prot_alloc+0x1c7/0x2a0
[  348.605577][T11699]  sk_alloc+0x36/0xc20
[  348.605636][T11699]  tun_chr_open+0x80/0x5e0
[  348.605672][T11699]  ? __pfx_tun_chr_open+0x10/0x10
[  348.605707][T11699]  misc_open+0x35d/0x420
[  348.605737][T11699]  ? __pfx_misc_open+0x10/0x10
[  348.605766][T11699]  chrdev_open+0x234/0x6a0
[  348.605803][T11699]  ? __pfx_apparmor_file_open+0x10/0x10
[  348.605834][T11699]  ? __pfx_chrdev_open+0x10/0x10
[  348.605874][T11699]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  348.605912][T11699]  do_dentry_open+0x741/0x1c10
[  348.605949][T11699]  ? __pfx_chrdev_open+0x10/0x10
[  348.605992][T11699]  vfs_open+0x82/0x3f0
[  348.606021][T11699]  path_openat+0x1de4/0x2cb0
[  348.606065][T11699]  ? __pfx_path_openat+0x10/0x10
[  348.606102][T11699]  ? __lock_acquire+0xb8a/0x1c90
[  348.606139][T11699]  do_filp_open+0x20b/0x470
[  348.606174][T11699]  ? __pfx_do_filp_open+0x10/0x10
[  348.606230][T11699]  ? alloc_fd+0x471/0x7d0
[  348.606271][T11699]  do_sys_openat2+0x11b/0x1d0
[  348.606297][T11699]  ? __pfx_do_sys_openat2+0x10/0x10
[  348.606336][T11699]  __x64_sys_openat+0x174/0x210
[  348.606363][T11699]  ? __pfx___x64_sys_openat+0x10/0x10
[  348.606403][T11699]  do_syscall_64+0xcd/0x490
[  348.606441][T11699]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  348.606466][T11699] RIP: 0033:0x7fc3adb8e929
[  348.606485][T11699] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  348.606508][T11699] RSP: 002b:00007fc3aea18038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  348.606530][T11699] RAX: ffffffffffffffda RBX: 00007fc3addb6080 RCX: 00007fc3adb8e929
[  348.606546][T11699] RDX: 0000000000002002 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  348.606561][T11699] RBP: 00007fc3adc10b39 R08: 0000000000000000 R09: 0000000000000000
[  348.606576][T11699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  348.606597][T11699] R13: 0000000000000000 R14: 00007fc3addb6080 R15: 00007ffe024d5718
[  348.606626][T11699]  </TASK>
[  350.441510][T11745] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2308'.
[  353.095720][T11787] syz.4.2315(11787): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[  354.049512][T11759] kexec: Could not allocate control_code_buffer
[  355.347009][   T30] audit: type=1800 audit(6047204002.238:9): pid=11817 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2322" name="dbroot" dev="configfs" ino=35188 res=0 errno=0
[  357.227515][T11827] 
[  357.229998][T11827] ======================================================
[  357.237066][T11827] WARNING: possible circular locking dependency detected
[  357.244125][T11827] 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 Tainted: G     U             
[  357.252926][T11827] ------------------------------------------------------
[  357.259975][T11827] syz.1.2324/11827 is trying to acquire lock:
[  357.266072][T11827] ffff888142b15de8 (&q->elevator_lock){+.+.}-{4:4}, at: queue_requests_store+0x1c7/0x310
[  357.276033][T11827] 
[  357.276033][T11827] but task is already holding lock:
[  357.283436][T11827] ffff888142b158b0 (&q->q_usage_counter(io)#59){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  357.294768][T11827] 
[  357.294768][T11827] which lock already depends on the new lock.
[  357.294768][T11827] 
[  357.305198][T11827] 
[  357.305198][T11827] the existing dependency chain (in reverse order) is:
[  357.314233][T11827] 
[  357.314233][T11827] -> #3 (&q->q_usage_counter(io)#59){++++}-{0:0}:
[  357.322907][T11827]        blk_alloc_queue+0x619/0x760
[  357.328243][T11827]        blk_mq_alloc_queue+0x175/0x290
[  357.333850][T11827]        __blk_mq_alloc_disk+0x29/0x120
[  357.339448][T11827]        nbd_dev_add+0x4a0/0xbc0
[  357.344430][T11827]        nbd_init+0x181/0x320
[  357.349151][T11827]        do_one_initcall+0x120/0x6e0
[  357.354476][T11827]        kernel_init_freeable+0x5c2/0x900
[  357.360257][T11827]        kernel_init+0x1c/0x2b0
[  357.365154][T11827]        ret_from_fork+0x5d7/0x6f0
[  357.370321][T11827]        ret_from_fork_asm+0x1a/0x30
[  357.375665][T11827] 
[  357.375665][T11827] -> #2 (fs_reclaim){+.+.}-{0:0}:
[  357.382959][T11827]        fs_reclaim_acquire+0x102/0x150
[  357.388562][T11827]        prepare_alloc_pages+0x162/0x610
[  357.394247][T11827]        __alloc_frozen_pages_noprof+0x18b/0x23f0
[  357.400831][T11827]        __alloc_pages_noprof+0xb/0x1b0
[  357.406432][T11827]        pcpu_populate_chunk+0x110/0xb00
[  357.412124][T11827]        pcpu_alloc_noprof+0x86a/0x1470
[  357.417927][T11827]        xt_percpu_counter_alloc+0x13e/0x1b0
[  357.423977][T11827]        find_check_entry.constprop.0+0xbc/0x9b0
[  357.430356][T11827]        translate_table+0xc98/0x1720
[  357.435787][T11827]        ipt_register_table+0x102/0x430
[  357.441390][T11827]        iptable_security_table_init+0x40/0x60
[  357.447599][T11827]        xt_find_table_lock+0x2e1/0x520
[  357.453186][T11827]        xt_request_find_table_lock+0x28/0xf0
[  357.459389][T11827]        get_info+0x190/0x610
[  357.464116][T11827]        do_ipt_get_ctl+0x169/0xa10
[  357.469363][T11827]        nf_getsockopt+0x7c/0xe0
[  357.474334][T11827]        ip_getsockopt+0x18c/0x1e0
[  357.479479][T11827]        tcp_getsockopt+0x9e/0x100
[  357.484627][T11827]        do_sock_getsockopt+0x3fc/0x800
[  357.490200][T11827]        __sys_getsockopt+0x123/0x1b0
[  357.495605][T11827]        __x64_sys_getsockopt+0xbd/0x160
[  357.501271][T11827]        do_syscall_64+0xcd/0x490
[  357.506326][T11827]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.512768][T11827] 
[  357.512768][T11827] -> #1 (pcpu_alloc_mutex){+.+.}-{4:4}:
[  357.520532][T11827]        __mutex_lock+0x199/0xb90
[  357.525586][T11827]        pcpu_alloc_noprof+0xb4c/0x1470
[  357.531180][T11827]        sbitmap_init_node+0x2fd/0x770
[  357.536658][T11827]        sbitmap_queue_init_node+0x41/0x560
[  357.542579][T11827]        blk_mq_init_tags+0x12d/0x2b0
[  357.548079][T11827]        blk_mq_alloc_map_and_rqs+0x237/0xf60
[  357.554190][T11827]        blk_mq_init_sched+0x30c/0x610
[  357.559685][T11827]        elevator_switch+0x1e1/0x7f0
[  357.565005][T11827]        elevator_change+0x2ac/0x400
[  357.570314][T11827]        elevator_set_default+0x292/0x320
[  357.576059][T11827]        blk_register_queue+0x393/0x4f0
[  357.581627][T11827]        __add_disk+0x74a/0xf00
[  357.586499][T11827]        add_disk_fwnode+0x13f/0x5d0
[  357.591818][T11827]        nbd_dev_add+0x791/0xbc0
[  357.596799][T11827]        nbd_init+0x181/0x320
[  357.601498][T11827]        do_one_initcall+0x120/0x6e0
[  357.606800][T11827]        kernel_init_freeable+0x5c2/0x900
[  357.612576][T11827]        kernel_init+0x1c/0x2b0
[  357.617445][T11827]        ret_from_fork+0x5d7/0x6f0
[  357.622580][T11827]        ret_from_fork_asm+0x1a/0x30
[  357.627882][T11827] 
[  357.627882][T11827] -> #0 (&q->elevator_lock){+.+.}-{4:4}:
[  357.635727][T11827]        __lock_acquire+0x126f/0x1c90
[  357.641133][T11827]        lock_acquire+0x179/0x350
[  357.646192][T11827]        __mutex_lock+0x199/0xb90
[  357.651258][T11827]        queue_requests_store+0x1c7/0x310
[  357.657012][T11827]        queue_attr_store+0x276/0x320
[  357.662509][T11827]        sysfs_kf_write+0xef/0x150
[  357.668095][T11827]        kernfs_fop_write_iter+0x354/0x510
[  357.674023][T11827]        iter_file_splice_write+0x91f/0x1150
[  357.680044][T11827]        direct_splice_actor+0x192/0x6c0
[  357.685727][T11827]        splice_direct_to_actor+0x342/0xa30
[  357.691652][T11827]        do_splice_direct+0x174/0x240
[  357.697051][T11827]        do_sendfile+0xb06/0xe50
[  357.702015][T11827]        __x64_sys_sendfile64+0x1d8/0x220
[  357.707747][T11827]        do_syscall_64+0xcd/0x490
[  357.712799][T11827]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.719233][T11827] 
[  357.719233][T11827] other info that might help us debug this:
[  357.719233][T11827] 
[  357.729471][T11827] Chain exists of:
[  357.729471][T11827]   &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#59
[  357.729471][T11827] 
[  357.743250][T11827]  Possible unsafe locking scenario:
[  357.743250][T11827] 
[  357.750708][T11827]        CPU0                    CPU1
[  357.756086][T11827]        ----                    ----
[  357.761470][T11827]   lock(&q->q_usage_counter(io)#59);
[  357.766888][T11827]                                lock(fs_reclaim);
[  357.773411][T11827]                                lock(&q->q_usage_counter(io)#59);
[  357.781325][T11827]   lock(&q->elevator_lock);
[  357.785938][T11827] 
[  357.785938][T11827]  *** DEADLOCK ***
[  357.785938][T11827] 
[  357.794094][T11827] 5 locks held by syz.1.2324/11827:
[  357.799311][T11827]  #0: ffff888036ab8428 (sb_writers#7){.+.+}-{0:0}, at: splice_direct_to_actor+0x342/0xa30
[  357.809377][T11827]  #1: ffff888060a3e488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  357.819164][T11827]  #2: ffff888142f484b8 (kn->active#156){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[  357.829305][T11827]  #3: ffff888142b158b0 (&q->q_usage_counter(io)#59){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  357.841019][T11827]  #4: ffff888142b158e8 (&q->q_usage_counter(queue)#11){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  357.852990][T11827] 
[  357.852990][T11827] stack backtrace:
[  357.858897][T11827] CPU: 1 UID: 0 PID: 11827 Comm: syz.1.2324 Tainted: G     U              6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[  357.858937][T11827] Tainted: [U]=USER
[  357.858946][T11827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  357.858962][T11827] Call Trace:
[  357.858972][T11827]  <TASK>
[  357.858982][T11827]  dump_stack_lvl+0x116/0x1f0
[  357.859024][T11827]  print_circular_bug+0x275/0x350
[  357.859063][T11827]  check_noncircular+0x14c/0x170
[  357.859103][T11827]  __lock_acquire+0x126f/0x1c90
[  357.859144][T11827]  ? __lock_acquire+0xb8a/0x1c90
[  357.859182][T11827]  lock_acquire+0x179/0x350
[  357.859218][T11827]  ? queue_requests_store+0x1c7/0x310
[  357.859264][T11827]  ? __pfx___might_resched+0x10/0x10
[  357.859293][T11827]  ? do_raw_spin_lock+0x12c/0x2b0
[  357.859338][T11827]  __mutex_lock+0x199/0xb90
[  357.859377][T11827]  ? queue_requests_store+0x1c7/0x310
[  357.859422][T11827]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  357.859458][T11827]  ? queue_requests_store+0x1c7/0x310
[  357.859501][T11827]  ? lockdep_hardirqs_on+0x7c/0x110
[  357.859540][T11827]  ? __pfx___mutex_lock+0x10/0x10
[  357.859584][T11827]  ? __pfx_autoremove_wake_function+0x10/0x10
[  357.859623][T11827]  ? queue_requests_store+0x1c7/0x310
[  357.859666][T11827]  queue_requests_store+0x1c7/0x310
[  357.859710][T11827]  ? __pfx_queue_requests_store+0x10/0x10
[  357.859757][T11827]  ? __mutex_trylock_common+0xe9/0x250
[  357.859796][T11827]  ? __pfx_queue_requests_store+0x10/0x10
[  357.859846][T11827]  queue_attr_store+0x276/0x320
[  357.859888][T11827]  ? __pfx_queue_attr_store+0x10/0x10
[  357.859928][T11827]  ? __lock_acquire+0x622/0x1c90
[  357.859973][T11827]  ? find_held_lock+0x2b/0x80
[  357.860000][T11827]  ? sysfs_file_kobj+0xe4/0x290
[  357.860034][T11827]  ? __pfx_queue_attr_store+0x10/0x10
[  357.860077][T11827]  sysfs_kf_write+0xef/0x150
[  357.860109][T11827]  kernfs_fop_write_iter+0x354/0x510
[  357.860136][T11827]  ? __pfx_sysfs_kf_write+0x10/0x10
[  357.860169][T11827]  iter_file_splice_write+0x91f/0x1150
[  357.860217][T11827]  ? __pfx_iter_file_splice_write+0x10/0x10
[  357.860258][T11827]  ? __pfx_copy_splice_read+0x10/0x10
[  357.860301][T11827]  ? __pfx_iter_file_splice_write+0x10/0x10
[  357.860338][T11827]  direct_splice_actor+0x192/0x6c0
[  357.860376][T11827]  splice_direct_to_actor+0x342/0xa30
[  357.860412][T11827]  ? __pfx_direct_splice_actor+0x10/0x10
[  357.860450][T11827]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  357.860490][T11827]  do_splice_direct+0x174/0x240
[  357.860524][T11827]  ? __pfx_do_splice_direct+0x10/0x10
[  357.860559][T11827]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  357.860595][T11827]  ? rw_verify_area+0xcf/0x680
[  357.860631][T11827]  do_sendfile+0xb06/0xe50
[  357.860669][T11827]  ? __pfx_do_sendfile+0x10/0x10
[  357.860705][T11827]  ? handle_mm_fault+0x2ab/0xd10
[  357.860742][T11827]  ? __x64_sys_futex+0x1e0/0x4c0
[  357.860775][T11827]  ? __x64_sys_futex+0x1e9/0x4c0
[  357.860815][T11827]  __x64_sys_sendfile64+0x1d8/0x220
[  357.860842][T11827]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[  357.860872][T11827]  do_syscall_64+0xcd/0x490
[  357.860915][T11827]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.860942][T11827] RIP: 0033:0x7fc3adb8e929
[  357.860963][T11827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  357.860990][T11827] RSP: 002b:00007fc3aea39038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  357.861014][T11827] RAX: ffffffffffffffda RBX: 00007fc3addb5fa0 RCX: 00007fc3adb8e929
[  357.861032][T11827] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003
[  357.861048][T11827] RBP: 00007fc3adc10b39 R08: 0000000000000000 R09: 0000000000000000
[  357.861066][T11827] R10: 0000000000000200 R11: 0000000000000246 R12: 0000000000000000
[  357.861082][T11827] R13: 0000000000000000 R14: 00007fc3addb5fa0 R15: 00007ffe024d5718
[  357.861107][T11827]  </TASK>