last executing test programs:

10.107564422s ago: executing program 0 (id=1463):
openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binderfs/binder0\x00', 0x800, 0x0)
ioctl$auto(0x3, 0x541b, 0x38)

9.881269234s ago: executing program 0 (id=1465):
clock_nanosleep$auto(0x9, 0x0, &(0x7f0000000000)={0x0, 0x200}, 0x0)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000)
socket(0x2b, 0x1, 0x1)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-touch0\x00', 0xe0800, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000100), r1)
r2 = mq_open$auto(&(0x7f00000000c0)='\x12\xe6D\b\x9e\x00\x80\x8d\f\xb9w-\xbd!\x9eb\xed\xfb\x0f\xe5\x9dZ\xc2\xd1\x01wBV\x91\x8f_\xc0.\x84\xfe\x84\xd1se\x01\x06\x00\xb3\x13_Y&\xa9\x88\xe4\xa2\xb0V\x85\x92<\xb6\xdcT \\\xf2\v\xb1\xe2\xd8\xfa\xd8V\xe5\x00\xfa\xe9!\xc5<\xce\x18=\x06\xdagq\xb5\r\t\xb2\xde\x99\xd50\xbb\x192\x1c4\x86\xc0\xc1-\xd5\x10\xc3\xfc*[8\x89h\xc5\xba\xff\xc8u5<y\xa5\x97\x13\xef\xc4g\xc3\xa4&\x81I6\v\xcc\x00\x00', 0x62, 0xfffc, 0x0)
mmap$auto(0xb, 0x6, 0x4, 0xeb1, 0x401, 0x200)
bpf$auto(0x8, &(0x7f0000000440)=@bpf_attr_0={0x7, 0xb5, 0x10, 0x4, 0x53400000, 0xffffffffffffffff, 0x9, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x807, 0x3, 0x6}, 0x10)
r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/038/001\x00', 0xa821, 0x0)
ioctl$auto_USBDEVFS_SUBMITURB32(r3, 0x802c550a, &(0x7f0000000080)=ANY=[@ANYBLOB="0280060000000000856c5cc3fe8c5dcf13f2375ae72003a2e551c9ac9f79d301b5060774590bc559ab85364c6b9fea6221dd1271b276650aa0f05eb1330e92"])
move_mount$auto(r2, 0x0, r2, 0x0, 0x176)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a2d9)
socket(0x29, 0x5, 0x0)
socket(0x9, 0x5, 0xfffffffe)
r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/kcm\x00', 0x480, 0x0)
read$auto(r4, &(0x7f0000000300)='2\x06J Nwe0\xbd\"\x8f\xe5h_b\xde\x19\xa5\x0e\xfa\xe0\xcb\xb7\xaceW\x1a\x1f\xae\xd8\xfe\x01Y\xd6\xba\xde3\xc7\xf8\x91\xda\xf6_%\xf30\xdc\x97<\xf3A\xa7\xb4\x8dj\xbd\x02\xb1}{e\xf64\xec4\x83,\xecp7j\xf8<\xc8x\xd4\xb0\x1d\b\xb0\x18\x01\x9e\x9et\x8aa\xe1\re\xcf\x8e\x02\xeeW\xf0z\vk#_\xdb\x15f8>;zM\xa95\x16\xe9l\xf5\xaa\xaa\x03\x18p\x0e\xde$\xc3\xa9\xac\xc7\x98\x05<\xef\xcd@z\fx}F\x93\xe1\xbd\xb3s\x80\xc1w\x1eP\xd0\xea\xab\x8f\xc7\a\xe6\xad\ni\n~-u)\x88\x97\xed\xa7\x9b\x0f\xef\x99\x13\xdc<\xd1{\br\xd6[\xd3\xa9-(KH\b\xdfJ\xdek\xef\xc9\xd7\n\x83m\x86\xf2\a\x8d\x19\xe0\\\xf0lg?\x98\xc8\x8e\xbd2?C\xa5\x8a\xe3\xc6\xd7\x00\x14n\xb8<\xab\x96\x8d\xa1\xf4\x87\xe5\a:z\xea\xcc\xa1\x8d\xae8\x12\xa6\xb9\xd99\xaa\xc5\x10\xad\xdd\x89\xdd\xbb\xf5\xd2Q\x92\xcd\xcc\x9f\x1a\xdbR\xeeL:\x87\xb3#\x00\x1bR\xf2\xe2/\xa3\x0e\x90\x98\x8c\xc0\xa4\xda', 0x805644)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0)
unshare$auto(0x40000080)
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, 0x0, 0x1c1041, 0x0)
ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, &(0x7f0000000040)="f2030f8878e8d25b52a5a733f3a7cc646b4bbc558766b0")
setsockopt$auto(0xffffffffffffffff, 0x1, 0x44, &(0x7f0000000180)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\t\xf8p\xc6\xb9E\x81\xb6F\x96\xa6\xba\xf4\x98;n\xb2nA6\x1a\xb9\xac\xde\x0e\x90\x18\xf1\x13I\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\xc2\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x00\x00\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81', 0xa95e)
mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000)
bpf$auto(0x0, 0x0, 0xf)
syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/conf/wg1/forwarding\x00', 0x141241, 0x0)
r5 = getpid()
process_vm_readv$auto(r5, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000080), 0x1ffffffff}, 0x6, 0x0)

8.526482237s ago: executing program 0 (id=1468):
unshare$auto(0x40000080)
mmap$auto(0x0, 0x20009, 0x4000000000db, 0x12, 0x400, 0x18002)
mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000)
r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40040, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r0, &(0x7f0000000040)='{\x00', 0xfff)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
r2 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='&\x00', @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
read$auto(r2, &(0x7f0000002300)='MAC802154_HWSIM\x00', 0xfdef)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd15/capability\x00', 0x129102, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0)
r3 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000bc0)='/dev/binderfs/binder0\x00', 0x102, 0x0)
ioctl$auto_BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x8, 0xffffffffffffff49, 0x5, 0x1823, 0x800000000004, 0x1, 0x5, 0x19, 0x10, 0x5, 0x2dde, 0x8, 0xfffffffffffffffa, 0xab, 0x0, 0x1]}, 0x0)
r4 = openat$auto_state_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x1e9482, 0x0)
read$auto_state_fops_(r4, &(0x7f0000000180)=""/61, 0xfffffeeb)
syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x800000002, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
sendto$auto(0x4, 0x0, 0xff, 0x6, 0x0, 0xe)
connect$auto(0x5, 0x0, 0x9)
select$auto(0x7, 0x0, &(0x7f0000000080)={[0x209c, 0xe9e, 0x6, 0x15, 0x1000, 0x100000001, 0xb, 0xf, 0xffffffffffffffff, 0x0, 0xe, 0xd59, 0x101, 0xff, 0x2, 0x245c]}, 0x0, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x101000, 0x0)

7.153158256s ago: executing program 0 (id=1473):
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e)
ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
r1 = socket(0x25, 0x3, 0x101)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r2, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccW\x1c\x94t\x98\xc6\xd7\x9dh\xdf\x91\xd9\x1ew\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5,\xcc\xfa`\xfa\x90\xf0C\xdc\xbebBW\x8a\x95\xf4\x14\xc7\x90V\xe7a\xfb*\xcc6\xba\x9ef\x19R\xff\xd2\xd8\x98\xa8\x17\xcb\x84\xe8\xfb\x00`\xc2\xce~U\xca\\\xc1\xb7\xf1\n\xb9\xbfk\x1e\xdb\xed\x81{\x1f\x18j\x16\rk\x0eO\xe3\xa78&Z\x9e\xbf\x84\xd6\x1f\xe8\x88\x1f\xbc\x1eT\xa6{9hb\xbc\x1a\\\xb3\x846&\x1a\xbb\x9c:e\x9c\x18\x11\xf0\x8eQ\xd8\x8a3^?\x13\x00\xcbx\xb2\x18e\x95$\x9d\x804', 0x100000a3d9)
sendmsg$auto_HSR_C_GET_NODE_STATUS(r1, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4008000}, 0x8000)
mmap$auto(0x4, 0x2020009, 0x507d, 0x11, 0xfffffffffffffffa, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x3)
signalfd4$auto(0xffffffff, 0x0, 0x5, 0x5)
r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000080))
getdents$auto(r3, 0x0, 0xfff)
msync$auto(0x7f, 0x6, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/loop15/queue/discard_granularity\x00', 0x8000, 0x0)
clock_nanosleep$auto(0x8001, 0x100, &(0x7f00000001c0)={0xf5d, 0x7f}, &(0x7f0000000240)={0x0, 0x2})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'})
r5 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NFSD_CMD_THREADS_SET(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400"], 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x400c010)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/conf/default/drop_gratuitous_arp\x00', 0x141241, 0x0)
select$auto(0x4, 0x0, &(0x7f0000000080)={[0x209c, 0xe9e, 0x4, 0x5, 0x1000, 0x100000001, 0xc, 0xf, 0x0, 0x40, 0xe, 0xd59, 0x101, 0xff, 0x2, 0x80080001]}, 0x0, 0x0)
write$auto(r5, &(0x7f0000000000)='-\x00', 0x2fb)
unshare$auto(0x40000080)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
socket$nl_generic(0x10, 0x3, 0x10)

5.697986128s ago: executing program 1 (id=1480):
unshare$auto(0x40000080)
mmap$auto(0x0, 0x20009, 0x4000000000db, 0x12, 0x400, 0x18002)
mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000)
r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40040, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f0000000040)='{\x00', 0xfff)
write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
r1 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='&\x00', @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
read$auto(r1, &(0x7f0000002300)='MAC802154_HWSIM\x00', 0xfdef)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd15/capability\x00', 0x129102, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0)
r2 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000bc0)='/dev/binderfs/binder0\x00', 0x102, 0x0)
ioctl$auto_BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x8, 0xffffffffffffff49, 0x5, 0x1823, 0x800000000004, 0x1, 0x5, 0x19, 0x10, 0x5, 0x2dde, 0x8, 0xfffffffffffffffa, 0xab, 0x0, 0x1]}, 0x0)
r3 = openat$auto_state_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x1e9482, 0x0)
read$auto_state_fops_(r3, &(0x7f0000000180)=""/61, 0xfffffeeb)
syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x800000002, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
sendto$auto(0x4, 0x0, 0xff, 0x6, 0x0, 0xe)
connect$auto(0x5, 0x0, 0x9)
select$auto(0x7, 0x0, &(0x7f0000000080)={[0x209c, 0xe9e, 0x6, 0x15, 0x1000, 0x100000001, 0xb, 0xf, 0xffffffffffffffff, 0x0, 0xe, 0xd59, 0x101, 0xff, 0x2, 0x245c]}, 0x0, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x101000, 0x0)

3.921321536s ago: executing program 2 (id=1482):
r0 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000002340)='/dev/binderfs/binder1\x00', 0x802, 0x0)
ioctl$auto_BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000340)="5d3d4bc0f5bbdecdf45a36e14cf63e577eed161d3609d494bfe0d087e99c9fcbd9")

3.800279153s ago: executing program 2 (id=1483):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/overlay/parameters/check_copy_up\x00', 0x129882, 0x0)
sendfile$auto(r0, r0, 0x0, 0x8)

3.733028446s ago: executing program 1 (id=1484):
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x28000, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xc008ae09, 0x0)

3.509716179s ago: executing program 2 (id=1485):
mmap$auto(0x0, 0x9, 0xc00000072, 0x8b72, 0x1000000002, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/irq/11/smp_affinity\x00', 0xe0182, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
getrandom$auto(0x0, 0x6000000, 0x3)
listmount$auto(0xfffffffffffffffd, 0x0, 0x8, 0x0)
remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4)
mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2)
madvise$auto(0x110c230000, 0x1, 0x9)
r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/pagetypeinfo\x00', 0x43102, 0x0)
futex$auto(0x0, 0xc, 0xffffffff, 0x0, 0x0, 0x4)
read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000180)=""/178, 0xb2)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xac}, 0x5, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x2, 0x9)
recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0)
mmap$auto(0x0, 0x7, 0x3, 0xeb2, 0xffffffffffffffff, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x23, 0x80805, 0x0)
shmget$auto(0xffffffffffffffff, 0xb0d, 0xa7db6ba)
unshare$auto(0x8000400)
memfd_secret$auto(0x0)
fchownat$auto(0x2, 0x0, 0x4, 0x8001, 0x1000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001180), 0xffffffffffffffff)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000040)={0x1c, r2, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@HWSIM_ATTR_REG_CUSTOM_REG={0x8, 0xc, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x404c091}, 0x40000)

3.443481902s ago: executing program 1 (id=1487):
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/phonet\x00', 0x40c80, 0x0)
pread64$auto(r0, &(0x7f0000000540)='veth1\x00\xe0,\x17\xa0\xf7\x89Pl\x84K?\x01\x84\xa1i\xe00\x81p\xa0U \f\xdbP`:\xe2\'\xa7\xbf\xbd\x04\x18\xad\x90I^\x99M\xe0W\x14\x11\xf4\xeb\x90:\v\xc5\x13*\xfe\x90\xb1\xa9O\xa5\x05\xaa\x8fTi\xd6\x88Q\xda\xca', 0x20000000003f, 0x1)

3.188087359s ago: executing program 0 (id=1488):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
keyctl$auto(0x2000000000000017, 0x8000, 0x2d, 0xc4, 0x20803)
mmap$auto(0x0, 0x20009, 0x7, 0x19, 0x401, 0x1)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0x4)
socket(0x10, 0x2, 0x0)
setsockopt$auto(0x3, 0x1, 0x3, 0x0, 0xe)
mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000)
openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace\x00', 0x1a6b75d638a2a513, 0x0)
socket(0x2b, 0x1, 0x1)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/traceSMB\x00', 0x40c01, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x2000c, 0xe3, 0x200000100000eb1, 0x40000000000a1, 0x8000)
unshare$auto(0x40000080)
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/mpls/platform_labels\x00', 0x202, 0x0)
pwrite64$auto(r0, 0x0, 0x7, 0x7)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
r1 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP0_WRITE(r1, 0x40085503, 0x0)
openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/current_tracer\x00', 0x1a3642, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
unshare$auto(0x40000080)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x34, 0x65f, 0x7fffffff, 0x9, 0x3, 0x20000002, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x6, 0x10003, 0x80, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x8001, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4000000000000]}, 0x2, 0xd)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
userfaultfd$auto(0x5)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='\r\x00-', @ANYBLOB="39f9ffef"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
socket(0x10, 0x2, 0x0)
unshare$auto(0x40000080)
prctl$auto(0x1d, 0x8000000000000001, 0x0, 0x5, 0x1)

3.043972633s ago: executing program 1 (id=1489):
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
r0 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyw5\x00', 0x28341, 0x0)
ioctl$auto_TIOCMGET2(r1, 0x5415, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, 0x0, 0x4000080)
openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0)
r2 = openat$auto_nsim_nexthop_bucket_activity_fops_fib(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/fib/nexthop_bucket_activity\x00', 0x1, 0x0)
write$auto(r2, 0x0, 0x0)
mknod$auto(&(0x7f0000000080)=':,\x00', 0xcb, 0xfffffffa)
cachestat$auto(0xffffffffffffffff, 0x0, 0x0, 0x1)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
r3 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0)
r4 = openat$auto_bm_entry_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x400, 0x0)
read$auto(r4, 0x0, 0x9)
ioctl$auto_IOCTL_VMCI_VERSION2(r3, 0x7a7, 0x0)
ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, 0x6)
ppoll$auto(0x0, 0x7f, 0x0, 0x0, 0x8)
ioctl$auto_IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, 0x0)
mknod$auto(&(0x7f0000000280)='X))\x00', 0x63c5, 0x7bf)
sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(r0, 0x0, 0x48000)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/devices/virtual/net/bond0/bonding/arp_validate\x00', 0x20042, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f00000000c0), 0xffffffffffffffff)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x66ab80, 0x0)
r5 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000400), 0x101000, 0x0)
ioctl$auto_UI_SET_EVBIT(r5, 0x40045564, &(0x7f0000000440)=0x1)
unshare$auto(0x40000080)

2.790840005s ago: executing program 3 (id=1490):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001200)='/sys/devices/virtual/net/bpq1/proto_down\x00', 0x80800, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000001240)=""/9, 0x9)

2.553098589s ago: executing program 3 (id=1491):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/module/ima/parameters/ahash_bufsize\x00', 0x62, 0x0)
write$auto(r0, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)

2.363098654s ago: executing program 3 (id=1492):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/zram0/mem_used_max\x00', 0xa081, 0x0)
write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)

2.134540641s ago: executing program 3 (id=1493):
unshare$auto(0x40000080)
mmap$auto(0x0, 0x20009, 0x4000000000db, 0x12, 0x400, 0x18002)
mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000)
r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40040, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f0000000040)='{\x00', 0xfff)
write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
r1 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='&\x00', @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
read$auto(r1, &(0x7f0000002300)='MAC802154_HWSIM\x00', 0xfdef)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd15/capability\x00', 0x129102, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0)
r2 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000bc0)='/dev/binderfs/binder0\x00', 0x102, 0x0)
ioctl$auto_BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x8, 0xffffffffffffff49, 0x5, 0x1823, 0x800000000004, 0x1, 0x5, 0x19, 0x10, 0x5, 0x2dde, 0x8, 0xfffffffffffffffa, 0xab, 0x0, 0x1]}, 0x0)
r3 = openat$auto_state_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x1e9482, 0x0)
read$auto_state_fops_(r3, &(0x7f0000000180)=""/61, 0xfffffeeb)
syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x800000002, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
sendto$auto(0x4, 0x0, 0xff, 0x6, 0x0, 0xe)
connect$auto(0x5, 0x0, 0x9)
select$auto(0x7, 0x0, &(0x7f0000000080)={[0x209c, 0xe9e, 0x6, 0x15, 0x1000, 0x100000001, 0xb, 0xf, 0xffffffffffffffff, 0x0, 0xe, 0xd59, 0x101, 0xff, 0x2, 0x245c]}, 0x0, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x101000, 0x0)

1.564487869s ago: executing program 3 (id=1494):
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
r0 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyw5\x00', 0x28341, 0x0)
ioctl$auto_TIOCMGET2(r1, 0x5415, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, 0x0, 0x4000080)
openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0)
r2 = openat$auto_nsim_nexthop_bucket_activity_fops_fib(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/fib/nexthop_bucket_activity\x00', 0x1, 0x0)
write$auto(r2, 0x0, 0x0)
mknod$auto(&(0x7f0000000080)=':,\x00', 0xcb, 0xfffffffa)
cachestat$auto(0xffffffffffffffff, 0x0, 0x0, 0x1)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
r3 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0)
r4 = openat$auto_bm_entry_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x400, 0x0)
read$auto(r4, 0x0, 0x9)
ioctl$auto_IOCTL_VMCI_VERSION2(r3, 0x7a7, 0x0)
ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, 0x6)
ppoll$auto(0x0, 0x7f, 0x0, 0x0, 0x8)
ioctl$auto_IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, 0x0)
mknod$auto(&(0x7f0000000280)='X))\x00', 0x63c5, 0x7bf)
sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(r0, 0x0, 0x48000)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/devices/virtual/net/bond0/bonding/arp_validate\x00', 0x20042, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f00000000c0), 0xffffffffffffffff)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x66ab80, 0x0)
r5 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000400), 0x101000, 0x0)
ioctl$auto_UI_SET_EVBIT(r5, 0x40045564, &(0x7f0000000440)=0x1)
unshare$auto(0x40000080)

1.024327734s ago: executing program 2 (id=1495):
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0)
ioctl$auto_TIOCGICOUNT2(r0, 0x545d, &(0x7f00000000c0))

924.297657ms ago: executing program 2 (id=1496):
r0 = socket(0x11, 0xa, 0x300)
getsockname$auto(r0, &(0x7f0000000240)=@nfc={0x27, 0x0, 0xfffffffe, 0x5}, &(0x7f0000000200)=0x8000)

757.843589ms ago: executing program 2 (id=1497):
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000003340)='/dev/radio10\x00', 0xc0400, 0x0)
openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binderfs/binder0\x00', 0x800, 0x0)
r0 = socket(0xa, 0x1, 0x100)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
socket(0x1e, 0x1, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x101, 0x0)
r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3739aae3, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto_lockdown_ops_lockdown(r2, &(0x7f0000003300), 0x0)
pselect6$auto(0x400, &(0x7f0000000180)={[0x4, 0x69b98a3d, 0x2, 0xc3, 0x10, 0x45, 0x3, 0x80000001, 0x5, 0x3, 0x0, 0x6478, 0x0, 0x16, 0x6, 0x9]}, &(0x7f0000000240)={[0x8, 0x1a9, 0x1, 0x6, 0x4, 0x7fffffff, 0x0, 0x100, 0x62, 0xfffffffffffffffd, 0x9, 0x10, 0x8, 0x7ce, 0x7, 0x65e]}, &(0x7f0000000340)={[0xfb, 0x3ff, 0x8000, 0x7, 0x3df, 0x5, 0xaba, 0x7fffffffffffffff, 0x2, 0x5, 0x5, 0x1, 0x3dc4, 0x3254, 0x9]}, &(0x7f00000003c0)={0x7fffffff, 0x4}, &(0x7f0000000400)="89aa518eded2693efbee27ce6a6eab8eee57e40d31ee248c9d6ed9fa44e8fca948a74719ad96494fde051f42b070fce6c1b7d4f147def4cecd512fd7a326b1b27b280d50a850ef6a410ede032d94ac35b304dcd0ffb64669bc74a7c2eae2b31bf8477dcaf81c6cea78fa048d9b880d4ec8d7cde74672624dd7124389d4b99a9e253e0cc1b1829c68af554e824acac51d174528cdefd858a079")
r3 = socket(0x11, 0x80003, 0x300)
r4 = syz_genetlink_get_family_id$auto_mac802154_hwsim(&(0x7f0000000540), r0)
r5 = setfsuid$auto(0xee01)
r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0)
write$auto_ocfs2_control_fops_stack_user(r6, &(0x7f0000003900)='\t', 0x1)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/sunrpc/parameters/pool_mode\x00', 0x80302, 0x0)
keyctl$auto(0x7, 0x0, 0x0, 0x0, 0x7)
fstat$auto(r1, &(0x7f0000000780)={0xdd5f, 0x0, 0x200, 0x10000, <r7=>0xffffffffffffffff, 0xee00, 0x0, 0x10000, 0x7, 0x1000, 0xd, 0x8, 0x9, 0x9, 0x2, 0x6, 0x3})
sendmsg$auto_MAC802154_HWSIM_CMD_DEL_RADIO(r3, &(0x7f00000032c0)={0x0, 0x0, &(0x7f0000003280)={&(0x7f0000000840)=ANY=[@ANYBLOB=' *\x00\x00', @ANYRES16=r4, @ANYBLOB="04002abd7000ffdbdf2504000000400202800c004d8004001b800400d08014004b00200100000000000000000000000000022e008080a4824ea600ddf0fc4eb7f5f53607873f74b48ae15490c3de06542594449e4583be6f4c523984224bbb3f000049b2f47e805d4b8a0eef5f4dab4731db1cc51e2eab0bfbafc8e3345369f5e1d5b259190a872d2360c913171828ac01a9245853d2686a7c3c799c605f6d95c6bbbe0dccd538d7da4cbeeb34b87260ca2237ef12b36a94a165a217d69b559664ad7bd0a07e9429f54ae35c815a17673039b3ef15636c38fbd7b03ede6062463c355ca62d1c6b5355ad6253d1235a19f1ff8722d4d8f2d784114bcb5a140d1d7adc01094e7f42b17fddac5e319960dda9a16463bf645235893051f771a2b4dcde25fc8af5d525013e8014009500ff01000000000000000000000000000104004700f1ae1f437938399ef5cd2be1c2021e99896bba1994fa819ed0e2058ed221599a5eba4599b535544f926903be2c9edb1fd401ce789956b85ba300b74e756148f80f695f8ecd0f63fd22160f7dd48dcf6feb8bd7744c19e6357458e686d95a71236243cb5b94ad06bf21bf21a3dc8e2ebe8c2cfa694775fbd364ec300a15f76659e6205b82c4c0f96d6e6c8295c311ff04ab7934408b2b77639c7a8f87ee81fa8cbf3afb539e7258e5006811d727b36ea3add814c4f7a80099ecee7aa23af5f915275284c3a661246c101e8c207f783b304cd49645e30800bb00050000000800e300", @ANYRES32, @ANYBLOB="14009900fc0100000000000000000000000000000400f88008001600", @ANYRES32=r5, @ANYBLOB="040039800000003e1602804e024b807ae5327d336479bfa6a8aabd8f6699d70b6be76d1f4ffff5481a21f0bf8000befcfb3af088f196d1269ecbbee9d85232149c2bad9de6548bf3c2a95003544039ef37b7d68863bedf37d5d889798d923483a7070ee83535fcb30a8ca341c7e8aea5276ffb0d4e97bfce5de2f409e6b4edabef4d08006100040000009e10209d88ed8ab929460c4b4df325d5a19b7400d4d93ea037836402ce6ea58326cd419056ac22177c61bc7d2f8ddc69dad696d5171631ec9452b23f9abb931c1378bd5a7dfe084532fbccd46841e0dd6d6427288c47d06f889309cf480720be10b58f3b3b2beedb1e96a8c6c4ccd38d42ecfce11955a7584472a01d473a88474310d4b9b82101545b771763968c027506485a46243bf0c23654c59576aabc4b5cb0272b78739cb795fd0b009700287b2b2e2c5d0000019ea8455762d23ab3f7bded00c33869118bf45ce4d6a5680d0ba1420e6a7aa79ac9670921cdfefce7811d0e18e13df0e31fd3091ed025d423258aad88e333c4e83d9527f584b7a19a364591b1e214ac8c421d0534fb9515dea5b19ec649eeb0c00b76df69e009bdaa0a2573fc15fb0a69e6e0393cf827e3a7311c2810d5e451768fe4e92769c28c27f9391cbfa4e978cbe196f011bb78f3d1d024737944f4f8f8f45d5d6bb69e933caf63452d2249ca69d2490bfaf8ebc9c7c0a4f18860a41bad8634c4653fd18169895f0e28b56277bcc0e0e3f96c580bacf8f602e6710f3f0ddc943814fae3d6a4ee0cd1ddf2101a981d43d38af7085e0d945a8182fa83bb6555dbebe57d014084793c2fca02a7475202e6c86b11be62a500000800c600", @ANYRES32=0x0, @ANYBLOB="b6110580e17d592225650d125c41831147f2a41f128dce5023ba29075ea9a91f7ac6ae951f393084e5ede2a1bc84d9b2ff3686184b92b4145d94578cf80a4443344d92dca8a78d53b6bfa2d7140430bed55f15808261962d6cd6b123ebd23345860fe47a8b143fe26bca4f5caf7635d3f2e11fc81bc63a84b3098dcd1af4f82c92d2098c23a000a861222be47f1b79003ead1b7cb7936be0b1c36e85037c365dc8500992cfdce4e86c2ac9dbe19eb5c73e09072f20f59c18d06303d5016d4cb4d19db17f520695fe5d28314f4cd1aeb1a2bb0b42c6cb390f930de79cdcd2bbcc77ae8fad490b045bd4f5b76bf097bdf4aab7563d771cc942dd9e0596a14776e2363f15ac950ba46eacfa43c7ac135dd6a1dc36ce3a2badc05f0e640bd45348904c6569efa08bd6b1e7f55f6ce1888c52a2f1030fd5ecf2f983e3caee545a9affed226d5fb3114416749a10eb8233176c66e5c678b227dae42c859de76483bd9ccac55af7be22f08d53be2218c4f768249107ce314516665f653a5427d49a3cd0d088263c19ee93124b78251a6c29a8cd14f50a8039e45a490f8cb038a11014916cf3467754081b85faacfdb6521c6d39815db172d4fa27a2bdadb1c2294183feff281452f98387019712b0d092e1f4e67be92450a1f85513fb160d759f39025f26f04cfffe75d3de683be518aa05881d44336e6f9042775c6680edae6dd708cd33b793eb758c16ad18828d11677f3a87fccf5c597f1f03adcdba8e9e482e0ee092063111b91fa9ae01e387a13b9f55f0d89f6750b70b9c95148c507f7f18e6e7f7b83ea7667b12fb005e16604a65d35a6620ea7704033f4034bd55c6b315b0ef4ee33fe99e1835ec406d09ae2f5627ddaf5793aa1a784cf8ebfc6741938ba5fd44ca37521633f9081ce91307270a20541b623d3b9aae46200b55bd684eb9bc8476bc825d37f987315e14bd6e0e01269414ce8a74e32bb93e71cde0423c6201e8c5959d93dd9f4a835234e385b50b614b19c56299050311551c8b0add6264eb800a1ce9cdb1c3243a93168f0db44d557f17ba5c2db1c1e358e2e57143e1fa0e1bed201857dcbb0c533d0536b5ed77de38ed2854abbcd98fecaf85ce41e30431b9d903645bb6a85053fa9e683f40043a51a75d4041a5c6077b0bb9806374f66ccc9f674db05cbc67718acbf741163c0c919e4ef6b5c330bdef9a05f4b8a8c148099a7ccd7f83a972ec3a778502da11eb51cb84b179154bd994faa579dd0178e7744219473336f12a34ee4a6849c91fde48ef48da0d3f092c7cebe7d86861c1090d7688c2f04cdfc5bbbb1b41409c662622693d34358511ddb3b6fbfc21f1cb9ef0596ec54896d4b80dfc93e5a539a58793ef93c6e3aa44ffafbda75bb71ff2db31d43f027c8799155ccd42a576070b320075149c22b10b0d34c7444f311ec8dec1735e31b135cc47de04df9bc4604e3490799e92ed51035eca01efc860f77075dd60017a4e2f43db26fe60566023d7ebaca2fe5306540cbc4c690714087943646042f35d3eb678a56fb7f1d12a69fc14b0000ed7def3d418cdf1787a64191e0a404931396c42daddd67127175c38e24845d8f7d54d9f865640a6c916ce31e9f27e57fd956a99bef9da788246b47d5768bf13aa6aff3fd3863fc03fc9e762b007d5012def408951042ddb024723cd351c702e6100c6f48c1ff97911e2f5554c567405a826d24ebafe1e21c0a92b7819a94d48ed19e0c1e3cca30964d47831dea3cc5d27e6dd16a44c1b99d1ae83c23f47f793117a9c2bceba21b28aabf430c38fa8bcf872d41b393d6b4884b25d32445df390fdd215dcef0bb8ace421d8276137fa251632708c9c87b0fee4757e6b58bc8ea3c29a80514098f8b2093db9c50f57f5c98bcb04ca79474f62f915c855cec37b1a9e200e009ad087542934b225781701d01866b49a002756d3282e67dbf756f7689dddf546d1c68c5b4069fa61699c22483d528cf5f0d950df0f0856d26b3a99db973e3a31a0390594f8e6baaae9240827615bc6bba644110ab880df246f41a523f7e3b27047419e33d0bbf0e4163eb6ecfce0847066785a71fe13bd06409e21f8b7223b1d274ef8c39a9daba3608deb6790214fd2eb17baee72ad9d980f279214383525e64320380272391045cb4dbe805601c67bf089753df4ca485b56e5f8e6f02ef7e5f9ecf46744a5a429d035b761564569e995fc084b91895a7daff5268eecf9ddb58b4b45585a9b9470478a90cda53f221a679d663b587f45c4f80fcd0a65ae7d10d8ad0e93b22a3390349036d94c5055db4778d466efed94015a08919f6306b8b7f8ca28469b8925d751d5b7f8e3ec0c3821f8c5ecb2a18cd24c163e219c44a698b13c4358f317829a37cc7d8d39d6f4b2d60ff0f665234fb7be992416ff3f4e9ad4743689851d99fe2eaf8ad75d64258d4e1db3c54b2cf3d32d5c17adc2497f0ac7a71f2387cc44a6f9bff51e8d22bcf91702c77b0a4e1a020c1fa196d18f6022582ad8f9b8590f4da0e428c00378be76eb71fc3b4a950745613c7b1f801cf5539be902861fe91f94b1caeba10cc37cb1e3170db410701ebed21e7da47b36064cb639056c200aba39207b524e74c9108102a6e41706dd5ed3b73e1da148416af0d48850f1e64db00953a0cbc67c39cab64d43f693460f5d77ee272133ab612d45e70024b988c715f638552da7d2d492543fa9c80dbb1af47e93df787a93643e4dd11aabce2a6b679b2942dfcaeda00e20e0019f3d6dbb6d515eb3e71cad47d68f825d64192a1849c7cfc06a3d7db3da4ec22b485eb8ecf99155261828b452aaf753db79f32e458e5c6f4fa455004e3e6fe418862e2cde9fb0e0939a8d5cc8535c331c96c061c5f90426144702f1974b07666935907a977e7e8f450820a3b6e905b889a4ccf63b7a1e8418287800048d5ccbf55b0199dcf06032d2c2a2c447e0a400dcdba851bc137e4bbe850ec5ca08f2647027771abda3ca61b38f8b8399b054a13ba957511623292076be73a30ebd5a7a49c544bc2ea806ef4c87", @ANYRES32, @ANYBLOB="ae97abaee9d03c677308d00302641c0c001b002a5c7d5b5d7d210006d077075fbcbcc52f98818134d097db40be5edec191f211fde3ab0ecfe7805e737583ba406dd37587e4bc1410d1388ae7ba18215f696b0decc964784dddc059897a6c227d76450016587125fd5c27782efad19d90bf0b8d42e6c4d4ec19e222eb5fa45457e32902b30eff9e788bc1cfd24c9e3ab7fac6d01a0a4b2d693ce53a93dc19885f009c035b34a07156c93c2130e38837257c3eaa826acfa53a9904dd36e6c6a542b8d25c0943a1290a00c9007b255e3a29000000", @ANYRES32=r7, @ANYBLOB="3c6776f522cb589c8d2a88dee522a864a8a6cc61eac844eb4ce848e80c9e88f2e8ff7531de7b88eabddefff0fe89a9b2d337b115238bef65aad856dc6bd747c92ef31c394ad1608ee0152ad661c2806cfeb904142cbaa3fb9811d7ef12520e5a09697e3ca1659aac6aa2fa4d073a8b17133dee66a339b24cd15da35b622a409a00d900493c3092a376d51ec3db4ce88f279ad5b8db1fe508264482b5fd8f211265330d2af0c5b86f89924aa7202f9688789901bc532265cbed9a45bd686d8b632697f6c22a7003261850ffa9d328f15951be7c9b2e153407187e652dc7799f8d0f3f3d85b0a037add7a86ba4b8d37550795c57b772f7057f1469c8afa10cfb52ce9acf0c1317ab7fa0fe50b46fd6b1df9187350facbdaf7dfd0000dcd941cef7f617cf8dfdfb676bbab69fb2f110ce7af210c13714916dec59107f8e99dc2f0f50a4b92b30d1449b169ab090d277e7513a2732893aae67d05795d33748e6e25de5c409f474fab9aebed61fca684ebb6a4073d9c90a5d64b177a5616909cd561d8b0c984765d44174d69c3d145eb23736bb93facfc5a7b8a7fb00c92639a904a55d15b9eae65d2b485b4047f36f6e76ae53f052c74e7832d7a5a84503822f736028a0532a1e0840d4cd7a6d8117896bf272bdc030711f153a5f6f25eb279e50f884d6baac222625aa7f840b1d594ec12f6d75cce96b44c38d3eb63401480502bc8b14cb1722bd392dbd0003fcb7070c002100000000000000000008000700ffffffff000016110280f3888492b1e3cdb1c03d09f3db60b070c604a395f13908240fcd337298b1ab6d38bb913866082c5fa270301f4adbede3543332415e182395ce2b46f26391e65df92fe09d51a8b5252cbb5a3ffd837cde9515c79b3151cfb4a5adf9f6e3e01193c75eae206d9da30d1c557a3bc360bdbb27bb6c22d2badc946f68c845f0c6a984fca6e2a0d91071fc5b2adddf62b5203e49e1f84f548d16bc8acb949079567d1145d4c484aed3a7230561370690e2f08748fe4d86fd562c186adee1f1a4dc233aa19671516778b1f57cb5ece3bdd43ead9a4ac155def1e0b8b2677ba29b49632a94aecac500a46e3df8c1e12d7a94cd46a174b835c8cc0d03dc0bf0050d759ca90f3a8368c7a813ef9bf4284a84581d2b1c95c166d3662f8430cd5236fd345aaa3c1f3022e5def239b0fc22a8914218f78f626f4e2de09d47c510ead9c0251e3859f28cc4421680608d4ec8b3e57f4f42b8839f1fcb1b771114e9caef26462aca2dffc3f551b32214b1552fddf95eb140158a9002893fa69029a394b7538f5f0453052fa0a09d64dcc2ff9e857fa3c70e315b4451e4d625353b43132dc59fb2ebc5a671182355d23068d1ed2c194f5a3377bbe58e3a1dd426debf37ddf1506f37f68aa2b442d154c43e1ced3764819405dfc715cca147ed33ceae8d918c02d7c0dd0dabe9f6311cfec1f23c491d08cb7bb300a13d83c1d5df5c0dfc419ca080f4e4f26c3c0b8379302a02b670891992f5f7d06af1dd93917f345f826601b85966301e514c7a9f7d524269fb1037013112b2d7afd16a0a86b3710a4fc51b86260f1496150754183e430b03a4c0e85af51c351118fd2a5a0908e41fffac81973f8d4cac5f00d03ce27bb4aada03f702e87aee3cccf668ea64ce82ea10c0165f66dda0b7fac122d31b93737ed6c6f9b1a7829921307693042f4b39bc2e7e22d04c7c335d169e91e159a113d158dbc9f7f0829f6a536b0e0635e3c430309c4d87edfd713f1df2aa909810ea3f7df305adbd910ab0663624aa9999b405c571330a6434def0391228cc25cc9584cfcbda6dfb27146a246874c2c6ac77176f4e8ef2cd4f2986a7c442e4f9db6f3ffe83899bed06f13b1e84a7ea656ad40626f0111f8ae45d70825f16c2e90e3520433f3b3f66f4b1f274303e5a5730b9be0c96599a2bc5c07c9caf76d8487e755237c95ae8ccc784ccccded4621c1b4ffb08b23585040557b979dfa53e4aa5fd0d6a84049fc35c220d123366ffc0124907e0d83852ad259a1e5fb2d55a2315caa492a2032f56f6400f0628a1bf1be0a45e5797ec17e9017426e6738c1364bd9a027014fd71130400d37de2ba08f36e8adec07e21f3c11d816360a51e311be739f30e29fafec702880241a7325020c1b37ef6d08364b110973a5107d488865b98538a4515fb19959022411ee84d01600fa9b2946b8d59c0cd868248be46f22e7e6543899de825440a0e14e2e2170bd79ba71cf0d4f8d3e39094ef6056fbafa386c13e8b72a6246aab733c23a603f6b8bcc2b2cf42120043025ddb6b625a591823f5072a9f2415dfc661ba1f714bb8a58b7194d46adaddb1baf009d7614d92471e066c91ccc87bfbd5c1aa567237be7e047f736b3c5e05f47b745a8dd2e452037c441718d96a645ffc49f0c9bc5c0e941f196aae28293f6b8d55165a41e00326e3481f40f1e1331f128d2311ce951c49dc99aef1ac3dfe5fb160d34d1e9c83a81865e2b7810a6eaf5a4e5ac88f83ff9dd14ab4258961db67ba82c3637b4de4943f8a45ef812ae74a32c7b0e40b03d3c018c7d1ad1561784df3a6c1d2ff42ef153268847b8b5b10f92b21f2914ef32ab65fae0190108be697842800bf727a28f516189b229d918add94f7ca130aef9563a84c337295d7db035ae58565f0ccd08c3c8c8e8c3d3e3a15ad27c5502d2806d0309243961c6d733f666d26fd046a2728e489f51d6f58e1cfecd875b0c2c6b8674d44f77eb157acd86b5720c1195c45f39e48bfafaaa352b7e6efa498e82a140bc189db70b2052f25dc99f966a204da83e757e3c497f5f1c3375933ebbd5dfb5322ebfb54c5f5e68ad88c6cc950183b1956471eb3907099216cc4943a4cdfafccaff93d1a0a2e2f08ceb9002f23b298c94264edb854e0581c77c0aa6523962d88f3972131076b2c5b70193b3cf870c06ec388dccf1e2866792070887bdbf3b179f3f2e7a66f4d79925c8bc610c36ada64aa6dd8fc8ed88e6e99c5cf3310933cdc740de81e864fa12217e6ff9f9c914b2eb73391486daf6d6b269c036eb2f22ddf35ee20f91a96fe079b306f84961f578536741ce17e42b27e4d7a5008140f42c2cf017ac916423c7263db39ccac716a3f298bcf6a25d6c2584ba87bc7c50f1402b5501702c2abe65514c25b07f342433701c8b37b94c8e4f58696b96ab15aaa66f47b2c4e9f74a6abb44031953950a4195a8e7dc71d40f1bc4c83e3df010f963f98cab25b1196641495c651671e9fe22c11c61116856e8e2c51bf83bd8b3146b8e3ad1216e1934be6718d1beb4526bc11d112d713133b8a3fe8942a09d214ba9d087179890c1d8717d9f4bda6185f9bc9ded5aa68b0ddfcd3e0b6545694c208acae5f92615e6a3f48f15d294a80f5277c66b9fd6a496d9ad4e9c8cb0ba2705263f589e0a7aae5fc6012e76f03b1a1075f48ba6aac542a9029298dc2bd77c1d6b63338042c6c65d936a64e3ac3833d0559da6b23175aa120d0692eef43bc41d5138c5dfd654100d91d3dd00d6b93959b518e44dd5540fcc093"], 0x2a20}, 0x1, 0x0, 0x0, 0x400c0}, 0x0)
pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1cJ\x99\x00:c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
setresuid$auto(0x0, 0x8, 0x8000)
shmget$auto(0x8, 0x10563, 0x568d1af2)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xd, 0x1, 0x948b, 0x1, 0x15f4da0a, 0x1, 0xffffffffd09d8d67, 0x62, 0x80000023, 0x8000000000007, 0x6d3e, 0x4, 0x2, 0x2]}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, 0x0, 0x542, 0x0)

401.159008ms ago: executing program 3 (id=1498):
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/gss_krb5_enctypes\x00', 0x1c9180, 0x0)
read$auto_tracing_stats_fops_trace(r0, 0x0, 0x0)

265.560315ms ago: executing program 0 (id=1499):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd10/queue/nr_requests\x00', 0x82942, 0x0)
sendfile$auto(r0, r0, 0x0, 0x200)

134.904721ms ago: executing program 1 (id=1500):
openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x1a1000, 0x0)
ioctl$auto(0x3, 0x4188aec6, 0xffffffffffffffff)

0s ago: executing program 1 (id=1501):
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup/cgroup.type\x00', 0x103042, 0x0)
sendfile$auto(0x1, 0x3, 0x0, 0x6)

kernel console output (not intermixed with test programs):

108.725354][ T5855] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.735361][ T5855] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.746539][ T5855] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.757617][ T5855] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.860669][ T5853] veth0_macvtap: entered promiscuous mode
[  108.875208][ T5857] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.898816][ T5858] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.907284][ T5853] veth1_macvtap: entered promiscuous mode
[  108.994795][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.044825][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.082980][   T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.094382][   T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.098464][ T5853] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.111731][ T5853] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.120695][ T5853] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.129490][ T5853] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.173078][ T5857] veth0_vlan: entered promiscuous mode
[  109.217962][ T5857] veth1_vlan: entered promiscuous mode
[  109.248935][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.257883][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.282867][ T5858] veth0_vlan: entered promiscuous mode
[  109.317740][ T5858] veth1_vlan: entered promiscuous mode
[  109.378171][ T5855] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  109.426938][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.449946][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.485270][ T5857] veth0_macvtap: entered promiscuous mode
[  109.545109][ T5857] veth1_macvtap: entered promiscuous mode
[  109.596316][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.616553][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.633181][ T5858] veth0_macvtap: entered promiscuous mode
[  109.654431][ T5858] veth1_macvtap: entered promiscuous mode
[  109.723552][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.756768][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.810933][ T5867] Bluetooth: hci3: command tx timeout
[  109.810953][ T5862] Bluetooth: hci2: command tx timeout
[  109.811513][ T5862] Bluetooth: hci0: command tx timeout
[  109.816558][ T5854] Bluetooth: hci1: command tx timeout
[  109.824268][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.870735][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.942565][ T5858] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.971303][ T5858] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  110.114583][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  110.159155][ T5858] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  110.168141][ T5858] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  110.262611][ T5857] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  110.284656][ T5857] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  110.324713][ T5857] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  110.324765][ T5857] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  110.620358][ T2955] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.628274][ T2955] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.695922][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.719998][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.875919][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.900237][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.048034][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.058963][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.059660][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  111.079684][ T5958] Zero length message leads to an empty skb
[  111.140212][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  111.279368][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  111.290653][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  111.299479][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  111.619418][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  111.719473][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  111.727878][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  111.737541][    T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!!
[  111.889496][ T5854] Bluetooth: hci0: command tx timeout
[  111.910105][ T5854] Bluetooth: hci1: command tx timeout
[  111.910190][ T5169] Bluetooth: hci2: command tx timeout
[  111.921512][ T5862] Bluetooth: hci3: command tx timeout
[  112.819703][ T5972] netlink: 186 bytes leftover after parsing attributes in process `syz.2.3'.
[  113.447894][ T5986] random: crng reseeded on system resumption
[  113.813610][ T5984] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  115.327283][ T5998] zswap: compressor 000 not available
[  115.564530][ T6004] netlink: 28 bytes leftover after parsing attributes in process `syz.1.11'.
[  115.775500][ T6007] hub 8-0:1.0: USB hub found
[  115.790784][ T6007] hub 8-0:1.0: 1 port detected
[  115.994127][ T5998] zswap: compressor  not available
[  117.242942][ T6024] binder: 6023:6024 unknown command 0
[  117.248420][ T6024] binder: 6023:6024 ioctl c0306201 2000000000c0 returned -22
[  119.959123][ T6050] mmap: syz.0.18 (6050) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  119.972883][ T6057] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5
[  120.722523][ T6060] netlink: 4 bytes leftover after parsing attributes in process `syz.1.20'.
[  120.913005][ T6059] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6
[  122.722001][ T6048] syz.0.18 (6048) used greatest stack depth: 19784 bytes left
[  123.930366][ T6045] Bluetooth: hci0: Unable to find connection for big 0xd2
[  124.283524][ T6090] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  127.378292][ T6121] random: crng reseeded on system resumption
[  128.202560][ T6114] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  128.280029][ T6114] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  131.212487][ T6154] ptrace attach of "./syz-executor exec"[5858] was attempted by "./syz-executor exec"[6154]
[  136.619860][ T6217] input: jJǸ-���9�%v����l��Q�	J86�� as /devices/virtual/input/input7
[  136.881600][ T6224] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  136.890746][ T6224] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  137.130381][ T6224] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  137.202759][ T6233] netlink: 8 bytes leftover after parsing attributes in process `syz.2.47'.
[  137.265340][ T6224] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  137.286621][ T6224] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  137.314122][ T6224] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  137.357080][ T6224] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  137.380105][ T6224] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  137.411859][ T6224] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  137.422717][ T6224] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  137.428886][ T6224] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  137.483578][ T6224] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  138.495533][   T30] audit: type=1800 audit(2147483655.670:2): pid=6249 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.49" name="features" dev="configfs" ino=7645 res=0 errno=0
[  138.933719][ T6045] Bluetooth: hci0: command 0x0c1a tx timeout
[  139.207491][ T6250] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE�r��҄y�*�"�l-���y–��
[  139.329115][ T6045] Bluetooth: hci1: command 0x0c1a tx timeout
[  139.421367][ T6045] Bluetooth: hci2: command 0x0c1a tx timeout
[  139.512750][ T6045] Bluetooth: hci3: command 0x0c1a tx timeout
[  140.076523][ T6264] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  141.040087][ T6045] Bluetooth: hci0: command 0x0c1a tx timeout
[  141.409162][ T6045] Bluetooth: hci1: command 0x0c1a tx timeout
[  141.502284][ T6045] Bluetooth: hci2: command 0x0c1a tx timeout
[  141.653807][ T6045] Bluetooth: hci3: command 0x0c1a tx timeout
[  143.089363][ T6045] Bluetooth: hci0: command 0x0c1a tx timeout
[  143.225672][ T6304] syz.3.59 uses obsolete (PF_INET,SOCK_PACKET)
[  143.415379][ T6309] netlink: 4 bytes leftover after parsing attributes in process `syz.1.60'.
[  143.484704][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  143.491562][ T6045] Bluetooth: hci1: command 0x0c1a tx timeout
[  143.519809][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  143.579219][ T6045] Bluetooth: hci2: command 0x0c1a tx timeout
[  143.734530][ T6045] Bluetooth: hci3: command 0x0c1a tx timeout
[  146.307356][ T6332] ubi0: attaching mtd0
[  146.528798][ T6332] ubi0: scanning is finished
[  146.584429][ T6332] ubi0: empty MTD device detected
[  147.515400][ T6332] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  147.687301][ T6332] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  147.721682][ T6332] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  147.739169][ T6332] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  147.746838][ T6332] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  147.761480][ T6332] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  147.773575][ T6332] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3796781956
[  147.789279][ T6332] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  147.874767][ T6348] ubi0: background thread "ubi_bgt0d" started, PID 6348
[  149.197784][ T6362] random: crng reseeded on system resumption
[  150.218455][ T6373] can: request_module (can-proto-3) failed.
[  151.079777][ T6379] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8
[  151.615270][ T6380] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9
[  151.629829][ T6386] process 'syz.0.72' launched ':,' with NULL argv: empty string added
[  152.807674][ T6405] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10
[  153.140061][ T6410] netlink: 8 bytes leftover after parsing attributes in process `syz.0.74'.
[  154.140683][ T6416] lo: entered allmulticast mode
[  154.206210][ T6417] lo: left allmulticast mode
[  155.106114][ T6420] can0: slcan on ttyS2.
[  155.280008][ T6419] can0 (unregistered): slcan off ttyS2.
[  160.659278][ T6481] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input11
[  165.402290][ T6045] Bluetooth: hci1: Unable to find connection for big 0xd2
[  166.323536][ T6549] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  167.899544][ T6562] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12
[  168.127155][ T6568] ubi: mtd0 is already attached to ubi0
[  168.831282][ T6571] netlink: 504 bytes leftover after parsing attributes in process `syz.2.98'.
[  168.877199][ T6571] netlink: 350 bytes leftover after parsing attributes in process `syz.2.98'.
[  169.526084][ T6583] random: crng reseeded on system resumption
[  170.000309][ T6590] ubi0: detaching mtd0
[  170.035526][ T6590] ubi0: mtd0 is detached
[  170.488426][ T6599] netlink: 8 bytes leftover after parsing attributes in process `syz.3.105'.
[  170.512245][ T6599] netlink: 8 bytes leftover after parsing attributes in process `syz.3.105'.
[  171.041283][ T6589] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13
[  173.229313][ T6636] netlink: 342 bytes leftover after parsing attributes in process `syz.3.110'.
[  173.426662][ T6632] capability: warning: `syz.3.110' uses 32-bit capabilities (legacy support in use)
[  173.925037][ T6623] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input14
[  179.071046][ T6669] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[  181.727330][ T6712] FAULT_INJECTION: forcing a failure.
[  181.727330][ T6712] name failslab, interval 1, probability 0, space 0, times 0
[  181.740795][ T6712] CPU: 1 UID: 0 PID: 6712 Comm: syz.3.123 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  181.740841][ T6712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  181.740861][ T6712] Call Trace:
[  181.740872][ T6712]  <TASK>
[  181.740889][ T6712]  dump_stack_lvl+0x16c/0x1f0
[  181.740949][ T6712]  should_fail_ex+0x512/0x640
[  181.740996][ T6712]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  181.741057][ T6712]  should_failslab+0xc2/0x120
[  181.741089][ T6712]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  181.741161][ T6712]  ? kstrdup_const+0x63/0x80
[  181.741218][ T6712]  kstrdup+0x53/0x100
[  181.741270][ T6712]  kstrdup_const+0x63/0x80
[  181.741319][ T6712]  __kernfs_new_node+0x9b/0x8e0
[  181.741372][ T6712]  ? __pfx___kernfs_new_node+0x10/0x10
[  181.741430][ T6712]  ? find_held_lock+0x2b/0x80
[  181.741466][ T6712]  ? kernfs_root+0xee/0x2a0
[  181.741521][ T6712]  kernfs_new_node+0x13c/0x1e0
[  181.741582][ T6712]  __kernfs_create_file+0x53/0x350
[  181.741624][ T6712]  cgroup_addrm_files+0x546/0xc20
[  181.741689][ T6712]  ? __xa_store+0x1dc/0x2e0
[  181.741721][ T6712]  ? __pfx_cgroup_addrm_files+0x10/0x10
[  181.741771][ T6712]  ? __pfx___xa_store+0x10/0x10
[  181.741818][ T6712]  ? do_raw_spin_unlock+0x172/0x230
[  181.741857][ T6712]  css_populate_dir+0x169/0x580
[  181.741920][ T6712]  cgroup_apply_control_enable+0x3f3/0xbb0
[  181.741989][ T6712]  cgroup_mkdir+0x5e7/0x11f0
[  181.742049][ T6712]  ? __pfx_cgroup_mkdir+0x10/0x10
[  181.742102][ T6712]  kernfs_iop_mkdir+0x111/0x190
[  181.742156][ T6712]  ? bpf_lsm_inode_mkdir+0x9/0x10
[  181.742190][ T6712]  vfs_mkdir+0x590/0x8c0
[  181.742237][ T6712]  do_mkdirat+0x304/0x3e0
[  181.742288][ T6712]  ? __pfx_do_mkdirat+0x10/0x10
[  181.742342][ T6712]  ? getname_flags.part.0+0x1c5/0x550
[  181.742388][ T6712]  __x64_sys_mkdir+0xef/0x140
[  181.742439][ T6712]  do_syscall_64+0xcd/0x490
[  181.742501][ T6712]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  181.742537][ T6712] RIP: 0033:0x7fd1ad98e929
[  181.742570][ T6712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  181.742607][ T6712] RSP: 002b:00007fd1ae75a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[  181.742639][ T6712] RAX: ffffffffffffffda RBX: 00007fd1adbb5fa0 RCX: 00007fd1ad98e929
[  181.742661][ T6712] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000
[  181.742682][ T6712] RBP: 00007fd1ada10b39 R08: 0000000000000000 R09: 0000000000000000
[  181.742703][ T6712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  181.742722][ T6712] R13: 0000000000000000 R14: 00007fd1adbb5fa0 R15: 00007ffd3e4abd98
[  181.742766][ T6712]  </TASK>
[  181.742818][ T6712] cgroup: cgroup_addrm_files: failed to add usage_in_bytes, err=-12
[  182.531363][ T6723] netlink: 28 bytes leftover after parsing attributes in process `syz.3.125'.
[  182.630733][ T6725] netlink: 330 bytes leftover after parsing attributes in process `syz.3.125'.
[  182.735706][ T6729] netlink: 20 bytes leftover after parsing attributes in process `syz.3.125'.
[  182.845736][ T6723] ipvlan1: entered allmulticast mode
[  182.912469][ T6723] veth0_vlan: entered allmulticast mode
[  184.077728][ T6737] warning: `syz.0.126' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  186.079690][ T6770] Invalid ELF header magic: != ELF
[  186.855176][ T6045] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260
[  186.856088][ T6045] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260
[  186.877543][ T6045] Bluetooth: hci0: Unknown advertising packet type: 0x7f
[  186.877694][ T6045] Bluetooth: hci0: adv larger than maximum supported
[  186.884835][ T6045] Bluetooth: hci0: adv larger than maximum supported
[  186.892745][ T6045] Bluetooth: hci0: Unknown advertising packet type: 0x72
[  186.899749][ T6045] Bluetooth: hci0: adv larger than maximum supported
[  186.906971][ T6045] Bluetooth: hci0: Malformed LE Event: 0x0d
[  187.280000][ T6772] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  187.280000][ T6772] The task syz.1.132 (6772) triggered the difference, watch for misbehavior.
[  187.828414][ T6782] netlink: 28 bytes leftover after parsing attributes in process `syz.1.134'.
[  187.938584][ T6788] netlink: 28 bytes leftover after parsing attributes in process `syz.3.133'.
[  188.017589][ T6782] team0: Port device team_slave_1 removed
[  188.262049][ T6788] team0: Port device team_slave_1 removed
[  190.866702][ T6826] netlink: 28 bytes leftover after parsing attributes in process `syz.0.142'.
[  191.163311][ T6826] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  191.301588][ T6826] batman_adv: batadv0: Removing interface: batadv_slave_0
[  191.357932][ T6826] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  191.416606][ T6826] batman_adv: batadv0: Removing interface: batadv_slave_1
[  198.040573][ T6864] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[  199.084213][ T6913] FAULT_INJECTION: forcing a failure.
[  199.084213][ T6913] name failslab, interval 1, probability 0, space 0, times 0
[  199.331484][ T6913] CPU: 1 UID: 0 PID: 6913 Comm: syz.1.155 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  199.331534][ T6913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  199.331553][ T6913] Call Trace:
[  199.331565][ T6913]  <TASK>
[  199.331578][ T6913]  dump_stack_lvl+0x16c/0x1f0
[  199.331637][ T6913]  should_fail_ex+0x512/0x640
[  199.331688][ T6913]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  199.331740][ T6913]  should_failslab+0xc2/0x120
[  199.331773][ T6913]  __kmalloc_cache_noprof+0x6a/0x3e0
[  199.331829][ T6913]  ? mem_cgroup_css_alloc+0xdc/0x1e80
[  199.331873][ T6913]  ? mem_cgroup_css_alloc+0x83a/0x1e80
[  199.331924][ T6913]  mem_cgroup_css_alloc+0x83a/0x1e80
[  199.331983][ T6913]  cgroup_apply_control_enable+0x4b0/0xbb0
[  199.332051][ T6913]  cgroup_mkdir+0x5e7/0x11f0
[  199.332108][ T6913]  ? __pfx_cgroup_mkdir+0x10/0x10
[  199.332159][ T6913]  kernfs_iop_mkdir+0x111/0x190
[  199.332206][ T6913]  ? bpf_lsm_inode_mkdir+0x9/0x10
[  199.332239][ T6913]  vfs_mkdir+0x590/0x8c0
[  199.332282][ T6913]  do_mkdirat+0x304/0x3e0
[  199.332331][ T6913]  ? __pfx_do_mkdirat+0x10/0x10
[  199.332382][ T6913]  ? getname_flags.part.0+0x1c5/0x550
[  199.332422][ T6913]  __x64_sys_mkdir+0xef/0x140
[  199.332470][ T6913]  do_syscall_64+0xcd/0x490
[  199.332522][ T6913]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.332554][ T6913] RIP: 0033:0x7f987d58e929
[  199.332579][ T6913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  199.332610][ T6913] RSP: 002b:00007f987b3f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[  199.332640][ T6913] RAX: ffffffffffffffda RBX: 00007f987d7b6080 RCX: 00007f987d58e929
[  199.332661][ T6913] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000
[  199.332680][ T6913] RBP: 00007f987d610b39 R08: 0000000000000000 R09: 0000000000000000
[  199.332698][ T6913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  199.332716][ T6913] R13: 0000000000000000 R14: 00007f987d7b6080 R15: 00007ffefd8b2278
[  199.332757][ T6913]  </TASK>
[  201.433883][ T6938] Invalid ELF header magic: != ELF
[  202.098134][ T6955] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15
[  202.601381][ T6966] netlink: 'syz.1.162': attribute type 2 has an invalid length.
[  203.768963][ T6978] ALSA: mixer_oss: invalid OSS volume '0'
[  203.774793][ T6978] ALSA: mixer_oss: invalid OSS volume ''
[  204.850642][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  204.857227][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  206.143955][ T7014] FAULT_INJECTION: forcing a failure.
[  206.143955][ T7014] name failslab, interval 1, probability 0, space 0, times 0
[  206.196837][ T7014] CPU: 1 UID: 0 PID: 7014 Comm: syz.2.169 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  206.196883][ T7014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  206.196901][ T7014] Call Trace:
[  206.196911][ T7014]  <TASK>
[  206.196923][ T7014]  dump_stack_lvl+0x16c/0x1f0
[  206.196974][ T7014]  should_fail_ex+0x512/0x640
[  206.197022][ T7014]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  206.197076][ T7014]  should_failslab+0xc2/0x120
[  206.197109][ T7014]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  206.197158][ T7014]  ? _raw_spin_unlock+0x28/0x50
[  206.197200][ T7014]  ? alloc_inode+0xc3/0x240
[  206.197240][ T7014]  alloc_inode+0xc3/0x240
[  206.197274][ T7014]  new_inode+0x22/0x1c0
[  206.197310][ T7014]  simple_fill_super+0x306/0x720
[  206.197361][ T7014]  ? __pfx_nfsd_fill_super+0x10/0x10
[  206.197397][ T7014]  nfsd_fill_super+0x90/0x530
[  206.197430][ T7014]  ? __pfx_set_anon_super_fc+0x10/0x10
[  206.197471][ T7014]  ? __pfx_nfsd_fill_super+0x10/0x10
[  206.197522][ T7014]  get_tree_keyed+0x10b/0x1d0
[  206.197572][ T7014]  vfs_get_tree+0x8b/0x340
[  206.197622][ T7014]  path_mount+0x1414/0x2020
[  206.197678][ T7014]  ? kmem_cache_free+0x2d1/0x4d0
[  206.197726][ T7014]  ? __pfx_path_mount+0x10/0x10
[  206.197785][ T7014]  ? putname+0x154/0x1a0
[  206.197821][ T7014]  __x64_sys_mount+0x28d/0x310
[  206.197875][ T7014]  ? __pfx___x64_sys_mount+0x10/0x10
[  206.197943][ T7014]  do_syscall_64+0xcd/0x490
[  206.197999][ T7014]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.198033][ T7014] RIP: 0033:0x7f0d35b8e929
[  206.198060][ T7014] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  206.198092][ T7014] RSP: 002b:00007f0d36a9b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  206.198125][ T7014] RAX: ffffffffffffffda RBX: 00007f0d35db6080 RCX: 00007f0d35b8e929
[  206.198147][ T7014] RDX: 0000200000000140 RSI: 0000200000000100 RDI: 0000000000000000
[  206.198169][ T7014] RBP: 00007f0d35c10b39 R08: 0000000000000000 R09: 0000000000000000
[  206.198190][ T7014] R10: 0000000000010001 R11: 0000000000000246 R12: 0000000000000000
[  206.198210][ T7014] R13: 0000000000000000 R14: 00007f0d35db6080 R15: 00007ffd8a8215e8
[  206.198254][ T7014]  </TASK>
[  206.696097][ T7019] netlink: 28 bytes leftover after parsing attributes in process `syz.3.170'.
[  207.219799][ T7027] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16
[  207.247226][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  207.253615][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  207.901230][ T7028] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17
[  209.664429][ T7053] netlink: 'syz.3.175': attribute type 2 has an invalid length.
[  211.737905][ T7062] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18
[  212.348133][ T7072] netlink: 48 bytes leftover after parsing attributes in process `syz.0.178'.

syzkaller
syzkaller login: [  214.750918][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  214.757621][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  214.903243][ T7094] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  214.985567][ T7094] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  215.054501][ T7094] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  215.076960][ T7094] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  216.379527][ T6045] Bluetooth: hci0: command 0x0c1a tx timeout
[  217.008568][ T6045] Bluetooth: hci1: command 0x0c1a tx timeout
[  217.086579][ T6045] Bluetooth: hci3: command 0x0c1a tx timeout
[  217.092700][ T6045] Bluetooth: hci2: command 0x0c1a tx timeout
[  218.967742][ T7157] random: crng reseeded on system resumption
[  219.932219][ T7161] ptrace attach of "./syz-executor exec"[5858] was attempted by "./syz-executor exec"[7161]
[  220.497294][ T7177] netlink: 48 bytes leftover after parsing attributes in process `syz.3.197'.
[  230.343172][ T7280] tty tty12: ldisc open failed (-12), clearing slot 11
[  230.370045][ T7282] tty tty49: ldisc open failed (-12), clearing slot 48
[  230.501512][ T7300] netlink: zone id is out of range
[  230.506793][ T7300] netlink: zone id is out of range
[  230.512567][ T7300] netlink: zone id is out of range
[  230.518777][ T7300] netlink: zone id is out of range
[  230.532895][ T7300] netlink: zone id is out of range
[  230.562688][ T7300] netlink: zone id is out of range
[  230.727312][ T7300] netlink: zone id is out of range
[  230.732512][ T7300] netlink: zone id is out of range
[  230.844640][ T7300] netlink: zone id is out of range
[  230.922397][ T7300] netlink: zone id is out of range
[  231.671815][ T7296] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0x0 pfn:0x78400
[  231.703888][ T7296] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff)
[  231.758184][ T7296] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000
[  231.767488][ T7296] raw: 0000000000000000 0000000000000000 0000000400000002 0000000000000000
[  231.777572][ T7296] page dumped because: unmovable page
[  231.783300][ T7296] page_owner tracks the page as allocated
[  231.793731][ T7296] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5847, tgid 5847 (syz-executor), ts 102710951507, free_ts 37137900364
[  231.817373][ T7296]  post_alloc_hook+0x1c0/0x230
[  231.844872][ T7296]  get_page_from_freelist+0x1321/0x3890
[  231.861681][ T7296]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  231.869063][ T7296]  alloc_pages_mpol+0x1fb/0x550
[  231.874728][ T7296]  alloc_pages_noprof+0x131/0x390
[  231.880654][ T7296]  __vmalloc_node_range_noprof+0x72f/0x14b0
[  231.899537][ T7296]  vmalloc_user_noprof+0x9e/0xe0
[  231.908333][ T7296]  kcov_ioctl+0x4c/0x730
[  231.914179][ T7296]  __x64_sys_ioctl+0x18b/0x210
[  231.931305][ T7296]  do_syscall_64+0xcd/0x490
[  231.936656][ T7296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  231.942751][ T7296] page last free pid 1 tgid 1 stack trace:
[  231.951989][ T7296]  __free_frozen_pages+0x7fe/0x1180
[  231.957756][ T7296]  free_contig_range+0x183/0x4b0
[  231.964536][ T7296]  destroy_args+0x7f6/0xa60
[  231.969347][ T7296]  debug_vm_pgtable+0x13b8/0x2d00
[  231.977145][ T7296]  do_one_initcall+0x120/0x6e0
[  231.982061][ T7296]  kernel_init_freeable+0x5c2/0x900
[  231.988907][ T7296]  kernel_init+0x1c/0x2b0
[  231.993439][ T7296]  ret_from_fork+0x5d7/0x6f0
[  232.000243][ T7296]  ret_from_fork_asm+0x1a/0x30
[  233.388815][ T7342] input: jJǸ-���9�%v����l��Q�	J86�� as /devices/virtual/input/input19
[  236.349807][ T7381] net_ratelimit: 21 callbacks suppressed
[  236.349840][ T7381] netlink: zone id is out of range
[  236.595744][ T7381] netlink: zone id is out of range
[  236.865971][ T7381] netlink: set zone limit has 8 unknown bytes
[  238.020093][ T7394] binder: 7390:7394 ioctl c018620c 0 returned -1
[  239.904991][ T7423] binder: 7418:7423 ioctl c0306201 2000000003c0 returned -14
[  241.340401][ T7442] random: crng reseeded on system resumption
[  242.055487][ T7447] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20
[  242.329694][ T7454] netlink: 8 bytes leftover after parsing attributes in process `syz.0.244'.
[  242.757362][ T7453] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input21
[  243.649405][ T7465] ALSA: mixer_oss: invalid OSS volume ''
[  243.754993][ T7465] ubi0: attaching mtd0
[  243.781825][ T7465] ubi0 error: validate_ec_hdr: bad VID header offset 64, expected 3965
[  243.808185][ T7465] ubi0 error: validate_ec_hdr: bad EC header
[  243.814335][ T7465] Erase counter header dump:
[  243.819953][ T7465] 	magic          0x55424923
[  243.826217][ T7465] 	version        1
[  243.831906][ T7465] 	ec             1
[  243.835810][ T7465] 	vid_hdr_offset 64
[  243.835840][ T7465] 	data_offset    128
[  243.835854][ T7465] 	image_seq      -498185340
[  243.835867][ T7465] 	hdr_crc        0x2d9fef29
[  243.835880][ T7465] erase counter header hexdump:
[  243.835975][ T7465] CPU: 0 UID: 0 PID: 7465 Comm: syz.2.246 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  243.836009][ T7465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  243.836030][ T7465] Call Trace:
[  243.836039][ T7465]  <TASK>
[  243.836049][ T7465]  dump_stack_lvl+0x16c/0x1f0
[  243.836097][ T7465]  validate_ec_hdr+0x28c/0x330
[  243.836159][ T7465]  ubi_io_read_ec_hdr+0x63b/0x6c0
[  243.836204][ T7465]  ubi_attach+0x5e7/0x4bd0
[  243.836245][ T7465]  ? __pfx_ubi_msg+0x10/0x10
[  243.836283][ T7465]  ? __pfx_ubi_attach+0x10/0x10
[  243.836316][ T7465]  ? ubi_attach_mtd_dev+0x155b/0x35d0
[  243.836350][ T7465]  ? __vmalloc_node_noprof+0xad/0xf0
[  243.836390][ T7465]  ? ubi_attach_mtd_dev+0x155b/0x35d0
[  243.836430][ T7465]  ubi_attach_mtd_dev+0x15a7/0x35d0
[  243.836483][ T7465]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  243.836518][ T7465]  ? __pfx_get_mtd_device+0x10/0x10
[  243.836578][ T7465]  ctrl_cdev_ioctl+0x337/0x3d0
[  243.836615][ T7465]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  243.836663][ T7465]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  243.836701][ T7465]  __x64_sys_ioctl+0x18b/0x210
[  243.836743][ T7465]  do_syscall_64+0xcd/0x490
[  243.836796][ T7465]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  243.836830][ T7465] RIP: 0033:0x7f0d35b8e929
[  243.836856][ T7465] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  243.836888][ T7465] RSP: 002b:00007f0d36a9b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  243.836918][ T7465] RAX: ffffffffffffffda RBX: 00007f0d35db6080 RCX: 00007f0d35b8e929
[  243.836941][ T7465] RDX: 0000200000000080 RSI: 0000000040186f40 RDI: 0000000000000006
[  243.836962][ T7465] RBP: 00007f0d35c10b39 R08: 0000000000000000 R09: 0000000000000000
[  243.836982][ T7465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  243.837002][ T7465] R13: 0000000000000000 R14: 00007f0d35db6080 R15: 00007ffd8a8215e8
[  243.837045][ T7465]  </TASK>
[  243.838022][ T7465] ubi0 error: ubi_io_read_ec_hdr: validation failed for PEB 0
[  243.921410][ T7465] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22
[  247.720424][   T30] audit: type=1800 audit(6442452083.894:3): pid=7518 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.259" name="dbroot" dev="configfs" ino=12768 res=0 errno=0
[  248.300005][ T7529] FAULT_INJECTION: forcing a failure.
[  248.300005][ T7529] name failslab, interval 1, probability 0, space 0, times 0
[  248.503639][ T7529] CPU: 1 UID: 0 PID: 7529 Comm: syz.3.262 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  248.503685][ T7529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  248.503706][ T7529] Call Trace:
[  248.503717][ T7529]  <TASK>
[  248.503730][ T7529]  dump_stack_lvl+0x16c/0x1f0
[  248.503785][ T7529]  should_fail_ex+0x512/0x640
[  248.503836][ T7529]  ? __kmalloc_noprof+0xbf/0x510
[  248.503899][ T7529]  ? constrain_params_by_rules+0x175/0xca0
[  248.503936][ T7529]  should_failslab+0xc2/0x120
[  248.503969][ T7529]  __kmalloc_noprof+0xd2/0x510
[  248.504032][ T7529]  constrain_params_by_rules+0x175/0xca0
[  248.504072][ T7529]  ? do_raw_spin_lock+0x12c/0x2b0
[  248.504137][ T7529]  ? mark_held_locks+0x49/0x80
[  248.504181][ T7529]  ? __pfx_constrain_params_by_rules+0x10/0x10
[  248.504218][ T7529]  ? lockdep_hardirqs_on+0x7c/0x110
[  248.504287][ T7529]  ? snd_pcm_oss_change_params_locked+0x92b/0x3a30
[  248.504326][ T7529]  ? snd_pcm_oss_get_active_substream+0x168/0x1d0
[  248.504366][ T7529]  ? snd_pcm_oss_ioctl+0x21e9/0x37a0
[  248.504401][ T7529]  ? __x64_sys_ioctl+0x18b/0x210
[  248.504438][ T7529]  ? do_syscall_64+0xcd/0x490
[  248.504487][ T7529]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  248.504521][ T7529]  ? snd_interval_refine+0x2fa/0x580
[  248.504572][ T7529]  snd_pcm_hw_refine+0x7de/0xad0
[  248.504617][ T7529]  ? __pfx_snd_pcm_hw_refine+0x10/0x10
[  248.504682][ T7529]  snd_pcm_hw_param_last+0x32d/0x710
[  248.504726][ T7529]  snd_pcm_hw_param_near.constprop.0+0x570/0x8e0
[  248.504772][ T7529]  ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10
[  248.504824][ T7529]  snd_pcm_oss_change_params_locked+0x92b/0x3a30
[  248.504894][ T7529]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  248.504938][ T7529]  ? __pfx___mutex_lock+0x10/0x10
[  248.505018][ T7529]  snd_pcm_oss_get_active_substream+0x168/0x1d0
[  248.505065][ T7529]  snd_pcm_oss_ioctl+0x21e9/0x37a0
[  248.505104][ T7529]  ? hook_file_ioctl_common+0x145/0x410
[  248.505140][ T7529]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  248.505179][ T7529]  ? __fget_files+0x20e/0x3c0
[  248.505231][ T7529]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  248.505271][ T7529]  __x64_sys_ioctl+0x18b/0x210
[  248.505317][ T7529]  do_syscall_64+0xcd/0x490
[  248.505371][ T7529]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  248.505400][ T7529] RIP: 0033:0x7fd1ad98e929
[  248.505426][ T7529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  248.505457][ T7529] RSP: 002b:00007fd1ae739038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  248.505487][ T7529] RAX: ffffffffffffffda RBX: 00007fd1adbb6080 RCX: 00007fd1ad98e929
[  248.505509][ T7529] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 000000000000000a
[  248.505527][ T7529] RBP: 00007fd1ada10b39 R08: 0000000000000000 R09: 0000000000000000
[  248.505546][ T7529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  248.505564][ T7529] R13: 0000000000000000 R14: 00007fd1adbb6080 R15: 00007ffd3e4abd98
[  248.505607][ T7529]  </TASK>
[  249.548201][ T7127] Bluetooth: hci2: unexpected event for opcode 0x7c89
[  249.559130][ T7543] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  249.603865][ T7543] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  249.617125][ T7543] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  249.656533][ T7543] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  250.514492][ T7554] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma?
[  250.714603][ T7544] kexec: Could not allocate control_code_buffer
[  251.578243][ T7127] Bluetooth: hci0: command 0x0c1a tx timeout
[  251.649664][ T7127] Bluetooth: hci2: command 0x0c1a tx timeout
[  251.655731][ T6036] Bluetooth: hci1: command 0x0c1a tx timeout
[  251.730830][ T7127] Bluetooth: hci3: command 0x0c1a tx timeout
[  252.920908][ T7558] FAULT_INJECTION: forcing a failure.
[  252.920908][ T7558] name failslab, interval 1, probability 0, space 0, times 0
[  252.953246][ T7558] CPU: 1 UID: 0 PID: 7558 Comm: syz.1.267 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  252.953297][ T7558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  252.953317][ T7558] Call Trace:
[  252.953328][ T7558]  <TASK>
[  252.953341][ T7558]  dump_stack_lvl+0x16c/0x1f0
[  252.953401][ T7558]  should_fail_ex+0x512/0x640
[  252.953449][ T7558]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  252.953497][ T7558]  should_failslab+0xc2/0x120
[  252.953529][ T7558]  __kmalloc_cache_noprof+0x6a/0x3e0
[  252.953573][ T7558]  ? sctp_auth_shkey_create+0x9e/0x210
[  252.953613][ T7558]  sctp_auth_shkey_create+0x9e/0x210
[  252.953648][ T7558]  sctp_endpoint_new+0x562/0xcd0
[  252.953687][ T7558]  sctp_init_sock+0xe2d/0x1330
[  252.953738][ T7558]  ? sock_init_data_uid+0x7f6/0xa00
[  252.953777][ T7558]  ? __pfx_sctp_init_sock+0x10/0x10
[  252.953829][ T7558]  inet_create+0x939/0x1090
[  252.953872][ T7558]  ? inet_create+0x93/0x1090
[  252.953920][ T7558]  __sock_create+0x338/0x8d0
[  252.953972][ T7558]  __sys_socket+0x14d/0x260
[  252.954010][ T7558]  ? __pfx___sys_socket+0x10/0x10
[  252.954048][ T7558]  ? xfd_validate_state+0x61/0x180
[  252.954091][ T7558]  ? __pfx_do_writev+0x10/0x10
[  252.954143][ T7558]  __x64_sys_socket+0x72/0xb0
[  252.954184][ T7558]  ? lockdep_hardirqs_on+0x7c/0x110
[  252.954232][ T7558]  do_syscall_64+0xcd/0x490
[  252.954286][ T7558]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  252.954319][ T7558] RIP: 0033:0x7f987d58e929
[  252.954346][ T7558] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  252.954379][ T7558] RSP: 002b:00007f987e32c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  252.954408][ T7558] RAX: ffffffffffffffda RBX: 00007f987d7b5fa0 RCX: 00007f987d58e929
[  252.954430][ T7558] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000002
[  252.954449][ T7558] RBP: 00007f987d610b39 R08: 0000000000000000 R09: 0000000000000000
[  252.954467][ T7558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  252.954486][ T7558] R13: 0000000000000000 R14: 00007f987d7b5fa0 R15: 00007ffefd8b2278
[  252.954528][ T7558]  </TASK>
[  253.657214][ T7588] netlink: 28 bytes leftover after parsing attributes in process `syz.0.272'.
[  254.152495][ T7596] netlink: 4 bytes leftover after parsing attributes in process `syz.2.274'.
[  254.538505][ T7599] FAULT_INJECTION: forcing a failure.
[  254.538505][ T7599] name failslab, interval 1, probability 0, space 0, times 0
[  254.601712][ T7599] CPU: 1 UID: 0 PID: 7599 Comm: syz.3.275 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  254.601760][ T7599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  254.601780][ T7599] Call Trace:
[  254.601803][ T7599]  <TASK>
[  254.601816][ T7599]  dump_stack_lvl+0x16c/0x1f0
[  254.601875][ T7599]  should_fail_ex+0x512/0x640
[  254.601923][ T7599]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  254.601977][ T7599]  should_failslab+0xc2/0x120
[  254.602014][ T7599]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  254.602067][ T7599]  ? _copy_from_iter+0x15d/0x16f0
[  254.602116][ T7599]  ? sctp_chunkify+0x51/0x2d0
[  254.602169][ T7599]  sctp_chunkify+0x51/0x2d0
[  254.602217][ T7599]  _sctp_make_chunk+0x148/0x270
[  254.602268][ T7599]  sctp_make_datafrag_empty+0x16f/0x240
[  254.602322][ T7599]  ? __pfx_sctp_make_datafrag_empty+0x10/0x10
[  254.602387][ T7599]  sctp_datamsg_from_user+0x592/0x1320
[  254.602455][ T7599]  sctp_sendmsg_to_asoc+0xaf5/0x1bf0
[  254.602489][ T7599]  ? sctp_assoc_set_primary+0x177/0x300
[  254.602540][ T7599]  ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10
[  254.602578][ T7599]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  254.602637][ T7599]  sctp_sendmsg+0xef5/0x1ee0
[  254.602687][ T7599]  ? __pfx_sctp_sendmsg+0x10/0x10
[  254.602727][ T7599]  ? __pfx___might_resched+0x10/0x10
[  254.602780][ T7599]  ? __pfx_aa_sk_perm+0x10/0x10
[  254.602831][ T7599]  ? __pfx_sctp_sendmsg+0x10/0x10
[  254.602872][ T7599]  inet_sendmsg+0x119/0x140
[  254.602917][ T7599]  ____sys_sendmsg+0x973/0xc70
[  254.602957][ T7599]  ? __pfx_____sys_sendmsg+0x10/0x10
[  254.602996][ T7599]  ? find_held_lock+0x2b/0x80
[  254.603028][ T7599]  ? futex_unqueue+0x133/0x2c0
[  254.603065][ T7599]  ___sys_sendmsg+0x134/0x1d0
[  254.603109][ T7599]  ? __pfx____sys_sendmsg+0x10/0x10
[  254.603167][ T7599]  ? find_held_lock+0x2b/0x80
[  254.603218][ T7599]  __sys_sendmmsg+0x200/0x420
[  254.603263][ T7599]  ? __pfx___sys_sendmmsg+0x10/0x10
[  254.603303][ T7599]  ? __pfx_inet_bind_sk+0x10/0x10
[  254.603351][ T7599]  ? __pfx_do_futex+0x10/0x10
[  254.603407][ T7599]  ? xfd_validate_state+0x61/0x180
[  254.603444][ T7599]  ? __pfx___do_sys_close_range+0x10/0x10
[  254.603492][ T7599]  __x64_sys_sendmmsg+0x9c/0x100
[  254.603534][ T7599]  ? lockdep_hardirqs_on+0x7c/0x110
[  254.603578][ T7599]  do_syscall_64+0xcd/0x490
[  254.603623][ T7599]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  254.603655][ T7599] RIP: 0033:0x7fd1ad98e929
[  254.603682][ T7599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  254.603715][ T7599] RSP: 002b:00007fd1ae75a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  254.603744][ T7599] RAX: ffffffffffffffda RBX: 00007fd1adbb5fa0 RCX: 00007fd1ad98e929
[  254.603762][ T7599] RDX: 00000000739618ce RSI: 0000200000000140 RDI: 0000000000000003
[  254.603778][ T7599] RBP: 00007fd1ada10b39 R08: 0000000000000000 R09: 0000000000000000
[  254.603804][ T7599] R10: 0000000000000311 R11: 0000000000000246 R12: 0000000000000000
[  254.603820][ T7599] R13: 0000000000000000 R14: 00007fd1adbb5fa0 R15: 00007ffd3e4abd98
[  254.603858][ T7599]  </TASK>
[  255.426348][ T7607] netlink: 'syz.0.277': attribute type 1 has an invalid length.
[  256.771981][ T7630] vivid-003: =================  START STATUS  =================
[  256.781002][ T7630] vivid-003: Radio HW Seek Mode: Bounded
[  256.797731][ T7630] vivid-003: Radio Programmable HW Seek: false
[  256.818454][ T7630] vivid-003: RDS Rx I/O Mode: Block I/O
[  256.928596][ T7630] vivid-003: Generate RBDS Instead of RDS: false
[  257.029185][ T7630] vivid-003: RDS Reception: true
[  257.103051][ T7630] vivid-003: RDS Program Type: 0 inactive
[  257.108952][ T7630] vivid-003: RDS PS Name:  inactive
[  257.199209][ T7630] vivid-003: RDS Radio Text:  inactive
[  257.210774][ T7630] vivid-003: RDS Traffic Announcement: false inactive
[  257.299249][ T7630] vivid-003: RDS Traffic Program: false inactive
[  257.305970][ T7630] vivid-003: RDS Music: false inactive
[  257.313123][ T7630] vivid-003: ==================  END STATUS  ==================

syzkaller
syzkaller login: [  259.889372][ T7661] random: crng reseeded on system resumption
[  260.064248][ T7647] ptrace attach of "./syz-executor exec"[5853] was attempted by "./syz-executor exec"[7647]


	
	




			

			
	

	




	
				
	




	
				
		
	

	
		
		
						
	

	


	
	
	
	
	
	
	




	
				
	




	
				
	

	



	


	
	

	
		
	

	

	
	
		
		


	

	

	
	
		
		


	

	
	
				
		




		


	


		
	

	







			
		
	

	



			




















	







	


	

	






	
	



	

	



	





	






	






	






		












	


	
		

	


	
	

		
	
		
	

	



			








	

	






	
	

	

	
	


	








	






	




	





		








		
	
	
	











	

	

	
		
	

	
		
	
	

	
	
	

	
		
	
	
			
	

	
		
	

	
		
	
	
					
	

	


		










		

		
		





















	
	


	
				



	






	

	
		








	
	








		




	






		

		

		




	

	

		
		
	

	
		
	
	
	
	
	
	

	
		

	


	
	

		
	
		
	

	



			








	


	



	



	

	


	




		
	
	












	

















	










	




	





		








	
	

	
		
	
	

	

	

	
		
	
	

	
	
	
	

	
	
	

	
		
	

	
		
	

	
		
	

	
		

syzkaller
syzkaller login: [  358.637165][ T9036] binder: 9034:9036 ioctl c018620c 0 returned -1
[  360.960938][ T9070] netlink: 48 bytes leftover after parsing attributes in process `syz.3.562'.
[  362.246282][ T9098] netlink: 48 bytes leftover after parsing attributes in process `syz.1.567'.
[  364.447138][ T9127] netlink: 48 bytes leftover after parsing attributes in process `syz.2.572'.
[  364.475203][ T9107] page: refcount:3 mapcount:2 mapping:0000000000000000 index:0x0 pfn:0x78400
[  364.480831][ T9107] flags: 0xfff18000000210(dirty|workingset|node=0|zone=1|lastcpupid=0x7ff)
[  364.487494][ T9107] raw: 00fff18000000210 0000000000000000 dead000000000122 0000000000000000
[  364.509788][ T9107] raw: 0000000000000000 0000000000000000 0000000300000001 0000000000000000
[  364.513035][ T9107] page dumped because: unmovable page
[  364.523407][ T9107] page_owner tracks the page as allocated
[  364.526295][ T9107] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5847, tgid 5847 (syz-executor), ts 102710951507, free_ts 37137900364
[  364.531046][ T9107]  post_alloc_hook+0x1c0/0x230
[  364.531933][ T9107]  get_page_from_freelist+0x1321/0x3890
[  364.532827][ T9107]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  364.534475][ T9107]  alloc_pages_mpol+0x1fb/0x550
[  364.535340][ T9107]  alloc_pages_noprof+0x131/0x390
[  364.536175][ T9107]  __vmalloc_node_range_noprof+0x72f/0x14b0
[  364.537191][ T9107]  vmalloc_user_noprof+0x9e/0xe0
[  364.538036][ T9107]  kcov_ioctl+0x4c/0x730
[  364.538829][ T9107]  __x64_sys_ioctl+0x18b/0x210
[  364.539655][ T9107]  do_syscall_64+0xcd/0x490
[  364.540412][ T9107]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  364.541476][ T9107] page last free pid 1 tgid 1 stack trace:
[  364.542414][ T9107]  __free_frozen_pages+0x7fe/0x1180
[  364.543293][ T9107]  free_contig_range+0x183/0x4b0
[  364.549716][ T9107]  destroy_args+0x7f6/0xa60
[  364.550481][ T9107]  debug_vm_pgtable+0x13b8/0x2d00
[  364.551573][ T9107]  do_one_initcall+0x120/0x6e0
[  364.552467][ T9107]  kernel_init_freeable+0x5c2/0x900
[  364.555505][ T9107]  kernel_init+0x1c/0x2b0
[  364.556250][ T9107]  ret_from_fork+0x5d7/0x6f0
[  364.557086][ T9107]  ret_from_fork_asm+0x1a/0x30
[  364.842283][ T9136] netlink: zone id is out of range
[  364.843387][ T9136] netlink: zone id is out of range
[  364.844361][ T9136] netlink: zone id is out of range
[  364.845152][ T9136] netlink: zone id is out of range
[  364.845979][ T9136] netlink: zone id is out of range
[  364.846847][ T9136] netlink: zone id is out of range
[  364.847771][ T9136] netlink: zone id is out of range
[  364.848662][ T9136] netlink: zone id is out of range
[  364.849536][ T9136] netlink: zone id is out of range
[  364.850360][ T9136] netlink: zone id is out of range
[  364.964742][ T9139] Invalid ELF header magic: != ELF
[  366.990353][ T9162] input: jJǸ-���9�%v����l��Q�	J86�� as /devices/virtual/input/input29
[  368.006137][ T9168] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input30
[  368.360288][ T9179] netlink: 8 bytes leftover after parsing attributes in process `syz.3.580'.
[  369.138692][ T9190] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input31
[  369.205697][ T9192] netlink: 48 bytes leftover after parsing attributes in process `syz.3.585'.
[  369.839239][ T9202] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  370.556533][   T30] audit: type=1800 audit(6442454254.952:4): pid=9221 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.593" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0
[  371.630473][ T9236] ALSA: mixer_oss: invalid OSS volume ''
[  371.664048][ T9232] ubi0: attaching mtd0
[  371.730671][ T9232] ubi0: scanning is finished
[  371.748318][ T9232] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record
[  372.408261][ T9232] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22

syzkaller
syzkaller login: [  373.334924][ T9252] netlink: 48 bytes leftover after parsing attributes in process `syz.1.600'.
[  374.723188][ T9280] vivid-003: =================  START STATUS  =================
[  374.731154][ T9280] vivid-003: Radio HW Seek Mode: Bounded
[  374.736976][ T9280] vivid-003: Radio Programmable HW Seek: false
[  374.743246][ T9280] vivid-003: RDS Rx I/O Mode: Block I/O
[  374.749526][ T9280] vivid-003: Generate RBDS Instead of RDS: false
[  374.756466][ T9280] vivid-003: RDS Reception: true
[  374.761547][ T9280] vivid-003: RDS Program Type: 0 inactive
[  374.767500][ T9280] vivid-003: RDS PS Name:  inactive
[  374.772821][ T9280] vivid-003: RDS Radio Text:  inactive
[  374.780749][ T9280] vivid-003: RDS Traffic Announcement: false inactive
[  374.787808][ T9280] vivid-003: RDS Traffic Program: false inactive
[  374.794321][ T9280] vivid-003: RDS Music: false inactive
[  374.800113][ T9280] vivid-003: ==================  END STATUS  ==================
[  376.909875][ T9320] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input32
[  376.976637][ T9317] netlink: 48 bytes leftover after parsing attributes in process `syz.2.610'.
[  377.182643][ T9318] netlink: 28 bytes leftover after parsing attributes in process `syz.3.608'.
[  378.180467][ T9344] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input33
[  379.397593][ T9359] ksmbd: Unknown IPC event: 14, ignore.
[  380.314968][ T9375] netlink: 5308 bytes leftover after parsing attributes in process `syz.1.619'.
[  380.354194][ T9371] netlink: 28 bytes leftover after parsing attributes in process `syz.3.618'.
[  381.494564][ T9390] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input34
[  383.847168][ T9423] input: jJǸ-���9�%v����l��Q�	J86�� as /devices/virtual/input/input35
[  385.013260][ T7127] Bluetooth: hci1: unexpected event for opcode 0x7c89
[  385.770935][ T9455] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input36
[  386.505539][ T9443] kexec: Could not allocate control_code_buffer
[  386.518994][ T9456] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input37
[  386.796804][ T9470] net_ratelimit: 21 callbacks suppressed
[  386.796832][ T9470] netlink: zone id is out of range
[  386.862794][ T9470] netlink: zone id is out of range
[  386.883535][ T9470] netlink: zone id is out of range
[  386.890644][ T9470] netlink: zone id is out of range
[  386.937918][ T9470] netlink: zone id is out of range
[  386.943134][ T9470] netlink: zone id is out of range
[  386.998533][ T9470] netlink: zone id is out of range
[  387.004528][ T9470] netlink: zone id is out of range
[  387.062782][ T9470] netlink: zone id is out of range
[  387.075943][ T9470] netlink: zone id is out of range
[  388.909593][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  388.915158][ T9497] input: jJǸ-���9�%v����l��Q�	J86�� as /devices/virtual/input/input38
[  388.938837][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  389.237817][ T9501] FAULT_INJECTION: forcing a failure.
[  389.237817][ T9501] name fail_futex, interval 1, probability 0, space 0, times 1
[  389.278178][ T9501] CPU: 0 UID: 0 PID: 9501 Comm: syz.2.642 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  389.278213][ T9501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  389.278228][ T9501] Call Trace:
[  389.278235][ T9501]  <TASK>
[  389.278244][ T9501]  dump_stack_lvl+0x16c/0x1f0
[  389.278286][ T9501]  should_fail_ex+0x512/0x640
[  389.278325][ T9501]  get_futex_key+0x1d0/0x1540
[  389.278355][ T9501]  ? __call_rcu_common.constprop.0+0xa5/0xa10
[  389.278395][ T9501]  ? __pfx_get_futex_key+0x10/0x10
[  389.278429][ T9501]  ? __sock_release+0x20b/0x270
[  389.278480][ T9501]  ? __sys_socket+0x14d/0x260
[  389.278515][ T9501]  ? __x64_sys_socket+0x72/0xb0
[  389.278552][ T9501]  ? do_syscall_64+0xcd/0x490
[  389.278601][ T9501]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  389.278647][ T9501]  futex_wait_setup+0x84/0x510
[  389.278709][ T9501]  __futex_wait+0x194/0x2f0
[  389.278758][ T9501]  ? __pfx___futex_wait+0x10/0x10
[  389.278823][ T9501]  ? __pfx_futex_wake_mark+0x10/0x10
[  389.278887][ T9501]  ? __destroy_inode+0x2e4/0x730
[  389.278920][ T9501]  ? __futex_hash.constprop.0+0x1e9/0x440
[  389.278958][ T9501]  futex_wait+0xe8/0x380
[  389.279005][ T9501]  ? __pfx_futex_wait+0x10/0x10
[  389.279048][ T9501]  ? __pfx_evict+0x10/0x10
[  389.279085][ T9501]  ? iput+0x519/0x880
[  389.279122][ T9501]  do_futex+0x229/0x350
[  389.279161][ T9501]  ? __pfx_do_futex+0x10/0x10
[  389.279198][ T9501]  ? __sock_release+0x20b/0x270
[  389.279258][ T9501]  __x64_sys_futex+0x1e0/0x4c0
[  389.279301][ T9501]  ? __sys_socket+0xac/0x260
[  389.279338][ T9501]  ? __pfx___x64_sys_futex+0x10/0x10
[  389.279380][ T9501]  ? xfd_validate_state+0x61/0x180
[  389.279423][ T9501]  ? __pfx___do_sys_close_range+0x10/0x10
[  389.279486][ T9501]  do_syscall_64+0xcd/0x490
[  389.279538][ T9501]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  389.279572][ T9501] RIP: 0033:0x7f0d35b8e929
[  389.279598][ T9501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  389.279631][ T9501] RSP: 002b:00007f0d36abc0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  389.279662][ T9501] RAX: ffffffffffffffda RBX: 00007f0d35db5fa8 RCX: 00007f0d35b8e929
[  389.279684][ T9501] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f0d35db5fa8
[  389.279703][ T9501] RBP: 00007f0d35db5fa0 R08: 0000000000000000 R09: 0000000000000000
[  389.279723][ T9501] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0d35db5fac
[  389.279744][ T9501] R13: 0000000000000000 R14: 00007ffd8a821500 R15: 00007ffd8a8215e8
[  389.279786][ T9501]  </TASK>
[  391.167847][ T9514] input: jJǸ-���9�%v����l��Q�	J86�� as /devices/virtual/input/input39
[  394.950666][ T9573] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input40
[  396.347584][ T9591] netlink: 48 bytes leftover after parsing attributes in process `syz.1.668'.
[  397.419548][ T9601] netlink: 28 bytes leftover after parsing attributes in process `syz.1.662'.
[  397.890020][ T9593] FAULT_INJECTION: forcing a failure.
[  397.890020][ T9593] name failslab, interval 1, probability 0, space 0, times 0
[  397.931611][ T9593] CPU: 1 UID: 0 PID: 9593 Comm: syz.3.660 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  397.931656][ T9593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  397.931673][ T9593] Call Trace:
[  397.931682][ T9593]  <TASK>
[  397.931693][ T9593]  dump_stack_lvl+0x16c/0x1f0
[  397.931741][ T9593]  should_fail_ex+0x512/0x640
[  397.931783][ T9593]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  397.931824][ T9593]  should_failslab+0xc2/0x120
[  397.931850][ T9593]  __kmalloc_cache_noprof+0x6a/0x3e0
[  397.931889][ T9593]  ? sctp_auth_shkey_create+0x9e/0x210
[  397.931923][ T9593]  sctp_auth_shkey_create+0x9e/0x210
[  397.931952][ T9593]  sctp_endpoint_new+0x562/0xcd0
[  397.931985][ T9593]  sctp_init_sock+0xe2d/0x1330
[  397.932027][ T9593]  ? sock_init_data_uid+0x7f6/0xa00
[  397.932088][ T9593]  ? __pfx_sctp_init_sock+0x10/0x10
[  397.932133][ T9593]  inet_create+0x939/0x1090
[  397.932170][ T9593]  ? inet_create+0x93/0x1090
[  397.932211][ T9593]  __sock_create+0x338/0x8d0
[  397.932249][ T9593]  __sys_socket+0x14d/0x260
[  397.932280][ T9593]  ? __pfx___sys_socket+0x10/0x10
[  397.932312][ T9593]  ? __pfx_do_writev+0x10/0x10
[  397.932367][ T9593]  __x64_sys_socket+0x72/0xb0
[  397.932400][ T9593]  ? lockdep_hardirqs_on+0x7c/0x110
[  397.932440][ T9593]  do_syscall_64+0xcd/0x490
[  397.932485][ T9593]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.932514][ T9593] RIP: 0033:0x7fd1ad98e929
[  397.932536][ T9593] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  397.932563][ T9593] RSP: 002b:00007fd1ae75a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  397.932590][ T9593] RAX: ffffffffffffffda RBX: 00007fd1adbb5fa0 RCX: 00007fd1ad98e929
[  397.932608][ T9593] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000002
[  397.932624][ T9593] RBP: 00007fd1ada10b39 R08: 0000000000000000 R09: 0000000000000000
[  397.932640][ T9593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  397.932656][ T9593] R13: 0000000000000000 R14: 00007fd1adbb5fa0 R15: 00007ffd3e4abd98
[  397.932690][ T9593]  </TASK>
[  400.519268][ T9645] netlink: 48 bytes leftover after parsing attributes in process `syz.3.670'.
[  400.956554][ T9641] snd_aloop snd_aloop.0: control 1:6:-2147483647:���_�he�R��:6 is already present
[  402.257053][ T9667] netlink: 5308 bytes leftover after parsing attributes in process `syz.0.673'.
[  404.492803][ T9666] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[  407.991061][ T9751] netlink: 48 bytes leftover after parsing attributes in process `syz.3.686'.
[  414.039898][ T9839] netlink: 48 bytes leftover after parsing attributes in process `syz.2.706'.
[  414.486022][ T9851] netlink: 8 bytes leftover after parsing attributes in process `syz.1.708'.
[  421.338467][ T9961] netlink: 48 bytes leftover after parsing attributes in process `syz.2.736'.
[  423.458521][ T9996] vhci_hcd: invalid port number 16
[  423.463735][ T9996] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub
[  424.411426][ T7127] Bluetooth: hci2: Unable to find connection for big 0xd2
[  429.657712][ T7127] Bluetooth: hci1: Unable to find connection for big 0xd2
[  431.641642][T10114] ubi0: attaching mtd0
[  431.659896][T10114] ubi0: scanning is finished
[  431.669229][T10114] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record
[  431.916122][T10119] Invalid ELF header magic: != ELF
[  432.322552][T10119] Invalid ELF header magic: != ELF
[  432.349874][T10132] netlink: 330 bytes leftover after parsing attributes in process `syz.1.770'.
[  432.448330][T10114] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22
[  432.529292][T10132] mac80211_hwsim hwsim6 �: renamed from wlan0 (while UP)
[  435.563996][T10177] kexec: Could not allocate control_code_buffer
[  439.748098][T10243] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  439.786537][T10243] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  439.791764][T10252] FAULT_INJECTION: forcing a failure.
[  439.791764][T10252] name failslab, interval 1, probability 0, space 0, times 0
[  439.792767][T10243] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  439.824451][T10252] CPU: 1 UID: 0 PID: 10252 Comm: syz.2.790 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  439.824498][T10252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  439.824517][T10252] Call Trace:
[  439.824527][T10252]  <TASK>
[  439.824539][T10252]  dump_stack_lvl+0x16c/0x1f0
[  439.824595][T10252]  should_fail_ex+0x512/0x640
[  439.824641][T10252]  ? __kmalloc_noprof+0xbf/0x510
[  439.824695][T10252]  ? __register_sysctl_table+0xea2/0x1900
[  439.824749][T10252]  should_failslab+0xc2/0x120
[  439.824781][T10252]  __kmalloc_noprof+0xd2/0x510
[  439.824830][T10252]  ? __register_sysctl_table+0xe8e/0x1900
[  439.824904][T10252]  __register_sysctl_table+0xea2/0x1900
[  439.824969][T10252]  ? __pfx___register_sysctl_table+0x10/0x10
[  439.825029][T10252]  ? __asan_memcpy+0x3c/0x60
[  439.825079][T10252]  register_pidns_sysctls+0x119/0x1b0
[  439.825135][T10252]  copy_pid_ns+0x564/0xce0
[  439.825172][T10252]  ? __pfx_copy_pid_ns+0x10/0x10
[  439.825210][T10252]  ? copy_mnt_ns+0xac/0xac0
[  439.825259][T10252]  ? trace_kmem_cache_alloc+0x28/0xc0
[  439.825295][T10252]  ? trace_cap_capable+0x18d/0x200
[  439.825328][T10252]  ? copy_ipcs+0xb6/0x610
[  439.825366][T10252]  create_new_namespaces+0x2aa/0xa90
[  439.825415][T10252]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  439.825458][T10252]  ksys_unshare+0x45b/0xa40
[  439.825503][T10252]  ? __pfx_ksys_unshare+0x10/0x10
[  439.825550][T10252]  ? xfd_validate_state+0x61/0x180
[  439.825618][T10252]  __x64_sys_unshare+0x31/0x40
[  439.825662][T10252]  do_syscall_64+0xcd/0x490
[  439.825716][T10252]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  439.825750][T10252] RIP: 0033:0x7f0d35b8e929
[  439.825777][T10252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  439.825809][T10252] RSP: 002b:00007f0d36a7a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  439.825840][T10252] RAX: ffffffffffffffda RBX: 00007f0d35db6160 RCX: 00007f0d35b8e929
[  439.825869][T10252] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080
[  439.825889][T10252] RBP: 00007f0d35c10b39 R08: 0000000000000000 R09: 0000000000000000
[  439.825908][T10252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  439.825928][T10252] R13: 0000000000000000 R14: 00007f0d35db6160 R15: 00007ffd8a8215e8
[  439.825970][T10252]  </TASK>
[  439.825983][T10252] sysctl could not get directory: 
[  439.869697][T10243] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  439.874999][T10252] /kernel -12
[  440.083745][T10247] FAULT_INJECTION: forcing a failure.
[  440.083745][T10247] name failslab, interval 1, probability 0, space 0, times 0
[  440.144491][T10247] CPU: 0 UID: 0 PID: 10247 Comm: syz.2.790 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  440.144536][T10247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  440.144554][T10247] Call Trace:
[  440.144563][T10247]  <TASK>
[  440.144574][T10247]  dump_stack_lvl+0x16c/0x1f0
[  440.144626][T10247]  should_fail_ex+0x512/0x640
[  440.144666][T10247]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  440.144714][T10247]  should_failslab+0xc2/0x120
[  440.144740][T10247]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  440.144781][T10247]  ? inode_set_ctime_current+0x2a1/0x8f0
[  440.144827][T10247]  ? __d_alloc+0x31/0xaa0
[  440.144881][T10247]  __d_alloc+0x31/0xaa0
[  440.144928][T10247]  d_alloc_pseudo+0x1c/0xc0
[  440.144959][T10247]  alloc_file_pseudo+0xcf/0x230
[  440.144993][T10247]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  440.145026][T10247]  ? hugetlbfs_get_inode+0x31f/0x730
[  440.145060][T10247]  hugetlb_file_setup+0x4cd/0x620
[  440.145093][T10247]  ksys_mmap_pgoff+0x189/0x5c0
[  440.145130][T10247]  __x64_sys_mmap+0x125/0x190
[  440.145173][T10247]  do_syscall_64+0xcd/0x490
[  440.145217][T10247]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  440.145245][T10247] RIP: 0033:0x7f0d35b8e929
[  440.145268][T10247] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  440.145297][T10247] RSP: 002b:00007f0d36abc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  440.145322][T10247] RAX: ffffffffffffffda RBX: 00007f0d35db5fa0 RCX: 00007f0d35b8e929
[  440.145341][T10247] RDX: 00004000000000df RSI: 0000000000000004 RDI: 0000000000000000
[  440.145357][T10247] RBP: 00007f0d35c10b39 R08: 0000000000000401 R09: 0000300000000000
[  440.145374][T10247] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000
[  440.145390][T10247] R13: 0000000000000000 R14: 00007f0d35db5fa0 R15: 00007ffd8a8215e8
[  440.145424][T10247]  </TASK>
[  440.613082][T10250] netlink: 8 bytes leftover after parsing attributes in process `syz.3.791'.
[  440.684430][T10250] netlink: 8 bytes leftover after parsing attributes in process `syz.3.791'.
[  441.735294][ T7127] Bluetooth: hci0: command 0x0c1a tx timeout
[  441.813325][ T7127] Bluetooth: hci2: command 0x0c1a tx timeout
[  441.820641][ T6036] Bluetooth: hci1: command 0x0c1a tx timeout
[  441.892637][ T7127] Bluetooth: hci3: command 0x0c1a tx timeout
[  443.937573][T10307] netlink: 28 bytes leftover after parsing attributes in process `syz.2.804'.
[  449.122185][T10343] Invalid ELF header magic: != ELF
[  449.324169][   T30] audit: type=1804 audit(6442454334.191:5): pid=10362 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.815" name="/newroot/200/file0" dev="tmpfs" ino=1064 res=1 errno=0
[  449.391693][   T30] audit: type=1800 audit(6442454334.191:6): pid=10362 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.815" name="file0" dev="tmpfs" ino=1064 res=0 errno=0
[  449.932116][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  449.938925][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  450.308023][T10370] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input41
[  450.328421][T10372] netlink: 8 bytes leftover after parsing attributes in process `syz.2.817'.
[  452.593075][T10408] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input42
[  454.091114][T10437] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0x0 pfn:0x78400
[  454.130399][T10437] flags: 0xfff18000000210(dirty|workingset|node=0|zone=1|lastcpupid=0x7ff)
[  454.150856][T10437] raw: 00fff18000000210 0000000000000000 dead000000000122 0000000000000000
[  454.192957][T10437] raw: 0000000000000000 0000000000000000 0000000400000002 0000000000000000
[  454.228369][T10437] page dumped because: unmovable page
[  454.284338][T10437] page_owner tracks the page as allocated
[  454.334396][T10437] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5847, tgid 5847 (syz-executor), ts 102710951507, free_ts 37137900364
[  454.440355][T10437]  post_alloc_hook+0x1c0/0x230
[  454.451001][T10437]  get_page_from_freelist+0x1321/0x3890
[  454.461502][T10437]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  454.476662][T10437]  alloc_pages_mpol+0x1fb/0x550
[  454.486282][T10437]  alloc_pages_noprof+0x131/0x390
[  454.503600][T10437]  __vmalloc_node_range_noprof+0x72f/0x14b0
[  454.509608][T10437]  vmalloc_user_noprof+0x9e/0xe0
[  454.524905][T10437]  kcov_ioctl+0x4c/0x730
[  454.529244][T10437]  __x64_sys_ioctl+0x18b/0x210
[  454.609453][T10437]  do_syscall_64+0xcd/0x490
[  454.614605][T10437]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.708001][T10437] page last free pid 1 tgid 1 stack trace:
[  454.779236][T10437]  __free_frozen_pages+0x7fe/0x1180
[  454.789108][T10437]  free_contig_range+0x183/0x4b0
[  454.802226][T10437]  destroy_args+0x7f6/0xa60
[  454.811317][T10437]  debug_vm_pgtable+0x13b8/0x2d00
[  454.823724][T10437]  do_one_initcall+0x120/0x6e0
[  454.842088][T10437]  kernel_init_freeable+0x5c2/0x900
[  454.863439][T10437]  kernel_init+0x1c/0x2b0
[  454.900482][T10437]  ret_from_fork+0x5d7/0x6f0
[  454.938627][T10437]  ret_from_fork_asm+0x1a/0x30
[  456.624361][T10464] netlink: 330 bytes leftover after parsing attributes in process `syz.2.830'.
[  456.633608][T10464] mac80211_hwsim hwsim13 �: renamed from wlan0
[  457.390907][T10466] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  457.464092][T10466] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  457.496689][T10466] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  457.506769][T10466] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  459.234179][ T7127] Bluetooth: hci0: command 0x0c1a tx timeout
[  459.389793][T10499] Invalid ELF header magic: != ELF
[  459.472675][ T7127] Bluetooth: hci1: command 0x0c1a tx timeout
[  459.552630][ T6036] Bluetooth: hci3: command 0x0c1a tx timeout
[  459.559676][ T6036] Bluetooth: hci2: command 0x0c1a tx timeout
[  460.397765][T10509] binder: 10508:10509 ioctl 40046210 0 returned -14
[  465.414738][T10580] ptrace attach of "./syz-executor exec"[5855] was attempted by "./syz-executor exec"[10580]
[  465.602224][T10582] binder: 10581:10582 ioctl 40046210 0 returned -14
[  467.563022][T10589] Invalid ELF header magic: != ELF
[  474.377034][T10699] delete_channel: no stack
[  478.373518][ T6036] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5
[  478.401267][T10751] FAULT_INJECTION: forcing a failure.
[  478.401267][T10751] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  478.515417][T10751] CPU: 1 UID: 0 PID: 10751 Comm: syz.3.886 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  478.515466][T10751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  478.515485][T10751] Call Trace:
[  478.515496][T10751]  <TASK>
[  478.515508][T10751]  dump_stack_lvl+0x16c/0x1f0
[  478.515574][T10751]  should_fail_ex+0x512/0x640
[  478.515629][T10751]  should_fail_alloc_page+0xe7/0x130
[  478.515665][T10751]  prepare_alloc_pages+0x3c2/0x610
[  478.515705][T10751]  ? rcu_is_watching+0x12/0xc0
[  478.515745][T10751]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  478.515813][T10751]  ? __lock_acquire+0x622/0x1c90
[  478.515865][T10751]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  478.515913][T10751]  ? __lock_acquire+0x622/0x1c90
[  478.515976][T10751]  ? __lock_acquire+0x622/0x1c90
[  478.516025][T10751]  ? __lock_acquire+0x622/0x1c90
[  478.516070][T10751]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  478.516122][T10751]  ? policy_nodemask+0xea/0x4e0
[  478.516159][T10751]  alloc_pages_mpol+0x1fb/0x550
[  478.516193][T10751]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  478.516238][T10751]  folio_alloc_mpol_noprof+0x36/0x2f0
[  478.516280][T10751]  vma_alloc_folio_noprof+0xed/0x1e0
[  478.516319][T10751]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  478.516354][T10751]  ? find_held_lock+0x2b/0x80
[  478.516390][T10751]  ? __handle_mm_fault+0x1092/0x5490
[  478.516440][T10751]  __handle_mm_fault+0x2f21/0x5490
[  478.516495][T10751]  ? __pfx___handle_mm_fault+0x10/0x10
[  478.516549][T10751]  ? __pte_offset_map_lock+0x174/0x310
[  478.516585][T10751]  ? find_held_lock+0x2b/0x80
[  478.516618][T10751]  ? find_held_lock+0x2b/0x80
[  478.516664][T10751]  ? follow_page_pte+0x3af/0x14c0
[  478.516713][T10751]  handle_mm_fault+0x589/0xd10
[  478.516766][T10751]  __get_user_pages+0x589/0x3b80
[  478.516815][T10751]  ? __pfx_mt_find+0x10/0x10
[  478.516845][T10751]  ? __pfx___get_user_pages+0x10/0x10
[  478.516896][T10751]  populate_vma_page_range+0x278/0x3a0
[  478.516938][T10751]  ? __pfx_populate_vma_page_range+0x10/0x10
[  478.516977][T10751]  ? __pfx_find_vma_intersection+0x10/0x10
[  478.517018][T10751]  ? do_mmap+0x69c/0x1210
[  478.517059][T10751]  __mm_populate+0x1d8/0x380
[  478.517102][T10751]  ? __pfx___mm_populate+0x10/0x10
[  478.517147][T10751]  ? up_write+0x1b2/0x520
[  478.517201][T10751]  vm_mmap_pgoff+0x362/0x450
[  478.517241][T10751]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  478.517286][T10751]  ? __x64_sys_futex+0x1e0/0x4c0
[  478.517325][T10751]  ? __x64_sys_futex+0x1e9/0x4c0
[  478.517372][T10751]  ksys_mmap_pgoff+0x7d/0x5c0
[  478.517407][T10751]  ? xfd_validate_state+0x61/0x180
[  478.517457][T10751]  __x64_sys_mmap+0x125/0x190
[  478.517509][T10751]  do_syscall_64+0xcd/0x490
[  478.517570][T10751]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  478.517605][T10751] RIP: 0033:0x7fd1ad98e929
[  478.517632][T10751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  478.517663][T10751] RSP: 002b:00007fd1ae75a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  478.517693][T10751] RAX: ffffffffffffffda RBX: 00007fd1adbb5fa0 RCX: 00007fd1ad98e929
[  478.517712][T10751] RDX: 0000000000000003 RSI: 0000000000040009 RDI: 0000000000000000
[  478.517731][T10751] RBP: 00007fd1ada10b39 R08: 0000000000000007 R09: 0000000000028000
[  478.517750][T10751] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000
[  478.517772][T10751] R13: 0000000000000000 R14: 00007fd1adbb5fa0 R15: 00007ffd3e4abd98
[  478.517816][T10751]  </TASK>
[  481.674685][T10819] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  482.101575][T10823] netlink: 28 bytes leftover after parsing attributes in process `syz.3.896'.
[  483.217522][T10823] bond0: (slave bond_slave_1): Releasing backup interface
[  485.701560][T10891] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input43
[  486.179582][T10906] netlink: 'syz.3.907': attribute type 1 has an invalid length.
[  490.640528][T10981] netlink: 8 bytes leftover after parsing attributes in process `syz.0.916'.
[  491.268032][T11007] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input44
[  491.860976][T11000] netlink: 'syz.2.918': attribute type 2 has an invalid length.
[  492.930181][T11029] netlink: 28 bytes leftover after parsing attributes in process `syz.0.923'.
[  493.074513][T11033] random: crng reseeded on system resumption
[  493.199001][T11029] bond0: (slave bond_slave_1): Releasing backup interface


	
	


	
	

	

		

		
		
		

	








	
		

	


	

	

		
	
		
	

	



			








	

	









	



















	



	

	



	
	
	










		
	
	











		
	







	









	

	


















	

	


	


	

	
	

	

	



	



		
	
	
	
	
	
	
	
	






	







	








		











	

	
		
		
		



	

				

			
	

				


		

				



	
	





	
	
			
	
	
	

	


	
		

	


	
	

		
	
		
	

	



			








	


	


	



	

		

	
	
	

	

	


	

	
	

	
	
	
	

	
	
	

	






	





	





		







	

	
		
		
		
	




	
				
	
	
	

	

		


		
	
		
	



				
		
	


			
		
	
	
		
	
	
		
		
	
		
	

	
	


	



	

		
	

	
	
			
	
	
		

	
	

	

	

	
		
	
	
	
	
	
	

	
				
	
	



	
	
	




	
				
	

	
		
	

	
		
	

	
		


	
	
	

	
		
	
	

	

	

	
		
	




	
				
		


		
	
		
	



				
		
	


			
		
	
	
		
	
	
	

	
		
		
		
	
		
	

	
	
		
	

	
	
			
	
	
		

	




	
				
	
	

		

	

	
		

	


		


		
	
		
	



				
		
	


			
		
	
	
		
	
	
		
		
	
		
	

	
	
		
	

	
	
			
	
	
		

	

		

		


			

			

			

	
	
	

	
		
		
	
		
	

	
		

	
	
	
	
	
	
	
	

	
		

	


	
	

		
	
		
	

	



			








	

	
	






	







	






	



		


			
	






	




	





		














	
		

	


	

	

		
	
		
	

	



			








	

	












	
	
	
		

		

		

	







	






	

	
	

	

	






	






	






		









  583.35089112304 $%6)#%--!00%2: )/#4,: 	.6!,)$ )/#4, 3425#452%: 55)$ , .!-% , $%6 3000000000
  588.06128712378 ,5%4//4(: (#)0: 0#/$% 080#1! &!),%$: -4
  588.06812212378 ,5%4//4(: (#)1: 0#/$% 080#1! &!),%$: -4
  588.08872412378 ,5%4//4(: (#)2: 0#/$% 080#1! &!),%$: -4
  588.11083812378 ,5%4//4(: (#)3: 0#/$% 080#1! &!),%$: -4
  589.55646412406 2/#%33 !##/5.4).' 2%35-%$
  589.929502 6036 ,5%4//4(: (#)0: #/--!.$ 080#1! 48 4)-%/54
  590.087905 6036 ,5%4//4(: (#)2: #/--!.$ 080#1! 48 4)-%/54
  590.092861 6036 ,5%4//4(: (#)1: #/--!.$ 080#1! 48 4)-%/54
  590.167677 6036 ,5%4//4(: (#)3: #/--!.$ 080#1! 48 4)-%/54
  596.41901412505 .%4,).+: 330 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33  39:.0.1199'.
  602.68112012606 ).054: &,
 !3 /$%6)#%3/6)245!,/).054/).05450
  602.79246612609 .%4,).+: 330 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33  39:.1.1215'.
  603.70339812616 .%4,).+: 28 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33  39:.3.1216'.
  603.92552412619 .%4,).+: 28 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33  39:.1.1217'.
  603.97897812619 )06,!.1: %.4%2%$ !,,-5,4)#!34 -/$%
  603.99513812619 6%4(06,!.: %.4%2%$ !,,-5,4)#!34 -/$%
  604.17887512621 .%4,).+: 28 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33  39:.1.1217'.
  604.53966012625 ).054: *
8-69#%68;(, 	
86 !3 /$%6)#%3/6)245!,/).054/).05451
  608.284944   30 !5$)4: 490%=1800 !5$)4(6442454494.057:8): 0)$=12670 5)$=0 !5)$=4294967295 3%3=4294967295 35"*=5.#/.&).%$ /0=#/,,%#4$!4! #!53%=&!),%$ #/--="39:.0.1225" .!-%="00000008" $%6="(5'%4,"&3" )./=0 2%3=0 %22./=0
  608.61487012669 : !.'4 ,//+50 ",/#+$%6
  613.32006412715 $%6)#%--!00%2: )/#4,: 	.6!,)$ )/#4, 3425#452%: 55)$ , .!-% , $%6 3000000000
  614.60078612742 .%4,).+: 8 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33  39:.1.1241'.
  615.85569712761 .%4,).+: 330 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33  39:.2.1244'.
  616.66013412771 .%4,).+: 330 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33  39:.3.1245'.
  619.81466212803 2/#%33 !##/5.4).' 0!53%$
  620.98056412847 #!.: 2%15%34-/$5,% (#!.-02/4/-3) &!),%$.
  622.42441712873 .%4,).+: 28 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33  39:.3.1264'.
  622.62713312877 .%4,).+: 28 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33  39:.3.1264'.
  622.66501212869 .%4,).+: 330 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33  39:.2.1262'.
  624.74906312903 #/5,$ ./4 !,,/#!4% $)'%34  (!.$,% 
  626.79075012928 .%4,).+: 330 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33  39:.3.1271'.
  627.52458312937 2!.$/-: #2.' 2%3%%$%$ /. 3934%- 2%35-04)/.
  627.80046812940 %34!24).' +%2.%, 4(2%!$3 ...
  627.80776412940 /.% 2%34!24).' +%2.%, 4(2%!$3.
  627.89830012941 #!.: 2%15%34-/$5,% (#!.-02/4/-3) &!),%$.
  627.94842212949 ).054: *
8-69#%68;(, 	
86 !3 /$%6)#%3/6)245!,/).054/).05452
  628.77413312958 .%4,).+: 334 "94%3 ,%&4/6%2 !&4%2 0!23).' !442)"54%3 ). 02/#%33  39:.1.1275'.
	




	
				
	

	
		
	
	
	
	
	
	
	

	
		

	


	




	
				
	

	
		

	
	




	
				
	

	
		
	

	
		
		
		


	
		

	


	
	

		
	
		
	

	



			








	

	
	



	



















	
		
	
			
	






	





	





	
	













	

	
		

	


	
	

		
	
		
	

	



			








	



	




	

		
	
	
	
	
	


	
		

		


		


















	










	







	







		











	
			

			

			


	
		

	


	
	

		
	
		
	

	



			








	





	




















	

	













	











	






	






		











[  655.370484][ T6036] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  655.572403][T13352] netlink: zone id is out of range
[  655.585862][T13352] netlink: zone id is out of range
[  655.624947][T13352] netlink: set zone limit has 8 unknown bytes
[  656.038179][T13354] openvswitch: netlink: Either Ethernet header or EtherType is required.

syzkaller
syzkaller login: [  661.971880][T13454] binder: 13453:13454 unknown command 3
[  661.989243][T13447] random: crng reseeded on system resumption
[  662.032783][T13454] binder: 13453:13454 ioctl c0306201 0 returned -22
[  662.769355][T13439] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  662.782416][T13439] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  664.988922][T13489] vivid-003: =================  START STATUS  =================
[  665.000811][T13489] vivid-003: Radio HW Seek Mode: Bounded
[  665.027693][T13489] vivid-003: Radio Programmable HW Seek: false
[  665.033989][T13489] vivid-003: RDS Rx I/O Mode: Block I/O
[  665.212122][T13489] vivid-003: Generate RBDS Instead of RDS: false
[  665.300153][T13489] vivid-003: RDS Reception: true
[  665.307568][T13489] vivid-003: RDS Program Type: 0 inactive
[  665.313450][T13489] vivid-003: RDS PS Name:  inactive
[  665.319355][T13489] vivid-003: RDS Radio Text:  inactive
[  665.325654][T13489] vivid-003: RDS Traffic Announcement: false inactive
[  665.350860][T13489] vivid-003: RDS Traffic Program: false inactive
[  665.372491][T13489] vivid-003: RDS Music: false inactive
[  665.409360][T13489] vivid-003: ==================  END STATUS  ==================
[  666.114609][T13494] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1372'.
[  671.974382][T13581] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input57
[  673.562833][T13594] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma?
[  673.981256][T13603] binder: 13602:13603 unknown command 3
[  673.999742][T13603] binder: 13602:13603 ioctl c0306201 0 returned -22
[  674.563177][T13607] could not allocate digest TFM handle 
[  675.444937][T13621] vivid-003: =================  START STATUS  =================
[  675.466282][T13621] vivid-003: Radio HW Seek Mode: Bounded
[  675.472331][T13621] vivid-003: Radio Programmable HW Seek: false
[  675.478781][T13621] vivid-003: RDS Rx I/O Mode: Block I/O
[  675.490286][T13621] vivid-003: Generate RBDS Instead of RDS: false
[  675.500414][T13621] vivid-003: RDS Reception: true
[  675.509257][T13621] vivid-003: RDS Program Type: 0 inactive
[  675.525447][T13621] vivid-003: RDS PS Name:  inactive
[  675.562791][T13621] vivid-003: RDS Radio Text:  inactive
[  675.573044][T13621] vivid-003: RDS Traffic Announcement: false inactive
[  675.593250][T13621] vivid-003: RDS Traffic Program: false inactive
[  675.601372][T13621] vivid-003: RDS Music: false inactive
[  675.613946][T13621] vivid-003: ==================  END STATUS  ==================
[  675.664764][T13615] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  675.711589][T13615] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  675.717715][T13615] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  675.770924][T13615] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  677.063781][T11765] Bluetooth: hci0: command 0x0c1a tx timeout
[  677.780926][T11765] Bluetooth: hci3: command 0x0c1a tx timeout
[  677.787052][T11765] Bluetooth: hci2: command 0x0c1a tx timeout
[  677.795914][ T6036] Bluetooth: hci1: command 0x0c1a tx timeout
[  680.011824][T13670] FAULT_INJECTION: forcing a failure.
[  680.011824][T13670] name failslab, interval 1, probability 0, space 0, times 0
[  680.050304][T13670] CPU: 0 UID: 0 PID: 13670 Comm: syz.0.1402 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  680.050340][T13670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  680.050354][T13670] Call Trace:
[  680.050361][T13670]  <TASK>
[  680.050371][T13670]  dump_stack_lvl+0x16c/0x1f0
[  680.050413][T13670]  should_fail_ex+0x512/0x640
[  680.050459][T13670]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  680.050503][T13670]  should_failslab+0xc2/0x120
[  680.050527][T13670]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  680.050565][T13670]  ? __pfx_proc_create_net_single+0x10/0x10
[  680.050589][T13670]  ? ip_vs_control_net_init+0x84b/0x1d20
[  680.050622][T13670]  ? lockdep_init_map_type+0x5c/0x280
[  680.050661][T13670]  kmemdup_noprof+0x29/0x60
[  680.050697][T13670]  ip_vs_control_net_init+0x84b/0x1d20
[  680.050736][T13670]  __ip_vs_init+0x217/0x520
[  680.050772][T13670]  ? __pfx___ip_vs_init+0x10/0x10
[  680.050806][T13670]  ops_init+0x1e2/0x5f0
[  680.050847][T13670]  setup_net+0x1ff/0x510
[  680.050882][T13670]  ? lockdep_init_map_type+0x5c/0x280
[  680.050917][T13670]  ? __pfx_setup_net+0x10/0x10
[  680.050956][T13670]  ? debug_mutex_init+0x37/0x70
[  680.050983][T13670]  copy_net_ns+0x2a6/0x5f0
[  680.051011][T13670]  create_new_namespaces+0x3ea/0xa90
[  680.051045][T13670]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  680.051075][T13670]  ksys_unshare+0x45b/0xa40
[  680.051108][T13670]  ? __pfx_ksys_unshare+0x10/0x10
[  680.051143][T13670]  ? xfd_validate_state+0x61/0x180
[  680.051184][T13670]  __x64_sys_unshare+0x31/0x40
[  680.051216][T13670]  do_syscall_64+0xcd/0x490
[  680.051254][T13670]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  680.051278][T13670] RIP: 0033:0x7f699b98e929
[  680.051297][T13670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  680.051321][T13670] RSP: 002b:00007f699c725038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  680.051343][T13670] RAX: ffffffffffffffda RBX: 00007f699bbb5fa0 RCX: 00007f699b98e929
[  680.051359][T13670] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  680.051372][T13670] RBP: 00007f699ba10b39 R08: 0000000000000000 R09: 0000000000000000
[  680.051387][T13670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  680.051401][T13670] R13: 0000000000000000 R14: 00007f699bbb5fa0 R15: 00007ffd72a83708
[  680.051436][T13670]  </TASK>
[  681.346708][T13682] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1405'.
[  681.482769][T13680] Process accounting paused
[  681.529038][T13682] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1405'.
[  683.734883][T13712] Invalid ELF header magic: != ELF
[  684.785651][T13736] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input59
[  687.165037][T13754] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1418'.
[  690.231145][T13786] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1425'.
[  690.367894][T13786] HfR: entered promiscuous mode
[  692.052912][T13825] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  692.731682][T13834] FAULT_INJECTION: forcing a failure.
[  692.731682][T13834] name failslab, interval 1, probability 0, space 0, times 0
[  692.744587][T13834] CPU: 1 UID: 0 PID: 13834 Comm: syz.2.1433 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  692.744620][T13834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  692.744635][T13834] Call Trace:
[  692.744643][T13834]  <TASK>
[  692.744652][T13834]  dump_stack_lvl+0x16c/0x1f0
[  692.744693][T13834]  should_fail_ex+0x512/0x640
[  692.744729][T13834]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  692.744769][T13834]  should_failslab+0xc2/0x120
[  692.744792][T13834]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  692.744829][T13834]  ? security_file_alloc+0x34/0x2b0
[  692.744865][T13834]  security_file_alloc+0x34/0x2b0
[  692.744897][T13834]  init_file+0x93/0x4c0
[  692.744921][T13834]  alloc_empty_file+0x73/0x1e0
[  692.744955][T13834]  alloc_file_pseudo+0x13a/0x230
[  692.744982][T13834]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  692.745017][T13834]  ioctx_alloc+0x5ab/0x2120
[  692.745061][T13834]  ? find_held_lock+0x2b/0x80
[  692.745087][T13834]  ? __pfx_ioctx_alloc+0x10/0x10
[  692.745116][T13834]  ? __might_fault+0x13b/0x190
[  692.745160][T13834]  __x64_sys_io_setup+0xc9/0x210
[  692.745193][T13834]  do_syscall_64+0xcd/0x490
[  692.745244][T13834]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  692.745267][T13834] RIP: 0033:0x7f0d35b8e929
[  692.745285][T13834] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  692.745307][T13834] RSP: 002b:00007f0d36a9b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce
[  692.745328][T13834] RAX: ffffffffffffffda RBX: 00007f0d35db6080 RCX: 00007f0d35b8e929
[  692.745343][T13834] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 000000000000ffff
[  692.745357][T13834] RBP: 00007f0d35c10b39 R08: 0000000000000000 R09: 0000000000000000
[  692.745370][T13834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  692.745384][T13834] R13: 0000000000000000 R14: 00007f0d35db6080 R15: 00007ffd8a8215e8
[  692.745412][T13834]  </TASK>
[  693.897992][T13836] rtc_cmos 00:00: in use; can't configure
[  694.341076][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  694.348743][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  699.562651][T13930] usb usb36: usbfs: process 13930 (syz.3.1459) did not claim interface 0 before use
[  700.653066][T13949] binder: 13948:13949 ioctl 541b 38 returned -22
[  704.760633][T13643] Bluetooth: hci1: Malformed HCI Event: 0x22
[  706.501304][T14025] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1481'.
[  706.519713][T14025] HfR: entered promiscuous mode
[  706.978432][T14032] overlayfs: "check_copy_up" module option is obsolete
[  707.934328][T14050] could not allocate digest TFM handle 
[  710.769737][T14092] 
[  710.772159][T14092] ======================================================
[  710.779223][T14092] WARNING: possible circular locking dependency detected
[  710.786275][T14092] 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 Not tainted
[  710.793414][T14092] ------------------------------------------------------
[  710.800470][T14092] syz.0.1499/14092 is trying to acquire lock:
[  710.806575][T14092] ffff8880270a8fa8 (&q->elevator_lock){+.+.}-{4:4}, at: queue_requests_store+0x1c7/0x310
[  710.816479][T14092] 
[  710.816479][T14092] but task is already holding lock:
[  710.823870][T14092] ffff8880270a8a70 (&q->q_usage_counter(io)#59){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  710.835176][T14092] 
[  710.835176][T14092] which lock already depends on the new lock.
[  710.835176][T14092] 
[  710.845604][T14092] 
[  710.845604][T14092] the existing dependency chain (in reverse order) is:
[  710.854641][T14092] 
[  710.854641][T14092] -> #3 (&q->q_usage_counter(io)#59){++++}-{0:0}:
[  710.863307][T14092]        blk_alloc_queue+0x619/0x760
[  710.868638][T14092]        blk_mq_alloc_queue+0x175/0x290
[  710.874234][T14092]        __blk_mq_alloc_disk+0x29/0x120
[  710.879827][T14092]        nbd_dev_add+0x4a0/0xbc0
[  710.884822][T14092]        nbd_init+0x181/0x320
[  710.889543][T14092]        do_one_initcall+0x120/0x6e0
[  710.894956][T14092]        kernel_init_freeable+0x5c2/0x900
[  710.900725][T14092]        kernel_init+0x1c/0x2b0
[  710.905618][T14092]        ret_from_fork+0x5d7/0x6f0
[  710.910793][T14092]        ret_from_fork_asm+0x1a/0x30
[  710.916110][T14092] 
[  710.916110][T14092] -> #2 (fs_reclaim){+.+.}-{0:0}:
[  710.923366][T14092]        fs_reclaim_acquire+0x102/0x150
[  710.928955][T14092]        prepare_alloc_pages+0x162/0x610
[  710.934621][T14092]        __alloc_frozen_pages_noprof+0x18b/0x23f0
[  710.941085][T14092]        __alloc_pages_noprof+0xb/0x1b0
[  710.946758][T14092]        pcpu_populate_chunk+0x110/0xb00
[  710.952433][T14092]        pcpu_alloc_noprof+0x86a/0x1470
[  710.958024][T14092]        xt_percpu_counter_alloc+0x13e/0x1b0
[  710.964040][T14092]        find_check_entry.constprop.0+0xbf/0xa20
[  710.970412][T14092]        translate_table+0xd0b/0x17b0
[  710.975819][T14092]        ip6t_register_table+0x102/0x430
[  710.981491][T14092]        ip6table_security_table_init+0x40/0x60
[  710.987774][T14092]        xt_find_table_lock+0x2e1/0x520
[  710.993648][T14092]        xt_request_find_table_lock+0x28/0xf0
[  710.999775][T14092]        get_info+0x190/0x620
[  711.004486][T14092]        do_ip6t_get_ctl+0x169/0xa50
[  711.009805][T14092]        nf_getsockopt+0x7c/0xe0
[  711.014774][T14092]        ipv6_getsockopt+0x1f7/0x280
[  711.020091][T14092]        tcp_getsockopt+0x9e/0x100
[  711.025246][T14092]        do_sock_getsockopt+0x3fc/0x800
[  711.030829][T14092]        __sys_getsockopt+0x123/0x1b0
[  711.036245][T14092]        __x64_sys_getsockopt+0xbd/0x160
[  711.041923][T14092]        do_syscall_64+0xcd/0x490
[  711.046998][T14092]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  711.053458][T14092] 
[  711.053458][T14092] -> #1 (pcpu_alloc_mutex){+.+.}-{4:4}:
[  711.061237][T14092]        __mutex_lock+0x199/0xb90
[  711.066307][T14092]        pcpu_alloc_noprof+0xb4c/0x1470
[  711.071902][T14092]        sbitmap_init_node+0x2fd/0x770
[  711.077398][T14092]        sbitmap_queue_init_node+0x41/0x560
[  711.083413][T14092]        blk_mq_init_tags+0x12d/0x2b0
[  711.088829][T14092]        blk_mq_alloc_map_and_rqs+0x237/0xf60
[  711.094936][T14092]        blk_mq_init_sched+0x30c/0x610
[  711.100427][T14092]        elevator_switch+0x1e1/0x7f0
[  711.105838][T14092]        elevator_change+0x2ac/0x400
[  711.111158][T14092]        elevator_set_default+0x292/0x320
[  711.116918][T14092]        blk_register_queue+0x393/0x4f0
[  711.122498][T14092]        __add_disk+0x74a/0xf00
[  711.127387][T14092]        add_disk_fwnode+0x13f/0x5d0
[  711.132713][T14092]        nbd_dev_add+0x791/0xbc0
[  711.137695][T14092]        nbd_init+0x181/0x320
[  711.142437][T14092]        do_one_initcall+0x120/0x6e0
[  711.147757][T14092]        kernel_init_freeable+0x5c2/0x900
[  711.153516][T14092]        kernel_init+0x1c/0x2b0
[  711.158408][T14092]        ret_from_fork+0x5d7/0x6f0
[  711.163561][T14092]        ret_from_fork_asm+0x1a/0x30
[  711.168884][T14092] 
[  711.168884][T14092] -> #0 (&q->elevator_lock){+.+.}-{4:4}:
[  711.176750][T14092]        __lock_acquire+0x126f/0x1c90
[  711.182163][T14092]        lock_acquire+0x179/0x350
[  711.187222][T14092]        __mutex_lock+0x199/0xb90
[  711.192286][T14092]        queue_requests_store+0x1c7/0x310
[  711.198030][T14092]        queue_attr_store+0x279/0x320
[  711.203447][T14092]        sysfs_kf_write+0xef/0x150
[  711.208614][T14092]        kernfs_fop_write_iter+0x351/0x510
[  711.214461][T14092]        iter_file_splice_write+0x91c/0x1150
[  711.220480][T14092]        direct_splice_actor+0x18f/0x6c0
[  711.226160][T14092]        splice_direct_to_actor+0x345/0xa30
[  711.232179][T14092]        do_splice_direct+0x174/0x240
[  711.237671][T14092]        do_sendfile+0xb06/0xe50
[  711.242654][T14092]        __x64_sys_sendfile64+0x1d8/0x220
[  711.248402][T14092]        do_syscall_64+0xcd/0x490
[  711.253472][T14092]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  711.259917][T14092] 
[  711.259917][T14092] other info that might help us debug this:
[  711.259917][T14092] 
[  711.270297][T14092] Chain exists of:
[  711.270297][T14092]   &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#59
[  711.270297][T14092] 
[  711.284090][T14092]  Possible unsafe locking scenario:
[  711.284090][T14092] 
[  711.291565][T14092]        CPU0                    CPU1
[  711.296953][T14092]        ----                    ----
[  711.302341][T14092]   lock(&q->q_usage_counter(io)#59);
[  711.307761][T14092]                                lock(fs_reclaim);
[  711.314296][T14092]                                lock(&q->q_usage_counter(io)#59);
[  711.322230][T14092]   lock(&q->elevator_lock);
[  711.326850][T14092] 
[  711.326850][T14092]  *** DEADLOCK ***
[  711.326850][T14092] 
[  711.335018][T14092] 5 locks held by syz.0.1499/14092:
[  711.340235][T14092]  #0: ffff888034738428 (sb_writers#7){.+.+}-{0:0}, at: splice_direct_to_actor+0x345/0xa30
[  711.350408][T14092]  #1: ffff88805dd25888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  711.360217][T14092]  #2: ffff888140b4ec38 (kn->active#198){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[  711.370384][T14092]  #3: ffff8880270a8a70 (&q->q_usage_counter(io)#59){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  711.382117][T14092]  #4: ffff8880270a8aa8 (&q->q_usage_counter(queue)#11){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  711.394114][T14092] 
[  711.394114][T14092] stack backtrace:
[  711.400024][T14092] CPU: 1 UID: 0 PID: 14092 Comm: syz.0.1499 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  711.400061][T14092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  711.400078][T14092] Call Trace:
[  711.400088][T14092]  <TASK>
[  711.400098][T14092]  dump_stack_lvl+0x116/0x1f0
[  711.400141][T14092]  print_circular_bug+0x275/0x350
[  711.400179][T14092]  check_noncircular+0x14c/0x170
[  711.400219][T14092]  __lock_acquire+0x126f/0x1c90
[  711.400258][T14092]  ? __lock_acquire+0xb8a/0x1c90
[  711.400296][T14092]  lock_acquire+0x179/0x350
[  711.400331][T14092]  ? queue_requests_store+0x1c7/0x310
[  711.400357][T14092]  ? __pfx___might_resched+0x10/0x10
[  711.400387][T14092]  ? do_raw_spin_lock+0x12c/0x2b0
[  711.400433][T14092]  __mutex_lock+0x199/0xb90
[  711.400473][T14092]  ? queue_requests_store+0x1c7/0x310
[  711.400499][T14092]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  711.400535][T14092]  ? queue_requests_store+0x1c7/0x310
[  711.400558][T14092]  ? lockdep_hardirqs_on+0x7c/0x110
[  711.400597][T14092]  ? __pfx___mutex_lock+0x10/0x10
[  711.400648][T14092]  ? __pfx_autoremove_wake_function+0x10/0x10
[  711.400687][T14092]  ? queue_requests_store+0x1c7/0x310
[  711.400710][T14092]  queue_requests_store+0x1c7/0x310
[  711.400736][T14092]  ? __pfx_queue_requests_store+0x10/0x10
[  711.400763][T14092]  ? __mutex_trylock_common+0xe9/0x250
[  711.400803][T14092]  ? __pfx_queue_requests_store+0x10/0x10
[  711.400827][T14092]  queue_attr_store+0x279/0x320
[  711.400871][T14092]  ? __pfx_queue_attr_store+0x10/0x10
[  711.400912][T14092]  ? __lock_acquire+0x622/0x1c90
[  711.400957][T14092]  ? find_held_lock+0x2b/0x80
[  711.400983][T14092]  ? sysfs_file_kobj+0xe4/0x290
[  711.401017][T14092]  ? __pfx_queue_attr_store+0x10/0x10
[  711.401059][T14092]  sysfs_kf_write+0xef/0x150
[  711.401092][T14092]  kernfs_fop_write_iter+0x351/0x510
[  711.401120][T14092]  ? __pfx_sysfs_kf_write+0x10/0x10
[  711.401154][T14092]  iter_file_splice_write+0x91c/0x1150
[  711.401203][T14092]  ? __pfx_iter_file_splice_write+0x10/0x10
[  711.401243][T14092]  ? __pfx_copy_splice_read+0x10/0x10
[  711.401285][T14092]  ? __pfx_iter_file_splice_write+0x10/0x10
[  711.401323][T14092]  direct_splice_actor+0x18f/0x6c0
[  711.401360][T14092]  splice_direct_to_actor+0x345/0xa30
[  711.401396][T14092]  ? __pfx_direct_splice_actor+0x10/0x10
[  711.401434][T14092]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  711.401474][T14092]  do_splice_direct+0x174/0x240
[  711.401508][T14092]  ? __pfx_do_splice_direct+0x10/0x10
[  711.401543][T14092]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  711.401579][T14092]  ? rw_verify_area+0xcf/0x680
[  711.401615][T14092]  do_sendfile+0xb06/0xe50
[  711.401659][T14092]  ? __pfx_do_sendfile+0x10/0x10
[  711.401694][T14092]  ? handle_mm_fault+0x2ab/0xd10
[  711.401731][T14092]  ? __x64_sys_futex+0x1e0/0x4c0
[  711.401764][T14092]  ? __x64_sys_futex+0x1e9/0x4c0
[  711.401798][T14092]  __x64_sys_sendfile64+0x1d8/0x220
[  711.401825][T14092]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[  711.401856][T14092]  do_syscall_64+0xcd/0x490
[  711.401899][T14092]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  711.401928][T14092] RIP: 0033:0x7f699b98e929
[  711.401949][T14092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  711.401976][T14092] RSP: 002b:00007f699c725038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  711.402001][T14092] RAX: ffffffffffffffda RBX: 00007f699bbb5fa0 RCX: 00007f699b98e929
[  711.402020][T14092] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003
[  711.402036][T14092] RBP: 00007f699ba10b39 R08: 0000000000000000 R09: 0000000000000000
[  711.402053][T14092] R10: 0000000000000200 R11: 0000000000000246 R12: 0000000000000000
[  711.402070][T14092] R13: 0000000000000000 R14: 00007f699bbb5fa0 R15: 00007ffd72a83708
[  711.402096][T14092]  </TASK>
[  712.128926][T14082] Process accounting resumed