last executing test programs:

9m49.13118365s ago: executing program 32 (id=261):
mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000)
openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x100, 0x0)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
socket(0x10, 0x2, 0x0)
openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x2002, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto_BLKTRACESETUP2(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={"57acb653f82b0a05463dd1f3159f3326c47874b4b901bfd55279ab9a61a4b621", 0xfffa, 0x9, 0xffffd508, 0x8001, 0xd02, <r0=>0xffffffffffffffff})
prctl$auto_PR_SCHED_CORE_GET(0x200, 0x0, r0, 0x1ff, 0x401)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x129a00, 0x0)
ioctl$auto(0x3, 0x541b, 0x10000000000402)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0x8, 0x0, 0x0, 0x0, 0x0)
write$auto(r1, &(0x7f0000000400)='\x00\x00\x00\x00', 0x100000a3d9)
r2 = getpid()
process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/drm/version\x00', 0x0, 0x0)
r4 = socket(0x10, 0x2, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r5 = socket(0x22, 0x1, 0x2)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(r5, 0x0, 0xfffffe01, 0x9)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
sendmsg$auto_IPVS_CMD_GET_SERVICE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c2d3f000000000000000001fe84a4fe26000000", @ANYRES16=0x0, @ANYBLOB="040026bd7000fcdbdf25040000000800018004001680"], 0x1c}, 0x1, 0x0, 0x0, 0x90}, 0x0)
recvmmsg$auto(r3, &(0x7f0000000140)={{0x0, 0x4, 0x0, 0x5, 0x0, 0x2, 0x9}, 0x800}, 0x10a, 0x8, 0x0)
ioctl$auto(0x3, 0x400454ca, 0x38)
socket$nl_generic(0x10, 0x3, 0x10)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948d, 0x3, 0x15f4da8a, 0x3, 0x3, 0x62, 0x7, 0x7, 0xd, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)

6m37.531000471s ago: executing program 33 (id=1071):
mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000)
unshare$auto(0x40000080)
close_range$auto(0x0, 0xffffffffffffffff, 0x2)
socket(0x1e, 0x1, 0x0)
socket(0x28, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800)
sendmsg$auto_TASKSTATS_CMD_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x400c0}, 0x4040000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x9, &(0x7f0000000180)={0x0, 0xc4}, 0x3, 0x0, 0x0, 0x4004}, 0x7}, 0x5, 0x0)
madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66)

3m43.457962328s ago: executing program 4 (id=1819):
r0 = socket(0x1b, 0x3, 0x76)
madvise$auto(0x0, 0x2000040080000004, 0xe)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
write$auto(r1, &(0x7f0000000040)='//\xf2\x00', 0x80000000)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_LISTENER_SET(r3, &(0x7f0000005380)={0x0, 0x1e5c, &(0x7f0000005340)={&(0x7f0000000180)={0x28, r4, 0x1, 0x870bd2b, 0x25dfdbfc, {}, [@NFSD_A_SERVER_SOCK_ADDR={0x14, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_TRANSPORT_NAME={0x9, 0x2, 'nfsd\x00'}, @NFSD_A_SOCK_ADDR={0x4}]}]}, 0x28}, 0x1, 0x0, 0x0, 0xc000}, 0x20000000)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0x10, 0x2, 0x0)
sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008000}, 0x10004090)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
recvmmsg$auto(r5, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0x100000000cb}, 0x3, 0x0, 0x80000000, 0x80000000}, 0x9}, 0x7, 0x6, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="720100", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000)
r6 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x20000000)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0)
readv$auto(0x3, 0x0, 0x1)
sendmsg$auto_NL80211_CMD_GET_WOWLAN(r3, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000003c0)={0x0, 0x54}, 0x1, 0x0, 0x0, 0x10}, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
syz_genetlink_get_family_id$auto_nlctrl(0x0, r0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)

3m28.45199809s ago: executing program 34 (id=1819):
r0 = socket(0x1b, 0x3, 0x76)
madvise$auto(0x0, 0x2000040080000004, 0xe)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
write$auto(r1, &(0x7f0000000040)='//\xf2\x00', 0x80000000)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_LISTENER_SET(r3, &(0x7f0000005380)={0x0, 0x1e5c, &(0x7f0000005340)={&(0x7f0000000180)={0x28, r4, 0x1, 0x870bd2b, 0x25dfdbfc, {}, [@NFSD_A_SERVER_SOCK_ADDR={0x14, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_TRANSPORT_NAME={0x9, 0x2, 'nfsd\x00'}, @NFSD_A_SOCK_ADDR={0x4}]}]}, 0x28}, 0x1, 0x0, 0x0, 0xc000}, 0x20000000)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0x10, 0x2, 0x0)
sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008000}, 0x10004090)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
recvmmsg$auto(r5, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0x100000000cb}, 0x3, 0x0, 0x80000000, 0x80000000}, 0x9}, 0x7, 0x6, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="720100", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000)
r6 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x20000000)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0)
readv$auto(0x3, 0x0, 0x1)
sendmsg$auto_NL80211_CMD_GET_WOWLAN(r3, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000003c0)={0x0, 0x54}, 0x1, 0x0, 0x0, 0x10}, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
syz_genetlink_get_family_id$auto_nlctrl(0x0, r0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)

2m41.064540367s ago: executing program 3 (id=2112):
mmap$auto(0x0, 0x7, 0x2, 0x40eb1, 0x602, 0x300000000000)
openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x10b000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x0, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0x10000000000402)
ioctl$auto(0x3, 0xae41, 0x38)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
io_uring_setup$auto(0x6, 0x0)
r1 = socket(0xa, 0x1, 0x6)
socket(0x23, 0x80805, 0x0)
fanotify_init$auto(0x5, 0x2000000000002)
io_uring_setup$auto(0x3, 0x0)
pipe$auto(0x0)
socket$nl_generic(0x10, 0x3, 0x10)
fstat$auto(r1, &(0x7f0000000380)={0x1, 0x8000000000000000, 0x1000, 0x27, 0x0, 0x0, 0x0, 0x2, 0x100000001, 0x2, 0x4, 0x4, 0x7, 0x7, 0x2, 0x8, 0x95e})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x48140, 0x0)
socket(0x2, 0x3, 0x6)
r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/wlan1/forwarding\x00', 0x202, 0x0)
sendfile$auto(r3, r3, 0x0, 0x7fffe000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x801, 0x106)
socket(0x10, 0x2, 0x0)
r4 = socket(0x10, 0x2, 0xc)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r4, @ANYRES8=r2, @ANYRES64], 0x18}, 0x1, 0x2000, 0x0, 0x40000}, 0x80)

2m40.523256957s ago: executing program 3 (id=2115):
bpf$auto(0x9, &(0x7f0000000100)=@token_create={0x2}, 0x9)
r0 = socket(0x2, 0x5, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1c2580, 0x0)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
getcwd$auto(0x0, 0xffffffffffffffff)
bind$auto(0x3, 0x0, 0x6a)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2)
shutdown$auto(0x200000003, 0x2)
ioprio_set$auto(0x7, 0x0, 0xfff)
unshare$auto(0x40000080)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x20540, 0x0)
ioctl$auto(r1, 0x5420, 0xffffffffffffffff)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'pim6reg1\x00'})
connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55)

2m39.850335681s ago: executing program 3 (id=2118):
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop7\x00', 0x10f602, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x40040, 0x0)
openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000000), 0x48001, 0x0)
r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x256302, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket(0x10, 0x2, 0x4)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0xc)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r0, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082)
write$auto(r2, &(0x7f0000000000)='-\x00', 0xff)
r3 = userfaultfd$auto(0xf)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x5, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
r4 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bus/usb/036/001\x00', 0x80a001, 0x0)
ioctl$auto(r4, 0x8004550f, 0xf15)
setsockopt$auto(0x4, 0x0, 0x485, 0xfffffffffffffffe, 0x0)
ioctl$auto_TCSBRKP(r3, 0x5425, &(0x7f0000000000))
r5 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x2400c0, 0x0)
r6 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$auto_TCP_METRICS_CMD_DEL(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000007000fedbdf250200000014000200ceaf514a0b04fec4d10585cb8d107773ac8a1a1df9d5798f32964fd5c6a90bbd2e40b6361713202c92c3d6a08de9f19f0b53d375bb7916781ea4e023e696aff81fd035feba2283dbefc739c14627c8daa8f2c905cb8377a0f81c43392d8dd992eb38163d5e28fbf90bb3652b37fe3204e497614fe0c8e2a6d87b"], 0x28}, 0x1, 0x0, 0x0, 0x4000080}, 0xd0)

2m39.410376286s ago: executing program 3 (id=2120):
socket(0x2b, 0x1, 0x1)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/bus/pci/rescan\x00', 0x20681, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0x10000000000402)
ioctl$auto(0x3, 0xae41, 0x38)
mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffff7fffff0005, 0x8)
r1 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0)
read$auto_proc_pid_maps_operations_internal(r1, &(0x7f00000010c0)=""/4096, 0x1000)
io_uring_setup$auto(0x6, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0)
ioctl$auto(0x3, 0x80000541b, 0x38)
r2 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0)
ioctl$auto_IOCTL_VMCI_VERSION2(r2, 0x7a7, 0x0)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/net/dev_snmp6/geneve1\x00', 0x4c8402, 0x0)
ioctl$auto_TCFLSH2(0xffffffffffffffff, 0x540b, 0xfffffffffffffffd)
socket(0xf, 0x3, 0x2)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000100)='/dev/usbmon2\x00', 0x1039c1, 0x0)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x0, 0x9, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0)
write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x2, 0x8000001f, 0x2, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0)
fsopen$auto(0x0, 0x1)
socket(0xa, 0x5, 0x94)
io_uring_setup$auto(0x6, 0x0)

2m37.964562244s ago: executing program 3 (id=2126):
open(0x0, 0xc00, 0x409)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001)
mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00', &(0x7f0000000080)='nfsd\x00', 0x7, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='}[,&*}\x00', &(0x7f0000000180)={0x101000, 0x42, 0x8}, 0x18)
openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000240)='/dev/binderfs/binder1\x00', 0x24100, 0x0)
mmap$auto(0x0, 0x5, 0xfffffffffffffe01, 0x8011, 0x3, 0x8000)
mremap$auto(0x0, 0x4, 0x3fd6, 0x3, 0x20000000)
write$auto(0xffffffffffffffff, &(0x7f00000001c0)='/proc/sys/net/ipv6/conf/macvlan0/enhanced_dad\x00', 0x73da)
chdir$auto(&(0x7f0000000000)='}[,&*}\x00')
r0 = open(&(0x7f0000000100)='.\x00', 0x0, 0x43d)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/conf/macvlan0/enhanced_dad\x00', 0x1094a2, 0x0)
ioctl$auto_FS_IOC_SETFLAGS2(r0, 0x40086602, &(0x7f0000000280)=0x8)
r1 = ioctl$auto_userfaultfd_dev_fops_userfaultfd(r0, 0x6, &(0x7f00000002c0)="14f48f571598aa01534a79b10c8ac943c5226182ba90621aa9200d1f5bb03f47bc799b1063809857d43852c5cedd42730b60d626593f68bff64f44fc0299f15873a66b087b9e93fa6219f0242c293b936a2d8843a50917d3aec1df9b4484fa61df9a60e96e36543dd354b0fa5669a18a4c255589fc4cd927b02f135144b354a68fa2e721e365e24f9d1d2bca")
write$auto(r1, &(0x7f0000000200)='nfsd\x00', 0xfffffffffffffffd)

2m37.750366949s ago: executing program 3 (id=2128):
r0 = socket(0xa, 0x5, 0x84)
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
r1 = io_uring_setup$auto(0x6, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xaa102, 0x0)
r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000100), r1)
sendmsg$auto_NL802154_CMD_GET_SEC_DEVKEY(r0, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000340)={&(0x7f0000000140)={0x1a4, r2, 0x8, 0x70bd25, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8, 0x1d, r1}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0x8}, @NL802154_ATTR_COORDINATOR={0x24, 0x1e, 0x0, 0x1, [@nested={0x14, 0x50, 0x0, 0x1, [@generic="4a2a132cfd3bfe642e192f2f", @nested={0x4, 0x9c}]}, @typed={0xc, 0x7b, 0x0, 0x0, @u64=0x2000000000}]}, @NL802154_ATTR_SEC_LEVEL={0x133, 0x2d, 0x0, 0x1, [@nested={0x10a, 0x29, 0x0, 0x1, [@generic="e45d1b5fa3af96d96d06c501ffd4e513dafdedd26de1d69311f79a0be1576844d3767dd2d66f3cfa699139f55f803573517a9e68ac075a99dfff2ca35f6c86b7dcb42d46e1ec2ee083a119812423caf8b1bf6c4a5d0c7b018c334bc4d4d0ee9877424fbdd077ff12e58d32cd4a2bbdcd571b577a1dd9d8", @typed={0x8, 0x12b, 0x0, 0x0, @u32=0x3}, @generic="787bb8b9bbda3adff838e26153d055c1e7865124aa47508d9134926d88d2587fea0998410db6b008f09a7e041bf443d9149ad7edba2e1f6ec3be2f016ca5c393564c81e4813ce9105859dc64e301f605afa4c4ec729ba4bbae6816f1a42f5a74993a2cafc54e932fad794b8909e75a16b6d97ef712462c9329031f92d69c33f345abbb02ad217c"]}, @generic="1031bf4d07139a69738e9a078ffe2941c1ad5eb16175110f120360f7a3bf0366323ad5"]}, @NL802154_ATTR_WPAN_PHY_NAME={0xa, 0x2, 'bond0\x00'}, @NL802154_ATTR_IFNAME={0x14, 0x4, 'hsr0\x00'}, @NL802154_ATTR_CCA_ED_LEVEL={0x8, 0xe, 0x7}]}, 0x1a4}, 0x1, 0x0, 0x0, 0x1}, 0x88c0)
mremap$auto(0x4000, 0xfee0, 0x3fd6, 0x3, 0x0)
mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
r3 = openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000003880), 0x20000, 0x0)
ioctl$auto_BTRFS_IOC_FORGET_DEV(r3, 0x50009405, 0x0)
writev$auto(0xffffffffffffffff, 0x0, 0x4)
lsm_list_modules$auto(0x0, 0x0, 0x0)
r4 = socket(0x2, 0x801, 0x106)
getsockopt$auto(r4, 0x11c, 0x3, 0x0, 0x0)
close_range$auto(0x0, 0x5, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
ioctl$auto(r5, 0x541c, r6)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r7, 0x89fc, &(0x7f0000000040)={'bond0\x00'})
clone3$auto(0x0, 0x1000)

2m22.681328206s ago: executing program 35 (id=2128):
r0 = socket(0xa, 0x5, 0x84)
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
r1 = io_uring_setup$auto(0x6, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xaa102, 0x0)
r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000100), r1)
sendmsg$auto_NL802154_CMD_GET_SEC_DEVKEY(r0, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000340)={&(0x7f0000000140)={0x1a4, r2, 0x8, 0x70bd25, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8, 0x1d, r1}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0x8}, @NL802154_ATTR_COORDINATOR={0x24, 0x1e, 0x0, 0x1, [@nested={0x14, 0x50, 0x0, 0x1, [@generic="4a2a132cfd3bfe642e192f2f", @nested={0x4, 0x9c}]}, @typed={0xc, 0x7b, 0x0, 0x0, @u64=0x2000000000}]}, @NL802154_ATTR_SEC_LEVEL={0x133, 0x2d, 0x0, 0x1, [@nested={0x10a, 0x29, 0x0, 0x1, [@generic="e45d1b5fa3af96d96d06c501ffd4e513dafdedd26de1d69311f79a0be1576844d3767dd2d66f3cfa699139f55f803573517a9e68ac075a99dfff2ca35f6c86b7dcb42d46e1ec2ee083a119812423caf8b1bf6c4a5d0c7b018c334bc4d4d0ee9877424fbdd077ff12e58d32cd4a2bbdcd571b577a1dd9d8", @typed={0x8, 0x12b, 0x0, 0x0, @u32=0x3}, @generic="787bb8b9bbda3adff838e26153d055c1e7865124aa47508d9134926d88d2587fea0998410db6b008f09a7e041bf443d9149ad7edba2e1f6ec3be2f016ca5c393564c81e4813ce9105859dc64e301f605afa4c4ec729ba4bbae6816f1a42f5a74993a2cafc54e932fad794b8909e75a16b6d97ef712462c9329031f92d69c33f345abbb02ad217c"]}, @generic="1031bf4d07139a69738e9a078ffe2941c1ad5eb16175110f120360f7a3bf0366323ad5"]}, @NL802154_ATTR_WPAN_PHY_NAME={0xa, 0x2, 'bond0\x00'}, @NL802154_ATTR_IFNAME={0x14, 0x4, 'hsr0\x00'}, @NL802154_ATTR_CCA_ED_LEVEL={0x8, 0xe, 0x7}]}, 0x1a4}, 0x1, 0x0, 0x0, 0x1}, 0x88c0)
mremap$auto(0x4000, 0xfee0, 0x3fd6, 0x3, 0x0)
mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
r3 = openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000003880), 0x20000, 0x0)
ioctl$auto_BTRFS_IOC_FORGET_DEV(r3, 0x50009405, 0x0)
writev$auto(0xffffffffffffffff, 0x0, 0x4)
lsm_list_modules$auto(0x0, 0x0, 0x0)
r4 = socket(0x2, 0x801, 0x106)
getsockopt$auto(r4, 0x11c, 0x3, 0x0, 0x0)
close_range$auto(0x0, 0x5, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
ioctl$auto(r5, 0x541c, r6)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r7, 0x89fc, &(0x7f0000000040)={'bond0\x00'})
clone3$auto(0x0, 0x1000)

2m9.932097855s ago: executing program 2 (id=2228):
unshare$auto(0x40000080)
unshare$auto(0x3)
prctl$auto(0x3e, 0x4, 0x0, 0x1, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x37}}, 0x6e)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/ptp/ptp0/n_external_timestamps\x00', 0x8a684, 0x0)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0)
ioctl$auto_SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f00000001c0))
r2 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
r3 = syz_genetlink_get_family_id$auto_nl80211(0x0, r0)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYRES64=r2], 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x8)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x5, 0x0)
io_uring_setup$auto(0x2, 0x0)

2m8.447946802s ago: executing program 2 (id=2233):
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0)
r2 = io_uring_setup$auto(0x2007, 0x0)
ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x403c6f2b, 0x0)
mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
getrandom$auto(0x0, 0x6000000, 0x3)
remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4)
mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2)
madvise$auto(0x110c230000, 0x1, 0x9)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x35, 0x1, 0x4, 0x0, 0x0)
r3 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cpu/0/msr\x00', 0x181f82, 0x0)
mmap$auto(0x0, 0x20009, 0xe0, 0xeb1, 0xffffffffffffffff, 0x4)
write$auto(r0, &(0x7f0000000080)='-/%\'\xef#\x00', 0x8000000000000001)
readv$auto(r3, &(0x7f00000000c0)={0x0, 0x101d0}, 0x400)
sendmsg$auto_MACSEC_CMD_DEL_RXSC(r2, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, 0x0, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [@MACSEC_ATTR_OFFLOAD={0x10, 0x9, 0x0, 0x1, [@nested={0xc, 0x131, 0x0, 0x1, [@typed={0x8, 0xfb, 0x0, 0x0, @uid=0xee01}]}]}]}, 0x24}}, 0x20008002)
r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty46\x00', 0x0, 0x0)
ioctl$auto(r4, 0x560c, 0x0)
r5 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000004180), 0xffffffffffffffff)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f00000041c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010028bd7000fbdbdf25020000000800"/26, @ANYRES32=<r6=>0x0, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x40800}, 0x80)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
mmap$auto(0x0, 0x4, 0x800, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000)
sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000140)=ANY=[@ANYRES64=r5, @ANYRES32=r3, @ANYRES32=0x0, @ANYRESHEX=r6], 0xd4}}, 0x495)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0xa901, 0x0)

2m6.270943124s ago: executing program 2 (id=2248):
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nbd4\x00', 0x4f2440, 0x0)
readahead$auto(r0, 0x7ff, 0x9)
mmap$auto(0x0, 0x20009, 0x4000000000db, 0xeb1, 0x6, 0x8000)
r1 = socket(0xf, 0x5, 0xf)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r3 = prctl$auto(0x3c, 0x1, 0x0, 0x1, 0x6)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/fs/orangefs/getattr_timeout_msecs\x00', 0x8a82b6a56f18970a, 0x0)
sendfile$auto(0x2, 0x3, 0x0, 0xc3e0)
syz_genetlink_get_family_id$auto_nlbl_unlbl(&(0x7f0000000080), r3)
sendmsg$auto_NLBL_UNLABEL_C_STATICADD(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000001500)=ANY=[], 0x1094}, 0x1, 0x0, 0x0, 0x240004c1}, 0x44004)
socket(0x1d, 0x3, 0x1)
write$auto(r2, &(0x7f0000000400), 0x100000a3d9)
open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40)
execve$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
execve$auto(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
r4 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r4, 0x40603d07, 0x0)
sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xfffffdcb, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x200040c4}, 0x440c5)
flock$auto(r3, 0xfffffffe)
sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000840}, 0x2000c840)
sendmsg$auto(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300)="f804e2c3f30001000000000000ceaedb0040", 0x715f, &(0x7f0000000380)={&(0x7f00000004c0)="022d7e8a27ad3f9965553ab2300f9f830eef86f5506797f8d564b924468a4ef98fa55217ca52a7e1c5cff40a4a64ea6ffe6b47e2bdd905b11973e2009405c2b033052cd0e9b49befb020408b55b9483c709662dacf"}, 0x4, &(0x7f0000000840)="7ab6d0921c28a8fe10df9e58ffc070dd39bd285363f13028d13aaebcbe6299d1e145bf6c0000f34b90c634f645c73b0dcf42b27e5fd67b4ff4437bd4d73ef107a7097722894e3d1302e3e493e55c59cf0d2efa05a7ae454de6ac72b75e23463080a8a5cb89b22b61c1c661a362b506001d0989b4e58a4284abce11d4cd54318dbe1e9766ea8808907f7ba469f6e5f42b6b709890dc35bf22ceaf3e36b4e5c1ea9fe40408c7c328fe19967b5e8da1e9f977edc5517c28283ad2593c20e5fb7e1c83334115ca5423f5ef6ae2193503bd6d1474aabb3f5e8ae79c5ed77cba9d47ff87ef9dce720459002703fe4857162dd8073ac8fc50c328ca2d930779da8a36222bf73f2386665b4d6635678d6a918131d4e4fe911aa34d8ed84d0bab1f023df96a29fb15fe8ec6908cd9cc47c5e667f560b1301e5fbdb311872be4cd537a7b05561de760a950c0f43a46003adc3b34cf2283d1853e1a89eb2680c9fc28d8c21ed413a40ee7239687322db8f19bd2267d5abe42d408cd02006b80ea2aabe7d873cfeab7edaa00f21e4f9391becc982be9a91fe82354027db51a35322204a2e3b70a10f4cc1b88b4556f6889d13b97ef437634764f9eb21240c7cf5a06432eea5f527060118c5fa507513c9092307597b93514a0a61fa9330c279459fa9ecdd1ebabb11eadf5e33be924282eb5eb3e240dc6a1a7b9118af60ff28f3a9dfe0ab18dd497b0964363ca840db91bb59bbd677e393b8869", 0x7, 0xaa}, 0xcd)
lstat$auto(0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r5, 0x89fc, &(0x7f0000000040)={'bridge0\x00'})
mmap$auto(0x6, 0x7, 0x3, 0x19, r0, 0x40000000000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/module/netfs/uevent\x00', 0x200, 0x0)

2m4.625939276s ago: executing program 2 (id=2253):
sendmmsg$auto(0x3, 0x0, 0x2, 0x0)
setregid$auto(0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000001840), r0)
sendmsg$auto_MACSEC_CMD_UPD_TXSA(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000018c0)={0x20, r1, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@MACSEC_ATTR_SA_CONFIG={0x4}, @MACSEC_ATTR_IFINDEX={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x200480c7}, 0x80)

2m4.480487886s ago: executing program 2 (id=2255):
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/midiC2D0\x00', 0x80102, 0x0)
readv$auto(0x3, &(0x7f0000000040)={&(0x7f0000000000), 0x36a}, 0x6)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
openat$auto_proc_mounts_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000001200)='/proc/self/mounts\x00', 0x28840, 0x0)
open(&(0x7f0000000000)='}[,&*}\x00', 0x800, 0x22)
mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8003)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f00000001c0)={0x1})
mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000200)='nfsd\x00\\O\x88\xbdm\x19\xd8\xde\x97\x1cA\xc2T3\x94<\x16\x05PK\xaf\x17\x8dcc\xd0\x9a^w\xea\xc2\'h\x9e\x96\xed\xa8\xd9\xfb\x91\xae\xeb\xdc\x87\b\"\"\xfe\x14\xb7\x01\x1a\x81zt\xa7\xc4\xdf\x9fl\x01\xdb{<\xd0\xfb=\x18K\xa7\x86\xd8<\x15%GF\xcc\x94\x94\x84%\xd9\xfd\xfeo\xcc\xfb \xd7\v\x97\x8d\x1b(\x80\x8a\xed\x85\x96m\x1b)\xddLMUKn\x84\xcb\x894\x15\xa5#\xecOe\x04\xa8\x93\xefQP\xd1&\x0e\xe2X\"\x02\x9f\xaeBt;\x14c{\x8e\x13g4\x13\xa7|\xc6\xb9%\x8e\x80\xbc\xa6\xb7\xe6\x9a\x80$\x03\x05\xa3\x1c\xdf72\xb0\xf9B\xe0\r)\xf2\xab\xde\x03\xa1\xca\xcd\xd6Kr/<\x13-\xd9\xb6`\xc5\x15q\x93X\xcf-\xe7\x919\xc5e\xfa\xd5\xa9\xb6\xeaN\x04k\xb5\xbf\xa1\x89ht?T\b\xb5<\x8d\xca\xb6\x80\x90-6\xf0f\x11U\x1e\xad\xc6T\x96-\xb2C\x98\x84\xae\x90\x8fH\xe5\xd3\xdf]\xaas^\x81F\x80\x01W\xbe\xadH\x00t\v\xdc\x9c\a\x9e\x18i\t{\xbdF\x9eQj\xa04;.V\xda?o\xf7\x94>e\x98\x92\x8e\aH\xd7\xc4\xe7\x8dcV\xd3S\xb2w\xc3?\x80\x1a\xdd \xe0\x86\xc2\xda\xe1\xc6\x17I\x16\x86e\x19b\x91?\xf3]\x81\xf7i5a\xcc,8I\x92-\xa1\x02X\xdcp\xba\xde%G\x9f*_>\x00'/368, 0xf, 0x0)
lseek$auto(0x3, 0x20000, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000)
mmap$auto(0x0, 0x2020007, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x580f, 0x1, 0x80000011, 0x3, 0x0)
mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/pcmC1D0c\x00', 0x80080, 0x0)
write$auto(0x1, 0x0, 0x80000000)
preadv$auto(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x6)
newfstatat$auto(0xffffffffffffffff, 0x0, &(0x7f0000000380)={0x8, 0x6, 0x5, 0x0, 0x0, 0xee01, 0x0, 0x2000000006, 0x20000000000003, 0x0, 0x7, 0x8, 0x5, 0x1000000001, 0x4, 0x1, 0x53}, 0x1)
ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, 0x0, 0x8)
socket(0x3, 0x80000, 0x6)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
socketpair$auto(0x1, 0x2164, 0x8000000000000000, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
socket(0x11, 0x1, 0x0)
open(&(0x7f0000000100)='.\x00', 0x591002, 0x408)

2m3.113643967s ago: executing program 2 (id=2265):
mmap$auto(0x0, 0x4b6, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
r0 = socket(0xa, 0x3, 0x3a)
getsockopt$auto(r0, 0x3a, 0xce, 0x0, 0x0)

2m1.397609716s ago: executing program 7 (id=2272):
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f0000000140), 0x480, 0x0)
quotactl_fd$auto(r0, 0x1, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/fs/ext4/sda1/inode_readahead_blks\x00', 0xe0801, 0x0)
mmap$auto(0x0, 0x400008, 0x9, 0x9b72, 0x2, 0x8000)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x400, 0x0)
read$auto(r2, 0x0, 0x20)
write$auto(0x3, 0x0, 0x100082)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r4=>0x0})
sendmsg$auto_NL80211_CMD_SET_WIPHY(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)={0x24, r1, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r4}, @NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5, 0x59, 0xfd}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000023}, 0x4008098)

2m1.204323639s ago: executing program 7 (id=2273):
setdomainname$auto(0x0, 0x1f3)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000)
sendmsg$auto_NL802154_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0xf5c}, 0x1, 0x0, 0x0, 0x4044055}, 0x10)
recvmmsg$auto(r0, &(0x7f0000000180)={{0x0, 0xf240, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x50}, 0x80000}, 0x10c, 0x8, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$auto_OVS_CT_LIMIT_CMD_GET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYRESOCT=r1, @ANYRES32=r2], 0x3620}, 0x1, 0x0, 0x0, 0x20000000}, 0x14)

2m0.267054089s ago: executing program 7 (id=2276):
r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bus/usb/003/001\x00', 0x80002, 0x0)
ioctl$auto_USBDEVFS_RELEASE_PORT(r0, 0x80045519, 0x0)

2m0.112728307s ago: executing program 7 (id=2277):
r0 = openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100)
copy_file_range$auto(r0, 0x0, r1, 0x0, 0x21c3, 0x0) (async)
unshare$auto(0x40000080) (async, rerun: 32)
mmap$auto(0x0, 0x20009, 0x4400000000df, 0xc157, 0x101000000000000, 0x7) (async, rerun: 32)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async)
socketpair$auto(0x1, 0x2, 0xffffffff, 0x0) (async)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async, rerun: 32)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async, rerun: 32)
socket(0xf, 0x1, 0x6) (async)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/ram1/queue/add_random\x00', 0x1a1842, 0x0)
write$auto(r2, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x4) (async, rerun: 64)
socket(0x2, 0x1, 0x106) (async, rerun: 64)
bind$auto(0x3, &(0x7f0000000040)=@sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x6a) (async, rerun: 32)
connect$auto(0x3, &(0x7f0000000080)=@nl=@kern={0x10, 0x0, 0x0, 0x800000}, 0x54) (async, rerun: 32)
openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0)
socket(0xa, 0x5, 0x3)
ioctl$auto(0xffffffffffffffff, 0xab07, 0xffffffffffffffff) (async)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async, rerun: 32)
sendmsg$auto_NL80211_CMD_SET_COALESCE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000b00)={0x14, 0x0, 0x4, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) (async, rerun: 32)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) (async)
semctl$auto(0x8, 0x806, 0x13, 0x46)
syz_genetlink_get_family_id$auto_thermal(0x0, 0xffffffffffffffff) (async)
msgctl$auto_IPC_INFO(0x7, 0x3, &(0x7f0000000200)={{0x13b8, 0x0, 0xee01, 0x100, 0x3, 0x7fffffff, 0x3afa}, &(0x7f0000000180)=0x3, &(0x7f00000001c0)=0xa, 0x7, 0x3, 0x9, 0x4, 0x8, 0xffff, 0xfffd, 0x6498, @raw=0x71, @raw=0xa}) (async)
sendmsg$auto_THERMAL_GENL_CMD_THRESHOLD_GET(r3, 0x0, 0x4004061) (async)
setsockopt$auto(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x10002)
select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x8000001f, 0x40007, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0)
mmap$auto(0x0, 0x202000b, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)

1m58.920733192s ago: executing program 7 (id=2280):
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/midiC2D0\x00', 0x80102, 0x0)
readv$auto(0x3, &(0x7f0000000040)={&(0x7f0000000000), 0x36a}, 0x6)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
openat$auto_proc_mounts_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000001200)='/proc/self/mounts\x00', 0x28840, 0x0)
open(&(0x7f0000000000)='}[,&*}\x00', 0x800, 0x22)
mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8003)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f00000001c0)={0x1})
mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000200)='nfsd\x00\\O\x88\xbdm\x19\xd8\xde\x97\x1cA\xc2T3\x94<\x16\x05PK\xaf\x17\x8dcc\xd0\x9a^w\xea\xc2\'h\x9e\x96\xed\xa8\xd9\xfb\x91\xae\xeb\xdc\x87\b\"\"\xfe\x14\xb7\x01\x1a\x81zt\xa7\xc4\xdf\x9fl\x01\xdb{<\xd0\xfb=\x18K\xa7\x86\xd8<\x15%GF\xcc\x94\x94\x84%\xd9\xfd\xfeo\xcc\xfb \xd7\v\x97\x8d\x1b(\x80\x8a\xed\x85\x96m\x1b)\xddLMUKn\x84\xcb\x894\x15\xa5#\xecOe\x04\xa8\x93\xefQP\xd1&\x0e\xe2X\"\x02\x9f\xaeBt;\x14c{\x8e\x13g4\x13\xa7|\xc6\xb9%\x8e\x80\xbc\xa6\xb7\xe6\x9a\x80$\x03\x05\xa3\x1c\xdf72\xb0\xf9B\xe0\r)\xf2\xab\xde\x03\xa1\xca\xcd\xd6Kr/<\x13-\xd9\xb6`\xc5\x15q\x93X\xcf-\xe7\x919\xc5e\xfa\xd5\xa9\xb6\xeaN\x04k\xb5\xbf\xa1\x89ht?T\b\xb5<\x8d\xca\xb6\x80\x90-6\xf0f\x11U\x1e\xad\xc6T\x96-\xb2C\x98\x84\xae\x90\x8fH\xe5\xd3\xdf]\xaas^\x81F\x80\x01W\xbe\xadH\x00t\v\xdc\x9c\a\x9e\x18i\t{\xbdF\x9eQj\xa04;.V\xda?o\xf7\x94>e\x98\x92\x8e\aH\xd7\xc4\xe7\x8dcV\xd3S\xb2w\xc3?\x80\x1a\xdd \xe0\x86\xc2\xda\xe1\xc6\x17I\x16\x86e\x19b\x91?\xf3]\x81\xf7i5a\xcc,8I\x92-\xa1\x02X\xdcp\xba\xde%G\x9f*_>\x00'/368, 0xf, 0x0)
lseek$auto(0x3, 0x20000, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8, 0x0)

1m58.699373696s ago: executing program 7 (id=2282):
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001040)='/proc/asound/card1/pcm1c/sub7/info\x00', 0x28102, 0x0)
r0 = openat$auto_generic(0xffffffffffffff9c, &(0x7f00000032c0)='/proc/kmsg\x00', 0x80002, 0x0)
poll$auto(&(0x7f0000000040)={<r1=>r0, 0x1000, 0x1c9}, 0x2, 0x7)
read$auto_fops_atomic_t_ro_(r0, &(0x7f0000000300)=""/153, 0x99)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptyta\x00', 0x1b9b02, 0x0)
keyctl$auto_KEYCTL_REVOKE(0x3, 0xfffffffffffffffc, 0xb0e, 0x3, 0x10)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/virtual/block/ram5/queue/discard_granularity\x00', 0x0, 0x0)
mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, r3, 0x10008000)
arch_prctl$auto_ARCH_MAP_VDSO_32(0x2002, 0x3)
r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r5 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x2)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_CTRL_CMD_GETPOLICY(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYRESDEC=r7, @ANYRES16=r7, @ANYRESHEX=r7], 0x1c}, 0x1, 0x0, 0x0, 0x400c01d}, 0x0)
sendmsg$auto_MACSEC_CMD_UPD_TXSA(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYRESHEX=r2, @ANYBLOB="01002dbd7000fbdbdf250600000008", @ANYRES32, @ANYRES8=r4, @ANYBLOB="0365f3de7373d3452467c6a0ef73a0ce73d0a289b8dec402829a22a10e3cdc634de51fd1a0005441695ef6a9719f8cf39676a4a247e3f914", @ANYRES8=r5], 0x24}, 0x1, 0x0, 0x0, 0x2400c090}, 0x240048d5)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r6, &(0x7f0000000740)={&(0x7f0000000580), 0xc, &(0x7f0000000700)={&(0x7f00000003c0)=ANY=[@ANYBLOB="55e1ab", @ANYRES32=r6, @ANYBLOB="08002dbd3000ffdbdf250100000008001100f5000000"], 0x1c}, 0x1, 0x0, 0x0, 0x40001}, 0x44802)
openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/tracing/buffer_percent\x00', 0xbc102, 0x0)
r8 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/mtd0ro\x00', 0x0, 0x0)
ioctl$auto_OTPSELECT(r8, 0x80044d0d, &(0x7f00000000c0)=0x10009)
socket(0x2, 0x1, 0xffffffff)
syz_clone3(&(0x7f0000000640)={0x108000, 0x0, 0x0, 0x0, {0x3f}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r9 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0)
ioctl$auto_UI_DEV_SETUP(r9, 0x405c5503, &(0x7f00000000c0)={{0x9, 0xf2cf, 0x8, 0x80}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0xa})

1m48.964782441s ago: executing program 6 (id=2307):
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0xffffffffffffffff, 0x8000)
r0 = open(0x0, 0x22240, 0x155)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptyye\x00', 0x101142, 0x0)
write$auto(0x3, 0x0, 0xfffffdef)
ioctl$auto(0x3, 0x541a, r0)

1m48.10559s ago: executing program 6 (id=2309):
madvise$auto(0x1, 0x1, 0x15)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x1, 0x106)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
rseq$auto(0x0, 0xffffff2a, 0x4, 0x5)
sysfs$auto(0x2, 0x10000000000002a, 0x0)
r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$auto_VHOST_SET_BACKEND_FEATURES(r0, 0x4008af25, &(0x7f0000000000)=0x7)
r1 = openat$auto_fops_x16_ro_(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/x86/boot_params/version\x00', 0x1, 0x0)
mmap$auto(0x0, 0xa00006, 0x2, 0xfffffffffffffffa, r1, 0x300000000000)
openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40040, 0x0)
openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
rseq$auto(0x0, 0x6, 0x5, 0xff)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0xffffffffffffffff, 0x0, 0x7, 0x1)
write$auto(r2, &(0x7f0000000100)='\x80n\x86^/audiz\xff\x00', 0x100000a3d9)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, r2, 0x27fff)
socket(0x29, 0xa, 0x85f)
openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8df41, 0x0)
socket(0x15, 0xa, 0x5)
shmget$auto(0x8, 0x10565, 0x7ff)
shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffa)
shmctl$auto(0x2000000, 0x0, 0xfffffffffffffffd)

1m48.072060523s ago: executing program 36 (id=2265):
mmap$auto(0x0, 0x4b6, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
r0 = socket(0xa, 0x3, 0x3a)
getsockopt$auto(r0, 0x3a, 0xce, 0x0, 0x0)

1m47.061355406s ago: executing program 6 (id=2312):
set_mempolicy$auto(0x6, &(0x7f0000000000)=0x3, 0x21)
mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r0, 0x0, 0x20)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000640)='/dev/snd/controlC2\x00', 0x8080, 0x0)
personality$auto(0xb7)
write$auto(0xca, &(0x7f0000000140)='\x04>\x01\f\r\a\x00\xf6OL\xc8\xbe\x94\xf2\xa2\x00\xfbr(\x83\";\xa8\xd7\x05uXR\xa3\xb3@T\x89\x8e\xd4Q\xdd\xb80\xc7\xad\\\xf7C\xb3\x8f\r?\xb3>r\xdf\x99%\xd6S\xe3\x8b*\xe2\xbc\xc9\x8bV\xf0\xb7\xec.\xae\xe1\\s^\x96\xaa', 0x2db)
ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(r2, 0xc4c85513, 0x0)
openat$auto_regulator_summary_fops_(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x6, 0x0)
mq_open$auto(&(0x7f0000000280)='\x03\x00\x94\xdb{\xa5\x81@\xbfIqz\xf3?\xbd\xb4\vJ\xf1:+\xe3\xbc5\xf53\xac^MM\xd3\xb1Ql\xb2\x97wq\xa1\xe3', 0x60d6, 0x1, &(0x7f0000000100)={0xea28, 0x7, 0x7, 0x101})

1m45.779604094s ago: executing program 6 (id=2314):
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x9, 0xdf, 0x1000000eb1, 0x401, 0x8000)
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x8, 0xe0, 0x9b72, 0x7, 0x10000028000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0xffffffffffffffff)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0xa, 0x2, 0x73)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
socket(0x2, 0x80002, 0x73)
bind$auto(0x3, &(0x7f0000000080), 0x6b)
connect$auto(0x3, &(0x7f00000000c0), 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000)
ioctl$auto(0x3, 0xae64, 0x38)
readv$auto(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x7}, 0x8)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x4821c0, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12bc00, 0x0)
faccessat2$auto(0xffffffffffffffff, 0x0, 0x0, 0x7)
read$auto(r1, 0x0, 0x20)
r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x2d2802, 0x48)
faccessat$auto(r2, 0x0, 0x2)
r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xc44c1, 0x0)
mmap$auto(0x5b6, 0x6, 0x1002, 0x8000000000000011, 0x10006, 0x300000000006)

1m45.185865878s ago: executing program 6 (id=2315):
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/midiC2D0\x00', 0x80102, 0x0)
readv$auto(0x3, &(0x7f0000000040)={&(0x7f0000000000), 0x36a}, 0x6)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
openat$auto_proc_mounts_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000001200)='/proc/self/mounts\x00', 0x28840, 0x0)
open(&(0x7f0000000000)='}[,&*}\x00', 0x800, 0x22)
mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8003)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f00000001c0)={0x1})
mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000200)='nfsd\x00\\O\x88\xbdm\x19\xd8\xde\x97\x1cA\xc2T3\x94<\x16\x05PK\xaf\x17\x8dcc\xd0\x9a^w\xea\xc2\'h\x9e\x96\xed\xa8\xd9\xfb\x91\xae\xeb\xdc\x87\b\"\"\xfe\x14\xb7\x01\x1a\x81zt\xa7\xc4\xdf\x9fl\x01\xdb{<\xd0\xfb=\x18K\xa7\x86\xd8<\x15%GF\xcc\x94\x94\x84%\xd9\xfd\xfeo\xcc\xfb \xd7\v\x97\x8d\x1b(\x80\x8a\xed\x85\x96m\x1b)\xddLMUKn\x84\xcb\x894\x15\xa5#\xecOe\x04\xa8\x93\xefQP\xd1&\x0e\xe2X\"\x02\x9f\xaeBt;\x14c{\x8e\x13g4\x13\xa7|\xc6\xb9%\x8e\x80\xbc\xa6\xb7\xe6\x9a\x80$\x03\x05\xa3\x1c\xdf72\xb0\xf9B\xe0\r)\xf2\xab\xde\x03\xa1\xca\xcd\xd6Kr/<\x13-\xd9\xb6`\xc5\x15q\x93X\xcf-\xe7\x919\xc5e\xfa\xd5\xa9\xb6\xeaN\x04k\xb5\xbf\xa1\x89ht?T\b\xb5<\x8d\xca\xb6\x80\x90-6\xf0f\x11U\x1e\xad\xc6T\x96-\xb2C\x98\x84\xae\x90\x8fH\xe5\xd3\xdf]\xaas^\x81F\x80\x01W\xbe\xadH\x00t\v\xdc\x9c\a\x9e\x18i\t{\xbdF\x9eQj\xa04;.V\xda?o\xf7\x94>e\x98\x92\x8e\aH\xd7\xc4\xe7\x8dcV\xd3S\xb2w\xc3?\x80\x1a\xdd \xe0\x86\xc2\xda\xe1\xc6\x17I\x16\x86e\x19b\x91?\xf3]\x81\xf7i5a\xcc,8I\x92-\xa1\x02X\xdcp\xba\xde%G\x9f*_>\x00'/368, 0xf, 0x0)
lseek$auto(0x3, 0x20000, 0x1)
close_range$auto(0x2, 0x8, 0x0)

1m44.909100192s ago: executing program 6 (id=2316):
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x10, 0x2, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f000001f300), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYRES32=r2], 0x1ac}}, 0x40000)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'pimreg0\x00', <r3=>0x0})
r4 = socket(0x1d, 0x2, 0x7)
r5 = socket(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r6=>0x0})
bind$auto(r4, &(0x7f0000000000)=@can={0x1d, r6}, 0x6a)
sendmsg$auto_ETHTOOL_MSG_MODULE_GET(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f0000000380)={0xb8, r2, 0x10, 0x70bd26, 0x25dfdbfe, {}, [@ETHTOOL_A_MODULE_HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_macvtap\x00'}]}, @ETHTOOL_A_MODULE_HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x13d0}]}, @ETHTOOL_A_MODULE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}, @ETHTOOL_A_MODULE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x40}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x40000}, 0x8804)
r7 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r1)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
mbind$auto(0xf000, 0xfffffffffffffffa, 0x100002002, 0x0, 0x3cc033db, 0x2)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r9=>0x0})
sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r1, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000001d40)=ANY=[@ANYRES16=r7, @ANYBLOB="050027bd700008dbdf25100000000c00018008000100", @ANYRES32=r9, @ANYBLOB="08000a0003000000"], 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x80080)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x805, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@generic={0x1e, "4dcf03f1bd9b9034ec1645481a2e"}, 0x6a)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r10 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu0/hotplug/target\x00', 0x601, 0x0)
ioctl$auto(0x3, 0x80044584, 0x10000000000402)
r11 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r11, 0x0, 0x23)
write$auto(r10, 0x0, 0x1)
r12 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x0, 0x0)
ioctl$auto_KVM_CREATE_VM(r12, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r12)

1m44.33157759s ago: executing program 5 (id=2318):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0)
futex_waitv$auto(&(0x7f0000000300)={0x7f, 0x9, 0x2}, 0x1, 0x0, &(0x7f0000000340)={0x92, 0x6}, 0x0)
socket(0x11, 0x2, 0x9)
capset$auto(0x0, &(0x7f0000000000)={0x4, 0xa, 0x48})
socket(0x15, 0x5, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast1}, 0x6a)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
r1 = socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
close_range$auto(0x0, 0xfffffffffffff000, 0x101)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xca481, 0x0)
statmount$auto(0x0, 0x0, 0x1fe, 0x9)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4000014}, 0x40040)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r2 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x1892, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000140), 0xb, 0xa505}, 0x800}, 0x7, 0x4008)
socketpair$auto(0x0, 0x10, 0xffffffff, 0x0)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r4)
ioctl$auto_KVM_GET_MSRS(r3, 0x4008ae89, &(0x7f00000000c0)={0xfffffffe})
unshare$auto(0x40000080)
write$auto(0x3, 0x0, 0xffd8)
read$auto(r0, 0x0, 0x20)

1m43.551948894s ago: executing program 5 (id=2319):
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) (async)
lsm_get_self_attr$auto(0x2, &(0x7f00000007c0)={0x68, 0x12a3, 0x9}, &(0x7f00000008c0)=0x1ff, 0x1)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram6\x00', 0x4040, 0x0)
preadv2$auto(0x3, 0x0, 0x5, 0xffffffffffffffff, 0x7, 0x2e) (async)
write$auto_tty_fops_tty_io(r0, 0x0, 0x0)
mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) (async)
ioctl$auto(0xffffffffffffffff, 0x8912, 0x38)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000) (async)
ustat$auto(0x801, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_psample(&(0x7f0000007a40), 0xffffffffffffffff)
sendmsg$auto_PSAMPLE_CMD_GET_GROUP(r2, &(0x7f0000007b00)={0x0, 0x0, &(0x7f0000007ac0)={&(0x7f0000007a80)={0x14, r3, 0x311, 0x70bd29, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0xf0}, 0x0) (async)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
writev$auto(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x40}, 0x8) (async)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async)
madvise$auto(0x0, 0x2003f0, 0x15)
mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0xff1, 0x8000)
bpf$auto(0x5, 0x0, 0x102) (async)
getpid() (async)
r4 = syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$auto_NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="000826bd7000fddbdf250500000005000300000000"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x8800) (async)
r5 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) (async)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000164c0), 0xffffffffffffffff)
madvise$auto(0x80000001, 0x81, 0x10001) (async)
sendmsg$auto_NL80211_CMD_GET_SCAN(r6, &(0x7f00000165c0)={0x0, 0x0, &(0x7f0000016580)={&(0x7f0000000140)={0x14, r7, 0xd3ac6c422733a379, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4004000}, 0x0)
read$auto(r5, 0x0, 0xb4d3)
write$auto(0x3, 0x0, 0xffd8)

1m43.504826903s ago: executing program 37 (id=2282):
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001040)='/proc/asound/card1/pcm1c/sub7/info\x00', 0x28102, 0x0)
r0 = openat$auto_generic(0xffffffffffffff9c, &(0x7f00000032c0)='/proc/kmsg\x00', 0x80002, 0x0)
poll$auto(&(0x7f0000000040)={<r1=>r0, 0x1000, 0x1c9}, 0x2, 0x7)
read$auto_fops_atomic_t_ro_(r0, &(0x7f0000000300)=""/153, 0x99)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptyta\x00', 0x1b9b02, 0x0)
keyctl$auto_KEYCTL_REVOKE(0x3, 0xfffffffffffffffc, 0xb0e, 0x3, 0x10)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/virtual/block/ram5/queue/discard_granularity\x00', 0x0, 0x0)
mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, r3, 0x10008000)
arch_prctl$auto_ARCH_MAP_VDSO_32(0x2002, 0x3)
r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r5 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x2)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_CTRL_CMD_GETPOLICY(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYRESDEC=r7, @ANYRES16=r7, @ANYRESHEX=r7], 0x1c}, 0x1, 0x0, 0x0, 0x400c01d}, 0x0)
sendmsg$auto_MACSEC_CMD_UPD_TXSA(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYRESHEX=r2, @ANYBLOB="01002dbd7000fbdbdf250600000008", @ANYRES32, @ANYRES8=r4, @ANYBLOB="0365f3de7373d3452467c6a0ef73a0ce73d0a289b8dec402829a22a10e3cdc634de51fd1a0005441695ef6a9719f8cf39676a4a247e3f914", @ANYRES8=r5], 0x24}, 0x1, 0x0, 0x0, 0x2400c090}, 0x240048d5)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r6, &(0x7f0000000740)={&(0x7f0000000580), 0xc, &(0x7f0000000700)={&(0x7f00000003c0)=ANY=[@ANYBLOB="55e1ab", @ANYRES32=r6, @ANYBLOB="08002dbd3000ffdbdf250100000008001100f5000000"], 0x1c}, 0x1, 0x0, 0x0, 0x40001}, 0x44802)
openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/tracing/buffer_percent\x00', 0xbc102, 0x0)
r8 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/mtd0ro\x00', 0x0, 0x0)
ioctl$auto_OTPSELECT(r8, 0x80044d0d, &(0x7f00000000c0)=0x10009)
socket(0x2, 0x1, 0xffffffff)
syz_clone3(&(0x7f0000000640)={0x108000, 0x0, 0x0, 0x0, {0x3f}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r9 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0)
ioctl$auto_UI_DEV_SETUP(r9, 0x405c5503, &(0x7f00000000c0)={{0x9, 0xf2cf, 0x8, 0x80}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0xa})

1m42.367137266s ago: executing program 5 (id=2321):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x4)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/clocksource/clocksource0/current_clocksource\x00', 0x8502, 0x0)
write$auto(r0, &(0x7f0000000100)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C', 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x800)
bpf$auto(0x4, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xabf, 0x2, 0x36242398, 0xfffff5ae, 0x3bb, 0x8000007, 0xffff, 0x6, 0x81, 0x6819a}, 0x6f3)
rt_tgsigqueueinfo$auto(0x3, 0x96, 0x3, &(0x7f0000000180)={@siginfo_0_0={0x80000000, 0x7, 0x8000, @_kill={0xffffffffffffffff}}})
sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc2}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x2, 0x0)

1m42.120773356s ago: executing program 5 (id=2322):
mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x96141, 0x0)
r0 = socket(0x1b, 0x3, 0x76)
madvise$auto(0x0, 0x2000040080000003, 0xe)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
write$auto(r1, &(0x7f0000000040)='//\xf2\x00', 0x80000000)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000200), r0)
getsockopt$auto_SO_RCVPRIORITY(r0, 0x2, 0x52, 0x0, &(0x7f0000000240)=0x7)
openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x121900, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000600), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_IOAM6_CMD_DEL_NAMESPACE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="09002cbd0000000600010081800000"], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x808)
r5 = socket(0x2, 0x801, 0x106)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
getsockopt$auto(r5, 0x11c, 0x2, 0x0, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000001c0), r0)
r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card2/midi0\x00', 0x121040, 0x0)
pread64$auto(r6, &(0x7f0000000380)='\x00\x00\x00\x8f\xde\xa4\a\'\x9b\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{o2?\x0f\x11\x90^\xdf/\x84\x99!*\xe3\x99\x96x\xd4\xa5D\xfa\xe5\xf9od^\xa6\x00\x00\x00\x00\x00\x00\x00\x0e\x87\xfa>\xbeaDs\xce,\xcfz\x89\xbc\xae\xcf\x83c\x1c\x90\xda\xbf\xad\xe0\xd6\xec-\x05\xcb\xee\x9f\xd2\xfat\x9a\xb65dFH\xa6\xbd[\xd2Ff\x7f?E\x9f(8\x88\x88\xeb\xcea\xea\x10\xc8\xf12-\x9c\xcd`\xb7WH\xa5\xccj\xc0\x03p>\xdd\xce\xaf_G9\x84L\r\x9e^>\x06\xca\xec', 0x2, 0x5)
socket$nl_generic(0x10, 0x3, 0x10)
read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0)
prctl$auto(0x23, 0x8, 0x2008, 0x0, 0x0)

1m41.030483424s ago: executing program 5 (id=2323):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84)
close_range$auto(0x2, 0x8000, 0x0)
r1 = socket(0xa, 0x2, 0x88)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'vcan0\x00', <r3=>0x0})
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r3, r2, 0x4, 0x1ff, r1, @relative_id=0x13, 0xe600}, 0xf)
bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0xff010000, 0x3}, 0xc)

1m40.758799402s ago: executing program 5 (id=2324):
r0 = socket(0x1b, 0x3, 0x76)
madvise$auto(0x0, 0x2000040080000004, 0xe)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
write$auto(r1, &(0x7f0000000040)='//\xf2\x00', 0x80000000)
getsockopt$auto_SO_RCVPRIORITY(r0, 0x2, 0x52, 0x0, &(0x7f0000000240)=0x7)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_LISTENER_SET(r3, &(0x7f0000005380)={0x0, 0x1e5c, &(0x7f0000005340)={&(0x7f0000000180)={0x28, r4, 0x1, 0x870bd2b, 0x25dfdbfc, {}, [@NFSD_A_SERVER_SOCK_ADDR={0x14, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_TRANSPORT_NAME={0x9, 0x2, 'nfsd\x00'}, @NFSD_A_SOCK_ADDR={0x4}]}]}, 0x28}, 0x1, 0x0, 0x0, 0xc000}, 0x20000000)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0x10, 0x2, 0x0)
sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0500000089b90000df254a93391e1c"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004090)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
recvmmsg$auto(r5, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0x100000000cb}, 0x3, 0x0, 0x80000000, 0x80000000}, 0x9}, 0x7, 0x6, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000)
r6 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x20000000)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0)
readv$auto(0x3, 0x0, 0x1)
sendmsg$auto_NL80211_CMD_GET_WOWLAN(r3, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000029bd7000fcdbdf25490000000c005800080000000000000034008180050001000700000005000100020000000500010007ffff0005000100ad000000050002000300000005000200650000004bdaa088a124877d7a1d49d19647e4cf993b124dd1e9531d7433e8bdeb53c208e8405087831da9b518ed63ace52a05f88a"], 0x54}, 0x1, 0x0, 0x0, 0x10}, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000001c0), r0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)

1m29.862304753s ago: executing program 38 (id=2316):
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x10, 0x2, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f000001f300), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYRES32=r2], 0x1ac}}, 0x40000)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'pimreg0\x00', <r3=>0x0})
r4 = socket(0x1d, 0x2, 0x7)
r5 = socket(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r6=>0x0})
bind$auto(r4, &(0x7f0000000000)=@can={0x1d, r6}, 0x6a)
sendmsg$auto_ETHTOOL_MSG_MODULE_GET(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f0000000380)={0xb8, r2, 0x10, 0x70bd26, 0x25dfdbfe, {}, [@ETHTOOL_A_MODULE_HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_macvtap\x00'}]}, @ETHTOOL_A_MODULE_HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x13d0}]}, @ETHTOOL_A_MODULE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}, @ETHTOOL_A_MODULE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x40}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x40000}, 0x8804)
r7 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r1)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
mbind$auto(0xf000, 0xfffffffffffffffa, 0x100002002, 0x0, 0x3cc033db, 0x2)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r9=>0x0})
sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r1, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000001d40)=ANY=[@ANYRES16=r7, @ANYBLOB="050027bd700008dbdf25100000000c00018008000100", @ANYRES32=r9, @ANYBLOB="08000a0003000000"], 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x80080)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x805, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@generic={0x1e, "4dcf03f1bd9b9034ec1645481a2e"}, 0x6a)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r10 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu0/hotplug/target\x00', 0x601, 0x0)
ioctl$auto(0x3, 0x80044584, 0x10000000000402)
r11 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r11, 0x0, 0x23)
write$auto(r10, 0x0, 0x1)
r12 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x0, 0x0)
ioctl$auto_KVM_CREATE_VM(r12, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r12)

1m25.672313707s ago: executing program 39 (id=2324):
r0 = socket(0x1b, 0x3, 0x76)
madvise$auto(0x0, 0x2000040080000004, 0xe)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
write$auto(r1, &(0x7f0000000040)='//\xf2\x00', 0x80000000)
getsockopt$auto_SO_RCVPRIORITY(r0, 0x2, 0x52, 0x0, &(0x7f0000000240)=0x7)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_LISTENER_SET(r3, &(0x7f0000005380)={0x0, 0x1e5c, &(0x7f0000005340)={&(0x7f0000000180)={0x28, r4, 0x1, 0x870bd2b, 0x25dfdbfc, {}, [@NFSD_A_SERVER_SOCK_ADDR={0x14, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_TRANSPORT_NAME={0x9, 0x2, 'nfsd\x00'}, @NFSD_A_SOCK_ADDR={0x4}]}]}, 0x28}, 0x1, 0x0, 0x0, 0xc000}, 0x20000000)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0x10, 0x2, 0x0)
sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0500000089b90000df254a93391e1c"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004090)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
recvmmsg$auto(r5, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0x100000000cb}, 0x3, 0x0, 0x80000000, 0x80000000}, 0x9}, 0x7, 0x6, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000)
r6 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x20000000)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0)
readv$auto(0x3, 0x0, 0x1)
sendmsg$auto_NL80211_CMD_GET_WOWLAN(r3, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000029bd7000fcdbdf25490000000c005800080000000000000034008180050001000700000005000100020000000500010007ffff0005000100ad000000050002000300000005000200650000004bdaa088a124877d7a1d49d19647e4cf993b124dd1e9531d7433e8bdeb53c208e8405087831da9b518ed63ace52a05f88a"], 0x54}, 0x1, 0x0, 0x0, 0x10}, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000001c0), r0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)

42.036230561s ago: executing program 8 (id=2463):
tgkill$auto(0x1, 0x1, 0x5)
mmap$auto(0x0, 0x20009, 0x4000000000db, 0xeb1, 0x400, 0x8000)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x78, 0x0, 0x1b, 0x70bd26, 0x5dfdbfd, {}, [@OVS_PACKET_ATTR_ACTIONS={0x5d, 0x3, 0x0, 0x1, [@nested={0x4, 0x11}, @generic="9c887a6de138be204ad2b7b442189f2566cfc5c6e0a8ec5ca68962505c82f5345d9123db93896cf8dbcfde3a3d330ff8afe67ae02677518657098fa7ca0362c41ee083708cd367214fbe25af55be9a7fcde6ecb617"]}, @OVS_PACKET_ATTR_ACTIONS={0x4}]}, 0x78}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800)
socket(0x10, 0x2, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x28102, 0x0)
r0 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_TIPC_NL_LINK_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000051c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1800000072bb24e4052dbbe48f2cb2eed8b41dea46fdca121229cc951ddd0818ce29b6aaf55cb0e74da2634836775a12a1f3acd622949a686ff5c4f643b45aeb14778dcb3d5c556130ea82ef058bc434a7d5dda330b86aa6b45b2f0085f438487e092aba58d203f42c34cfafda12676f64a15bda847c4db17e7e87469a8018dd9ee5172c3741d4d2c41a29", @ANYRES16=r0, @ANYBLOB="010326bd7000fedbdf250800000004000480"], 0x18}, 0x1, 0x0, 0x0, 0x24000874}, 0x8c0)
adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0x20000000000000d4, 0x1, 0x6, 0x0, 0x7, 0x368a, 0x2, {0x100000000, 0x10000}, 0x5, 0x8, 0xfffffffffffffffd, 0x1007fff, 0x0, 0x8, 0x81, 0xdfffffffffff628e, 0x6, 0xdeb1, 0x808})
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0)
write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3db)
mmap$auto(0x0, 0x10000, 0xffb, 0x8000000008011, 0x3, 0x8000)
r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0)
ioctl$auto(r3, 0x5453, r3)
getrandom$auto(0x0, 0x8, 0x7)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd7\x00', 0x80000, 0x0)
syz_genetlink_get_family_id$auto_nbd(0x0, 0xffffffffffffffff)
sendmsg$auto_NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000001e00)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x8880)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/tty/ptyab/power/autosuspend_delay_ms\x00', 0xc2082, 0x0)
write$auto(r4, &(0x7f00000004c0)='N\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x7ff)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80840, 0x0)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0)
kexec_load$auto(0xff, 0x2, &(0x7f0000000080)={@kbuf=0x0, 0x2, 0x8000, 0x3000}, 0x4)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x803, 0x0)
ioctl$auto_IOCTL_VMCI_QUEUEPAIR_SETVA(0xffffffffffffffff, 0x7a4, 0x0)
socket(0x10, 0x2, 0xc)
syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)

41.293524161s ago: executing program 8 (id=2467):
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop7\x00', 0x10f602, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x40040, 0x0)
openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000000), 0x48001, 0x0)
r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x256302, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket(0x10, 0x2, 0x4)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0xc)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r0, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082)
write$auto(r2, &(0x7f0000000000)='-\x00', 0xff)
r3 = userfaultfd$auto(0xf)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x5, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
r4 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bus/usb/036/001\x00', 0x80a001, 0x0)
ioctl$auto(r4, 0x8004550f, 0xf15)
setsockopt$auto(0x4, 0x0, 0x485, 0xfffffffffffffffe, 0x0)
ioctl$auto_TCSBRKP(r3, 0x5425, &(0x7f0000000000)="4070179921da7228ce5157f25cf1c7cf5c3a8e6d88bdf9fccc0744aa6f2e9c91e0dd54a28441711f85484eae2aba0b6c654a42fc0aa0bff163214003ba89f0ac950a48c8d6bfc389bd41cf9d6c0e75b95d4f5634e81ef4f78e90f4b077cc204bd21d1dcfba28a885c522e031f0447bf880381cad57cdf4a244f9e9adaa8add347638d824325c7c245d28c50d2e398a030a188621cb7f368c")
r5 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x2400c0, 0x0)
r6 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$auto_TCP_METRICS_CMD_DEL(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6], 0x28}, 0x1, 0x0, 0x0, 0x4000080}, 0xd0)

40.844694698s ago: executing program 8 (id=2468):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x83, 0x2020009, 0x8, 0xebf, 0xfffffffffffffffa, 0x2)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0)
ioctl$auto(0x3, 0x4020565a, 0x38)
openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binderfs/binder0\x00', 0x800, 0x0)
socket(0xa, 0x1, 0x100)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
socket(0x1e, 0x1, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x101, 0x0)
r2 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x10303f, 0x0)
ioctl$auto_SNAPSHOT_ATOMIC_RESTORE(r2, 0x3304, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3739aae3, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xd, 0x1, 0x948b, 0x1, 0x15f4da0a, 0x1, 0xffffffffd09d8d67, 0x62, 0x80000023, 0x7, 0x6d3e, 0x9, 0x2, 0x2]}, 0x0)
close_range$auto(0x2, 0xa, 0x0)
socket(0x2, 0x80002, 0x73)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
r3 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000140), r0)
socket(0xa, 0x1, 0x0)
mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000)
setsockopt$auto(0x400000000000003, 0x29, 0x2c, 0x0, 0x56b)
sendmsg$auto_IPVS_CMD_SET_CONFIG(r0, &(0x7f0000002a80)={0x0, 0x0, &(0x7f0000002a40)={&(0x7f0000000180)={0x1c, r3, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7f}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20040000}, 0x80)

39.456151898s ago: executing program 8 (id=2472):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_hsr(&(0x7f0000000180), r0)
sendmsg$auto_HSR_C_GET_NODE_LIST(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)={0x1c, r1, 0x1, 0x70bda6, 0x25dfdbfd, {}, [@HSR_A_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x3000000000000, 0x0, 0x20000080}, 0x20000800)

39.294433918s ago: executing program 8 (id=2473):
sendmmsg$auto(0x3, 0x0, 0x2, 0x0)
setregid$auto(0xffffffffffffffff, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x8, 0x20009, 0x8, 0xeb1, 0x7f, 0x8000)
rseq$auto(0x0, 0xfffffff5, 0x0, 0x5)
mmap$auto(0x0, 0x40009, 0x7, 0x13, 0xffffffffffffffff, 0x828000)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000000), 0x58a42, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP0_STALL(r0, 0x550c, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000001)
sendto$auto(0x3, 0x0, 0x2000f, 0x0, 0x0, 0x1c)
sendmsg$auto_NL802154_CMD_DEL_SEC_LEVEL(0xffffffffffffffff, 0x0, 0x8000800)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
r1 = openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000001580)='/sys/kernel/debug/tracing/events/vmalloc/enable\x00', 0x204, 0x1a00)
r2 = openat$auto_show_traces_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/available_tracers\x00', 0x40000, 0x0)
read$auto_show_traces_fops_trace(r2, &(0x7f0000000640)=""/188, 0xbc)
read$auto(r1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
socket(0x2, 0x5, 0x0)
accept$auto(0x3, 0xffffffffffffffff, 0xffffffffffffffff)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
listmount$auto(0x0, 0x0, 0xf4240, 0x1)
openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x60040, 0x0)
openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001)
mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x1000005, 0x0)
close_range$auto(0x2, 0x8, 0x0)

38.296064658s ago: executing program 8 (id=2477):
mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x7fff)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x42, 0x20)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r1 = semctl$auto(0x80001ff, 0x804, 0x13, 0x4)
keyctl$auto(0x1, 0x7, 0x100, 0x8, 0x4)
keyctl$auto(0x1, 0x7, 0x100, 0x8, 0x4)
close_range$auto(0x2, 0x8000, 0x0)
r2 = socket(0xa, 0x3, 0x88)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$auto(0x0, &(0x7f0000000000)=@link_update={0xa, @new_prog_fd=<r3=>0x77, 0xa, @old_map_fd=r2}, 0x10)
bpf$auto(0x2, &(0x7f00000001c0)=@bpf_attr_1={r3, 0x3, @next_key=0x1, 0x7}, 0xc)
r4 = bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0x10c)
r5 = open_tree$auto(r0, 0x0, 0x1001)
r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/net/bond0/bonding/ad_actor_sys_prio\x00', 0x942, 0x0)
r7 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000640)='/dev/v4l-touch2\x00', 0x608400, 0x0)
r8 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000600)='/sys/devices/virtual/net/rose10/dormant\x00', 0x2, 0x0)
openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000740), 0x800, 0x0)
write$auto(r6, &(0x7f0000000100)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C\x00\x00\x00\x00\x00\x00\x00\x00', 0x4)
close_range$auto(0x2, 0x8, 0x0)
bpf$auto_BPF_LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000680)=@bpf_attr_4={0x0, r8, 0xaa6c, <r9=>r4}, 0x9)
ioctl$auto(r9, 0x8, r7)
r10 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r5)
sendmsg$auto_NL80211_CMD_STOP_P2P_DEVICE(r5, &(0x7f00000005c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)={0x348, r10, 0x200, 0x70bd2d, 0x25dfdbfb, {}, [@NL80211_ATTR_BEACON_HEAD={0x1a2, 0xe, "17070bf2fdac7df78fe413a2837373f77cf854dab4af46e619273b9e6eefeffbd0581f6545eaf3dd6889e080a00b369aad68746cee2550ecae1a6836c7b104cc5d538df3457c87be4a1c78d03925ddbb3e7ed13274cbe169976647e3474c18f0425a285a1a416e7283746bf06a5858a5314830ed7fac7fe8c61d5a686011781cb9881e76737c71cc912cd287160d2d757eb80083f0b2fd5eb675db2aa15140f90006811916a59a0aba20f60185350896e84ca8c9a3936cbfd315cdd3b97d5224a97d6dd287274f3af8a6c5790abdc08387a0482a179a25bf53b7a2a02b652097b929b39012aa954dbb5b0692d701d58391645645789586d3a44371e0d8073951b943f85fe366c7af0aab14f8ba558e57e88868ddd576622d8db4ff5e4083a151542884323f73d96f7d5c655693fd0c56cd0ba229922c00e5e190dff62db488db99ecf076e5f145a3f7c1afe9670243e2f0080365bf68adb954674999f1722933defe2620f9b3e409d61996445549f8d46c2ac43638a8b11a5a8294e14917f74108bd327f5866310cd25665c2af6d7844fa04c3030f03a3869a1d284f42db"}, @NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_MAC_ADDRS={0x182, 0xa6, 0x0, 0x1, [@generic="3fa6ab90df44527465d375a76414afcbb6e8fb779bffc0074550af76c38ff6b390089f03d5949314c5eb3a81669ae1148445d73f47249f5022dbb7d6686937f9cd43a021dc27eedf5e98a7ee2a15b0b1e9e4", @nested={0x20, 0x4a, 0x0, 0x1, [@nested={0x4, 0xe2}, @typed={0x4, 0xac}, @typed={0x8, 0x16, 0x0, 0x0, @pid=r1}, @typed={0xc, 0x98, 0x0, 0x0, @u64=0x9e20}]}, @nested={0x10b, 0x12b, 0x0, 0x1, [@generic="66921ca6d09da26c4d2379f2a65beafbfb01123d603c9d6809cd0c656aa62b32d9dacf409afd3011b805344444c82c8b900a202b8519a43a0335ed80b2a5aa7d2921a5a952e0263b8c2d74b339d59888f7087f96c1eea213ee617420974f04534d5a16b87cf287", @typed={0x97, 0x6d, 0x0, 0x0, @binary="e3d757e912547e07245c1a43a7897f6d862e16cdd12bf0072cadc128224b081085917c6654edb0ef42f9c49040cb14524e80912db2920a8939c643a7a3f63e94796853c8e42c9be5ba80cd22a035dbb0053a8ea717fa474e66cf6d6ee95e0282233ff33a00a8a8161c6c739d9a2674356d6d40a540545324ece3a1073afbf95403b5f03c94faa959485e62b1f1de9900b12168"}, @nested={0x4, 0x3b}, @nested={0x4, 0x112}]}]}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x2}]}, 0x348}, 0x1, 0x0, 0x0, 0x4040000}, 0x20008084)

23.167942796s ago: executing program 40 (id=2477):
mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x7fff)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x42, 0x20)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r1 = semctl$auto(0x80001ff, 0x804, 0x13, 0x4)
keyctl$auto(0x1, 0x7, 0x100, 0x8, 0x4)
keyctl$auto(0x1, 0x7, 0x100, 0x8, 0x4)
close_range$auto(0x2, 0x8000, 0x0)
r2 = socket(0xa, 0x3, 0x88)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$auto(0x0, &(0x7f0000000000)=@link_update={0xa, @new_prog_fd=<r3=>0x77, 0xa, @old_map_fd=r2}, 0x10)
bpf$auto(0x2, &(0x7f00000001c0)=@bpf_attr_1={r3, 0x3, @next_key=0x1, 0x7}, 0xc)
r4 = bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0x10c)
r5 = open_tree$auto(r0, 0x0, 0x1001)
r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/net/bond0/bonding/ad_actor_sys_prio\x00', 0x942, 0x0)
r7 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000640)='/dev/v4l-touch2\x00', 0x608400, 0x0)
r8 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000600)='/sys/devices/virtual/net/rose10/dormant\x00', 0x2, 0x0)
openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000740), 0x800, 0x0)
write$auto(r6, &(0x7f0000000100)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C\x00\x00\x00\x00\x00\x00\x00\x00', 0x4)
close_range$auto(0x2, 0x8, 0x0)
bpf$auto_BPF_LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000680)=@bpf_attr_4={0x0, r8, 0xaa6c, <r9=>r4}, 0x9)
ioctl$auto(r9, 0x8, r7)
r10 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r5)
sendmsg$auto_NL80211_CMD_STOP_P2P_DEVICE(r5, &(0x7f00000005c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)={0x348, r10, 0x200, 0x70bd2d, 0x25dfdbfb, {}, [@NL80211_ATTR_BEACON_HEAD={0x1a2, 0xe, "17070bf2fdac7df78fe413a2837373f77cf854dab4af46e619273b9e6eefeffbd0581f6545eaf3dd6889e080a00b369aad68746cee2550ecae1a6836c7b104cc5d538df3457c87be4a1c78d03925ddbb3e7ed13274cbe169976647e3474c18f0425a285a1a416e7283746bf06a5858a5314830ed7fac7fe8c61d5a686011781cb9881e76737c71cc912cd287160d2d757eb80083f0b2fd5eb675db2aa15140f90006811916a59a0aba20f60185350896e84ca8c9a3936cbfd315cdd3b97d5224a97d6dd287274f3af8a6c5790abdc08387a0482a179a25bf53b7a2a02b652097b929b39012aa954dbb5b0692d701d58391645645789586d3a44371e0d8073951b943f85fe366c7af0aab14f8ba558e57e88868ddd576622d8db4ff5e4083a151542884323f73d96f7d5c655693fd0c56cd0ba229922c00e5e190dff62db488db99ecf076e5f145a3f7c1afe9670243e2f0080365bf68adb954674999f1722933defe2620f9b3e409d61996445549f8d46c2ac43638a8b11a5a8294e14917f74108bd327f5866310cd25665c2af6d7844fa04c3030f03a3869a1d284f42db"}, @NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_MAC_ADDRS={0x182, 0xa6, 0x0, 0x1, [@generic="3fa6ab90df44527465d375a76414afcbb6e8fb779bffc0074550af76c38ff6b390089f03d5949314c5eb3a81669ae1148445d73f47249f5022dbb7d6686937f9cd43a021dc27eedf5e98a7ee2a15b0b1e9e4", @nested={0x20, 0x4a, 0x0, 0x1, [@nested={0x4, 0xe2}, @typed={0x4, 0xac}, @typed={0x8, 0x16, 0x0, 0x0, @pid=r1}, @typed={0xc, 0x98, 0x0, 0x0, @u64=0x9e20}]}, @nested={0x10b, 0x12b, 0x0, 0x1, [@generic="66921ca6d09da26c4d2379f2a65beafbfb01123d603c9d6809cd0c656aa62b32d9dacf409afd3011b805344444c82c8b900a202b8519a43a0335ed80b2a5aa7d2921a5a952e0263b8c2d74b339d59888f7087f96c1eea213ee617420974f04534d5a16b87cf287", @typed={0x97, 0x6d, 0x0, 0x0, @binary="e3d757e912547e07245c1a43a7897f6d862e16cdd12bf0072cadc128224b081085917c6654edb0ef42f9c49040cb14524e80912db2920a8939c643a7a3f63e94796853c8e42c9be5ba80cd22a035dbb0053a8ea717fa474e66cf6d6ee95e0282233ff33a00a8a8161c6c739d9a2674356d6d40a540545324ece3a1073afbf95403b5f03c94faa959485e62b1f1de9900b12168"}, @nested={0x4, 0x3b}, @nested={0x4, 0x112}]}]}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x2}]}, 0x348}, 0x1, 0x0, 0x0, 0x4040000}, 0x20008084)

13.977110536s ago: executing program 0 (id=2534):
syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff)
mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000)
mlockall$auto(0x7)
openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, 0x0, 0x80100, 0x0)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0)
write$auto_fuse_dev_operations_fuse_i(0xffffffffffffffff, &(0x7f0000000440)="110000000500000000", 0x9)
ioctl$auto_TCFLSH2(0xffffffffffffffff, 0x540b, 0xfffffffffffffffd)
socket(0xf, 0x3, 0x2)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
r1 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r1, 0x2, 0x0)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
r3 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
pipe$auto(0x0)
r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x22082, 0x0)
ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r4, 0xc4c85512, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x4010ae68, r5)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x8, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x6, 0xfff, 0x3, 0x8000001f, 0x2, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0)
fsopen$auto(0x0, 0x1)
close_range$auto(0x2, 0x8, 0x0)
keyctl$auto(0x8, 0xfffffffffffffffd, 0xffffffffffffffff, 0x5092, 0x4ec)
mmap$auto(0x0, 0x4, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x1, 0x106)
socket(0x2, 0x1, 0x84)

12.229332849s ago: executing program 0 (id=2540):
mmap$auto(0x8, 0x400008, 0xdf, 0x9b72, 0x2, 0x7fff)
io_uring_setup$auto(0x0, &(0x7f0000000240)={0x5, 0xbe, 0xffffffff, 0x8, 0x53, 0x2, <r0=>0xffffffffffffffff, [0x449, 0x7, 0x1], {0x5, 0x2, 0x800201, 0x7f, 0x40, 0x8000000, 0x5530, 0x4401, 0xfd}, {0x5, 0x23, 0x805, 0x6, 0x400, 0x101, 0x3, 0x101, 0x100000040}})
pwrite64$auto(0xc8, &(0x7f00000003c0)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5OJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\xd7\xab\xb1\xa2\xb3\x00'/236, 0x2000000fdf2, 0x3a)
mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000)
r1 = io_uring_setup$auto(0x6, 0x0)
r2 = socket(0xa, 0x4, 0x84)
getsockopt$auto(r2, 0x84, 0x2, 0x0, 0x0)
lsm_list_modules$auto(0x0, 0x0, 0x0)
socket(0x2, 0x801, 0x106)
openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x280, 0x0)
unshare$auto(0x40000080)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x752502, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x309502, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r3 = io_uring_setup$auto(0x4, 0x0)
close_range$auto(0x2, r3, 0x0)
arch_prctl$auto_ARCH_MAP_VDSO_32(0x2002, 0x3)
mmap$auto(0x0, 0x200000a, 0xf14, 0xeb1, 0xfffffffffffffffa, 0x8000)
r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/midi2\x00', 0x169142, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
close_range$auto(0x2, 0x8, 0x0)
socket(0x1a, 0x1, 0x106)
socket(0x2, 0x1, 0x0)
shutdown$auto(0x200000003, 0x2)
read$auto_proc_iter_file_ops_compat_inode(r0, 0x0, 0x0)
recvmmsg$auto(r1, 0x0, 0x0, 0x0, 0x0)

8.866235567s ago: executing program 1 (id=2548):
mmap$auto(0x0, 0x8000, 0x3, 0xeb1, 0xfffffffffffffffa, 0x10000000008000)
r0 = ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000140)=0x2)
r1 = syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f00000001c0), 0xffffffffffffffff)
r2 = openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/tracing/buffer_percent\x00', 0x0, 0x0)
r3 = setfsuid$auto(0x0)
shmctl$auto_IPC_RMID(0xf03, 0x0, &(0x7f0000000180)={{0x49, <r4=>0x0, <r5=>0xee00, 0x3, 0x5, 0xe, 0xffff}, 0x7, 0x1, 0x98, 0x4, @raw=0x200, @inferred=0xffffffffffffffff, 0xc, 0x0, &(0x7f00000000c0)="ba4b2f1dfeecb813e654ba5721792c65b9595deca81c25532b99492efe854e99eddca6a0218bd5400355a441a09d23cb3365dd3e4fb3127bfaaa975008e3273024b40e2eef1a8ab9d827d0651d24ff0c19a70c0d7001b1a1eb67652445660c9852d5f5525c43b7124dfb98acc58b7bda20665f3c0fee2ff9bd12f9a0816ccb348d03b1", &(0x7f0000000040)="e7be5c19a2c04de5c5d43d1737f90b856880f1b08c0a4697bed9f1f4b7691afdbc92c300b1dde04d44715bc17d6164aa2f1503"})
keyctl$auto_KEY_SPEC_REQKEY_AUTH_KEY(0x80, r3, r4, r5, 0xfffffffffffffff9)
r6 = gettid()
sendmsg$auto_OVS_METER_CMD_SET(r0, &(0x7f00000008c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000880)={&(0x7f0000000900)={0x608, r1, 0x300, 0x70bd2c, 0x25dfdbfb, {}, [@OVS_METER_ATTR_STATS={0x14, 0x3, {0x1, 0xf}}, @OVS_METER_ATTR_USED={0xc, 0x5, 0x80}, @OVS_METER_ATTR_ID={0x8}, @OVS_METER_ATTR_BANDS={0x5cc, 0x4, 0x0, 0x1, [@generic="56d06c0aee35437751581f86f03d078874558d5dd60429eeff1d92a3f804607a45e4d04eab730016c52118e54263aba3330504ea558619d4aeba650a68750413343608026c70104de5d48afd3145be0711cdcc1a94cdfcc18cdc9b53c98035667aa7624d5c479044d4935da0f0304a1fcaff744d8a3ff6ca719e265c029e670bb109ef6df30a024a5d5b9d33dc22d211ae0b557cc4d03759e36cf4179dbcb8cb3540c6d356675ae37e547fb5b82c1b0ab6dd465330f0eb78bb8d79f2d7edc2652744b227e497f296382afc7059a15e4c2eb092fb304963ad99ea1b92346454436c4cd9b12552ee7ad01d89", @generic="add51d35d94042dc216c78e5ed6e88c5f030a318aeccd74f159600b125a4d95d69a98697ed52c7cc08af1ea83fec7877735b54814b1ef6e64a52dd6c68da74c0d67262171039dd", @generic="4abf91faa9f450b805af4eda43f3eefa230d5c9be895f1e4622e7d3c412c6ddd8e7165fe", @nested={0xa0, 0xc4, 0x0, 0x1, [@nested={0x4, 0x5}, @nested={0x4, 0x11}, @typed={0x8, 0x11b, 0x0, 0x0, @u32=0x10000}, @nested={0x4, 0x13}, @generic="d56577de14b4a1acfbe8571cd4c77d7d6d49ef8c0d49061177364702c2c4433c0b6bf3a2089b74b8bef27c141d3126c2d402ebe80ca6895fdc660627d15fb0b4a9b836031e22649d78fc3082d89849bb42ed4a3747edca0ac9831b1efb4276e15ae8809ff9a6f77e4d376233510e4b7dcf3350325b6af61c16241e2726e15d4c59518c7a", @nested={0x4, 0x5}]}, @generic="a4560d98f02de81bd3617a0e93ca137dc686225b6dea14e76a965065e637dedd75a99c3c412383aa6875309082377edb69d25dc0483874dfdf841e7ed87593ad91c1d1feedd20ce9c0d19334ee043cb1ef92a42f9b8f5c4ebe140802153344ecd5f6aff2fbe339326bda869c7264e0aae480297f10d4958b44c8a267096fe2742fe790cc37038fd4dd439e862f31efb8ed39177c209d89db99f1f770765c180daea8eec6f4e8842e7e0c975eff1d2dcaae9b2da9809bf5cd213c90450b00835489de44da498dc968dc1d4fa08d3b68910d950a3ed1a55df20de87f8044823e60b1a9883da5563d5358a8d86c662d552e7ca4", @generic="e3f75e3a40b94e682a3764c21089ea4a0694e968e48831ae93d580fd5a3353ec211ed3938eeff4016bb8d5e2eecad5825181077ea2c14cd63fd83c2aa35a2e38726de658025f4b22b79bd31ed61e37716e8a635ab0a1a7f2092dd777a758883bbc9f9325c01dd3e01ab5525d14dc64c09638509f7619b850f07737dad01abc4e97cbcf234f3db519afa50d18c10e9ae50fc9227cbf86beac00d99d5e05feaab0", @nested={0x4a, 0xcf, 0x0, 0x1, [@nested={0x4, 0x141}, @generic="8cba46b9ec359ae2c9e2dc0d5cfaf80a01a279399ea04e2b3ae1", @typed={0x8, 0xaa, 0x0, 0x0, @fd=r2}, @nested={0x4, 0x37}, @typed={0x8, 0x1b, 0x0, 0x0, @uid=r3}, @typed={0xc, 0xf5, 0x0, 0x0, @u64=0xbb65}, @typed={0x8, 0x2d, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x32}}]}, @nested={0x1f1, 0x90, 0x0, 0x1, [@generic="ea0921498d5a2d4bb08260ce69a26d60fe1bb3183df0342c9185abea53a82d5408a1ce4797d9e4d5ed2369a5612377a65fa7fd512eb9946f10c0a543d29459e637c30963f73243eabb77123eb65a88b9d505548d75635b7898803f2c2c", @generic="2b81a6cc7014639209c8f6ea1711dc31aaff3cdc75f3d862fc95c2525f9d2c70e1b5d8d77b4fa8c9c434fb2e3532d5f85db9daf86d13ec81ca069444ac81b9342ed1a0d71df5418d24a5024c23bd465d3dc345e5de344e1aaaf8cb972ea57a79debaa27d004f199a56b9bec1bbea3ac1", @generic="8f8fb2e3735986f467b6387333a09ac09d3bb3df7e875c185f5fa0c5975ad90c8ed3ecb6fd2ef27f08b1b690478be261d14e404176246654e49eb9ba5f6fe0f0d4beeaa5e9cc380038de99ff31dcea8eccd9e6", @nested={0x4, 0x14d}, @generic="f89c2743b5be497881a51e78ea13fce8d8af5b946eeab1ca863a7f825eb92b337b4517678dd80f75f4a19bcbf08cc3c9376bb544d071fa91639254f16c30608695c5d0a3ee94efafb3ca9b0cc56ccbf669a8452390197ecd74326cabb0e50aed991c8e016859383318a35c69773e39e4789c2e18d0569e6e40586aa2a0e17e801c0a85a7995eb71d43107123512aef2019fce42b028176910be85400be9a8964427f7307b6126eeb5efbe9b964c881de46e09ea279e5de2692dfda00beed4a0c00", @typed={0x8, 0x42, 0x0, 0x0, @pid=r6}]}]}]}, 0x608}, 0x1, 0x0, 0x0, 0x4000000}, 0x80)
r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0)
read$auto(r7, 0x0, 0x20)
unshare$auto(0x20000)
unshare$auto(0x40000080)
write$auto(0xca, &(0x7f00000000c0)='\x04>\x01\x01\x00J:\xdd\xfc\xb6\xc6\x0f\xaf\xe3\x0f\xd1V\xb1yz\\\xa6\xed\ag+\xa3p(\xe2\x1b\xdc7\x1b\xc4TM}\xce\x90\xfa9\x957\xec\xd8\xe0TC\x86\xad\xe1G\xc7\xd4\x96\x12h\x84;Y\xe2\x03i\xa1)`\n\xc3\xfeR\x06\x03\xf5/@\xf0\'\xb9\xdf\xe1\xef\v\x19B\xc0\xe2\xac\xa5^\x01D\xef\xaf#\xbc\xa5\xf9J\xdc\xc3),=1\b\x05\x9d\x82\xd4\'\xe8\xfe\xfd\x9a\x9f\x00\x00\x00\x00\x00\x00\x00\x00', 0x7f)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xfffffeff, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x2, 0x83, 0x101, 0x17f, 0x2}, {0xff, 0x1, 0x52, 0x5, 0x1, 0x40, 0x4, 0x8, 0x100000004}})
r8 = socket(0x15, 0x5, 0x0)
r9 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/macvlan0/unres_qlen\x00', 0x202, 0x0)
write$auto(r9, &(0x7f0000000040)='{{*-\x06-\x00', 0xb898)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x7, 0x800008000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
ustat$auto(0x801, 0x0)
sendmsg$auto(r8, &(0x7f0000000100)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0xa9, 0x4}, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card2\x00', 0x40400, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/fs/lockd/nlm_end_grace\x00', 0x8282, 0x0)
write$auto(0x3, 0x0, 0x7)

8.027637214s ago: executing program 0 (id=2549):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xa, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket(0x10, 0x2, 0x0)
r0 = socket(0x18, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth0\x00'})
close_range$auto(0x0, 0xffffffffffffffff, 0x2)
socket(0xa, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x801, 0x84)
r2 = socket(0x18, 0x5, 0x1)
connect$auto(r2, &(0x7f0000000000)=@in={0x2, 0x100}, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x80047437, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$auto(0xffffffffffffffff, 0x29, 0x4b, 0x0, 0x1)
statmount$auto(0x0, &(0x7f0000000180)={0x7d4, 0x1, 0x401c2, 0x7352, 0x3f, 0x7ffc, 0x1ffde, 0x7, 0x2, 0x4, 0x9, 0x3, 0x5, 0x8, 0x3000, 0x9, 0x6, 0x10002, 0x80, 0x400, 0x0, 0x7, 0x1ffc, 0x8203, 0x400, 0x84, 0x1, 0x0, 0x40, 0x5, 0x0, [0xffffffffffffffff, 0x0, 0x0, 0x1000000000000000, 0x0, 0x5, 0x2, 0x0, 0x0, 0x200000000000000, 0x0, 0x1000000, 0x10000, 0x40000000000, 0x0, 0x0, 0x80000000000000, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0xfff, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x1, 0x5]}, 0x1fe, 0xd)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r3 = socket(0xa, 0x1, 0x84)
getsockopt$auto(r3, 0x0, 0x480, 0x0, &(0x7f0000000040)=0x83)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x24008000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x20048810}, 0x40000)
close_range$auto(0x2, 0x8, 0x0)
r4 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0xfe, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0)
ioctl$auto(0x3, 0x40081271, 0x38)
capget$auto(0x0, 0xfffffffffffffffe)

6.785820298s ago: executing program 0 (id=2551):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, 0x0, 0x34d802, 0x0)
r1 = socket(0xa, 0x5, 0x84)
bpf$auto(0xfffffffd, &(0x7f0000000000)=@bpf_attr_5={@target_fd, 0xffffffffffffffff, 0x6, 0x4, <r2=>0xffffffffffffffff, @relative_fd=r1, 0xd}, 0xa3)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$auto_NBD_CMD_STATUS(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x14, r4, 0x1, 0x70bd2b, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x40)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz0\x00', 0x200002, 0x0)
sendmsg$auto_NBD_CMD_CONNECT(r2, &(0x7f0000000700)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000680)={&(0x7f0000000440)=ANY=[@ANYBLOB="04020000", @ANYRES16=r4, @ANYBLOB="040028bd7000ffdbdf250100000004000a0008000100150200000c0004000000000000000000c4010780cd007f8030d6faafb8780a2a1a405a444fbfd04586154083c19063fcd355ec53da81e773d32c608128b01e0026c4abefbd584c1db4415b01c6600c42fa9dfb382c9e64bead340ee21d67dbdd085c27772bda0d8750df536eb7616a0df7b8f4643dbf843dfddd957e628dded7dec67c488e4d2d850ea4ffe1f07c0db637d8989cbfb260623ed16655fbe211c439e6737a0900fdc2baf20800a900ac1414bb2355808cc8d01f97a0301b254217646917ad80e791f4808af640bd9163242d75b84568c9e024ef1722712644491eb3000000e500488004004d80979e90b0f94d0f42a888db92499e0f8c14a8e6a3f904c472e82c9468d50d2219128a16dba048f556e3471271e56fce66b132cef9429cf5e78bc7a45a1dca98d171c4a43213b36e07b408ee0c39ce4c02fec07979f5798e67082b37cbbda84f0a07784d1e09436b99c09542a3e68ab4fb32c82b3e059bffed5931b8947e4d5a03f728368830cebf9ce5eaf5e0ea68ca3c15e5a31cc66fda5085ed135444423f87b2ab89350be23da4b2f1a2e31d486bbadb5b97bd4d5def8d914d63414c98eb56ff362ca6c7ee888d6e9914f12d040040800400318008001a00", @ANYRES32=r5, @ANYBLOB="00000000001600", @ANYRES32, @ANYBLOB="0c0005000000000000000000080009800400"], 0x204}, 0x1, 0x0, 0x0, 0x84}, 0x0)
unlink$auto(&(0x7f00000001c0)='\x01\bL\xf2p\xbd\x15Rq?\xdc\x92\xa7\x97\x02\x88\xd9\xd6.fn\"\x9a\x12\x17\x90\x98\xb7\xa7\xddW+\xf5\xc0\x1e\xf4\x1c\x90\xc5\x913f\xbd\xca.\xa4\xf2\xc9\xff}\xe7\xdf\x92xS\xe6o\x127\xf8\xf2P\xd2\xd4\x13%\xd3$+\xdc\xfe&\xd2Q\xc8\xae%\xdc\xdbC26\xd7$\x06i\xa5\xad\xdb\x02RU\x81\xc3\x14kN\xff\x98p\xdc(\xc6,\"\x18\xa7\xdd\xe6\x91n\'\xd2\xc5\xda\xf1\x909\x17E5L\x04\x96\x0fYe\x1fV)\x06\xc3f\x8a\xbd\xaa0\x06T\x9f\x13\xd4`\xdafY\x03!\xa1\xf7g\x14^\xcf\x8b\\\xe45\xb5\x04\\]E~\x18\xae\\\x8a;{\x1a\xe8\xc2\x88\x8b\rD\x7f\xf8<m\x14R\xd8\x9d\x94\b\x04\x1c\xdeh#\b\xc7\x05?\xb7%\xf5_}\xe1l\xd6\xfe\v\xc8\xae`\\n r\xc1\xef\xd9\xbf\xbdbi\x8c\xae8\xb8\x10\xd4\x18\xf0z\xed\xed@J8\xefw\t|8A\t\xde\aZ\x12R\x9e\xc5\xd8|\x10\x9a\\\xc56\xb8T\xd2\x0f\xa4\xd3\n<\xbe\x03X\x1d\xc5\x81V-z\xeb%N\t<L\x99\xaa\xda[\xec`;v\x84\xa6*\toQ1\xd1\xa2;\x8b\xfe\xb8\xdb\xb8\x9a\xa2#\xe1\xf6wK\xadSZ\xf2\xbf\x17O\xe8V\xfcy\xda\x85e\xb3\xe7\xc1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc7\xbb\x05\xe5?\xea\x99\xccg{\xba \xc6F\x1b\xd6\\:g&\xb4\xeb\xb0\xd6\xc1\x13~U\xa9&\xc4\xc2\xb7\'T;\xf7<\xab\xba5\xd6\xa49\x01d\xd7\xc1U$\xbc?\x1b]u8[Kw\xa9X\x8f\xffx\x7f\xfc\x9b\xd7\xd3V5\x8b\xfbR\x80H\xcc\xc3\x8e\xb0&oc\x8e\x15`\xba\xe8>l\a\xf5\x14;\x94\xa1\x82\xb5\x1e\xab\xc2\x8d\x93O\xa9E\xc5\xea\x92\xcb\x9fl\x19.^\x83\x93e\xe7\xe7\xc1\xeeZ\xdb\xd3\x96\r\x95\xb8=\xa3\x98\x93\x9e\xa4\x9dl\xfd\x9c\x02\xf4\xf0\xacp\x8fV\xd8UD\x9dF\xa4\x9c\x86\x05\xbd\x02bV\xec\xd3\xf7\xd6\xe5wW\xd1\xe0 \x86T\xbf\x86%\xbc1\xaf\xcd\xfb3o\xef\x93.p\xe4\xb4*\xe2{\xa9\x05\xa2\xa5\xf6_\\\x8f\xd1\x9e\x98\xa5\x93%..\x1e\xeb\x85\xffQ\xf1\xaf\xa2v\bb3\\\xf65\xa7B:\xb2\xab\xe3`\xaf\xf7Z~\xc4j\xf6N\xfcv\xa8\x88\xb9i\x00'/595)
sendmsg$auto_MACSEC_CMD_DEL_TXSA(0xffffffffffffffff, &(0x7f00000056c0)={0x0, 0x0, &(0x7f0000005680)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16, @ANYBLOB="2bb22bbd7000fcdbfa2506"], 0x28}, 0x1, 0x0, 0x0, 0x20000050}, 0x40094)
close_range$auto(0x2, 0x8, 0x0)
socket(0x1f, 0x80000, 0x0)
socket(0x2, 0x3, 0x9)
io_uring_setup$auto(0x6, 0x0)
close_range$auto(0x2, 0x8000, 0x0)
open(0x0, 0xa22c0, 0x155)
r6 = socket(0x11, 0x80003, 0x3ff)
setsockopt$auto(r6, 0x107, 0xf, 0x0, 0x6)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48})
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x48080}, 0x4004)
sendto$auto(r1, 0x0, 0x401, 0xffff, &(0x7f0000000000)=@generic={0xa, "ffff0000000000fe00"}, 0x1c)
ioctl$auto(0xffffffffffffffff, 0x80004d00, 0xffffffffffffffff)
poll$auto(&(0x7f00000000c0)={<r7=>r0, 0xb4, 0x80}, 0x6, 0xa)
read$auto_kernfs_file_fops_kernfs_internal(r7, &(0x7f0000000100)=""/32, 0x20)

6.470138178s ago: executing program 4 (id=2516):
socket(0x2, 0x1, 0x106)
bind$auto(0x3, 0x0, 0x6a)
connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = prctl$auto(0x10000000017, 0x28, 0x4, 0x8000000156, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0xf1, 0x2, 0x8000)
remap_file_pages$auto(0x5, 0x1000, 0x0, 0x8, 0x10007)
openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000100)=ANY=[@ANYRES64=r0, @ANYRES16=r1, @ANYBLOB="01002dbd70007cdbdf257e000000"], 0x14}, 0x1, 0x68, 0x0, 0x4000000}, 0x0)
mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000)
sendfile$auto(0x3, 0xffffffffffffffff, 0x0, 0x400000000006)
open(0x0, 0x1e1401, 0xe5)
tkill$auto(0x0, 0x7)
write$auto(0x3, 0x0, 0x100082)
unshare$auto(0x40000080)
close_range$auto(0x2, 0x8, 0x0)
move_mount$auto(0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x77)
socket(0x15, 0x5, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x10000000001013, 0x2, 0x8000)
unshare$auto(0x40000080)
r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
write$auto_console_fops_tty_io(r3, &(0x7f0000000e00)="51426572911c17e9dd66bf94ea32689283bb895dbc0a97721ed6e250c974356905898b7d48acecddf280cf6dd4ba18c1aa3928071c6585025ceab0e2f34f37ddec138ea587fc4def825608b0ab2a6ecac42062bd3c58ba606307b7471b20a40ffa168b91dde4727571c4ec94bfbde1df90ccb265ffda374c98ffb1ee22069af38a3f200532dbbe5e98f4455170e9a137517b9b7b8840359940ab00f37125c2bec0ac36606b6c69edb35967d723fb81a15faea2bd280d1581ad1ef597bb4dc09f6a5d53aaff1877b77c4e425761dc09d34498c1fce72c0ba1041a99b8748a37597b9567cda1de2cbf6962798e5ee11bf7cb2c70a9502f33c43b8e5dc54de743a2e24cb94c22d669b434888a7ce4cb16cd77b324258e07af32adc0cb38f8c622085783f6804edc3913fb9e98c55713fa0bf8101ad0f6f43407ce4be0001d1bb201bec283ade79ab23484c1076e703864629ac9a6031533dc956f705f89f0e0ef7d3109e46859d1f2ad1b8cb3cfcedf868a3be101e8b9acd75e39e6a27a541aa9fe86ad3119b7049c3fad2a901222eb948cabb4b5c3e5ba6ffc02a15bf7d550b00ab0f3dd3002924f7bd0701269ae293c4cb231b9127d1f6b38dd6fbb3429905384eed7eed9330a9c5e732bdd510169d9ca3e420ea2102be3770a0ab598c037b8f01e8910cf8b0942aafb156ac90724cf552df158a7f59c26e62f3fcf32d860c2259cb1b3118a773ff3cfbaf9c5b068dade5cd7778f1ea98700629b62534735fef3071c30afa6ea26f7e651ec140936c07d9e90f1c9faef3e05376b1e121af6a6691616c10e19fd4f16b1858b44d99e597908cda0e8fa8c21d8b700987d7723a4b5a4ff3c371f2d1cb9fb2f054abc58727239ba67a173f1431083fedc7c4304488c13c75e4995a58ac9de085377356ddc5338aeb44e7f3d06f82a5e0c846159c881a0395a3dbf32a9f2530a520721431a752b13b01a89bdf2b38387b72e8a533936623ec396f6ef94ddfcca047bf20a6fe450a03dedb36a57355e2519ff579b5c63095f48407ece8a7c6c4f5b2582616f0a6bba059810c0a28355fb08dceec9e290026452c3135f8ad93f9617f22e590122d43f6fdc1ea0f9ec12c551b5127108443bb081f7a89660034ea4f3c4305108428cc91918dbb28c2a117f09609e40903b13055e92a727afa767b1f97df335ee729686c0113e4cc18aa50f4ad82b1d403cc6c11ac3bf63415560417d7d488df01b69c925ca3fce60ca7ac767fd11df61caf62f3ab67dad043faf1cc334903e0f419c2e97553ecaad5814bf097192e76e9a16bc5c9be932718aba32cd7dbcc6bc634a463c6f709cc81963b39442e710c14c7e107b0aeb7b6a0e3f3757860d10dd741863277c43ce4dcec49f4558959b08f59182baf4f250aa045fee383ceaec280817bf222dfbeeca8c1ec8473176326c1ffd49ea072b5f3c73f36865b6052a1595c1bb76cfe37f976848fbcb408381ddeff9c318a2e6bbfe6c18ef16531fec3c47874a5391238c0d6b0e033db3fce94127cc9c98a4211e5d873f7b4810846d96be2d6cac532fce0ddee737e4d1ddb65b8b2449984a897e4090449ed4fb4006fb9d133e51396d4664a3f0c395c5b24781f8389979ccb565c6461b66db7134d15cff5ae8f935a5bcb23caace2edd2b37a726575e3cb0528de05edd9f03e30feb617767b6a557280a0a288b52af44a1607b6063867e5c9d8d56c44968fd509b5983fa06e6b1eefb2f8cee0c1cb49b8b569cf13b77adbc22ce972cd718167ac571ee41a446d13931f849d5636c729996b36ec84171fde260a4e01e9770cf687591a79833ae6473c51e12c0faab96ef093e6178d485526dbf775c94324c76bd4af2652e9036b1cc0d3df05c9232ee6eef7c4f46a6cf8ad160ad087aba6928bf156bf3ade1d135a965c4a2b283485737da67fe99227f2fbfb3baa74d75fe29122adfd82fcb9325b7ea826a52559654e76d494a374d9535facfcd4ab248e388c516bb8a0dc151b1557e418fd7c625c67ab1c50d6f05b97ba15c55631aeea44b21131aa93ead176f7bfd1418856e28782f004f272738827a64bb695f6b6a08cff8d1917be52a8851bd2bfd57d08bb0660e2ffc23792a419c2e9b006e3b0ad05044d99b97391fd2cceb86cf26acebe089a861340b04fd01e1baa70583032a30ea2e605217b80f7ee16d7e28be43d12bb2b67937dd26a8aeb84fef2f2d52f75232a400e7b279dcfc01953b0c46203477a50b5853e8f7b14b2ba31db742504bca6ed95b18846706c9fd85bf2a3a2642029b9ff2828bf0f7cbd96109a237961be8fe5c62f0fcc04c994f123f4a22f048403eac9308cfd2f2e4350c72e9ef83416ce973d3aa90d281a0275886dd3858b5869784ae58e257aa5af6d373dcc9cf520e364be748833adbb10daa6f6a334b51d27529d86ea5ce874562f9f93da45d244224b936fced3b658abbe7aa1f0d502fffce823f528ab47ea3540722f144733666229ae08cfc7e61247742ea4e3c180938ae7c7b81c1ee975c831f79672e044cefc49894c2ab73bba2580ac476cc0e56b6748b8edbb37a3f8dda7ffad4ec07abce7c4d10fc32e40d5a9db37f7b1e3a6eabedbefa9dd8eef189b92363d3391d384af26b7d47958d3d82845c9b668da5bcbd64058dc9e1c6d903ab5d2aa049d197116a11309a1abe9e5b3f9e7f1c623242b1d8089bc369d145a7070e8a9bdf543dbffe899ff9366009a3b0424a634681b530dad9ef23f136a10c7287068e57f3c2de45adf0a105c328e0035b97168f4c17aa4610b2e6e1a6ba0b71c06417b7a9497be4a009b19d7162adfd4d7b6490faf3782a920281333ad09b848ab5f4d15534b8c4e43dc9604b0630f8d349b2c80a98fde04693c31cbed7d460edfc0138dcc5d3974e682bbd555ac19625bf6e0607d8803391ec9c2dc41fc4e8bceae4f53507137324dd02914a067d52a577b812ddac4a34765c26a98839b3edb6290abff0c75991d6f8c1bd7540f38a7f25fec2f3539f894c938e1f3cf0ff1e6994d6a6ecc457a482f045ba712a85e8e31afd49c8e3480dc1c36d56ab2eceac6e5a847455d8ef4e3d45cd463c421bd1bce2ca57dd88f0e7ab3446cdfa8cb3914c240936f1738af7009e9131b240b59af55d7e38307b91fc8f00410cfdcfacaa341607a801afa63640091eb00b860700ea882878a8d9838f5597b970366be7d167ddebfe3c9253b5dbf7f30a67ee4d87dccb3c723c20200aa5fc036caf12811b19ce49c81ce328d7b24587353ecb99bafd327e33303cf447b36800d1bed8ee10df527d55c0d5f7506fb11cb1338074113579e665c6f3cffde5a8ee98a7bf3f8157986cf7c1c5dbdedaacbe3946b3d8809dec7387f006c062b93b6b481a806e5544ddeea7218fcc15c25a88164bfd0735e6290167cb2dbf4b4a317ba00b1fc27d203a6cff71ef8fe97a97d8e07af2ce1d0a0a2aa9ede7dd0572325075c83c2ecf866aa01654eff55ebe4e489e72152e6a3090e2348732704eb02997ffd23a63faabfbbbd1fb124cab606faed24a393058cea1c1286001ee5c0c1fa26b6a81ebdd4718a94cebdb45bfe812c771df398d3305da03d37ced9d0242b6da212dc9f5c14d7ff999bee20f6621792d1442e449eba8589a823e5e99c65fdffbaefe89e2e32406ec4cf574e335e2d288e4cdad56f4b1b57c364ed3e28809e480d6f410c7ebf43bd2a605d6a8c9facae6b7f8f2c56f792ae21fc0cc5dd9beae0cab3547ebb5467183c2f01bc315bd7bd191088886752dc5108093bdbc91348743440130f33d3dfa9c25490245e5fa904f8660e82253c826b7bea4e9a7a1c627e10c56d71878a644bd176016f29cf5398be14cc0fdec45c65e2b967aedb75212eed1eb05a44da62190009d1c08163b74813b82c27f1e6cd681a4b5150f967444b7bc930da68603fd706e96ba8663b2e50ef0a9b04e321a8a337b08fea7288a3fef5062c7e4c17ad3d490870d39c10b78a74eab25c993527e313a4f59d86de55aa9a8a63f734c2db556692fe993b0cd08e0ab5434c9ec02d5127354f55e6b5d5a7b61685d02edae21ece71d203abf7408211229a9ebbfdeffa2c0f38db274066d0706d80398c172e6daf4a0dce62c2287cbf0d30cfa313d7baf4e5caa18f594f0ab0d854f3cef76ff83e96fa49d0e0f8a47193b51a0a45aee2e1d9a5b372b8ee828f645a06979ec351d798480c7824e846028c02f58b5641acbae1e2079abd86182a662bb1642c9346d7fba628fb012da293acef33b8b76a8885c2e5d685348b6148c5b44409f58d8d5f29344fe8a2e4c2432ae622bb1912ea65d5574bff895025bd72cd780d59cbaa0886afd5d6676d2de6266903115525c075cc3f75ce9eba3787a890e1f758f0e502c4c9c0538dc942cf4e2d69742edeeddb66b1d459fcf6f744b2c40111104ab21fd4e99b4477e25cc5a9af59108c8b2f569d4ba227c754f294fdc1e6b383fd89861a203f4d4ee33814aeb21ee411a0d6918533aa2450b1e35c97ab6f01f3829c8a4c33fe0fbc81dd579bbdb44eda4f335d2bc512ca7f38f603c29033c94df2c9533f4422432f574a021e90a0fe3a4cf54", 0xcb6)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x1008000)
prctl$auto_PR_SET_MM_BRK(0x7, 0x7, 0xffffffffffffffff, 0xfffffffffffffffb, 0x3)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bdi/7:2/read_ahead_kb\x00', 0xa001, 0x0)
write$auto(r4, &(0x7f0000000040)='\xff\x9b\xc6\xae\x00\x00\x00\x00\x00\x00\x00\x00\xc7k', 0x4081)
openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cpu/1/msr\x00', 0x80402, 0x0)

6.372397461s ago: executing program 1 (id=2552):
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
write$auto(0x3, 0x0, 0x7fffffff)
write$auto(0x1, 0x0, 0x80000000)
mmap$auto(0x6dea, 0x5, 0x9, 0x17, r0, 0x10001)
openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5)
openat$auto_nsim_dev_max_vfs_fops_dev(0xffffffffffffff9c, &(0x7f00000089c0)='/sys/kernel/debug/netdevsim/netdevsim1/max_vfs\x00', 0xc798ee72cfbd85fc, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xf, 0x3, 0x2)
openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000180)='/dev/cec18\x00', 0x1c0, 0x0)
openat$auto_proc_timens_offsets_operations_base(0xffffffffffffff9c, &(0x7f0000002440), 0x80c02, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
socketpair$auto(0x1, 0x2164, 0x8000000000000000, 0x0)
write$auto(r1, &(0x7f0000000400)='\x05deo1\x00', 0x100000a3d9)
close_range$auto(0x2, 0xa, 0x0)
r2 = socket(0xa, 0x2, 0x88)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'bond0\x00', <r4=>0x0})
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r4, r3, 0x4, 0x1ff, r2, @relative_id=0x13, 0xe600}, 0xf)
socketpair$auto(0x1, 0x3, 0x8000000000000000, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r5, 0x0, 0x3}, 0xc)
close_range$auto(0x2, 0x8, 0x0)

5.95576743s ago: executing program 9 (id=2554):
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_SEG6_CMD_SET_TUNSRC(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={0x28, r1, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@SEG6_ATTR_DST={0x14, 0x1, @loopback}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x800) (fail_nth: 1)

5.140231499s ago: executing program 1 (id=2555):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
modify_ldt$auto(0x1, 0x0, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0)
pread64$auto(0xffffffffffffffff, 0x0, 0x7ff, 0x400)
inotify_rm_watch$auto(0xffffffffffffffff, 0x8001)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
write$auto(0x3, 0x0, 0xffd8)
r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$auto_MACSEC_CMD_UPD_RXSC(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x2c, r1, 0x201, 0x70bd2a, 0x25dfdbfe, {}, [@MACSEC_ATTR_RXSC_CONFIG={0x10, 0x2, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0xa}]}, @MACSEC_ATTR_IFINDEX={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20004054}, 0x480b0)

4.98594103s ago: executing program 0 (id=2556):
mmap$auto(0xed15, 0x2020009, 0x3, 0x19, 0xfffffffffffffffa, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x163340, 0x6a)
socket(0x2, 0x80802, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000db, 0xeb1, 0x400, 0x8000)
statmount$auto(0x0, 0x0, 0x1fe, 0xd)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0)
r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES16=r1], 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
mmap$auto(0x0, 0x202000b, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
vmsplice$auto(0x1, 0x0, 0xa, 0x6)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x4, @multicast2}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
io_uring_setup$auto(0x9e6, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)

4.940656353s ago: executing program 1 (id=2557):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r1, 0x1, 0x70bd28, 0x25dfdbff, {}, [@NETDEV_A_PAGE_POOL_ID={0xc, 0x1, 0x4}]}, 0x20}, 0x1, 0x700000000000000, 0x0, 0x40000}, 0xd0)

4.762187639s ago: executing program 1 (id=2558):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/memory/memory15/online\x00', 0xa001, 0x0)
write$auto(r0, &(0x7f0000000240)='0<.[\x10\xae\xf2|\x9a\x98\x11\xe6\xeb\xc9@x\xd5M9\xfe\xbe\xe0K\x84*t\x8f\xbc\v\xbb;\x8e\xc5\xb7\xa8\xff\xe8\x15D\xdb\xb7\xc0\x10\xfask\xe8j\x03\xd5\x84\x8b\xd9\x1d\xdb\xc0\xd3\x90\xeb\x04UNJ\xd0\xea\x19s\xf0\r\f\xe8\vh)j\xf9$\xc5\xae\xaa&\x18k\x9bLMk@[\xec\x00\x00\x00\x00\x00\x00\x00\x00\xa3\xefX\xa6K\xe1h\xe8\xf6\xb8UZ\xe7\xc76\xc4\a\xf6\x8d%]y\xd7\x8e\xfd\xfcC\x99\x10\x9e\xc3\xa0\t\x87\xc7\x90\x06F\x0f\xa8\xdf\xfbT#Hv\x1aI\x04\x9a\xc4K\xc2W', 0x1000000cd07)
openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x404400, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r1, 0x0, 0xe8)
r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0302, 0x0)
writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_zero_fops_mem(0xffffffffffffff9c, 0x0, 0x109002, 0x0)
ioctl$auto_dma_heap_fops_dma_heap(0xffffffffffffffff, 0xffffffff5fdffe04, 0x0)
write$auto(0x3, 0x0, 0xfffffdef)

4.533641197s ago: executing program 0 (id=2559):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x4040, 0x0)
preadv2$auto(0x3, 0x0, 0x5, 0xffffffffffffffff, 0x7, 0xbb)
mmap$auto(0x2000000002, 0x6, 0x2, 0x110, r0, 0x6)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000) (async)
ustat$auto(0x801, 0x0) (async)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
writev$auto(0xffffffffffffffff, 0x0, 0x8) (async)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async)
madvise$auto(0x0, 0x2003f0, 0x15) (async)
mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0xff1, 0x8000) (async)
getpid() (async)
r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_GET_SCAN(r3, 0x0, 0x20040800) (async)
sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x30}, 0x1, 0x0, 0x0, 0xd0}, 0x20000400) (async)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, r2, 0x8000) (async)
syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000280), r3)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/igmp\x00', 0x100, 0x0) (async)
socket(0xa, 0x1, 0xfffffeff) (async)
openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x80040, 0x0) (async)
unshare$auto(0x40000080)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
select$auto(0xe, 0x0, 0x0, &(0x7f00000004c0)={[0x203, 0x3, 0xd, 0x1, 0x948b, 0x4460, 0x15f4da0a, 0x1, 0x2, 0x300000000000000, 0x7fff7ffb, 0x81, 0x8, 0x9, 0x3]}, 0x0)

4.276813253s ago: executing program 9 (id=2560):
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/midiC2D0\x00', 0x80102, 0x0)
readv$auto(0x3, &(0x7f0000000040)={0x0, 0x36a}, 0x6)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
openat$auto_proc_mounts_operations_mnt_namespace(0xffffffffffffff9c, 0x0, 0x28840, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)

4.044943594s ago: executing program 9 (id=2561):
r0 = openat$auto_dma_buf_debug_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x181000, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/tty/console/active\x00', 0x103280, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r1)
prctl$auto(0x23, 0x7, 0x2008, 0x0, 0x0)
r2 = ioctl$auto_SW_SYNC_GET_DEADLINE(0xffffffffffffffff, 0xc0105702, &(0x7f0000000080)={0x4, 0x0, <r3=>r1})
ioperm$auto(0x7, 0x1, 0x7)
modify_ldt$auto(0x1, 0x0, 0x10)
ioperm$auto(0x7, 0x6, 0x2)
r4 = gettid()
rt_sigqueueinfo$auto(r4, 0x2, 0x0)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
r5 = socket(0x26, 0xa, 0x7)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(0xffffffffffffffff, &(0x7f0000003280)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
sendmsg$auto_BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x340080a4)
r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sched_setaffinity$auto(r4, 0x4, &(0x7f0000000240)=0x6)
prctl$auto(0x6, 0x2, r4, 0x4, 0xd)
sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="01002dbd7002fcdbdf257200012cd6de29141a0a5e90cb8b261d70a7fd5774c20e5fd027b89f52333c92ec836fa4a6dc51123ead6e1c28e58ccf61b4e7ffa2977cca279dc581ec5bafeaca1593733e3f5bd7dd8564f7290902e9f913d5760f153545d2146a9189053440c77925329a1f5fbb1b3e67ba8a5cdef971"], 0x14}, 0x1, 0x68, 0x0, 0x4000000}, 0x0)
mmap$auto(0xdb, 0x4020009, 0x6, 0xeb0, r5, 0x8000)
unshare$auto(0x40000080)
ioctl$auto_TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0)
close_range$auto(r3, 0xa, 0x0)
openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/exec\x00', 0x101002, 0x0)
write$auto_proc_pid_attr_operations_base(r2, &(0x7f0000000340)="a597d9caf6279e4a9e6ca43197dfb0f84fbab90d21b8a595", 0x18)
openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x109001, 0x0)
pread64$auto(r0, 0x0, 0x7ff, 0x800)

3.311672191s ago: executing program 4 (id=2562):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000)
r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0)
write$auto(r0, 0x0, 0x45c)
unshare$auto(0x40000080)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/zram0/mem_used_max\x00', 0xa081, 0x0)
write$auto(r1, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000003fc0), 0xffffffffffffffff)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
io_uring_setup$auto(0x2, 0x0)
getsockopt$auto(0xffffffffffffffff, 0x114, 0x8, 0xfffffffffffffffc, 0x0)
clock_adjtime$auto(0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r5 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x14b040, 0x0)
read$auto_rng_chrdev_ops_core(r5, &(0x7f0000000040)=""/4096, 0xfffffe82)
sendmsg$auto_CTRL_CMD_GETFAMILY2(r3, &(0x7f00000040c0)={0x0, 0x0, &(0x7f0000004080)={&(0x7f0000004000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="11002cbd7000fddbdf2516f500400f00020076650010305f766c616e0000"], 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x4000050)
sendmsg$auto_CTRL_CMD_GETPOLICY(r2, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x78, r4, 0x100, 0x70bd27, 0x25dfdbff, {}, [@CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0x9}, @CTRL_ATTR_FAMILY_NAME={0x6, 0x2, 'x\x00'}, @CTRL_ATTR_FAMILY_NAME={0xa, 0x2, '@.\xee/&\x00'}, @CTRL_ATTR_FAMILY_NAME={0x7, 0x2, '.-\x00'}, @CTRL_ATTR_FAMILY_NAME={0xb, 0x2, 'dummy0\x00'}, @CTRL_ATTR_FAMILY_NAME={0x32, 0x2, '/sys/devices/virtual/block/zram0/mem_used_max\x00'}]}, 0x78}, 0x1, 0x0, 0x0, 0x8080}, 0x80)
unshare$auto(0x2)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x80000, 0x0)
ioctl$auto_SNDCTL_SEQ_GETINCOUNT(r7, 0x80045105, &(0x7f0000000200)="5719ed914183ffba4ce2eb7d18bf365aa51818da2a40f8cf07b0ea3eeefe03ccb791022d229eca747b8415a44148de5a387b97f30e8a6d797ae7a7be7631383befcf13c327c91a4d0b80012dc3570c5f02ec32980c9f7d1793c5ecec082c73ea5c923d99fa36b361f408d9e70776b351e8e79425b1ebbc60d67a311a74b3bdc4f15e37a2e8394fff0cae2ce750")
r8 = openat$auto_force_wakeup_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000001040)='/sys/kernel/debug/bluetooth/hci4/force_wakeup\x00', 0x608281, 0x0)
io_uring_register$auto_IORING_REGISTER_BUFFERS2(r8, 0xf, &(0x7f0000001080)="9cc0d6e3820f7f6a9b0947aded255377518d570569ffa049799db9c955f9259e2d95ddcbcb0ff5137b26bec6dfdb756cfcd75da36bc3e7a77d037e57531db8ce362febccfc1b9e37b86a3f4a21cf2a2a9a82996395", 0x76f)
r9 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000000c0), r6)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000001c0)={'dummy0\x00', <r10=>0x0})
sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000800)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="01002dbd70007ddbdf250c000000040003800c00018008000100", @ANYRES32=r10, @ANYBLOB="b28105536b9d33621a171931e1b68974c8f14f83174ba0e4f099354472e07739969b91c8fe8d4a9335cc2e1b509d730838d186657e7700667e08519a7c13cc4515"], 0x24}, 0x1, 0x0, 0x0, 0x24004840}, 0x0)

3.176110418s ago: executing program 9 (id=2563):
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/mountinfo\x00', 0x418000, 0x0)
mmap$auto(0x2, 0x2020009, 0xd1a9, 0xeb1, r0, 0x8)
r1 = socket(0xa, 0x5, 0x84)
bpf$auto(0xfffffffd, &(0x7f0000000000)=@bpf_attr_5={@target_fd, 0xffffffffffffffff, 0x6, 0x4, 0xffffffffffffffff, @relative_fd=r1, 0xd}, 0xa3)
sendto$auto(r1, 0x0, 0x401, 0xffff, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c)
getsockopt$auto(r1, 0x0, 0xe, 0x0, 0x0)
mmap$auto(0x0, 0x9, 0xdf, 0x1000000eb1, 0x401, 0x8000)
mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000)
r2 = socket(0x2, 0x801, 0x106)
getsockopt$auto(r2, 0x11c, 0x1, 0x0, 0x0)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
pread64$auto(0xffffffffffffffff, &(0x7f0000000000)='/proc/thread-self/net/tcp6\x00\xd2)\x8e\x892\x82\t\xfd\x03\xc3\x8d\xd7D\bz\xde5u4\xddS\xe6\x1a\x8a`\xad0\x98|\xbc\x00\x98\b\x0ey\xcb`\x9b\x91r\xd5\x13\x9e\xdd4\xe7\xb7\x94P\x8fBlm\x04eAW\xbc0\x9b\xbd\x8f\xf5];\x94\x18\xf0\v\xd7\xf4P\xd3\x9e,Q\xd8\x16\x989l\x03\a\xcc\x1e\xb9\xe9{\xeeS\xa9\xc60\x00\xb5&\x9e\xdbk{F\x18\xa8\xba*G\xd3\x80\xb1G.\xec1\x96uP\x97\x8co\xf1\xa6\xd5\xea\xc8L3|a\xb3\xaa\x90~Y\xb19\xad\xdc\x05o\x98g\xd4\x10]5\x95\xd0\xabJ^\x06\xd0c\xd1Ra\xf7\xc4n\xdf\xe4\xc7\x03\x19x\xbb\v\x00\t\xde\xf5\x93\xfb\xfb#\xbd\xc0S\f57\x83\xdd\xaa\xf0\x9c\xd3G\xe1\x00\v\x00'/232, 0x3ed, 0x9)
r3 = socket(0xa, 0x2, 0x3a)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
socket(0xa, 0x5, 0x0)
bind$auto(r3, &(0x7f0000000100)=@generic={0xa, "000000190000000000000800"}, 0x66)

2.919158046s ago: executing program 9 (id=2564):
openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = socket(0x11, 0x3, 0x9)
socket(0xa, 0x2, 0x3a)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x11, 0x80003, 0x300)
socket(0x11, 0x80003, 0x200300)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x40, r2, 0x1b, 0x70bd2c, 0x25dfdbfe, {}, [@OVS_PACKET_ATTR_ACTIONS={0x4}, @OVS_PACKET_ATTR_HASH={0xc, 0xb, 0xffffffffffffffff}, @OVS_PACKET_ATTR_KEY={0x4}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "89803500"}, @OVS_PACKET_ATTR_ACTIONS={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0x4800)
openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x8800, 0x0)
r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x787806, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r4 = socket(0x10, 0x2, 0x4)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0xc)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r0, @ANYRES8=r3], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082)
write$auto(r4, &(0x7f0000000000)='-\x00', 0xfdef)

2.127655625s ago: executing program 9 (id=2565):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, 0x0, 0x34d802, 0x0)
r1 = socket(0xa, 0x5, 0x84)
bpf$auto(0xfffffffd, &(0x7f0000000000)=@bpf_attr_5={@target_fd, 0xffffffffffffffff, 0x6, 0x4, <r2=>0xffffffffffffffff, @relative_fd=r1, 0xd}, 0xa3)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$auto_NBD_CMD_STATUS(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x14, r4, 0x1, 0x70bd2b, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x40)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz0\x00', 0x200002, 0x0)
sendmsg$auto_NBD_CMD_CONNECT(r2, &(0x7f0000000700)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000680)={&(0x7f0000000440)=ANY=[@ANYBLOB="04020000", @ANYRES16=r4, @ANYBLOB="040028bd7000ffdbdf250100000004000a0008000100150200000c0004000000000000000000c4010780cd007f8030d6faafb8780a2a1a405a444fbfd04586154083c19063fcd355ec53da81e773d32c608128b01e0026c4abefbd584c1db4415b01c6600c42fa9dfb382c9e64bead340ee21d67dbdd085c27772bda0d8750df536eb7616a0df7b8f4643dbf843dfddd957e628dded7dec67c488e4d2d850ea4ffe1f07c0db637d8989cbfb260623ed16655fbe211c439e6737a0900fdc2baf20800a900ac1414bb2355808cc8d01f97a0301b254217646917ad80e791f4808af640bd9163242d75b84568c9e024ef1722712644491eb3000000e500488004004d80979e90b0f94d0f42a888db92499e0f8c14a8e6a3f904c472e82c9468d50d2219128a16dba048f556e3471271e56fce66b132cef9429cf5e78bc7a45a1dca98d171c4a43213b36e07b408ee0c39ce4c02fec07979f5798e67082b37cbbda84f0a07784d1e09436b99c09542a3e68ab4fb32c82b3e059bffed5931b8947e4d5a03f728368830cebf9ce5eaf5e0ea68ca3c15e5a31cc66fda5085ed135444423f87b2ab89350be23da4b2f1a2e31d486bbadb5b97bd4d5def8d914d63414c98eb56ff362ca6c7ee888d6e9914f12d040040800400318008001a00", @ANYRES32=r5, @ANYBLOB="00000000001600", @ANYRES32, @ANYBLOB="0c000500000000000000000008000980040053"], 0x204}, 0x1, 0x0, 0x0, 0x84}, 0x0)
unlink$auto(&(0x7f00000001c0)='\x01\bL\xf2p\xbd\x15Rq?\xdc\x92\xa7\x97\x02\x88\xd9\xd6.fn\"\x9a\x12\x17\x90\x98\xb7\xa7\xddW+\xf5\xc0\x1e\xf4\x1c\x90\xc5\x913f\xbd\xca.\xa4\xf2\xc9\xff}\xe7\xdf\x92xS\xe6o\x127\xf8\xf2P\xd2\xd4\x13%\xd3$+\xdc\xfe&\xd2Q\xc8\xae%\xdc\xdbC26\xd7$\x06i\xa5\xad\xdb\x02RU\x81\xc3\x14kN\xff\x98p\xdc(\xc6,\"\x18\xa7\xdd\xe6\x91n\'\xd2\xc5\xda\xf1\x909\x17E5L\x04\x96\x0fYe\x1fV)\x06\xc3f\x8a\xbd\xaa0\x06T\x9f\x13\xd4`\xdafY\x03!\xa1\xf7g\x14^\xcf\x8b\\\xe45\xb5\x04\\]E~\x18\xae\\\x8a;{\x1a\xe8\xc2\x88\x8b\rD\x7f\xf8<m\x14R\xd8\x9d\x94\b\x04\x1c\xdeh#\b\xc7\x05?\xb7%\xf5_}\xe1l\xd6\xfe\v\xc8\xae`\\n r\xc1\xef\xd9\xbf\xbdbi\x8c\xae8\xb8\x10\xd4\x18\xf0z\xed\xed@J8\xefw\t|8A\t\xde\aZ\x12R\x9e\xc5\xd8|\x10\x9a\\\xc56\xb8T\xd2\x0f\xa4\xd3\n<\xbe\x03X\x1d\xc5\x81V-z\xeb%N\t<L\x99\xaa\xda[\xec`;v\x84\xa6*\toQ1\xd1\xa2;\x8b\xfe\xb8\xdb\xb8\x9a\xa2#\xe1\xf6wK\xadSZ\xf2\xbf\x17O\xe8V\xfcy\xda\x85e\xb3\xe7\xc1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc7\xbb\x05\xe5?\xea\x99\xccg{\xba \xc6F\x1b\xd6\\:g&\xb4\xeb\xb0\xd6\xc1\x13~U\xa9&\xc4\xc2\xb7\'T;\xf7<\xab\xba5\xd6\xa49\x01d\xd7\xc1U$\xbc?\x1b]u8[Kw\xa9X\x8f\xffx\x7f\xfc\x9b\xd7\xd3V5\x8b\xfbR\x80H\xcc\xc3\x8e\xb0&oc\x8e\x15`\xba\xe8>l\a\xf5\x14;\x94\xa1\x82\xb5\x1e\xab\xc2\x8d\x93O\xa9E\xc5\xea\x92\xcb\x9fl\x19.^\x83\x93e\xe7\xe7\xc1\xeeZ\xdb\xd3\x96\r\x95\xb8=\xa3\x98\x93\x9e\xa4\x9dl\xfd\x9c\x02\xf4\xf0\xacp\x8fV\xd8UD\x9dF\xa4\x9c\x86\x05\xbd\x02bV\xec\xd3\xf7\xd6\xe5wW\xd1\xe0 \x86T\xbf\x86%\xbc1\xaf\xcd\xfb3o\xef\x93.p\xe4\xb4*\xe2{\xa9\x05\xa2\xa5\xf6_\\\x8f\xd1\x9e\x98\xa5\x93%..\x1e\xeb\x85\xffQ\xf1\xaf\xa2v\bb3\\\xf65\xa7B:\xb2\xab\xe3`\xaf\xf7Z~\xc4j\xf6N\xfcv\xa8\x88\xb9i\x00'/595)
sendmsg$auto_MACSEC_CMD_DEL_TXSA(0xffffffffffffffff, &(0x7f00000056c0)={0x0, 0x0, &(0x7f0000005680)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16, @ANYBLOB="2bb22bbd7000fcdbfa2506"], 0x28}, 0x1, 0x0, 0x0, 0x20000050}, 0x40094)
close_range$auto(0x2, 0x8, 0x0)
socket(0x1f, 0x80000, 0x0)
socket(0x2, 0x3, 0x9)
io_uring_setup$auto(0x6, 0x0)
close_range$auto(0x2, 0x8000, 0x0)
open(0x0, 0xa22c0, 0x155)
r6 = socket(0x11, 0x80003, 0x3ff)
setsockopt$auto(r6, 0x107, 0xf, 0x0, 0x6)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48})
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x48080}, 0x4004)
sendto$auto(r1, 0x0, 0x401, 0xffff, &(0x7f0000000000)=@generic={0xa, "ffff0000000000fe00"}, 0x1c)
ioctl$auto(0xffffffffffffffff, 0x80004d00, 0xffffffffffffffff)
poll$auto(&(0x7f00000000c0)={<r7=>r0, 0xb4, 0x80}, 0x6, 0xa)
read$auto_kernfs_file_fops_kernfs_internal(r7, &(0x7f0000000100)=""/32, 0x20)

1.334682346s ago: executing program 4 (id=2566):
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
statmount$auto(0x0, 0x0, 0x1fe, 0xd)
openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0)
fcntl$auto(0xffffffffffffffff, 0x402, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_tipcv2(0x0, r0)
sendmsg$auto_TIPC_NL_MEDIA_GET(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)={0x14, r1, 0x701, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x10)

1.103142794s ago: executing program 4 (id=2567):
r0 = socket(0xa, 0x5, 0x84)
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
r1 = io_uring_setup$auto(0x6, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xaa102, 0x0)
r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000100), r1)
sendmsg$auto_NL802154_CMD_GET_SEC_DEVKEY(r0, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000340)={&(0x7f0000000140)={0x1e8, r2, 0x8, 0x70bd25, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8, 0x1d, r1}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0x8}, @NL802154_ATTR_COORDINATOR={0x24, 0x1e, 0x0, 0x1, [@nested={0x14, 0x50, 0x0, 0x1, [@generic="4a2a132cfd3bfe642e192f2f", @nested={0x4, 0x9c}]}, @typed={0xc, 0x7b, 0x0, 0x0, @u64=0x2000000000}]}, @NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0x7}, @NL802154_ATTR_SEC_LEVEL={0x16f, 0x2d, 0x0, 0x1, [@nested={0x147, 0x29, 0x0, 0x1, [@generic="e45d1b5fa3af96d96d06c501ffd4e513dafdedd26de1d69311f79a0be1576844d3767dd2d66f3cfa699139f55f803573517a9e68ac075a99dfff2ca35f6c86b7dcb42d46e1ec2ee083a119812423caf8b1bf6c4a5d0c7b018c334bc4d4d0ee9877424fbdd077ff12e58d32cd4a2bbdcd571b577a1dd9d82b850a0b4eae935f9c44f97af9ea85e215", @typed={0x8, 0x12b, 0x0, 0x0, @u32=0x3}, @generic="787bb8b9bbda3adff838e26153d055c1e7865124aa47508d9134926d88d2587fea0998410db6b008f09a7e041bf443d9149ad7edba2e1f6ec3be2f016ca5c393564c81e4813ce9105859dc64e301f605afa4c4ec729ba4bbae6816f1a42f5a74993a2cafc54e932fad794b8909e75a16b6d97ef712462c9329031f92d69c33f345abbb02ad217ceaf8188cf615f4ea6dbb5c9fa61d78632f4fbb3b1f6f1b25d464b148f698920318861fe8031cd2847781b39f"]}, @generic="1031bf4d07139a69738e9a078ffe2941c1ad5eb16175110f120360f7a3bf0366323ad5"]}, @NL802154_ATTR_WPAN_PHY_NAME={0xa, 0x2, 'bond0\x00'}, @NL802154_ATTR_IFNAME={0x14, 0x4, 'hsr0\x00'}, @NL802154_ATTR_CCA_ED_LEVEL={0x8, 0xe, 0x7}]}, 0x1e8}, 0x1, 0x0, 0x0, 0x1}, 0x88c0)
mremap$auto(0x4000, 0xfee0, 0x3fd6, 0x3, 0x0)
mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
r3 = openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000003880), 0x20000, 0x0)
ioctl$auto_BTRFS_IOC_FORGET_DEV(r3, 0x50009405, 0x0)
writev$auto(0xffffffffffffffff, 0x0, 0x4)
mmap$auto(0x0, 0xfb1, 0xffffffff, 0x9b72, 0x2, 0x8000)
lsm_list_modules$auto(0x0, 0x0, 0x0)
r4 = socket(0x2, 0x801, 0x106)
getsockopt$auto(r4, 0x11c, 0x3, 0x0, 0x0)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r5, 0x89fc, &(0x7f0000000040)={'bond0\x00'})
clone3$auto(0x0, 0x1000) (fail_nth: 2)

325.232381ms ago: executing program 4 (id=2568):
close_range$auto(0x2, 0x8, 0x0)
openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/dynamic_events\x00', 0x103, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001040)='/proc/asound/card1/pcm1c/sub7/info\x00', 0x28102, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/oom_adj\x00', 0x0, 0x0)
read$auto(r0, 0x0, 0x1f40)
r1 = socket(0x15, 0x5, 0x0)
getsockopt$auto(r1, 0x114, 0x5, 0xfffffffffffffffc, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket(0x10, 0x2, 0x4)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0xc)
sendmsg$auto_TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000003740)={&(0x7f0000000000)=ANY=[@ANYBLOB="b1000000", @ANYRES16, @ANYBLOB="01"], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x40080)
write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef)

0s ago: executing program 1 (id=2569):
close_range$auto(0x2, 0x8, 0x0)
openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/dynamic_events\x00', 0x103, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001040)='/proc/asound/card1/pcm1c/sub7/info\x00', 0x28102, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/oom_adj\x00', 0x0, 0x0)
read$auto(r0, 0x0, 0x1f40)
r1 = socket(0x15, 0x5, 0x0)
getsockopt$auto(r1, 0x114, 0x5, 0xfffffffffffffffc, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8, 0x0)
r3 = socket(0x10, 0x2, 0x4)
close_range$auto(0x2, 0x8, 0x0)
r4 = socket(0x10, 0x2, 0xc)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r4, @ANYRES8=r2], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050)
write$auto(r3, &(0x7f0000000000)='-\x00', 0xfdef)

kernel console output (not intermixed with test programs):

000000000 index:0x0 pfn:0x78000
[  530.908168][T15503] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  530.954522][T15503] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  530.993319][T15503] page_type: f5(slab)
[  531.003288][T15052] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  531.033719][T15503] raw: 00fff00000000040 ffff88801ce95640 0000000000000000 dead000000000001
[  531.093967][T15503] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000
[  531.102794][T15052] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  531.152829][T15503] head: 00fff00000000040 ffff88801ce95640 0000000000000000 dead000000000001
[  531.183761][T15052] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  531.207229][T15503] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000
[  531.268047][T15503] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff
[  531.313520][T15503] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  531.349256][T15503] page dumped because: unmovable page
[  531.369296][T15503] page_owner tracks the page as allocated
[  531.395822][T15503] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5218, tgid 5218 (udevd), ts 512321080731, free_ts 512287294957
[  531.450409][T15503]  post_alloc_hook+0x1c0/0x230
[  531.465026][T15503]  get_page_from_freelist+0x1321/0x3890
[  531.477408][T15503]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  531.494570][T15503]  alloc_pages_mpol+0x1fb/0x550
[  531.506837][T15503]  new_slab+0x23b/0x330
[  531.517011][T15503]  ___slab_alloc+0xd9c/0x1940
[  531.528245][T15503]  __slab_alloc.constprop.0+0x56/0xb0
[  531.539416][T15503]  kmem_cache_alloc_noprof+0xef/0x3b0
[  531.551396][   T51] Bluetooth: hci4: command tx timeout
[  531.559862][T15503]  getname_flags.part.0+0x4c/0x550
[  531.574767][T15503]  __x64_sys_unlink+0xb0/0x110
[  531.587158][T15503]  do_syscall_64+0xcd/0x490
[  531.598320][T15503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  531.614328][T15503] page last free pid 5218 tgid 5218 stack trace:
[  531.631038][T15503]  __free_frozen_pages+0x7fe/0x1180
[  531.639647][T15503]  __put_partials+0x16d/0x1c0
[  531.651956][T15503]  qlist_free_all+0x4d/0x120
[  531.664113][T15503]  kasan_quarantine_reduce+0x195/0x1e0
[  531.677434][T15503]  __kasan_slab_alloc+0x69/0x90
[  531.691099][T15503]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  531.705754][T15503]  getname_flags.part.0+0x4c/0x550
[  531.718107][T15503]  __x64_sys_unlink+0xb0/0x110
[  531.730489][T15503]  do_syscall_64+0xcd/0x490
[  531.739426][T15503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.343547][T15052] 8021q: adding VLAN 0 to HW filter on device bond0
[  532.448758][T15689] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1918'.
[  532.510126][T15695] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1918'.
[  532.582886][T15689] netlink: 210 bytes leftover after parsing attributes in process `syz.3.1918'.
[  532.639503][T15052] 8021q: adding VLAN 0 to HW filter on device team0
[  532.722443][T10226] bridge0: port 1(bridge_slave_0) entered blocking state
[  532.729602][T10226] bridge0: port 1(bridge_slave_0) entered forwarding state
[  532.865718][T13187] bridge0: port 2(bridge_slave_1) entered blocking state
[  532.872863][T13187] bridge0: port 2(bridge_slave_1) entered forwarding state
[  533.202302][T15726] FAULT_INJECTION: forcing a failure.
[  533.202302][T15726] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  533.365480][T15726] CPU: 1 UID: 0 PID: 15726 Comm: syz.2.1921 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  533.365503][T15726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  533.365512][T15726] Call Trace:
[  533.365517][T15726]  <TASK>
[  533.365525][T15726]  dump_stack_lvl+0x16c/0x1f0
[  533.365549][T15726]  should_fail_ex+0x512/0x640
[  533.365573][T15726]  _copy_to_user+0x32/0xd0
[  533.365595][T15726]  copy_to_sockptr_offset.constprop.0+0x153/0x1a0
[  533.365616][T15726]  ? __pfx_copy_to_sockptr_offset.constprop.0+0x10/0x10
[  533.365639][T15726]  ip6_mroute_getsockopt+0x2d6/0x3f0
[  533.365660][T15726]  ? __pfx_ip6_mroute_getsockopt+0x10/0x10
[  533.365679][T15726]  ? __kernel_text_address+0xd/0x40
[  533.365694][T15726]  ? arch_stack_walk+0xa6/0x100
[  533.365711][T15726]  do_ipv6_getsockopt+0x83b/0x2ec0
[  533.365731][T15726]  ? __pfx_do_ipv6_getsockopt+0x10/0x10
[  533.365747][T15726]  ? _kstrtoull+0x145/0x200
[  533.365763][T15726]  ? aa_label_sk_perm+0x19b/0x5a0
[  533.365782][T15726]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  533.365799][T15726]  ? __lock_acquire+0x622/0x1c90
[  533.365829][T15726]  ? ipv6_getsockopt+0x126/0x280
[  533.365843][T15726]  ipv6_getsockopt+0x126/0x280
[  533.365860][T15726]  ? __pfx_ipv6_getsockopt+0x10/0x10
[  533.365881][T15726]  rawv6_getsockopt+0xb2/0x4c0
[  533.365895][T15726]  ? __pfx_rawv6_getsockopt+0x10/0x10
[  533.365911][T15726]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  533.365927][T15726]  do_sock_getsockopt+0x3fc/0x800
[  533.365944][T15726]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  533.365958][T15726]  ? __fget_files+0x204/0x3c0
[  533.365986][T15726]  __sys_getsockopt+0x123/0x1b0
[  533.366009][T15726]  __x64_sys_getsockopt+0xbd/0x160
[  533.366028][T15726]  ? do_syscall_64+0x91/0x490
[  533.366047][T15726]  ? lockdep_hardirqs_on+0x7c/0x110
[  533.366066][T15726]  do_syscall_64+0xcd/0x490
[  533.366087][T15726]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  533.366102][T15726] RIP: 0033:0x7f724618e929
[  533.366114][T15726] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  533.366128][T15726] RSP: 002b:00007f7247045038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  533.366143][T15726] RAX: ffffffffffffffda RBX: 00007f72463b5fa0 RCX: 00007f724618e929
[  533.366152][T15726] RDX: 00000000000000ce RSI: 0000000000000029 RDI: 0000000000000003
[  533.366166][T15726] RBP: 00007f7247045090 R08: 0000000000000000 R09: 0000000000000000
[  533.366175][T15726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  533.366183][T15726] R13: 0000000000000000 R14: 00007f72463b5fa0 R15: 00007ffd528fead8
[  533.366201][T15726]  </TASK>
[  533.624053][    C1] vkms_vblank_simulate: vblank timer overrun
[  533.999165][   T51] Bluetooth: hci4: command tx timeout
[  534.896243][T15052] 8021q: adding VLAN 0 to HW filter on device batadv0
[  536.021915][T15052] veth0_vlan: entered promiscuous mode
[  536.088958][T15052] veth1_vlan: entered promiscuous mode
[  536.215631][T15052] veth0_macvtap: entered promiscuous mode
[  536.272067][T15052] veth1_macvtap: entered promiscuous mode
[  536.373551][T15052] batman_adv: batadv0: Interface activated: batadv_slave_0
[  536.450000][T15052] batman_adv: batadv0: Interface activated: batadv_slave_1
[  536.529915][T15052] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  536.771054][T15052] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  536.932625][T15052] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  537.079372][T15052] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  537.534947][T10226] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  537.599623][T10226] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  537.931722][T15859] ima: policy update failed
[  537.941072][   T30] audit: type=1802 audit(6442453404.487:45): pid=15859 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.1936" res=0 errno=0
[  538.000853][T10226] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  538.091003][T10226] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  539.748972][T15910] netlink: 338 bytes leftover after parsing attributes in process `syz.6.1944'.
[  539.811492][T15910] netlink: 338 bytes leftover after parsing attributes in process `syz.6.1944'.
[  539.835341][T15916] ima: policy update failed
[  539.871952][   T30] audit: type=1802 audit(6442453406.437:46): pid=15916 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.1945" res=0 errno=0
[  539.910674][T15921] netlink: 210 bytes leftover after parsing attributes in process `syz.6.1944'.
[  540.220887][T15937] netlink: 'syz.3.1947': attribute type 1 has an invalid length.
[  541.364131][T16006] netlink: 338 bytes leftover after parsing attributes in process `syz.5.1955'.
[  541.702161][T16022] netlink: 'syz.5.1957': attribute type 1 has an invalid length.
[  543.233423][T16104] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1963'.
[  543.544947][T16145] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1966'.
[  543.595603][T16145] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1966'.
[  544.122107][T16192] FAULT_INJECTION: forcing a failure.
[  544.122107][T16192] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  544.225860][T16192] CPU: 1 UID: 0 PID: 16192 Comm: syz.2.1969 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  544.225882][T16192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  544.225891][T16192] Call Trace:
[  544.225897][T16192]  <TASK>
[  544.225903][T16192]  dump_stack_lvl+0x16c/0x1f0
[  544.225936][T16192]  should_fail_ex+0x512/0x640
[  544.225959][T16192]  _copy_from_user+0x2e/0xd0
[  544.225981][T16192]  copy_msghdr_from_user+0x98/0x160
[  544.226002][T16192]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  544.226025][T16192]  ? kfree+0x24f/0x4d0
[  544.226041][T16192]  ? __pfx__kstrtoull+0x10/0x10
[  544.226060][T16192]  ___sys_sendmsg+0xfe/0x1d0
[  544.226081][T16192]  ? __pfx____sys_sendmsg+0x10/0x10
[  544.226117][T16192]  ? __pfx___might_resched+0x10/0x10
[  544.226138][T16192]  __sys_sendmmsg+0x200/0x420
[  544.226159][T16192]  ? __pfx___sys_sendmmsg+0x10/0x10
[  544.226186][T16192]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  544.226214][T16192]  ? fput+0x70/0xf0
[  544.226228][T16192]  ? ksys_write+0x1ac/0x250
[  544.226247][T16192]  ? __pfx_ksys_write+0x10/0x10
[  544.226269][T16192]  __x64_sys_sendmmsg+0x9c/0x100
[  544.226288][T16192]  ? lockdep_hardirqs_on+0x7c/0x110
[  544.226307][T16192]  do_syscall_64+0xcd/0x490
[  544.226328][T16192]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.226343][T16192] RIP: 0033:0x7f724618e929
[  544.226355][T16192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  544.226369][T16192] RSP: 002b:00007f7247024038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  544.226384][T16192] RAX: ffffffffffffffda RBX: 00007f72463b6080 RCX: 00007f724618e929
[  544.226393][T16192] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003
[  544.226401][T16192] RBP: 00007f7247024090 R08: 0000000000000000 R09: 0000000000000000
[  544.226410][T16192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  544.226418][T16192] R13: 0000000000000000 R14: 00007f72463b6080 R15: 00007ffd528fead8
[  544.226436][T16192]  </TASK>
[  546.298148][T16268] netlink: 'syz.2.1979': attribute type 1 has an invalid length.
[  547.614823][T16300] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1984'.
[  548.041720][T16315] netlink: 'syz.3.1989': attribute type 1 has an invalid length.
[  548.137712][T16312] netlink: 186 bytes leftover after parsing attributes in process `syz.6.1987'.
[  548.327090][T16321] Console: switching to colour VGA+ 80x25
[  548.654812][T16332] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x19a pfn:0x78010
[  548.727166][T16332] flags: 0xfff18000000204(referenced|workingset|node=0|zone=1|lastcpupid=0x7ff)
[  548.790604][T16332] raw: 00fff18000000204 0000000000000000 dead000000000122 0000000000000000
[  548.799864][T16341] netlink: 338 bytes leftover after parsing attributes in process `syz.6.1995'.
[  548.853837][T16332] raw: 000000000000019a 0000000000000000 00000001ffffffff 0000000000000000
[  548.876661][T16341] netlink: 338 bytes leftover after parsing attributes in process `syz.6.1995'.
[  548.894237][T16332] page dumped because: unmovable page
[  548.927980][T16341] netlink: 210 bytes leftover after parsing attributes in process `syz.6.1995'.
[  548.940648][T16345] random: crng reseeded on system resumption
[  548.949599][T16332] page_owner tracks the page as allocated
[  548.970415][T16332] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 10633, tgid 10633 (syz-executor), ts 335744338399, free_ts 322595826151
[  549.040847][T16332]  post_alloc_hook+0x1c0/0x230
[  549.078776][T16332]  get_page_from_freelist+0x1321/0x3890
[  549.116266][T16332]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  549.143726][T16332]  alloc_pages_mpol+0x1fb/0x550
[  549.166624][T16332]  alloc_pages_noprof+0x131/0x390
[  549.194165][T16332]  __vmalloc_node_range_noprof+0x72f/0x14b0
[  549.228571][T16332]  vmalloc_user_noprof+0x9e/0xe0
[  549.255501][T16332]  kcov_ioctl+0x4c/0x730
[  549.277176][T16332]  __x64_sys_ioctl+0x18b/0x210
[  549.310408][T16332]  do_syscall_64+0xcd/0x490
[  549.351619][T16332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  549.413351][T16332] page last free pid 10409 tgid 10399 stack trace:
[  549.446309][T16332]  __free_frozen_pages+0x7fe/0x1180
[  549.490498][T16332]  relay_destroy_buf+0x11f/0x3e0
[  549.525562][T16332]  relay_close_buf+0x144/0x1a0
[  549.550409][T16332]  relay_close+0x391/0x5d0
[  549.582828][T16332]  blk_trace_free+0x37/0x170
[  549.608198][T16332]  __blk_trace_remove+0x7f/0x140
[  549.639606][T16332]  blk_trace_ioctl+0x242/0x280
[  549.674063][T16332]  blkdev_common_ioctl+0x176a/0x2480
[  549.701590][T16332]  blkdev_ioctl+0x1cb/0x6d0
[  549.736874][T16332]  __x64_sys_ioctl+0x18b/0x210
[  549.757903][T16332]  do_syscall_64+0xcd/0x490
[  549.779307][T16332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  549.809186][T16338] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x19a pfn:0x78010
[  549.916098][T16338] flags: 0xfff18000000204(referenced|workingset|node=0|zone=1|lastcpupid=0x7ff)
[  549.968893][T16338] raw: 00fff18000000204 0000000000000000 dead000000000122 0000000000000000
[  550.025311][T16338] raw: 000000000000019a 0000000000000000 00000001ffffffff 0000000000000000
[  550.095466][T16338] page dumped because: unmovable page
[  550.123871][T16338] page_owner tracks the page as allocated
[  550.138107][T16370] [U] 
[  550.140901][T16370] [U] 
[  550.143577][T16370] [U] 
[  550.146252][T16370] [U] 
[  550.170556][T16338] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 10633, tgid 10633 (syz-executor), ts 335744338399, free_ts 322595826151
[  550.216863][T16370] [U] 
[  550.219575][T16370] [U] 
[  550.222251][T16370] [U] 
[  550.224922][T16370] [U] 
[  550.285763][T16373] [U] 
[  550.288578][T16338]  post_alloc_hook+0x1c0/0x230
[  550.293363][T16338]  get_page_from_freelist+0x1321/0x3890
[  550.345842][T16338]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  550.402228][T16338]  alloc_pages_mpol+0x1fb/0x550
[  550.420193][T16338]  alloc_pages_noprof+0x131/0x390
[  550.453099][T16338]  __vmalloc_node_range_noprof+0x72f/0x14b0
[  550.459057][T16338]  vmalloc_user_noprof+0x9e/0xe0
[  550.501783][T16338]  kcov_ioctl+0x4c/0x730
[  550.522011][T16338]  __x64_sys_ioctl+0x18b/0x210
[  550.553245][T16338]  do_syscall_64+0xcd/0x490
[  550.568111][T16338]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  550.610257][T16338] page last free pid 10409 tgid 10399 stack trace:
[  550.639341][T16338]  __free_frozen_pages+0x7fe/0x1180
[  550.659072][T16338]  relay_destroy_buf+0x11f/0x3e0
[  550.669154][T16338]  relay_close_buf+0x144/0x1a0
[  550.679255][T16338]  relay_close+0x391/0x5d0
[  550.690283][T16338]  blk_trace_free+0x37/0x170
[  550.700329][T16338]  __blk_trace_remove+0x7f/0x140
[  550.712830][T16338]  blk_trace_ioctl+0x242/0x280
[  550.722878][T16338]  blkdev_common_ioctl+0x176a/0x2480
[  550.736694][T16338]  blkdev_ioctl+0x1cb/0x6d0
[  550.754205][T16338]  __x64_sys_ioctl+0x18b/0x210
[  550.759015][T16338]  do_syscall_64+0xcd/0x490
[  550.774251][T16338]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  551.115031][T16397] FAULT_INJECTION: forcing a failure.
[  551.115031][T16397] name failslab, interval 1, probability 0, space 0, times 0
[  551.191312][T16397] CPU: 1 UID: 0 PID: 16397 Comm: syz.6.2006 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  551.191335][T16397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  551.191344][T16397] Call Trace:
[  551.191349][T16397]  <TASK>
[  551.191355][T16397]  dump_stack_lvl+0x16c/0x1f0
[  551.191381][T16397]  should_fail_ex+0x512/0x640
[  551.191401][T16397]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  551.191423][T16397]  should_failslab+0xc2/0x120
[  551.191437][T16397]  __kmalloc_cache_noprof+0x6a/0x3e0
[  551.191456][T16397]  ? assoc_array_insert+0x10c/0x3970
[  551.191473][T16397]  assoc_array_insert+0x10c/0x3970
[  551.191486][T16397]  ? rcu_is_watching+0x12/0xc0
[  551.191501][T16397]  ? trace_contention_end+0xdd/0x130
[  551.191521][T16397]  ? __mutex_lock+0x1ca/0xb90
[  551.191543][T16397]  ? __key_link_lock+0x92/0xb0
[  551.191568][T16397]  ? __pfx_assoc_array_insert+0x10/0x10
[  551.191584][T16397]  ? down_write+0x14d/0x200
[  551.191597][T16397]  ? __pfx_down_write+0x10/0x10
[  551.191608][T16397]  ? do_raw_spin_lock+0x12c/0x2b0
[  551.191629][T16397]  ? find_held_lock+0x2b/0x80
[  551.191645][T16397]  __key_link_begin+0xf5/0x260
[  551.191668][T16397]  key_instantiate_and_link+0x1fc/0x4b0
[  551.191688][T16397]  ? __pfx_key_instantiate_and_link+0x10/0x10
[  551.191715][T16397]  ? __pfx_keyring_search_iterator+0x10/0x10
[  551.191738][T16397]  keyring_alloc+0x7a/0xc0
[  551.191758][T16397]  look_up_user_keyrings+0x46d/0x760
[  551.191778][T16397]  ? __pfx_look_up_user_keyrings+0x10/0x10
[  551.191801][T16397]  lookup_user_key+0x1a3/0x1300
[  551.191820][T16397]  ? __pfx_lookup_user_key+0x10/0x10
[  551.191834][T16397]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  551.191857][T16397]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  551.191880][T16397]  ? __pfx_lookup_user_key_possessed+0x10/0x10
[  551.191900][T16397]  ? fput+0x70/0xf0
[  551.191917][T16397]  keyctl_keyring_move+0x48/0x150
[  551.191932][T16397]  __do_sys_keyctl+0x171/0x590
[  551.191948][T16397]  do_syscall_64+0xcd/0x490
[  551.191969][T16397]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  551.191984][T16397] RIP: 0033:0x7f5225b8e929
[  551.191995][T16397] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  551.192009][T16397] RSP: 002b:00007f52269a3038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  551.192023][T16397] RAX: ffffffffffffffda RBX: 00007f5225db5fa0 RCX: 00007f5225b8e929
[  551.192033][T16397] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 000000000000001e
[  551.192042][T16397] RBP: 00007f52269a3090 R08: 0000000000000001 R09: 0000000000000000
[  551.192050][T16397] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000001
[  551.192121][T16397] R13: 0000000000000001 R14: 00007f5225db5fa0 R15: 00007ffe3c887918
[  551.192140][T16397]  </TASK>
[  551.470816][    C1] vkms_vblank_simulate: vblank timer overrun
[  553.101980][T16430] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000
[  553.142709][T16430] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  553.192019][T16430] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  553.260381][T16430] page_type: f5(slab)
[  553.272563][T16430] raw: 00fff00000000040 ffff88801ce95640 dead000000000122 0000000000000000
[  553.336092][T16430] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000
[  553.389783][T16430] head: 00fff00000000040 ffff88801ce95640 dead000000000122 0000000000000000
[  553.416743][T16449] netlink: 186 bytes leftover after parsing attributes in process `syz.6.2015'.
[  553.456786][T16430] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000
[  553.532984][T16430] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff
[  553.591085][T16430] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  553.643335][T16430] page dumped because: unmovable page
[  553.673160][T16430] page_owner tracks the page as allocated
[  553.719630][T16430] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5218, tgid 5218 (udevd), ts 551531501105, free_ts 550903439516
[  553.819449][T16430]  post_alloc_hook+0x1c0/0x230
[  553.837413][T16430]  get_page_from_freelist+0x1321/0x3890
[  553.855650][T16430]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  553.878299][T16430]  alloc_pages_mpol+0x1fb/0x550
[  553.893019][T16430]  new_slab+0x23b/0x330
[  553.912321][T16430]  ___slab_alloc+0xd9c/0x1940
[  553.927962][T16430]  __slab_alloc.constprop.0+0x56/0xb0
[  553.941136][T16430]  kmem_cache_alloc_noprof+0xef/0x3b0
[  553.953482][T16430]  getname_flags.part.0+0x4c/0x550
[  553.967737][T16430]  __x64_sys_unlink+0xb0/0x110
[  553.978289][T16430]  do_syscall_64+0xcd/0x490
[  553.989529][T16430]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  554.007766][T16430] page last free pid 5218 tgid 5218 stack trace:
[  554.022938][T16430]  __free_frozen_pages+0x7fe/0x1180
[  554.037806][T16430]  qlist_free_all+0x4d/0x120
[  554.049107][T16430]  kasan_quarantine_reduce+0x195/0x1e0
[  554.061789][T16430]  __kasan_slab_alloc+0x69/0x90
[  554.073554][T16430]  __kmalloc_noprof+0x1d4/0x510
[  554.088155][T16430]  tomoyo_realpath_from_path+0xc2/0x6e0
[  554.102402][T16430]  tomoyo_path_perm+0x274/0x460
[  554.117978][T16430]  security_inode_getattr+0x116/0x290
[  554.131206][T16430]  vfs_fstat+0x4b/0xe0
[  554.150726][T16430]  __do_sys_newfstat+0x87/0x100
[  554.177900][T16430]  do_syscall_64+0xcd/0x490
[  554.192505][T16430]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  554.219022][T16432] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000
[  554.312277][T16432] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  554.374673][T16432] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  554.408625][T16432] page_type: f5(slab)
[  554.451409][T16432] raw: 00fff00000000040 ffff88801ce95640 dead000000000122 0000000000000000
[  554.520034][T16432] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000
[  554.568114][T16432] head: 00fff00000000040 ffff88801ce95640 dead000000000122 0000000000000000
[  554.645326][T16432] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000
[  554.710636][T16432] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff
[  554.780996][T16432] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  554.789695][T16432] page dumped because: unmovable page
[  554.902315][T16432] page_owner tracks the page as allocated
[  554.908355][T16432] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5218, tgid 5218 (udevd), ts 551531501105, free_ts 550903439516
[  555.085336][T16432]  post_alloc_hook+0x1c0/0x230
[  555.095725][T16519] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2023'.
[  555.132980][T16432]  get_page_from_freelist+0x1321/0x3890
[  555.138563][T16432]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  555.163397][T16519] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2023'.
[  555.225260][T16432]  alloc_pages_mpol+0x1fb/0x550
[  555.245536][T16523] netlink: 286 bytes leftover after parsing attributes in process `syz.3.2023'.
[  555.257979][T16432]  new_slab+0x23b/0x330
[  555.262310][T16432]  ___slab_alloc+0xd9c/0x1940
[  555.266995][T16432]  __slab_alloc.constprop.0+0x56/0xb0
[  555.322013][T16524] netlink: 338 bytes leftover after parsing attributes in process `syz.5.2024'.
[  555.352425][T16432]  kmem_cache_alloc_noprof+0xef/0x3b0
[  555.387510][T16432]  getname_flags.part.0+0x4c/0x550
[  555.392668][T16432]  __x64_sys_unlink+0xb0/0x110
[  555.412645][T16530] netlink: 'syz.6.2025': attribute type 1 has an invalid length.
[  555.469445][T16432]  do_syscall_64+0xcd/0x490
[  555.473993][T16432]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  555.539927][T16432] page last free pid 5218 tgid 5218 stack trace:
[  555.546289][T16432]  __free_frozen_pages+0x7fe/0x1180
[  555.703757][T16432]  qlist_free_all+0x4d/0x120
[  555.823051][T16432]  kasan_quarantine_reduce+0x195/0x1e0
[  555.968535][T16432]  __kasan_slab_alloc+0x69/0x90
[  555.996369][T16432]  __kmalloc_noprof+0x1d4/0x510
[  556.033718][T16432]  tomoyo_realpath_from_path+0xc2/0x6e0
[  556.088429][T16432]  tomoyo_path_perm+0x274/0x460
[  556.122728][T16432]  security_inode_getattr+0x116/0x290
[  556.154940][T16432]  vfs_fstat+0x4b/0xe0
[  556.209008][T16432]  __do_sys_newfstat+0x87/0x100
[  556.233352][T16432]  do_syscall_64+0xcd/0x490
[  556.288790][T16432]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  556.926391][T16571] input: f¬
 as /devices/virtual/input/input50
[  556.939060][T16570] bond0: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0)
[  557.029014][T16577] netlink: 338 bytes leftover after parsing attributes in process `syz.6.2035'.
[  557.160486][T16577] netlink: 338 bytes leftover after parsing attributes in process `syz.6.2035'.
[  557.478415][T16590] netlink: 286 bytes leftover after parsing attributes in process `syz.6.2035'.
[  559.508439][T16686] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2044'.
[  559.679574][T16694] netlink: 338 bytes leftover after parsing attributes in process `syz.5.2048'.
[  560.308151][T16709] ima: policy update failed
[  560.366270][   T30] audit: type=1802 audit(6442453427.024:47): pid=16709 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.2052" res=0 errno=0
[  560.774821][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  560.789400][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  561.719003][T16773] netlink: 338 bytes leftover after parsing attributes in process `syz.6.2059'.
[  561.806206][T16778] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000
[  561.854538][T16778] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  561.871834][T16780] netlink: 338 bytes leftover after parsing attributes in process `syz.6.2059'.
[  561.918071][T16773] netlink: 286 bytes leftover after parsing attributes in process `syz.6.2059'.
[  561.933193][T16778] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  562.136430][T16778] page_type: f5(slab)
[  562.273931][T16778] raw: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000
[  562.333524][T16778] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  562.389037][T16778] head: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000
[  562.449761][T16778] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  562.471523][    C1] sd 0:0:1:0: [sda] tag#3545 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  562.481971][    C1] sd 0:0:1:0: [sda] tag#3545 CDB: Write(6) 0a 00 00 00 0b 00 00 00 00 00 00 00
[  562.517826][T16778] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff
[  562.583593][T16778] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  562.625418][T16778] page dumped because: unmovable page
[  562.666250][T16778] page_owner tracks the page as allocated
[  562.709606][T16778] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 15052, tgid 15052 (syz-executor), ts 559370538592, free_ts 559352464945
[  562.836312][T16778]  post_alloc_hook+0x1c0/0x230
[  562.852165][T16778]  get_page_from_freelist+0x1321/0x3890
[  562.878000][T16778]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  562.898226][T16778]  alloc_pages_mpol+0x1fb/0x550
[  562.918237][T16778]  new_slab+0x23b/0x330
[  562.930310][T16778]  ___slab_alloc+0xd9c/0x1940
[  562.948356][T16778]  __slab_alloc.constprop.0+0x56/0xb0
[  562.953756][T16778]  __kmalloc_noprof+0x2f2/0x510
[  562.988725][T16778]  tomoyo_realpath_from_path+0xc2/0x6e0
[  563.008598][T16778]  tomoyo_path_perm+0x274/0x460
[  563.021336][T16778]  security_inode_getattr+0x116/0x290
[  563.036932][T16778]  vfs_statx+0x121/0x3e0
[  563.047014][T16778]  vfs_fstatat+0x7b/0xf0
[  563.059087][T16778]  __do_sys_newfstatat+0x97/0x120
[  563.069448][T16778]  do_syscall_64+0xcd/0x490
[  563.073975][T16778]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.095997][T16778] page last free pid 13187 tgid 13187 stack trace:
[  563.113666][T16778]  __free_frozen_pages+0x7fe/0x1180
[  563.123602][T16778]  __put_partials+0x16d/0x1c0
[  563.137140][T16778]  qlist_free_all+0x4d/0x120
[  563.141771][T16778]  kasan_quarantine_reduce+0x195/0x1e0
[  563.157643][T16778]  __kasan_slab_alloc+0x69/0x90
[  563.171786][T16778]  __kmalloc_cache_noprof+0x1f1/0x3e0
[  563.187120][T16778]  netdevice_event+0x365/0x9d0
[  563.199017][T16778]  notifier_call_chain+0xbc/0x410
[  563.214328][T16778]  call_netdevice_notifiers_info+0xbe/0x140
[  563.224649][T16778]  unregister_netdevice_many_notify+0xf9d/0x2700
[  563.244736][T16778]  ops_undo_list+0x8fc/0xab0
[  563.251542][T16778]  cleanup_net+0x408/0x890
[  563.266497][T16778]  process_one_work+0x9cf/0x1b70
[  563.271472][T16778]  worker_thread+0x6c8/0xf10
[  563.286409][T16778]  kthread+0x3c2/0x780
[  563.298355][T16778]  ret_from_fork+0x5d7/0x6f0
[  563.383573][T16784] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000
[  563.433443][T16784] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  563.513911][T16784] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  563.566267][T16784] page_type: f5(slab)
[  563.605994][T16784] raw: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000
[  563.655465][T16784] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  563.664081][T16784] head: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000
[  563.690473][T16823] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2070'.
[  563.765455][T16784] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  563.828746][T16784] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff
[  563.879431][T16784] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  563.948783][T16784] page dumped because: unmovable page
[  563.986441][T16784] page_owner tracks the page as allocated
[  564.042465][T16784] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 15052, tgid 15052 (syz-executor), ts 559370538592, free_ts 559352464945
[  564.170814][T16784]  post_alloc_hook+0x1c0/0x230
[  564.208882][T16784]  get_page_from_freelist+0x1321/0x3890
[  564.248119][T16784]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  564.282784][T16784]  alloc_pages_mpol+0x1fb/0x550
[  564.322503][T16784]  new_slab+0x23b/0x330
[  564.344504][T16784]  ___slab_alloc+0xd9c/0x1940
[  564.373379][T16784]  __slab_alloc.constprop.0+0x56/0xb0
[  564.378790][T16784]  __kmalloc_noprof+0x2f2/0x510
[  564.450564][T16784]  tomoyo_realpath_from_path+0xc2/0x6e0
[  564.486885][T16784]  tomoyo_path_perm+0x274/0x460
[  564.533217][T16784]  security_inode_getattr+0x116/0x290
[  564.538630][T16784]  vfs_statx+0x121/0x3e0
[  564.585734][T16784]  vfs_fstatat+0x7b/0xf0
[  564.621038][T16784]  __do_sys_newfstatat+0x97/0x120
[  564.626096][T16784]  do_syscall_64+0xcd/0x490
[  564.678634][T16784]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  564.720593][T16784] page last free pid 13187 tgid 13187 stack trace:
[  564.757203][T16784]  __free_frozen_pages+0x7fe/0x1180
[  564.781158][T16784]  __put_partials+0x16d/0x1c0
[  564.809246][T16784]  qlist_free_all+0x4d/0x120
[  564.828790][T16841] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2073'.
[  564.841720][T16784]  kasan_quarantine_reduce+0x195/0x1e0
[  564.862715][T16843] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2073'.
[  564.883216][T16784]  __kasan_slab_alloc+0x69/0x90
[  564.916890][T16784]  __kmalloc_cache_noprof+0x1f1/0x3e0
[  564.951833][T16784]  netdevice_event+0x365/0x9d0
[  564.992581][T16784]  notifier_call_chain+0xbc/0x410
[  565.021839][T16784]  call_netdevice_notifiers_info+0xbe/0x140
[  565.066169][T16784]  unregister_netdevice_many_notify+0xf9d/0x2700
[  565.115133][T16784]  ops_undo_list+0x8fc/0xab0
[  565.150627][T16784]  cleanup_net+0x408/0x890
[  565.185717][T16784]  process_one_work+0x9cf/0x1b70
[  565.211728][T16784]  worker_thread+0x6c8/0xf10
[  565.256122][T16784]  kthread+0x3c2/0x780
[  565.277820][T16784]  ret_from_fork+0x5d7/0x6f0
[  569.059100][T17063] .SR: entered promiscuous mode
[  569.097442][T17069] ima: policy update failed
[  569.133308][   T30] audit: type=1802 audit(6442453435.839:48): pid=17069 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.6.2096" res=0 errno=0
[  569.300174][T17063] Invalid ELF header magic: != ELF
[  570.074529][T17063] could not allocate digest TFM handle 
[  570.476620][T17104] netlink: 342 bytes leftover after parsing attributes in process `syz.6.2100'.
[  570.759150][T17120] netlink: 'syz.2.2103': attribute type 11 has an invalid length.
[  570.767030][T17120] netlink: 'syz.2.2103': attribute type 11 has an invalid length.
[  570.876970][T17120] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2103'.
[  570.920931][T17120] netlink: 'syz.2.2103': attribute type 11 has an invalid length.
[  570.977352][T17120] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2103'.
[  571.029025][T17120] netlink: 200 bytes leftover after parsing attributes in process `syz.2.2103'.
[  571.998292][T17192] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2112'.
[  573.081115][T17240] ima: policy update failed
[  573.112322][   T30] audit: type=1802 audit(6442453439.840:49): pid=17240 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.2118" res=0 errno=0
[  575.763864][T17376] netlink: zone id is out of range
[  575.768997][T17376] netlink: zone id is out of range
[  575.815475][T17376] netlink: zone id is out of range
[  575.843660][T17376] netlink: zone id is out of range
[  575.860962][T17376] netlink: zone id is out of range
[  575.891221][T17376] netlink: zone id is out of range
[  575.924966][T17376] netlink: zone id is out of range
[  575.951679][T17376] netlink: zone id is out of range
[  575.972357][T17376] netlink: zone id is out of range
[  576.005285][T17376] netlink: zone id is out of range
[  576.606718][T17389] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2135'.
[  580.941038][T17551] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2148'.
[  580.998667][T17552] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2148'.
[  581.255112][T17552] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2148'.
[  581.301405][T17552] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2148'.
[  581.344388][T17552] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2148'.
[  581.394117][T17552] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2148'.
[  581.452771][T17552] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2148'.
[  581.513514][T17552] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2148'.
[  581.555329][T17552] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2148'.
[  581.599513][T17552] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2148'.
[  581.639410][T17552] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2148'.
[  581.697598][T17552] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2148'.
[  582.652909][T17618] net_ratelimit: 197 callbacks suppressed
[  582.652925][T17618] openvswitch: netlink: VXLAN extension 0 has unexpected len 4 expected 0
[  582.986594][T17630] ima: policy update failed
[  583.003390][   T30] audit: type=1802 audit(6442453449.781:50): pid=17630 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.2160" res=0 errno=0
[  587.614340][T17777] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2173'.
[  587.658458][T17779] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2173'.
[  588.757529][T17830] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2184'.
[  588.799692][T17830] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2184'.
[  588.839121][T17825] HfR: entered promiscuous mode
[  588.905987][T17825] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied.
[  589.448470][T17846] FAULT_INJECTION: forcing a failure.
[  589.448470][T17846] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  589.525225][T17846] CPU: 1 UID: 0 PID: 17846 Comm: syz.2.2187 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  589.525247][T17846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  589.525256][T17846] Call Trace:
[  589.525261][T17846]  <TASK>
[  589.525267][T17846]  dump_stack_lvl+0x16c/0x1f0
[  589.525292][T17846]  should_fail_ex+0x512/0x640
[  589.525315][T17846]  _copy_from_user+0x2e/0xd0
[  589.525337][T17846]  do_pages_stat+0x24c/0x820
[  589.525359][T17846]  ? __pfx_do_pages_stat+0x10/0x10
[  589.525376][T17846]  ? __lock_acquire+0xb8a/0x1c90
[  589.525409][T17846]  ? do_raw_spin_unlock+0x172/0x230
[  589.525425][T17846]  kernel_move_pages+0xfd4/0x13b0
[  589.525448][T17846]  ? __pfx_kernel_move_pages+0x10/0x10
[  589.525464][T17846]  ? __fget_files+0x20e/0x3c0
[  589.525486][T17846]  ? fput+0x70/0xf0
[  589.525499][T17846]  ? ksys_write+0x1ac/0x250
[  589.525517][T17846]  ? __pfx_ksys_write+0x10/0x10
[  589.525539][T17846]  __x64_sys_move_pages+0xe0/0x1c0
[  589.525554][T17846]  ? do_syscall_64+0x91/0x490
[  589.525573][T17846]  ? lockdep_hardirqs_on+0x7c/0x110
[  589.525593][T17846]  do_syscall_64+0xcd/0x490
[  589.525621][T17846]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  589.525636][T17846] RIP: 0033:0x7f724618e929
[  589.525648][T17846] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  589.525661][T17846] RSP: 002b:00007f7247045038 EFLAGS: 00000246 ORIG_RAX: 0000000000000117
[  589.525676][T17846] RAX: ffffffffffffffda RBX: 00007f72463b5fa0 RCX: 00007f724618e929
[  589.525685][T17846] RDX: 0000000000000000 RSI: 0000000000001002 RDI: 0000000000000785
[  589.525694][T17846] RBP: 00007f7247045090 R08: 0000000000000000 R09: 0000000000000000
[  589.525703][T17846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  589.525711][T17846] R13: 0000000000000000 R14: 00007f72463b5fa0 R15: 00007ffd528fead8
[  589.525729][T17846]  </TASK>
[  589.720082][    C1] vkms_vblank_simulate: vblank timer overrun
[  591.181166][T11603] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  591.197898][T11603] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  591.207427][T11603] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  591.216166][T11603] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  591.228274][T11603] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  592.756057][T17900] chnl_net:caif_netlink_parms(): no params data found
[  593.310588][T11603] Bluetooth: hci5: command tx timeout
[  593.658647][T17900] bridge0: port 1(bridge_slave_0) entered blocking state
[  593.682063][T17900] bridge0: port 1(bridge_slave_0) entered disabled state
[  593.729654][T17900] bridge_slave_0: entered allmulticast mode
[  593.764721][T17900] bridge_slave_0: entered promiscuous mode
[  593.801560][T17900] bridge0: port 2(bridge_slave_1) entered blocking state
[  593.857485][T17900] bridge0: port 2(bridge_slave_1) entered disabled state
[  593.884844][T17900] bridge_slave_1: entered allmulticast mode
[  593.926124][T17900] bridge_slave_1: entered promiscuous mode
[  594.346674][T17900] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  594.429829][T17900] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  594.691735][T17900] team0: Port device team_slave_0 added
[  594.732020][T17900] team0: Port device team_slave_1 added
[  594.861628][T17900] batman_adv: batadv0: Adding interface: batadv_slave_0
[  594.906760][T17900] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  595.036113][T17900] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  595.099874][T17900] batman_adv: batadv0: Adding interface: batadv_slave_1
[  595.147460][T17900] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  595.314903][T17900] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  595.379689][T11603] Bluetooth: hci5: command tx timeout
[  595.662270][T17900] hsr_slave_0: entered promiscuous mode
[  595.705418][T17900] hsr_slave_1: entered promiscuous mode
[  595.757065][T17900] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  595.809152][T17900] Cannot create hsr debugfs directory
[  596.880328][T17900] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  596.992302][T17900] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  597.127966][T17900] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  597.187866][T17900] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  597.250197][T18461] netlink: 338 bytes leftover after parsing attributes in process `syz.5.2213'.
[  597.449838][T11603] Bluetooth: hci5: command tx timeout
[  598.569718][T17900] 8021q: adding VLAN 0 to HW filter on device bond0
[  598.700430][T17900] 8021q: adding VLAN 0 to HW filter on device team0
[  598.780956][T10226] bridge0: port 1(bridge_slave_0) entered blocking state
[  598.788098][T10226] bridge0: port 1(bridge_slave_0) entered forwarding state
[  598.948312][T10228] bridge0: port 2(bridge_slave_1) entered blocking state
[  598.955455][T10228] bridge0: port 2(bridge_slave_1) entered forwarding state
[  599.523329][T11603] Bluetooth: hci5: command tx timeout
[  600.477881][T17900] 8021q: adding VLAN 0 to HW filter on device batadv0
[  601.471094][T18685] .SR: entered promiscuous mode
[  601.739812][T17900] veth0_vlan: entered promiscuous mode
[  601.818651][T17900] veth1_vlan: entered promiscuous mode
[  601.981745][T17900] veth0_macvtap: entered promiscuous mode
[  602.032728][T17900] veth1_macvtap: entered promiscuous mode
[  602.128915][T17900] batman_adv: batadv0: Interface activated: batadv_slave_0
[  602.190098][T17900] batman_adv: batadv0: Interface activated: batadv_slave_1
[  602.262123][T17900] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  602.338062][T17900] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  602.403530][T17900] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  602.460375][T17900] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  602.871445][T13187] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  602.879305][T13187] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  602.991787][T10228] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  603.089381][T10228] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  604.706381][T18790] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed
[  604.759581][T18790] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff)
[  607.353085][T18907] bond0: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0)
[  607.369608][T18904] FAULT_INJECTION: forcing a failure.
[  607.369608][T18904] name failslab, interval 1, probability 0, space 0, times 0
[  607.677956][T18904] CPU: 1 UID: 0 PID: 18904 Comm: syz.5.2249 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  607.677980][T18904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  607.677990][T18904] Call Trace:
[  607.677995][T18904]  <TASK>
[  607.678001][T18904]  dump_stack_lvl+0x16c/0x1f0
[  607.678028][T18904]  should_fail_ex+0x512/0x640
[  607.678048][T18904]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  607.678073][T18904]  should_failslab+0xc2/0x120
[  607.678087][T18904]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  607.678108][T18904]  ? new_userfaultfd+0x79/0x3d0
[  607.678124][T18904]  new_userfaultfd+0x79/0x3d0
[  607.678139][T18904]  __x64_sys_userfaultfd+0x4b/0xb0
[  607.678155][T18904]  do_syscall_64+0xcd/0x490
[  607.678177][T18904]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  607.678192][T18904] RIP: 0033:0x7fa51478e929
[  607.678204][T18904] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  607.678218][T18904] RSP: 002b:00007fa5125f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000143
[  607.678232][T18904] RAX: ffffffffffffffda RBX: 00007fa5149b6080 RCX: 00007fa51478e929
[  607.678242][T18904] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  607.678251][T18904] RBP: 00007fa514810b39 R08: 0000000000000000 R09: 0000000000000000
[  607.678260][T18904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  607.678268][T18904] R13: 0000000000000000 R14: 00007fa5149b6080 R15: 00007fff434f74e8
[  607.678286][T18904]  </TASK>
[  607.838418][    C1] vkms_vblank_simulate: vblank timer overrun
[  608.984525][T18969] bond0: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0)
[  611.824472][T19079] netlink: 338 bytes leftover after parsing attributes in process `syz.5.2274'.
[  613.158198][T19140] netlink: 186 bytes leftover after parsing attributes in process `syz.5.2278'.
[  614.897424][T11603] Bluetooth: hci3: unexpected event 0x3e length: 728 > 260
[  614.897452][T11603] Bluetooth: hci3: unexpected subevent 0x0c length: 727 > 5
[  614.942289][T19182] FAULT_INJECTION: forcing a failure.
[  614.942289][T19182] name failslab, interval 1, probability 0, space 0, times 0
[  615.016647][T19182] CPU: 1 UID: 0 PID: 19182 Comm: syz.5.2283 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  615.016671][T19182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  615.016681][T19182] Call Trace:
[  615.016686][T19182]  <TASK>
[  615.016693][T19182]  dump_stack_lvl+0x16c/0x1f0
[  615.016719][T19182]  should_fail_ex+0x512/0x640
[  615.016740][T19182]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  615.016764][T19182]  should_failslab+0xc2/0x120
[  615.016778][T19182]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  615.016800][T19182]  ? security_file_alloc+0x34/0x2b0
[  615.016822][T19182]  security_file_alloc+0x34/0x2b0
[  615.016840][T19182]  init_file+0x93/0x4c0
[  615.016855][T19182]  alloc_empty_file+0x73/0x1e0
[  615.016871][T19182]  dentry_open+0x46/0xd0
[  615.016886][T19182]  do_mq_open+0x4df/0x8c0
[  615.016911][T19182]  ? __pfx_do_mq_open+0x10/0x10
[  615.016938][T19182]  __x64_sys_mq_open+0x155/0x1e0
[  615.016953][T19182]  ? __pfx___x64_sys_mq_open+0x10/0x10
[  615.016977][T19182]  do_syscall_64+0xcd/0x490
[  615.016999][T19182]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  615.017014][T19182] RIP: 0033:0x7fa51478e929
[  615.017026][T19182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  615.017039][T19182] RSP: 002b:00007fa515522038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f0
[  615.017054][T19182] RAX: ffffffffffffffda RBX: 00007fa5149b5fa0 RCX: 00007fa51478e929
[  615.017064][T19182] RDX: 0000000000000001 RSI: 00000000000060d6 RDI: 0000200000000280
[  615.017072][T19182] RBP: 00007fa514810b39 R08: 0000000000000000 R09: 0000000000000000
[  615.017081][T19182] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000000
[  615.017090][T19182] R13: 0000000000000000 R14: 00007fa5149b5fa0 R15: 00007fff434f74e8
[  615.017109][T19182]  </TASK>
[  615.198306][    C1] vkms_vblank_simulate: vblank timer overrun
[  615.642570][T19189] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input61
[  617.740105][T19255] openvswitch: netlink: nsh attribute has 14 unknown bytes.
[  619.741539][T11603] Bluetooth: hci4: unexpected event 0x3e length: 728 > 260
[  619.741563][T11603] Bluetooth: hci4: unexpected subevent 0x0c length: 727 > 5
[  619.761571][T19322] FAULT_INJECTION: forcing a failure.
[  619.761571][T19322] name failslab, interval 1, probability 0, space 0, times 0
[  619.811142][T19322] CPU: 1 UID: 0 PID: 19322 Comm: syz.6.2293 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  619.811167][T19322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  619.811177][T19322] Call Trace:
[  619.811183][T19322]  <TASK>
[  619.811190][T19322]  dump_stack_lvl+0x16c/0x1f0
[  619.811220][T19322]  should_fail_ex+0x512/0x640
[  619.811242][T19322]  ? fs_reclaim_acquire+0xae/0x150
[  619.811261][T19322]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  619.811281][T19322]  should_failslab+0xc2/0x120
[  619.811296][T19322]  __kmalloc_noprof+0xd2/0x510
[  619.811322][T19322]  tomoyo_realpath_from_path+0xc2/0x6e0
[  619.811347][T19322]  tomoyo_check_open_permission+0x2ab/0x3c0
[  619.811365][T19322]  ? security_file_alloc+0x34/0x2b0
[  619.811383][T19322]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  619.811399][T19322]  ? do_mq_open+0x4df/0x8c0
[  619.811420][T19322]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  619.811453][T19322]  ? find_held_lock+0x2b/0x80
[  619.811474][T19322]  tomoyo_file_open+0x6b/0x90
[  619.811497][T19322]  security_file_open+0x84/0x1e0
[  619.811516][T19322]  do_dentry_open+0x596/0x1c10
[  619.811543][T19322]  vfs_open+0x82/0x3f0
[  619.811560][T19322]  dentry_open+0x71/0xd0
[  619.811575][T19322]  do_mq_open+0x4df/0x8c0
[  619.811600][T19322]  ? __pfx_do_mq_open+0x10/0x10
[  619.811627][T19322]  __x64_sys_mq_open+0x155/0x1e0
[  619.811642][T19322]  ? __pfx___x64_sys_mq_open+0x10/0x10
[  619.811666][T19322]  do_syscall_64+0xcd/0x490
[  619.811688][T19322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  619.811702][T19322] RIP: 0033:0x7f5225b8e929
[  619.811714][T19322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  619.811728][T19322] RSP: 002b:00007f52269a3038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f0
[  619.811743][T19322] RAX: ffffffffffffffda RBX: 00007f5225db5fa0 RCX: 00007f5225b8e929
[  619.811753][T19322] RDX: 0000000000000001 RSI: 00000000000060d6 RDI: 0000200000000280
[  619.811761][T19322] RBP: 00007f5225c10b39 R08: 0000000000000000 R09: 0000000000000000
[  619.811770][T19322] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000000
[  619.811778][T19322] R13: 0000000000000000 R14: 00007f5225db5fa0 R15: 00007ffe3c887918
[  619.811798][T19322]  </TASK>
[  619.811861][T19322] ERROR: Out of memory at tomoyo_realpath_from_path.
[  621.887185][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  621.897689][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  625.013909][   T30] audit: type=1800 audit(6442453492.010:51): pid=19498 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.2309" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0
[  625.517486][   T51] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  625.527551][   T51] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  625.535894][   T51] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  625.543803][   T51] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  625.551747][   T51] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  625.846599][   T51] Bluetooth: hci4: unexpected event 0x3e length: 728 > 260
[  625.846624][   T51] Bluetooth: hci4: unexpected subevent 0x0c length: 727 > 5
[  625.877409][T19551] FAULT_INJECTION: forcing a failure.
[  625.877409][T19551] name fail_futex, interval 1, probability 0, space 0, times 0
[  625.960644][T19551] CPU: 1 UID: 0 PID: 19551 Comm: syz.6.2312 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  625.960667][T19551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  625.960676][T19551] Call Trace:
[  625.960681][T19551]  <TASK>
[  625.960687][T19551]  dump_stack_lvl+0x16c/0x1f0
[  625.960713][T19551]  should_fail_ex+0x512/0x640
[  625.960736][T19551]  get_futex_key+0xf36/0x1540
[  625.960756][T19551]  ? __pfx_get_futex_key+0x10/0x10
[  625.960772][T19551]  ? __mutex_trylock_common+0xe9/0x250
[  625.960797][T19551]  futex_wake+0xe7/0x4e0
[  625.960818][T19551]  ? __pfx_futex_wake+0x10/0x10
[  625.960835][T19551]  ? __lock_acquire+0xb8a/0x1c90
[  625.960861][T19551]  do_futex+0x1e3/0x350
[  625.960878][T19551]  ? __pfx_do_futex+0x10/0x10
[  625.960893][T19551]  ? __might_fault+0xe3/0x190
[  625.960918][T19551]  mm_release+0x24e/0x300
[  625.960936][T19551]  do_exit+0x68b/0x2bd0
[  625.960958][T19551]  ? __pfx_do_exit+0x10/0x10
[  625.960976][T19551]  ? do_raw_spin_lock+0x12c/0x2b0
[  625.960996][T19551]  ? find_held_lock+0x2b/0x80
[  625.961014][T19551]  do_group_exit+0xd3/0x2a0
[  625.961034][T19551]  get_signal+0x2673/0x26d0
[  625.961054][T19551]  ? putname+0x154/0x1a0
[  625.961068][T19551]  ? __pfx_get_signal+0x10/0x10
[  625.961083][T19551]  ? do_futex+0x122/0x350
[  625.961099][T19551]  ? __pfx_do_futex+0x10/0x10
[  625.961118][T19551]  arch_do_signal_or_restart+0x8f/0x790
[  625.961136][T19551]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  625.961163][T19551]  exit_to_user_mode_loop+0x84/0x110
[  625.961186][T19551]  do_syscall_64+0x3f6/0x490
[  625.961208][T19551]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  625.961222][T19551] RIP: 0033:0x7f5225b8e929
[  625.961235][T19551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  625.961249][T19551] RSP: 002b:00007f52269a30e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  625.961263][T19551] RAX: fffffffffffffe00 RBX: 00007f5225db5fa8 RCX: 00007f5225b8e929
[  625.961273][T19551] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f5225db5fa8
[  625.961282][T19551] RBP: 00007f5225db5fa0 R08: 0000000000000000 R09: 0000000000000000
[  625.961291][T19551] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5225db5fac
[  625.961300][T19551] R13: 0000000000000000 R14: 00007ffe3c887830 R15: 00007ffe3c887918
[  625.961326][T19551]  </TASK>
[  627.037223][T19569] random: crng reseeded on system resumption
[  627.626861][   T51] Bluetooth: hci6: command tx timeout
[  627.637177][T19509] chnl_net:caif_netlink_parms(): no params data found
[  628.054925][T19509] bridge0: port 1(bridge_slave_0) entered blocking state
[  628.089238][T19509] bridge0: port 1(bridge_slave_0) entered disabled state
[  628.108704][T19509] bridge_slave_0: entered allmulticast mode
[  628.141364][T19509] bridge_slave_0: entered promiscuous mode
[  628.168603][T19509] bridge0: port 2(bridge_slave_1) entered blocking state
[  628.198919][T19509] bridge0: port 2(bridge_slave_1) entered disabled state
[  628.225897][T19509] bridge_slave_1: entered allmulticast mode
[  628.260408][T19509] bridge_slave_1: entered promiscuous mode
[  628.378459][T19509] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  628.412516][T19509] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  628.566311][T19509] team0: Port device team_slave_0 added
[  628.601777][T19509] team0: Port device team_slave_1 added
[  628.722089][T19509] batman_adv: batadv0: Adding interface: batadv_slave_0
[  628.740992][T19509] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  628.810590][T19509] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  628.870969][T19509] batman_adv: batadv0: Adding interface: batadv_slave_1
[  628.891245][T19509] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  628.953745][T19509] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  629.171817][T19509] hsr_slave_0: entered promiscuous mode
[  629.208345][T19509] hsr_slave_1: entered promiscuous mode
[  629.252062][T19509] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  629.291866][T19509] Cannot create hsr debugfs directory
[  629.682452][   T51] Bluetooth: hci6: command tx timeout
[  630.199143][T11603] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  630.211904][T11603] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  630.219879][T11603] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  630.230941][T11603] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  630.248921][T11603] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  630.381674][T19509] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  630.481415][T19509] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  630.526700][T19509] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  630.611460][T19509] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  631.101128][T19945] chnl_net:caif_netlink_parms(): no params data found
[  631.176033][T19509] 8021q: adding VLAN 0 to HW filter on device bond0
[  631.230936][T19509] 8021q: adding VLAN 0 to HW filter on device team0
[  631.428431][T10243] bridge0: port 1(bridge_slave_0) entered blocking state
[  631.435585][T10243] bridge0: port 1(bridge_slave_0) entered forwarding state
[  631.494387][T10243] bridge0: port 2(bridge_slave_1) entered blocking state
[  631.501501][T10243] bridge0: port 2(bridge_slave_1) entered forwarding state
[  631.751252][T11603] Bluetooth: hci6: command tx timeout
[  631.807777][T19945] bridge0: port 1(bridge_slave_0) entered blocking state
[  631.839589][T19945] bridge0: port 1(bridge_slave_0) entered disabled state
[  631.873746][T19945] bridge_slave_0: entered allmulticast mode
[  631.900760][T19945] bridge_slave_0: entered promiscuous mode
[  631.931146][T19945] bridge0: port 2(bridge_slave_1) entered blocking state
[  631.969295][T19945] bridge0: port 2(bridge_slave_1) entered disabled state
[  631.976490][T19945] bridge_slave_1: entered allmulticast mode
[  632.015269][T19945] bridge_slave_1: entered promiscuous mode
[  632.308525][T11603] Bluetooth: hci7: command tx timeout
[  632.433713][T19945] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  632.479499][T19945] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  632.932081][T19945] team0: Port device team_slave_0 added
[  632.990526][T19945] team0: Port device team_slave_1 added
[  633.290658][T19945] batman_adv: batadv0: Adding interface: batadv_slave_0
[  633.335191][T19945] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  633.448523][T19945] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  633.513031][T19945] batman_adv: batadv0: Adding interface: batadv_slave_1
[  633.520004][T19945] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  633.680246][T19945] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  633.735256][T19509] 8021q: adding VLAN 0 to HW filter on device batadv0
[  633.823593][T11603] Bluetooth: hci6: command tx timeout
[  634.035327][T19945] hsr_slave_0: entered promiscuous mode
[  634.059743][T19945] hsr_slave_1: entered promiscuous mode
[  634.094106][T19945] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  634.130723][T19945] Cannot create hsr debugfs directory
[  634.382269][T11603] Bluetooth: hci7: command tx timeout
[  634.686879][T19945] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  634.728111][T19945] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  634.753555][T19509] veth0_vlan: entered promiscuous mode
[  634.770657][T19945] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  634.803124][T19509] veth1_vlan: entered promiscuous mode
[  634.821377][T19945] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  634.908014][T19509] veth0_macvtap: entered promiscuous mode
[  634.941333][T19509] veth1_macvtap: entered promiscuous mode
[  635.011889][T19509] batman_adv: batadv0: Interface activated: batadv_slave_0
[  635.051684][T19509] batman_adv: batadv0: Interface activated: batadv_slave_1
[  635.102156][T19509] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  635.126431][T19509] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  635.146792][T19509] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  635.167777][T19509] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  635.237744][T19945] 8021q: adding VLAN 0 to HW filter on device bond0
[  635.323981][T19945] 8021q: adding VLAN 0 to HW filter on device team0
[  635.403721][T13169] bridge0: port 1(bridge_slave_0) entered blocking state
[  635.410841][T13169] bridge0: port 1(bridge_slave_0) entered forwarding state
[  635.455426][T13169] bridge0: port 2(bridge_slave_1) entered blocking state
[  635.462595][T13169] bridge0: port 2(bridge_slave_1) entered forwarding state
[  635.612889][T13187] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  635.645154][T13187] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  635.732947][T10226] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  635.765524][T10226] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  636.066009][T19945] 8021q: adding VLAN 0 to HW filter on device batadv0
[  636.446781][T11603] Bluetooth: hci7: command tx timeout
[  636.812058][T19945] veth0_vlan: entered promiscuous mode
[  636.880128][T19945] veth1_vlan: entered promiscuous mode
[  636.991693][T19945] veth0_macvtap: entered promiscuous mode
[  637.037256][T19945] veth1_macvtap: entered promiscuous mode
[  637.118496][T19945] batman_adv: batadv0: Interface activated: batadv_slave_0
[  637.197177][T19945] batman_adv: batadv0: Interface activated: batadv_slave_1
[  637.254930][T19945] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  637.291671][T19945] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  637.300425][T19945] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  637.371131][T19945] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  637.662677][T13187] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  637.706679][T13187] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  637.772222][T10226] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  637.822070][T10226] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  638.515805][T11603] Bluetooth: hci7: command tx timeout
[  641.185973][T20456] random: crng reseeded on system resumption
[  641.478691][T20457] Unrecognized hibernate image header format!
[  641.516148][T20457] PM: hibernation: Image mismatch: architecture specific data
[  642.581441][T20492] netlink: 342 bytes leftover after parsing attributes in process `syz.8.2348'.
[  642.617906][T20492] netlink: 342 bytes leftover after parsing attributes in process `syz.8.2348'.
[  642.663834][T20492] netlink: 342 bytes leftover after parsing attributes in process `syz.8.2348'.
[  642.725773][T20492] netlink: 342 bytes leftover after parsing attributes in process `syz.8.2348'.
[  642.767585][T20492] netlink: 342 bytes leftover after parsing attributes in process `syz.8.2348'.
[  643.800867][T20536] mkiss: ax0: crc mode is auto.
[  644.011259][   T51] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  644.026759][   T51] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  644.034927][   T51] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  644.046775][   T51] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  644.060285][   T51] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  644.878678][T20544] chnl_net:caif_netlink_parms(): no params data found
[  645.242251][T20691] ima: policy update failed
[  645.248290][   T30] audit: type=1802 audit(6442453512.355:52): pid=20691 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.8.2356" res=0 errno=0
[  645.357941][T20544] bridge0: port 1(bridge_slave_0) entered blocking state
[  645.422392][T20544] bridge0: port 1(bridge_slave_0) entered disabled state
[  645.469216][T20544] bridge_slave_0: entered allmulticast mode
[  645.506368][T20544] bridge_slave_0: entered promiscuous mode
[  645.556293][T20544] bridge0: port 2(bridge_slave_1) entered blocking state
[  645.584736][T20544] bridge0: port 2(bridge_slave_1) entered disabled state
[  645.618344][T20544] bridge_slave_1: entered allmulticast mode
[  645.664138][T20544] bridge_slave_1: entered promiscuous mode
[  645.825944][T20544] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  645.884558][T20544] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  646.052977][T20544] team0: Port device team_slave_0 added
[  646.082683][T11603] Bluetooth: hci8: command tx timeout
[  646.130191][T20544] team0: Port device team_slave_1 added
[  646.389321][T20544] batman_adv: batadv0: Adding interface: batadv_slave_0
[  646.430287][T20544] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  646.580594][T20544] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  646.654193][T20544] batman_adv: batadv0: Adding interface: batadv_slave_1
[  646.677481][T20544] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  646.840744][T20544] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  647.202894][T20544] hsr_slave_0: entered promiscuous mode
[  647.264441][T20544] hsr_slave_1: entered promiscuous mode
[  647.295451][T20544] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  647.370407][T20544] Cannot create hsr debugfs directory
[  648.150959][   T51] Bluetooth: hci8: command tx timeout
[  648.194600][T20920] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  648.203785][T20920] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  648.212225][T20920] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  648.223726][T20920] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  648.233643][T20920] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  649.421151][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  650.214763][T11603] Bluetooth: hci8: command tx timeout
[  650.294097][T11603] Bluetooth: hci9: command tx timeout
[  651.840183][T20544] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  651.919312][T20544] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  651.974391][T21152] netlink: 338 bytes leftover after parsing attributes in process `syz.9.2369'.
[  652.038892][T21155] netlink: 338 bytes leftover after parsing attributes in process `syz.9.2369'.
[  652.088662][T20544] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  652.153668][T20544] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  652.245342][T21164] netlink: 342 bytes leftover after parsing attributes in process `syz.8.2370'.
[  652.286974][T11603] Bluetooth: hci8: command tx timeout
[  652.292577][T21168] netlink: 342 bytes leftover after parsing attributes in process `syz.9.2371'.
[  652.332754][T20907] chnl_net:caif_netlink_parms(): no params data found
[  652.371223][T11603] Bluetooth: hci9: command tx timeout
[  652.396579][T21169] netlink: 342 bytes leftover after parsing attributes in process `syz.8.2370'.
[  652.414522][T21168] netlink: 342 bytes leftover after parsing attributes in process `syz.9.2371'.
[  652.478121][T21168] netlink: 342 bytes leftover after parsing attributes in process `syz.9.2371'.
[  652.596233][T21168] netlink: 342 bytes leftover after parsing attributes in process `syz.9.2371'.
[  652.606589][T21169] netlink: 342 bytes leftover after parsing attributes in process `syz.8.2370'.
[  652.681817][T21168] netlink: 342 bytes leftover after parsing attributes in process `syz.9.2371'.
[  653.131024][T20907] bridge0: port 1(bridge_slave_0) entered blocking state
[  653.138133][T20907] bridge0: port 1(bridge_slave_0) entered disabled state
[  653.233828][T20907] bridge_slave_0: entered allmulticast mode
[  653.249516][T21241] ima: policy update failed
[  653.254711][   T30] audit: type=1802 audit(6442453520.407:53): pid=21241 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.8.2373" res=0 errno=0
[  653.285663][T20907] bridge_slave_0: entered promiscuous mode
[  653.401204][T20907] bridge0: port 2(bridge_slave_1) entered blocking state
[  653.472962][T20907] bridge0: port 2(bridge_slave_1) entered disabled state
[  653.523543][T20907] bridge_slave_1: entered allmulticast mode
[  653.587752][T20907] bridge_slave_1: entered promiscuous mode
[  653.711033][T20544] 8021q: adding VLAN 0 to HW filter on device bond0
[  653.951692][T20907] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  654.115706][T20907] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  654.382293][   T30] audit: type=1400 audit(6442453521.533:54): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=21271 comm="syz.8.2375"
[  654.432462][T11603] Bluetooth: hci9: command tx timeout
[  654.516869][T20544] 8021q: adding VLAN 0 to HW filter on device team0
[  654.656514][T20907] team0: Port device team_slave_0 added
[  654.832052][T20907] team0: Port device team_slave_1 added
[  654.900835][T10243] bridge0: port 1(bridge_slave_0) entered blocking state
[  654.907990][T10243] bridge0: port 1(bridge_slave_0) entered forwarding state
[  654.967074][T10243] bridge0: port 2(bridge_slave_1) entered blocking state
[  654.974231][T10243] bridge0: port 2(bridge_slave_1) entered forwarding state
[  655.234219][T20907] batman_adv: batadv0: Adding interface: batadv_slave_0
[  655.274090][T20907] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  655.380409][T20907] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  655.433921][T20907] batman_adv: batadv0: Adding interface: batadv_slave_1
[  655.466615][T20907] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  655.573816][T20907] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  656.027389][T20544] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  656.054733][T20544] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  656.101403][T20907] hsr_slave_0: entered promiscuous mode
[  656.130788][T20907] hsr_slave_1: entered promiscuous mode
[  656.149701][T20907] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  656.169283][T20907] Cannot create hsr debugfs directory
[  656.501809][T11603] Bluetooth: hci9: command tx timeout
[  657.518046][T20544] 8021q: adding VLAN 0 to HW filter on device batadv0
[  657.860296][T20544] veth0_vlan: entered promiscuous mode
[  658.052752][T20544] veth1_vlan: entered promiscuous mode
[  658.204762][T20544] veth0_macvtap: entered promiscuous mode
[  658.295312][T20544] veth1_macvtap: entered promiscuous mode
[  658.414793][T20544] batman_adv: batadv0: Interface activated: batadv_slave_0
[  658.518489][T20544] batman_adv: batadv0: Interface activated: batadv_slave_1
[  658.597007][T20544] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  658.662679][T20544] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  658.696828][T21597] ima: policy update failed
[  658.717831][   T30] audit: type=1802 audit(6442453525.895:55): pid=21597 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.9.2381" res=0 errno=0
[  658.747867][T20544] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  658.815668][T20544] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  659.600667][T20907] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  659.840592][T20907] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  659.954446][T20907] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  660.093457][T10243] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  660.149170][T10243] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  660.182467][T20907] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  660.377811][ T3497] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  660.431433][ T3497] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  661.304852][T20907] 8021q: adding VLAN 0 to HW filter on device bond0
[  661.444438][T20907] 8021q: adding VLAN 0 to HW filter on device team0
[  661.672956][   T30] audit: type=1804 audit(6442453528.851:56): pid=21693 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.9.2386" name="/newroot/31/file0" dev="tmpfs" ino=178 res=1 errno=0
[  661.721619][T10243] bridge0: port 1(bridge_slave_0) entered blocking state
[  661.728805][T10243] bridge0: port 1(bridge_slave_0) entered forwarding state
[  661.843285][T10243] bridge0: port 2(bridge_slave_1) entered blocking state
[  661.850487][T10243] bridge0: port 2(bridge_slave_1) entered forwarding state
[  662.275436][T21710] ima: policy update failed
[  662.339117][   T30] audit: type=1802 audit(6442453529.534:57): pid=21710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.8.2389" res=0 errno=0
[  662.376390][T20907] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  662.489779][T20907] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  664.033521][T20907] 8021q: adding VLAN 0 to HW filter on device batadv0
[  664.518677][T20907] veth0_vlan: entered promiscuous mode
[  664.592506][T20907] veth1_vlan: entered promiscuous mode
[  665.478139][T20907] veth0_macvtap: entered promiscuous mode
[  665.596537][T21860] sysfs_service_op_store: Client not running :-5:
[  665.691316][T20907] veth1_macvtap: entered promiscuous mode
[  665.907775][T20907] batman_adv: batadv0: Interface activated: batadv_slave_0
[  666.295515][T20907] batman_adv: batadv0: Interface activated: batadv_slave_1
[  666.503982][T20907] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  666.582450][T20907] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  666.600327][T11603] Bluetooth: hci7: unexpected event 0x3e length: 728 > 260
[  666.600351][T11603] Bluetooth: hci7: unexpected subevent 0x0c length: 727 > 5
[  666.630382][T21925] FAULT_INJECTION: forcing a failure.
[  666.630382][T21925] name failslab, interval 1, probability 0, space 0, times 0
[  666.668589][T20907] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  666.728613][T20907] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  666.737468][T21925] CPU: 1 UID: 0 PID: 21925 Comm: syz.9.2398 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  666.737495][T21925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  666.737505][T21925] Call Trace:
[  666.737511][T21925]  <TASK>
[  666.737518][T21925]  dump_stack_lvl+0x16c/0x1f0
[  666.737546][T21925]  should_fail_ex+0x512/0x640
[  666.737567][T21925]  ? __kmalloc_noprof+0xbf/0x510
[  666.737590][T21925]  ? memcg_list_lru_alloc+0x4e9/0x740
[  666.737611][T21925]  should_failslab+0xc2/0x120
[  666.737626][T21925]  __kmalloc_noprof+0xd2/0x510
[  666.737646][T21925]  ? __lock_acquire+0x622/0x1c90
[  666.737669][T21925]  memcg_list_lru_alloc+0x4e9/0x740
[  666.737695][T21925]  ? __pfx_memcg_list_lru_alloc+0x10/0x10
[  666.737721][T21925]  ? get_mem_cgroup_from_objcg+0xd3/0x330
[  666.737744][T21925]  __memcg_slab_post_alloc_hook+0x133/0x960
[  666.737762][T21925]  ? kasan_save_track+0x14/0x30
[  666.737784][T21925]  kmem_cache_alloc_lru_noprof+0x30f/0x3b0
[  666.737806][T21925]  ? mqueue_alloc_inode+0x25/0x50
[  666.737831][T21925]  ? __pfx_mqueue_alloc_inode+0x10/0x10
[  666.737851][T21925]  mqueue_alloc_inode+0x25/0x50
[  666.737872][T21925]  alloc_inode+0x64/0x240
[  666.737887][T21925]  new_inode+0x22/0x1c0
[  666.737903][T21925]  mqueue_get_inode+0x2e/0xdd0
[  666.737928][T21925]  mqueue_create_attr+0x261/0x440
[  666.737945][T21925]  vfs_mkobj+0x3d8/0x620
[  666.737962][T21925]  ? __pfx_mqueue_create_attr+0x10/0x10
[  666.737978][T21925]  do_mq_open+0x71e/0x8c0
[  666.738003][T21925]  ? __pfx_do_mq_open+0x10/0x10
[  666.738030][T21925]  __x64_sys_mq_open+0x155/0x1e0
[  666.738045][T21925]  ? __pfx___x64_sys_mq_open+0x10/0x10
[  666.738068][T21925]  do_syscall_64+0xcd/0x490
[  666.738091][T21925]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  666.738105][T21925] RIP: 0033:0x7f434d58e929
[  666.738118][T21925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  666.738132][T21925] RSP: 002b:00007f434e397038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f0
[  666.738147][T21925] RAX: ffffffffffffffda RBX: 00007f434d7b5fa0 RCX: 00007f434d58e929
[  666.738156][T21925] RDX: 0000000000000001 RSI: 00000000000060d6 RDI: 0000200000000280
[  666.738166][T21925] RBP: 00007f434d610b39 R08: 0000000000000000 R09: 0000000000000000
[  666.738175][T21925] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000000
[  666.738184][T21925] R13: 0000000000000000 R14: 00007f434d7b5fa0 R15: 00007fff953a9cd8
[  666.738204][T21925]  </TASK>
[  666.981664][    C1] vkms_vblank_simulate: vblank timer overrun
[  668.599052][T13174] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  668.652593][T13174] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  668.875868][T10243] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  668.930330][T10243] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  670.902630][T22077] kAFS: Invalid Command on /proc/fs/afs/cells file
[  671.622660][T11603] Bluetooth: hci9: unexpected event 0x3e length: 728 > 260
[  671.622685][T11603] Bluetooth: hci9: unexpected subevent 0x0c length: 727 > 5
[  672.536368][T11603] Bluetooth: hci9: unexpected event 0x3e length: 728 > 260
[  672.536394][T11603] Bluetooth: hci9: unexpected subevent 0x0c length: 727 > 5
[  672.689707][T22123] FAULT_INJECTION: forcing a failure.
[  672.689707][T22123] name failslab, interval 1, probability 0, space 0, times 0
[  672.924530][T22123] CPU: 1 UID: 0 PID: 22123 Comm: syz.1.2412 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  672.924560][T22123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  672.924570][T22123] Call Trace:
[  672.924575][T22123]  <TASK>
[  672.924582][T22123]  dump_stack_lvl+0x16c/0x1f0
[  672.924608][T22123]  should_fail_ex+0x512/0x640
[  672.924629][T22123]  ? fs_reclaim_acquire+0xae/0x150
[  672.924648][T22123]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  672.924668][T22123]  should_failslab+0xc2/0x120
[  672.924682][T22123]  __kmalloc_noprof+0xd2/0x510
[  672.924707][T22123]  tomoyo_realpath_from_path+0xc2/0x6e0
[  672.924729][T22123]  ? tomoyo_profile+0x47/0x60
[  672.924752][T22123]  tomoyo_path_number_perm+0x245/0x580
[  672.924768][T22123]  ? tomoyo_path_number_perm+0x237/0x580
[  672.924792][T22123]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  672.924830][T22123]  ? _raw_spin_unlock+0x28/0x50
[  672.924848][T22123]  ? d_add+0x47a/0x780
[  672.924863][T22123]  ? current_check_access_path+0x33c/0x460
[  672.924882][T22123]  ? __pfx_current_check_access_path+0x10/0x10
[  672.924898][T22123]  ? simple_lookup+0x12c/0x180
[  672.924916][T22123]  ? lookup_one_qstr_excl_raw.part.0+0xf9/0x160
[  672.924932][T22123]  ? lookup_dcache+0x66/0x170
[  672.924950][T22123]  tomoyo_path_mknod+0x10c/0x190
[  672.924971][T22123]  ? __pfx_tomoyo_path_mknod+0x10/0x10
[  672.924994][T22123]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  672.925018][T22123]  security_path_mknod+0x161/0x310
[  672.925044][T22123]  do_mknodat+0x239/0x5d0
[  672.925067][T22123]  ? __pfx_do_mknodat+0x10/0x10
[  672.925087][T22123]  ? getname_flags.part.0+0x1c5/0x550
[  672.925108][T22123]  __x64_sys_mknod+0x87/0xb0
[  672.925129][T22123]  do_syscall_64+0xcd/0x490
[  672.925152][T22123]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  672.925166][T22123] RIP: 0033:0x7f2ef4f8e929
[  672.925178][T22123] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  672.925192][T22123] RSP: 002b:00007f2ef5dc8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[  672.925207][T22123] RAX: ffffffffffffffda RBX: 00007f2ef51b5fa0 RCX: 00007f2ef4f8e929
[  672.925218][T22123] RDX: 000000007fffffff RSI: 0000000000000402 RDI: 0000000000000000
[  672.925227][T22123] RBP: 00007f2ef5010b39 R08: 0000000000000000 R09: 0000000000000000
[  672.925236][T22123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  672.925245][T22123] R13: 0000000000000000 R14: 00007f2ef51b5fa0 R15: 00007ffccc34f978
[  672.925264][T22123]  </TASK>
[  672.925271][T22123] ERROR: Out of memory at tomoyo_realpath_from_path.
[  673.792607][T22147] ima: policy update failed
[  673.902657][   T30] audit: type=1802 audit(6442453541.094:58): pid=22147 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.2415" res=0 errno=0
[  676.401661][T22229] __nla_validate_parse: 2 callbacks suppressed
[  676.401676][T22229] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2427'.
[  676.864749][T22229] team0: Port device team_slave_0 removed
[  678.035639][T11603] Bluetooth: hci6: unexpected event 0x3e length: 728 > 260
[  678.035669][T11603] Bluetooth: hci6: unexpected subevent 0x0c length: 727 > 5
[  683.024061][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  683.030356][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  684.306386][T22542] ima: policy update failed
[  684.359549][   T30] audit: type=1802 audit(6442453551.679:59): pid=22542 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.2444" res=0 errno=0
[  687.752416][T22668] ima: policy update failed
[  687.771712][   T30] audit: type=1802 audit(6442453555.086:60): pid=22668 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.8.2455" res=0 errno=0
[  687.948291][T11603] Bluetooth: hci9: unexpected event 0x3e length: 728 > 260
[  687.948316][T11603] Bluetooth: hci9: unexpected subevent 0x0c length: 727 > 5
[  687.973400][T22678] FAULT_INJECTION: forcing a failure.
[  687.973400][T22678] name failslab, interval 1, probability 0, space 0, times 0
[  688.093064][T22678] CPU: 1 UID: 0 PID: 22678 Comm: syz.1.2456 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  688.093088][T22678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  688.093097][T22678] Call Trace:
[  688.093104][T22678]  <TASK>
[  688.093111][T22678]  dump_stack_lvl+0x16c/0x1f0
[  688.093136][T22678]  should_fail_ex+0x512/0x640
[  688.093157][T22678]  ? fs_reclaim_acquire+0xae/0x150
[  688.093179][T22678]  should_failslab+0xc2/0x120
[  688.093194][T22678]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  688.093217][T22678]  ? security_inode_alloc+0x3b/0x2b0
[  688.093235][T22678]  security_inode_alloc+0x3b/0x2b0
[  688.093252][T22678]  inode_init_always_gfp+0xce4/0x1030
[  688.093275][T22678]  alloc_inode+0x86/0x240
[  688.093290][T22678]  new_inode+0x22/0x1c0
[  688.093306][T22678]  shmem_get_inode+0x19a/0xfb0
[  688.093326][T22678]  shmem_mknod+0x1a8/0x450
[  688.093345][T22678]  vfs_create+0x4e0/0x7a0
[  688.093365][T22678]  do_mknodat+0x3d3/0x5d0
[  688.093388][T22678]  ? __pfx_do_mknodat+0x10/0x10
[  688.093406][T22678]  ? getname_flags.part.0+0x1c5/0x550
[  688.093426][T22678]  __x64_sys_mknod+0x87/0xb0
[  688.093446][T22678]  do_syscall_64+0xcd/0x490
[  688.093468][T22678]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  688.093483][T22678] RIP: 0033:0x7f2ef4f8e929
[  688.093496][T22678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  688.093510][T22678] RSP: 002b:00007f2ef5dc8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[  688.093525][T22678] RAX: ffffffffffffffda RBX: 00007f2ef51b5fa0 RCX: 00007f2ef4f8e929
[  688.093535][T22678] RDX: 000000007fffffff RSI: 0000000000000402 RDI: 0000000000000000
[  688.093544][T22678] RBP: 00007f2ef5010b39 R08: 0000000000000000 R09: 0000000000000000
[  688.093553][T22678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  688.093562][T22678] R13: 0000000000000000 R14: 00007f2ef51b5fa0 R15: 00007ffccc34f978
[  688.093581][T22678]  </TASK>
[  688.291884][    C1] vkms_vblank_simulate: vblank timer overrun
[  688.854936][T22574] ptrace attach of "./syz-executor exec"[19945] was attempted by "./syz-executor exec"[22574]
[  690.046006][T22716] FAULT_INJECTION: forcing a failure.
[  690.046006][T22716] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  690.274607][T22716] CPU: 1 UID: 0 PID: 22716 Comm: syz.8.2460 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  690.274630][T22716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  690.274639][T22716] Call Trace:
[  690.274644][T22716]  <TASK>
[  690.274651][T22716]  dump_stack_lvl+0x16c/0x1f0
[  690.274676][T22716]  should_fail_ex+0x512/0x640
[  690.274699][T22716]  _copy_to_user+0x32/0xd0
[  690.274726][T22716]  simple_read_from_buffer+0xcb/0x170
[  690.274747][T22716]  proc_fail_nth_read+0x197/0x270
[  690.274764][T22716]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  690.274782][T22716]  ? rw_verify_area+0xcf/0x680
[  690.274799][T22716]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  690.274816][T22716]  vfs_read+0x1e4/0xc60
[  690.274837][T22716]  ? __pfx___mutex_lock+0x10/0x10
[  690.274857][T22716]  ? __pfx_vfs_read+0x10/0x10
[  690.274881][T22716]  ? __fget_files+0x20e/0x3c0
[  690.274906][T22716]  ksys_read+0x12a/0x250
[  690.274924][T22716]  ? __pfx_ksys_read+0x10/0x10
[  690.274949][T22716]  do_syscall_64+0xcd/0x490
[  690.274970][T22716]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  690.274986][T22716] RIP: 0033:0x7fbb7578d33c
[  690.274998][T22716] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  690.275012][T22716] RSP: 002b:00007fbb766ae030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  690.275027][T22716] RAX: ffffffffffffffda RBX: 00007fbb759b5fa0 RCX: 00007fbb7578d33c
[  690.275037][T22716] RDX: 000000000000000f RSI: 00007fbb766ae0a0 RDI: 0000000000000004
[  690.275046][T22716] RBP: 00007fbb766ae090 R08: 0000000000000000 R09: 0000000000000000
[  690.275054][T22716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  690.275062][T22716] R13: 0000000000000000 R14: 00007fbb759b5fa0 R15: 00007ffe82026588
[  690.275081][T22716]  </TASK>
[  690.828999][T22723] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2464'.
[  691.567883][T22739] ima: policy update failed
[  691.667590][   T30] audit: type=1802 audit(6442453558.966:61): pid=22739 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.8.2467" res=0 errno=0
[  692.056070][T22748] random: crng reseeded on system resumption
[  694.484845][T22858] ima: policy update failed
[  694.489465][   T30] audit: type=1802 audit(6442453561.851:62): pid=22858 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.9.2476" res=0 errno=0
[  695.161047][T22877] zswap: compressor  not available
[  695.815519][T22947] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2481'.
[  695.838854][T22948] FAULT_INJECTION: forcing a failure.
[  695.838854][T22948] name failslab, interval 1, probability 0, space 0, times 0
[  695.885658][T22948] CPU: 1 UID: 0 PID: 22948 Comm: syz.0.2480 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  695.885679][T22948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  695.885688][T22948] Call Trace:
[  695.885693][T22948]  <TASK>
[  695.885700][T22948]  dump_stack_lvl+0x16c/0x1f0
[  695.885725][T22948]  should_fail_ex+0x512/0x640
[  695.885748][T22948]  should_failslab+0xc2/0x120
[  695.885763][T22948]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  695.885784][T22948]  ? skb_clone+0x190/0x3f0
[  695.885808][T22948]  skb_clone+0x190/0x3f0
[  695.885828][T22948]  netlink_deliver_tap+0xabd/0xd30
[  695.885855][T22948]  netlink_unicast+0x702/0x850
[  695.885872][T22948]  ? __pfx_netlink_unicast+0x10/0x10
[  695.885892][T22948]  netlink_ack+0x696/0xb80
[  695.885912][T22948]  netlink_rcv_skb+0x332/0x420
[  695.885926][T22948]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  695.885945][T22948]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  695.885968][T22948]  ? ns_capable+0xd7/0x110
[  695.885986][T22948]  nfnetlink_rcv+0x1b3/0x430
[  695.886003][T22948]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  695.886019][T22948]  ? netlink_deliver_tap+0x1ae/0xd30
[  695.886044][T22948]  netlink_unicast+0x58d/0x850
[  695.886061][T22948]  ? __pfx_netlink_unicast+0x10/0x10
[  695.886088][T22948]  netlink_sendmsg+0x8d1/0xdd0
[  695.886106][T22948]  ? __pfx_netlink_sendmsg+0x10/0x10
[  695.886127][T22948]  ____sys_sendmsg+0xa95/0xc70
[  695.886144][T22948]  ? copy_msghdr_from_user+0x10a/0x160
[  695.886164][T22948]  ? __pfx_____sys_sendmsg+0x10/0x10
[  695.886188][T22948]  ___sys_sendmsg+0x134/0x1d0
[  695.886209][T22948]  ? __pfx____sys_sendmsg+0x10/0x10
[  695.886226][T22948]  ? __lock_acquire+0x622/0x1c90
[  695.886268][T22948]  __sys_sendmsg+0x16d/0x220
[  695.886288][T22948]  ? __pfx___sys_sendmsg+0x10/0x10
[  695.886320][T22948]  do_syscall_64+0xcd/0x490
[  695.886342][T22948]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  695.886357][T22948] RIP: 0033:0x7fd7d578e929
[  695.886369][T22948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  695.886382][T22948] RSP: 002b:00007fd7d35d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  695.886397][T22948] RAX: ffffffffffffffda RBX: 00007fd7d59b6080 RCX: 00007fd7d578e929
[  695.886407][T22948] RDX: 0000000000000080 RSI: 0000200000000180 RDI: 000000000000000f
[  695.886416][T22948] RBP: 00007fd7d35d5090 R08: 0000000000000000 R09: 0000000000000000
[  695.886424][T22948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  695.886433][T22948] R13: 0000000000000000 R14: 00007fd7d59b6080 R15: 00007fff7b58e778
[  695.886451][T22948]  </TASK>
[  697.039168][T22970] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2482'.
[  697.090774][T22969] netlink: 342 bytes leftover after parsing attributes in process `syz.9.2483'.
[  697.939066][T22990] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2488'.
[  697.993961][T22996] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2488'.
[  698.674466][T23008] usb usb36: usbfs: process 23008 (syz.1.2491) did not claim interface 0 before use
[  698.920650][T23018] FAULT_INJECTION: forcing a failure.
[  698.920650][T23018] name failslab, interval 1, probability 0, space 0, times 0
[  699.035717][T23018] CPU: 1 UID: 0 PID: 23018 Comm: syz.9.2492 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  699.035741][T23018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  699.035751][T23018] Call Trace:
[  699.035756][T23018]  <TASK>
[  699.035762][T23018]  dump_stack_lvl+0x16c/0x1f0
[  699.035789][T23018]  should_fail_ex+0x512/0x640
[  699.035810][T23018]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  699.035834][T23018]  should_failslab+0xc2/0x120
[  699.035848][T23018]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  699.035867][T23018]  ? __proc_create+0xc3/0x8c0
[  699.035889][T23018]  ? __proc_create+0x2ce/0x8c0
[  699.035913][T23018]  __proc_create+0x2ce/0x8c0
[  699.035934][T23018]  ? __pfx___proc_create+0x10/0x10
[  699.035955][T23018]  ? pcpu_chunk_relocate+0x126/0x190
[  699.035981][T23018]  proc_create_reg+0x7d/0x180
[  699.035995][T23018]  ? __pfx_xfrm_statistics_seq_show+0x10/0x10
[  699.036010][T23018]  proc_create_net_single+0x86/0x170
[  699.036024][T23018]  ? __pfx_proc_create_net_single+0x10/0x10
[  699.036043][T23018]  ? __pfx_xfrm_net_init+0x10/0x10
[  699.036063][T23018]  xfrm_proc_init+0x4d/0x70
[  699.036075][T23018]  xfrm_net_init+0x1f0/0xcc0
[  699.036098][T23018]  ? __pfx_xfrm_net_init+0x10/0x10
[  699.036117][T23018]  ops_init+0x1e2/0x5f0
[  699.036142][T23018]  setup_net+0x1ff/0x510
[  699.036162][T23018]  ? lockdep_init_map_type+0x5c/0x280
[  699.036183][T23018]  ? __pfx_setup_net+0x10/0x10
[  699.036205][T23018]  ? debug_mutex_init+0x37/0x70
[  699.036222][T23018]  copy_net_ns+0x2a6/0x5f0
[  699.036238][T23018]  create_new_namespaces+0x3ea/0xa90
[  699.036259][T23018]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  699.036277][T23018]  ksys_unshare+0x45b/0xa40
[  699.036297][T23018]  ? __pfx_ksys_unshare+0x10/0x10
[  699.036317][T23018]  ? xfd_validate_state+0x61/0x180
[  699.036342][T23018]  __x64_sys_unshare+0x31/0x40
[  699.036360][T23018]  do_syscall_64+0xcd/0x490
[  699.036383][T23018]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  699.036398][T23018] RIP: 0033:0x7f434d58e929
[  699.036410][T23018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  699.036423][T23018] RSP: 002b:00007f434e376038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  699.036438][T23018] RAX: ffffffffffffffda RBX: 00007f434d7b6080 RCX: 00007f434d58e929
[  699.036447][T23018] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  699.036456][T23018] RBP: 00007f434d610b39 R08: 0000000000000000 R09: 0000000000000000
[  699.036465][T23018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  699.036473][T23018] R13: 0000000000000000 R14: 00007f434d7b6080 R15: 00007fff953a9cd8
[  699.036493][T23018]  </TASK>
[  699.858125][T23009] ima: policy update failed
[  699.903861][   T30] audit: type=1802 audit(6442453567.249:63): pid=23009 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.9.2492" res=0 errno=0
[  702.144823][T23092] FAULT_INJECTION: forcing a failure.
[  702.144823][T23092] name failslab, interval 1, probability 0, space 0, times 0
[  702.275613][T23100] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2498'.
[  702.336340][T23092] CPU: 1 UID: 0 PID: 23092 Comm: syz.9.2495 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  702.336364][T23092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  702.336374][T23092] Call Trace:
[  702.336380][T23092]  <TASK>
[  702.336386][T23092]  dump_stack_lvl+0x16c/0x1f0
[  702.336413][T23092]  should_fail_ex+0x512/0x640
[  702.336433][T23092]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  702.336458][T23092]  should_failslab+0xc2/0x120
[  702.336472][T23092]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  702.336493][T23092]  ? prepare_creds+0x2c/0x7d0
[  702.336519][T23092]  prepare_creds+0x2c/0x7d0
[  702.336541][T23092]  join_session_keyring+0x17/0x340
[  702.336558][T23092]  lookup_user_key+0x576/0x1300
[  702.336577][T23092]  ? __pfx_lookup_user_key+0x10/0x10
[  702.336594][T23092]  ? __pfx_do_futex+0x10/0x10
[  702.336615][T23092]  ? __pfx_lookup_user_key_possessed+0x10/0x10
[  702.336640][T23092]  keyctl_keyring_move+0xb4/0x150
[  702.336656][T23092]  __do_sys_keyctl+0x171/0x590
[  702.336672][T23092]  do_syscall_64+0xcd/0x490
[  702.336694][T23092]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  702.336709][T23092] RIP: 0033:0x7f434d58e929
[  702.336721][T23092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  702.336735][T23092] RSP: 002b:00007f434e376038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  702.336749][T23092] RAX: ffffffffffffffda RBX: 00007f434d7b6080 RCX: 00007f434d58e929
[  702.336759][T23092] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 000000000000001e
[  702.336768][T23092] RBP: 00007f434d610b39 R08: 0000000000000001 R09: 0000000000000000
[  702.336777][T23092] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000
[  702.336786][T23092] R13: 0000000000000000 R14: 00007f434d7b6080 R15: 00007fff953a9cd8
[  702.336804][T23092]  </TASK>
[  702.526337][    C1] vkms_vblank_simulate: vblank timer overrun
[  703.330208][T23100] team0: Port device team_slave_0 removed
[  703.488471][T23110] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2500'.
[  703.620268][T23117] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2500'.
[  704.846298][T23146] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  705.921178][T23162] FAULT_INJECTION: forcing a failure.
[  705.921178][T23162] name failslab, interval 1, probability 0, space 0, times 0
[  706.205299][T23162] CPU: 1 UID: 0 PID: 23162 Comm: syz.0.2509 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  706.205324][T23162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  706.205333][T23162] Call Trace:
[  706.205338][T23162]  <TASK>
[  706.205345][T23162]  dump_stack_lvl+0x16c/0x1f0
[  706.205371][T23162]  should_fail_ex+0x512/0x640
[  706.205391][T23162]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  706.205415][T23162]  should_failslab+0xc2/0x120
[  706.205429][T23162]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  706.205450][T23162]  ? key_alloc+0x3e0/0x1330
[  706.205470][T23162]  key_alloc+0x3e0/0x1330
[  706.205494][T23162]  ? __pfx_key_alloc+0x10/0x10
[  706.205516][T23162]  keyring_alloc+0x44/0xc0
[  706.205537][T23162]  install_session_keyring_to_cred+0x190/0x230
[  706.205556][T23162]  join_session_keyring+0x1b8/0x340
[  706.205573][T23162]  lookup_user_key+0x576/0x1300
[  706.205590][T23162]  ? __pfx_lookup_user_key+0x10/0x10
[  706.205605][T23162]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  706.205628][T23162]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  706.205650][T23162]  ? __pfx_lookup_user_key_possessed+0x10/0x10
[  706.205671][T23162]  ? fput+0x70/0xf0
[  706.205687][T23162]  keyctl_keyring_move+0xb4/0x150
[  706.205702][T23162]  __do_sys_keyctl+0x171/0x590
[  706.205718][T23162]  do_syscall_64+0xcd/0x490
[  706.205740][T23162]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  706.205754][T23162] RIP: 0033:0x7fd7d578e929
[  706.205766][T23162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  706.205779][T23162] RSP: 002b:00007fd7d35f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  706.205799][T23162] RAX: ffffffffffffffda RBX: 00007fd7d59b5fa0 RCX: 00007fd7d578e929
[  706.205808][T23162] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 000000000000001e
[  706.205817][T23162] RBP: 00007fd7d35f6090 R08: 0000000000000001 R09: 0000000000000000
[  706.205826][T23162] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000001
[  706.205835][T23162] R13: 0000000000000001 R14: 00007fd7d59b5fa0 R15: 00007fff7b58e778
[  706.205853][T23162]  </TASK>
[  706.422194][    C1] vkms_vblank_simulate: vblank timer overrun
[  706.929829][T23168] FAULT_INJECTION: forcing a failure.
[  706.929829][T23168] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  707.054395][T23168] CPU: 1 UID: 0 PID: 23168 Comm: syz.0.2512 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  707.054419][T23168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  707.054428][T23168] Call Trace:
[  707.054434][T23168]  <TASK>
[  707.054441][T23168]  dump_stack_lvl+0x16c/0x1f0
[  707.054468][T23168]  should_fail_ex+0x512/0x640
[  707.054492][T23168]  should_fail_alloc_page+0xe7/0x130
[  707.054508][T23168]  prepare_alloc_pages+0x3c2/0x610
[  707.054528][T23168]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  707.054550][T23168]  ? kasan_save_stack+0x42/0x60
[  707.054569][T23168]  ? kasan_save_stack+0x33/0x60
[  707.054587][T23168]  ? kasan_save_track+0x14/0x30
[  707.054605][T23168]  ? __kasan_slab_alloc+0x89/0x90
[  707.054625][T23168]  ? kmem_cache_alloc_noprof+0x1cb/0x3b0
[  707.054644][T23168]  ? __pmd_alloc+0xbf/0x930
[  707.054658][T23168]  ? __handle_mm_fault+0xaac/0x5490
[  707.054674][T23168]  ? handle_mm_fault+0x589/0xd10
[  707.054690][T23168]  ? do_user_addr_fault+0x7a6/0x1370
[  707.054708][T23168]  ? exc_page_fault+0x5c/0xb0
[  707.054730][T23168]  ? asm_exc_page_fault+0x26/0x30
[  707.054743][T23168]  ? check_zeroed_user+0x90/0x1c0
[  707.054763][T23168]  ? bpf_check_uarg_tail_zero+0x16e/0x1b0
[  707.054782][T23168]  ? __sys_bpf+0x140/0x4d80
[  707.054792][T23168]  ? __x64_sys_bpf+0x78/0xc0
[  707.054804][T23168]  ? do_syscall_64+0xcd/0x490
[  707.054823][T23168]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  707.054838][T23168]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  707.054869][T23168]  ? __lock_acquire+0xb8a/0x1c90
[  707.054888][T23168]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  707.054911][T23168]  ? policy_nodemask+0xea/0x4e0
[  707.054926][T23168]  alloc_pages_mpol+0x1fb/0x550
[  707.054940][T23168]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  707.054955][T23168]  ? __thp_vma_allowable_orders+0x1c5/0xb10
[  707.054974][T23168]  alloc_pages_noprof+0x131/0x390
[  707.054988][T23168]  pte_alloc_one+0x1c/0x3a0
[  707.055002][T23168]  __handle_mm_fault+0x3a68/0x5490
[  707.055025][T23168]  ? __pfx___handle_mm_fault+0x10/0x10
[  707.055042][T23168]  ? __pfx_mt_find+0x10/0x10
[  707.055065][T23168]  ? find_vma+0xbf/0x140
[  707.055079][T23168]  ? __pfx_find_vma+0x10/0x10
[  707.055095][T23168]  handle_mm_fault+0x589/0xd10
[  707.055114][T23168]  ? __pkru_allows_pkey+0x51/0xb0
[  707.055134][T23168]  do_user_addr_fault+0x7a6/0x1370
[  707.055155][T23168]  ? rcu_is_watching+0x12/0xc0
[  707.055173][T23168]  exc_page_fault+0x5c/0xb0
[  707.055192][T23168]  asm_exc_page_fault+0x26/0x30
[  707.055205][T23168] RIP: 0010:check_zeroed_user+0x90/0x1c0
[  707.055227][T23168] Code: 00 00 00 e8 52 71 e2 fc 48 89 de 4c 89 ef e8 f7 6b e2 fc 4d 85 ff 0f 85 a5 00 00 00 e8 39 71 e2 fc 0f 01 cb 0f ae e8 45 31 e4 <49> 8b 45 00 31 ff 44 89 e6 48 89 c3 e8 5f 6c e2 fc 45 85 e4 75 79
[  707.055241][T23168] RSP: 0018:ffffc9000447fc00 EFLAGS: 00050246
[  707.055253][T23168] RAX: 0000000000000000 RBX: 0000000000000a1f RCX: ffffffff84d8ed99
[  707.055262][T23168] RDX: ffff88807e393c00 RSI: ffffffff84d8eda7 RDI: 0000000000000006
[  707.055271][T23168] RBP: 0000000000000000 R08: 0000000000000006 R09: 0000000000000098
[  707.055280][T23168] R10: 0000000000000a1f R11: 0000000000000000 R12: 0000000000000000
[  707.055289][T23168] R13: 0000000000000098 R14: 0000000000000987 R15: 0000000000000000
[  707.055302][T23168]  ? check_zeroed_user+0x79/0x1c0
[  707.055322][T23168]  ? check_zeroed_user+0x87/0x1c0
[  707.055348][T23168]  bpf_check_uarg_tail_zero+0x16e/0x1b0
[  707.055367][T23168]  ? __pfx_bpf_check_uarg_tail_zero+0x10/0x10
[  707.055387][T23168]  ? get_pid_task+0x106/0x250
[  707.055409][T23168]  __sys_bpf+0x140/0x4d80
[  707.055427][T23168]  ? __pfx___sys_bpf+0x10/0x10
[  707.055439][T23168]  ? vfs_write+0x15d/0x1150
[  707.055463][T23168]  ? __pfx_vfs_write+0x10/0x10
[  707.055482][T23168]  ? do_sys_openat2+0x157/0x1d0
[  707.055508][T23168]  ? ksys_write+0x1ac/0x250
[  707.055526][T23168]  ? __pfx_ksys_write+0x10/0x10
[  707.055549][T23168]  __x64_sys_bpf+0x78/0xc0
[  707.055562][T23168]  ? lockdep_hardirqs_on+0x7c/0x110
[  707.055580][T23168]  do_syscall_64+0xcd/0x490
[  707.055601][T23168]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  707.055615][T23168] RIP: 0033:0x7fd7d578e929
[  707.055626][T23168] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  707.055639][T23168] RSP: 002b:00007fd7d35f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  707.055652][T23168] RAX: ffffffffffffffda RBX: 00007fd7d59b5fa0 RCX: 00007fd7d578e929
[  707.055661][T23168] RDX: 0000000000000a1f RSI: 0000000000000000 RDI: 0000000000000001
[  707.055670][T23168] RBP: 00007fd7d35f6090 R08: 0000000000000000 R09: 0000000000000000
[  707.055678][T23168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  707.055687][T23168] R13: 0000000000000000 R14: 00007fd7d59b5fa0 R15: 00007fff7b58e778
[  707.055705][T23168]  </TASK>
[  707.522073][    C1] vkms_vblank_simulate: vblank timer overrun
[  709.960811][T23174] ima: policy update failed
[  710.188476][   T30] audit: type=1802 audit(6442453577.633:64): pid=23174 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.2514" res=0 errno=0
[  710.960818][   T51] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  710.978432][   T51] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  710.989249][   T51] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  711.010563][   T51] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  711.020046][   T51] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  712.257024][T23345] FAULT_INJECTION: forcing a failure.
[  712.257024][T23345] name failslab, interval 1, probability 0, space 0, times 0
[  712.354928][T23345] CPU: 1 UID: 0 PID: 23345 Comm: syz.9.2524 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  712.354953][T23345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  712.354962][T23345] Call Trace:
[  712.354968][T23345]  <TASK>
[  712.354974][T23345]  dump_stack_lvl+0x16c/0x1f0
[  712.355002][T23345]  should_fail_ex+0x512/0x640
[  712.355022][T23345]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  712.355047][T23345]  ? __pfx_drm_debugfs_entry_open+0x10/0x10
[  712.355067][T23345]  should_failslab+0xc2/0x120
[  712.355081][T23345]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  712.355103][T23345]  ? seq_open+0x55/0x170
[  712.355124][T23345]  ? __pfx_drm_debugfs_entry_open+0x10/0x10
[  712.355143][T23345]  ? __pfx_vkms_config_show+0x10/0x10
[  712.355161][T23345]  seq_open+0x55/0x170
[  712.355175][T23345]  ? __pfx_vkms_config_show+0x10/0x10
[  712.355194][T23345]  single_open+0xfc/0x1f0
[  712.355210][T23345]  drm_debugfs_entry_open+0x127/0x1c0
[  712.355230][T23345]  full_proxy_open_regular+0x1b6/0x360
[  712.355248][T23345]  do_dentry_open+0x744/0x1c10
[  712.355270][T23345]  ? __pfx_full_proxy_open_regular+0x10/0x10
[  712.355289][T23345]  vfs_open+0x82/0x3f0
[  712.355307][T23345]  path_openat+0x1de4/0x2cb0
[  712.355333][T23345]  ? __pfx_path_openat+0x10/0x10
[  712.355354][T23345]  ? __lock_acquire+0xb8a/0x1c90
[  712.355376][T23345]  do_filp_open+0x20b/0x470
[  712.355397][T23345]  ? __pfx_do_filp_open+0x10/0x10
[  712.355429][T23345]  ? alloc_fd+0x471/0x7d0
[  712.355453][T23345]  do_sys_openat2+0x11b/0x1d0
[  712.355469][T23345]  ? __pfx_do_sys_openat2+0x10/0x10
[  712.355491][T23345]  __x64_sys_openat+0x174/0x210
[  712.355508][T23345]  ? __pfx___x64_sys_openat+0x10/0x10
[  712.355531][T23345]  do_syscall_64+0xcd/0x490
[  712.355553][T23345]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  712.355568][T23345] RIP: 0033:0x7f434d58e929
[  712.355580][T23345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  712.355594][T23345] RSP: 002b:00007f434e397038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  712.355609][T23345] RAX: ffffffffffffffda RBX: 00007f434d7b5fa0 RCX: 00007f434d58e929
[  712.355618][T23345] RDX: 0000000000000000 RSI: 0000200000001040 RDI: ffffffffffffff9c
[  712.355628][T23345] RBP: 00007f434d610b39 R08: 0000000000000000 R09: 0000000000000000
[  712.355637][T23345] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000
[  712.355647][T23345] R13: 0000000000000000 R14: 00007f434d7b5fa0 R15: 00007fff953a9cd8
[  712.355666][T23345]  </TASK>
[  712.619240][T23205] chnl_net:caif_netlink_parms(): no params data found
[  713.163751][T11603] Bluetooth: hci10: command tx timeout
[  714.124299][T23205] bridge0: port 1(bridge_slave_0) entered blocking state
[  714.181807][T23205] bridge0: port 1(bridge_slave_0) entered disabled state
[  714.231612][T23205] bridge_slave_0: entered allmulticast mode
[  714.292097][T23205] bridge_slave_0: entered promiscuous mode
[  714.426576][T23205] bridge0: port 2(bridge_slave_1) entered blocking state
[  714.480272][T23205] bridge0: port 2(bridge_slave_1) entered disabled state
[  714.517466][T23205] bridge_slave_1: entered allmulticast mode
[  714.571878][T23205] bridge_slave_1: entered promiscuous mode
[  715.014382][T23205] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  715.111927][   T51] Bluetooth: hci9: unexpected event 0x3e length: 728 > 260
[  715.111950][   T51] Bluetooth: hci9: unexpected subevent 0x0c length: 727 > 5
[  715.147491][T23470] FAULT_INJECTION: forcing a failure.
[  715.147491][T23470] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  715.236574][   T51] Bluetooth: hci10: command tx timeout
[  715.258086][T23205] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  715.321690][T23470] CPU: 1 UID: 0 PID: 23470 Comm: syz.1.2530 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  715.321715][T23470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  715.321724][T23470] Call Trace:
[  715.321737][T23470]  <TASK>
[  715.321744][T23470]  dump_stack_lvl+0x16c/0x1f0
[  715.321771][T23470]  should_fail_ex+0x512/0x640
[  715.321795][T23470]  strncpy_from_user+0x3b/0x2e0
[  715.321817][T23470]  getname_flags.part.0+0x8f/0x550
[  715.321836][T23470]  getname_flags+0x93/0xf0
[  715.321855][T23470]  do_sys_openat2+0xb8/0x1d0
[  715.321872][T23470]  ? __pfx_do_sys_openat2+0x10/0x10
[  715.321895][T23470]  __x64_sys_openat+0x174/0x210
[  715.321911][T23470]  ? __pfx___x64_sys_openat+0x10/0x10
[  715.321939][T23470]  do_syscall_64+0xcd/0x490
[  715.321962][T23470]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  715.321977][T23470] RIP: 0033:0x7f2ef4f8e929
[  715.321990][T23470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  715.322003][T23470] RSP: 002b:00007f2ef5dc8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  715.322018][T23470] RAX: ffffffffffffffda RBX: 00007f2ef51b5fa0 RCX: 00007f2ef4f8e929
[  715.322027][T23470] RDX: 0000000000080e42 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[  715.322036][T23470] RBP: 00007f2ef5010b39 R08: 0000000000000000 R09: 0000000000000000
[  715.322045][T23470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  715.322053][T23470] R13: 0000000000000000 R14: 00007f2ef51b5fa0 R15: 00007ffccc34f978
[  715.322072][T23470]  </TASK>
[  715.482831][    C1] vkms_vblank_simulate: vblank timer overrun
[  715.755109][   T51] Bluetooth: hci5: command 0x0406 tx timeout
[  716.172581][T23205] team0: Port device team_slave_0 added
[  716.458812][T23205] team0: Port device team_slave_1 added
[  716.764190][T23205] batman_adv: batadv0: Adding interface: batadv_slave_0
[  716.813326][T23205] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  716.839254][    C1] vkms_vblank_simulate: vblank timer overrun
[  716.955490][T23205] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  717.054181][T23205] batman_adv: batadv0: Adding interface: batadv_slave_1
[  717.121196][T23205] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  717.246279][T23205] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  717.305964][T11603] Bluetooth: hci10: command tx timeout
[  718.024261][T23205] hsr_slave_0: entered promiscuous mode
[  718.059209][T23205] hsr_slave_1: entered promiscuous mode
[  718.105906][T23205] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  718.155244][T23205] Cannot create hsr debugfs directory
[  718.541126][T23654] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2533'.
[  719.318635][T23205] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  719.378714][T11603] Bluetooth: hci10: command tx timeout
[  719.403886][T23205] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  719.582018][T23205] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  719.657480][T23205] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  720.124210][T23205] 8021q: adding VLAN 0 to HW filter on device bond0
[  720.312451][T23205] 8021q: adding VLAN 0 to HW filter on device team0
[  720.610465][ T3497] bridge0: port 1(bridge_slave_0) entered blocking state
[  720.617629][ T3497] bridge0: port 1(bridge_slave_0) entered forwarding state
[  720.684789][ T3497] bridge0: port 2(bridge_slave_1) entered blocking state
[  720.691971][ T3497] bridge0: port 2(bridge_slave_1) entered forwarding state
[  722.093628][T23205] 8021q: adding VLAN 0 to HW filter on device batadv0
[  723.411697][T23205] veth0_vlan: entered promiscuous mode
[  723.505768][T23205] veth1_vlan: entered promiscuous mode
[  723.663498][T23205] veth0_macvtap: entered promiscuous mode
[  723.720941][T23205] veth1_macvtap: entered promiscuous mode
[  723.818970][T23205] batman_adv: batadv0: Interface activated: batadv_slave_0
[  723.934534][T23205] batman_adv: batadv0: Interface activated: batadv_slave_1
[  724.004887][T23205] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  724.066334][T23205] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  724.123506][T23205] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  724.141737][T11603] Bluetooth: hci9: unexpected subevent 0x01 length: 123 > 18
[  724.149214][T11603] Bluetooth: hci9: Invalid handle: 0x3a4a > 0x0eff
[  724.233153][T23205] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  725.186439][T23965] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2549'.
[  725.370239][T23965] veth0_macvtap: left promiscuous mode
[  725.379282][T23853] workqueue: Failed to create a rescuer kthread for wq "nfc19_nci_tx_wq": -EINTR
[  725.465222][T23965] macvtap0: entered promiscuous mode
[  725.600699][T23965] macvtap0: entered allmulticast mode
[  725.728556][T10243] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  725.799211][T10243] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  725.989794][ T3497] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  726.033285][ T3497] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  726.960489][T24123] FAULT_INJECTION: forcing a failure.
[  726.960489][T24123] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  727.090081][T24123] CPU: 1 UID: 0 PID: 24123 Comm: syz.9.2554 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  727.090104][T24123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  727.090113][T24123] Call Trace:
[  727.090118][T24123]  <TASK>
[  727.090124][T24123]  dump_stack_lvl+0x16c/0x1f0
[  727.090150][T24123]  should_fail_ex+0x512/0x640
[  727.090173][T24123]  _copy_from_user+0x2e/0xd0
[  727.090195][T24123]  copy_msghdr_from_user+0x98/0x160
[  727.090216][T24123]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  727.090245][T24123]  ___sys_sendmsg+0xfe/0x1d0
[  727.090266][T24123]  ? __pfx____sys_sendmsg+0x10/0x10
[  727.090284][T24123]  ? __lock_acquire+0x622/0x1c90
[  727.090325][T24123]  __sys_sendmsg+0x16d/0x220
[  727.090351][T24123]  ? __pfx___sys_sendmsg+0x10/0x10
[  727.090382][T24123]  do_syscall_64+0xcd/0x490
[  727.090403][T24123]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  727.090418][T24123] RIP: 0033:0x7f434d58e929
[  727.090430][T24123] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  727.090443][T24123] RSP: 002b:00007f434e397038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  727.090457][T24123] RAX: ffffffffffffffda RBX: 00007f434d7b5fa0 RCX: 00007f434d58e929
[  727.090467][T24123] RDX: 0000000000000800 RSI: 0000200000000180 RDI: 0000000000000003
[  727.090475][T24123] RBP: 00007f434e397090 R08: 0000000000000000 R09: 0000000000000000
[  727.090484][T24123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  727.090492][T24123] R13: 0000000000000000 R14: 00007f434d7b5fa0 R15: 00007fff953a9cd8
[  727.090510][T24123]  </TASK>
[  727.957771][T24145] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2556'.
[  728.381760][T24155] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000
[  728.407705][T24155] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  728.467672][T24155] memcg:ffff888033d4dc01
[  728.477992][T24155] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  728.546263][T24155] page_type: f5(slab)
[  728.572829][T24155] raw: 00fff00000000040 ffff88801b84b3c0 dead000000000122 0000000000000000
[  728.671764][T24155] raw: 0000000000000000 0000000000080008 00000000f5000000 ffff888033d4dc01
[  728.722221][T24155] head: 00fff00000000040 ffff88801b84b3c0 dead000000000122 0000000000000000
[  728.800679][T24155] head: 0000000000000000 0000000000080008 00000000f5000000 ffff888033d4dc01
[  728.883216][T24155] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff
[  729.012539][T24155] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  729.078862][T24155] page dumped because: unmovable page
[  729.122525][T24155] page_owner tracks the page as allocated
[  729.178664][T24155] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 19945, tgid 19945 (syz-executor), ts 632097240242, free_ts 632007144531
[  729.307327][T24155]  post_alloc_hook+0x1c0/0x230
[  729.368309][T24155]  get_page_from_freelist+0x1321/0x3890
[  729.401530][T24155]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  729.457438][T24155]  alloc_pages_mpol+0x1fb/0x550
[  729.492867][T24155]  new_slab+0x23b/0x330
[  729.497074][T24155]  ___slab_alloc+0xd9c/0x1940
[  729.501776][T24155]  __slab_alloc.constprop.0+0x56/0xb0
[  729.601499][T24155]  __kmalloc_node_track_caller_noprof+0x2ee/0x510
[  729.661219][T24155]  kmemdup_noprof+0x29/0x60
[  729.665771][T24155]  neigh_sysctl_register+0xb2/0x670
[  729.722386][T24155]  addrconf_sysctl_register+0xb9/0x1f0
[  729.770577][T24155]  ipv6_add_dev+0xb39/0x15f0
[  729.775217][T24155]  addrconf_notify+0x53e/0x19e0
[  729.847218][T24155]  notifier_call_chain+0xbc/0x410
[  729.873189][T24155]  call_netdevice_notifiers_info+0xbe/0x140
[  729.879126][T24155]  register_netdevice+0x182e/0x2270
[  729.965918][T24155] page last free pid 5218 tgid 5218 stack trace:
[  730.002586][T24155]  __free_frozen_pages+0x7fe/0x1180
[  730.007825][T24155]  __put_partials+0x16d/0x1c0
[  730.078735][T24155]  qlist_free_all+0x4d/0x120
[  730.128146][T24155]  kasan_quarantine_reduce+0x195/0x1e0
[  730.162308][T24155]  __kasan_slab_alloc+0x69/0x90
[  730.167222][T24155]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  730.234550][T24155]  getname_flags.part.0+0x4c/0x550
[  730.280294][T24155]  __x64_sys_unlink+0xb0/0x110
[  730.285087][T24155]  do_syscall_64+0xcd/0x490
[  730.334649][T24155]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  730.397113][T24160] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000
[  730.513947][T24160] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  730.572062][T24160] memcg:ffff888033d4dc01
[  730.578291][T24160] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  730.652424][T24160] page_type: f5(slab)
[  730.670454][T24160] raw: 00fff00000000040 ffff88801b84b3c0 dead000000000122 0000000000000000
[  730.733266][T24160] raw: 0000000000000000 0000000000080008 00000000f5000000 ffff888033d4dc01
[  730.827304][T24160] head: 00fff00000000040 ffff88801b84b3c0 dead000000000122 0000000000000000
[  730.916281][T24160] head: 0000000000000000 0000000000080008 00000000f5000000 ffff888033d4dc01
[  730.977909][T24160] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff
[  731.038681][T24160] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  731.129370][T24160] page dumped because: unmovable page
[  731.159884][T24160] page_owner tracks the page as allocated
[  731.213104][T24160] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 19945, tgid 19945 (syz-executor), ts 632097240242, free_ts 632007144531
[  731.356379][T24160]  post_alloc_hook+0x1c0/0x230
[  731.394673][T24160]  get_page_from_freelist+0x1321/0x3890
[  731.440831][T24160]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  731.504298][T24160]  alloc_pages_mpol+0x1fb/0x550
[  731.517079][T24160]  new_slab+0x23b/0x330
[  731.545065][T24160]  ___slab_alloc+0xd9c/0x1940
[  731.581614][T24160]  __slab_alloc.constprop.0+0x56/0xb0
[  731.609569][T24160]  __kmalloc_node_track_caller_noprof+0x2ee/0x510
[  731.666459][T24160]  kmemdup_noprof+0x29/0x60
[  731.700623][T24160]  neigh_sysctl_register+0xb2/0x670
[  731.725953][T24160]  addrconf_sysctl_register+0xb9/0x1f0
[  731.756121][T24160]  ipv6_add_dev+0xb39/0x15f0
[  731.783399][T24160]  addrconf_notify+0x53e/0x19e0
[  731.791644][T24296] FAULT_INJECTION: forcing a failure.
[  731.791644][T24296] name failslab, interval 1, probability 0, space 0, times 0
[  731.831386][T24160]  notifier_call_chain+0xbc/0x410
[  731.861545][T24160]  call_netdevice_notifiers_info+0xbe/0x140
[  731.876574][T24296] CPU: 1 UID: 0 PID: 24296 Comm: syz.4.2567 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  731.876595][T24296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  731.876604][T24296] Call Trace:
[  731.876609][T24296]  <TASK>
[  731.876615][T24296]  dump_stack_lvl+0x16c/0x1f0
[  731.876642][T24296]  should_fail_ex+0x512/0x640
[  731.876662][T24296]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  731.876685][T24296]  should_failslab+0xc2/0x120
[  731.876699][T24296]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  731.876720][T24296]  ? copy_process+0x4b6/0x7650
[  731.876738][T24296]  ? _raw_spin_unlock_irq+0x23/0x50
[  731.876758][T24296]  copy_process+0x4b6/0x7650
[  731.876783][T24296]  ? __pfx_copy_process+0x10/0x10
[  731.876806][T24296]  ? _copy_from_user+0x59/0xd0
[  731.876829][T24296]  kernel_clone+0xfc/0x960
[  731.876851][T24296]  ? get_pid_task+0xfc/0x250
[  731.876870][T24296]  ? __pfx_kernel_clone+0x10/0x10
[  731.876898][T24296]  __do_sys_clone3+0x212/0x290
[  731.876915][T24296]  ? __pfx___do_sys_clone3+0x10/0x10
[  731.876942][T24296]  ? __fget_files+0x20e/0x3c0
[  731.876975][T24296]  do_syscall_64+0xcd/0x490
[  731.876997][T24296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  731.877011][T24296] RIP: 0033:0x7fc21178e929
[  731.877022][T24296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  731.877036][T24296] RSP: 002b:00007fc212677038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  731.877052][T24296] RAX: ffffffffffffffda RBX: 00007fc2119b5fa0 RCX: 00007fc21178e929
[  731.877061][T24296] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000000000000000
[  731.877070][T24296] RBP: 00007fc212677090 R08: 0000000000000000 R09: 0000000000000000
[  731.877079][T24296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  731.877087][T24296] R13: 0000000000000000 R14: 00007fc2119b5fa0 R15: 00007ffc38b2c388
[  731.877105][T24296]  </TASK>
[  732.301777][T24160]  register_netdevice+0x182e/0x2270
[  732.313201][T24160] page last free pid 5218 tgid 5218 stack trace:
[  732.336028][T24160]  __free_frozen_pages+0x7fe/0x1180
[  732.369293][T24160]  __put_partials+0x16d/0x1c0
[  732.396943][T24160]  qlist_free_all+0x4d/0x120
[  732.425017][T24160]  kasan_quarantine_reduce+0x195/0x1e0
[  732.449525][T24160]  __kasan_slab_alloc+0x69/0x90
[  732.476531][T24160]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  732.526389][T24160]  getname_flags.part.0+0x4c/0x550
[  732.536302][T24160]  __x64_sys_unlink+0xb0/0x110
[  732.576010][T24160]  do_syscall_64+0xcd/0x490
[  732.582533][T24160]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  732.739316][   T31] INFO: task syz-executor:5845 blocked for more than 143 seconds.
[  732.804728][   T31]       Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  732.854600][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  732.945757][   T31] task:syz-executor    state:D stack:24072 pid:5845  tgid:5845  ppid:1      task_flags:0x400140 flags:0x00004004
[  733.023714][   T31] Call Trace:
[  733.027018][   T31]  <TASK>
[  733.069136][   T31]  __schedule+0x116a/0x5de0
[  733.091914][   T31]  ? __lock_acquire+0x622/0x1c90
[  733.133199][   T31]  ? __pfx___schedule+0x10/0x10
[  733.138090][   T31]  ? find_held_lock+0x2b/0x80
[  733.173392][   T31]  ? schedule+0x2d7/0x3a0
[  733.177760][   T31]  schedule+0xe7/0x3a0
[  733.181824][   T31]  schedule_preempt_disabled+0x13/0x30
[  733.256781][   T31]  __mutex_lock+0x6c7/0xb90
[  733.261343][   T31]  ? nfsd_shutdown_threads+0x5b/0xf0
[  733.307875][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  733.345954][   T31]  ? net_generic+0xea/0x2a0
[  733.350503][   T31]  ? nfsd_shutdown_threads+0x5b/0xf0
[  733.389568][   T31]  nfsd_shutdown_threads+0x5b/0xf0
[  733.419104][   T31]  nfsd_umount+0x48/0xe0
[  733.511145][   T31]  deactivate_locked_super+0xbe/0x1a0
[  733.516558][   T31]  deactivate_super+0xde/0x100
[  733.610640][   T31]  cleanup_mnt+0x225/0x450
[  733.615099][   T31]  task_work_run+0x150/0x240
[  733.619690][   T31]  ? __pfx_task_work_run+0x10/0x10
[  733.719560][   T31]  ? __pfx___x64_sys_umount+0x10/0x10
[  733.743438][   T31]  exit_to_user_mode_loop+0xeb/0x110
[  733.748763][   T31]  do_syscall_64+0x3f6/0x490
[  733.809651][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  733.815580][   T31] RIP: 0033:0x7f2b6438fc57
[  733.893045][   T31] RSP: 002b:00007ffe996f6258 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  733.954447][   T31] RAX: 0000000000000000 RBX: 00007f2b64410925 RCX: 00007f2b6438fc57
[  734.046332][   T31] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe996f6310
[  734.092652][   T31] RBP: 00007ffe996f6310 R08: 0000000000000000 R09: 0000000000000000
[  734.157957][   T31] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe996f73a0
[  734.165970][   T31] R13: 00007f2b64410925 R14: 000000000008ce7e R15: 00007ffe996f73e0
[  734.277275][   T31]  </TASK>
[  734.298077][   T31] 
[  734.298077][   T31] Showing all locks held in the system:
[  734.374583][   T31] 1 lock held by khungtaskd/31:
[  734.468258][   T31]  #0: ffffffff8e5c4c80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[  734.537132][   T31] 4 locks held by kworker/u8:7/3497:
[  734.542437][   T31]  #0: ffff88801c6fe148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  734.595571][   T31]  #1: ffffc9000cdf7d10 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  734.625301][   T31]  #2: ffffffff9034e550 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x890
[  734.634650][   T31]  #3: ffffffff903645a8 (rtnl_mutex){+.+.}-{4:4}, at: cfg80211_pernet_exit+0x17/0x150
[  734.685019][   T31] 1 lock held by udevd/5218:
[  734.689634][   T31] 2 locks held by syz-executor/5845:
[  734.714327][   T31]  #0: ffff8880798a80e0 (&type->s_umount_key#52){++++}-{4:4}, at: deactivate_super+0xd6/0x100
[  734.754607][   T31]  #1: ffffffff8e9de628 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0
[  734.764211][   T31] 2 locks held by syz-executor/5848:
[  734.792465][   T31]  #0: ffff88807dd860e0 (&type->s_umount_key#52){++++}-{4:4}, at: deactivate_super+0xd6/0x100
[  734.831633][   T31]  #1: ffffffff8e9de628 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0
[  734.854101][   T31] 3 locks held by kworker/1:4/5940:
[  734.859322][   T31]  #0: ffff88801b880d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  734.888434][   T31]  #1: ffffc90004287d10 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  734.918129][   T31]  #2: ffffffff8e5d0278 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0
[  734.953598][   T31] 2 locks held by getty/12161:
[  734.958383][   T31]  #0: ffff88814c7f40a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  734.993570][   T31]  #1: ffffc9000374b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[  735.023233][   T31] 2 locks held by syz.4.1819/14640:
[  735.043186][   T31]  #0: ffffffff90408f90 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  735.051399][   T31]  #1: ffffffff8e9de628 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0xdd/0x1a40
[  735.097679][   T31] 2 locks held by syz-executor/15052:
[  735.117437][   T31]  #0: ffff88807c1ba0e0 (&type->s_umount_key#52){++++}-{4:4}, at: deactivate_super+0xd6/0x100
[  735.152018][   T31]  #1: ffffffff8e9de628 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0
[  735.172492][   T31] 2 locks held by syz-executor/17900:
[  735.177877][   T31]  #0: ffff888041bce0e0 (&type->s_umount_key#52){++++}-{4:4}, at: deactivate_super+0xd6/0x100
[  735.216975][   T31]  #1: ffffffff8e9de628 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0
[  735.247016][   T31] 2 locks held by syz-executor/19509:
[  735.266017][   T31]  #0: ffff888025a840e0 (&type->s_umount_key#52){++++}-{4:4}, at: deactivate_super+0xd6/0x100
[  735.291894][   T31]  #1: ffffffff8e9de628 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0
[  735.301495][   T31] 2 locks held by syz.5.2324/20141:
[  735.326874][   T31]  #0: ffffffff90408f90 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  735.361774][   T31]  #1: ffffffff8e9de628 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0xdd/0x1a40
[  735.395442][   T31] 3 locks held by syz-executor/20907:
[  735.400835][   T31]  #0: ffff888063cacdc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90
[  735.427802][   T31]  #1: ffff888063cac0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ae/0x11d0
[  735.461088][   T31]  #2: ffffffff905d6068 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x260
[  735.484833][   T31] 5 locks held by syz-executor/23205:
[  735.490229][   T31]  #0: ffff8880407b0dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90
[  735.520646][   T31]  #1: ffff8880407b00b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ae/0x11d0
[  735.554965][   T31]  #2: ffffffff905d6068 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x260
[  735.580416][   T31]  #3: ffff88805d9aa338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x730
[  735.608088][   T31]  #4: ffffffff8e5d0278 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0
[  735.631435][   T31] 2 locks held by syz.0.2559/24176:
[  735.660719][   T31]  #0: ffffffff9034e550 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0
[  735.680380][   T31]  #1: ffffffff903645a8 (rtnl_mutex){+.+.}-{4:4}, at: ops_undo_list+0x7e9/0xab0
[  735.689466][   T31] 3 locks held by syz.9.2563/24254:
[  735.718371][   T31]  #0: ffff88807b198dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90
[  735.755191][   T31]  #1: ffff88807b1980b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ae/0x11d0
[  735.779320][   T31]  #2: ffffffff905d6068 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x260
[  735.949551][   T31] 
[  735.951907][   T31] =============================================
[  735.951907][   T31] 
[  735.998344][   T31] NMI backtrace for cpu 1
[  735.998362][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  735.998381][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  735.998390][   T31] Call Trace:
[  735.998396][   T31]  <TASK>
[  735.998401][   T31]  dump_stack_lvl+0x116/0x1f0
[  735.998427][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  735.998442][   T31]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[  735.998462][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  735.998481][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  735.998500][   T31]  watchdog+0xf70/0x12c0
[  735.998524][   T31]  ? __pfx_watchdog+0x10/0x10
[  735.998542][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  735.998563][   T31]  ? __kthread_parkme+0x19e/0x250
[  735.998581][   T31]  ? __pfx_watchdog+0x10/0x10
[  735.998600][   T31]  kthread+0x3c2/0x780
[  735.998620][   T31]  ? __pfx_kthread+0x10/0x10
[  735.998640][   T31]  ? rcu_is_watching+0x12/0xc0
[  735.998656][   T31]  ? __pfx_kthread+0x10/0x10
[  735.998675][   T31]  ret_from_fork+0x5d7/0x6f0
[  735.998693][   T31]  ? __pfx_kthread+0x10/0x10
[  735.998713][   T31]  ret_from_fork_asm+0x1a/0x30
[  735.998736][   T31]  </TASK>
[  735.998750][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  736.123443][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  736.135226][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  736.145265][   T31] Call Trace:
[  736.148530][   T31]  <TASK>
[  736.151449][   T31]  dump_stack_lvl+0x3d/0x1f0
[  736.156035][   T31]  panic+0x71c/0x800
[  736.159921][   T31]  ? __pfx_panic+0x10/0x10
[  736.164327][   T31]  ? ret_from_fork_asm+0x1a/0x30
[  736.169252][   T31]  ? nmi_backtrace_stall_check+0x6e/0x540
[  736.174981][   T31]  ? irq_work_queue+0xce/0x100
[  736.179752][   T31]  ? watchdog+0xdda/0x12c0
[  736.184173][   T31]  ? watchdog+0xdcd/0x12c0
[  736.188600][   T31]  watchdog+0xdeb/0x12c0
[  736.192842][   T31]  ? __pfx_watchdog+0x10/0x10
[  736.197509][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  736.202699][   T31]  ? __kthread_parkme+0x19e/0x250
[  736.207710][   T31]  ? __pfx_watchdog+0x10/0x10
[  736.212374][   T31]  kthread+0x3c2/0x780
[  736.216434][   T31]  ? __pfx_kthread+0x10/0x10
[  736.221014][   T31]  ? rcu_is_watching+0x12/0xc0
[  736.225761][   T31]  ? __pfx_kthread+0x10/0x10
[  736.230340][   T31]  ret_from_fork+0x5d7/0x6f0
[  736.234920][   T31]  ? __pfx_kthread+0x10/0x10
[  736.239520][   T31]  ret_from_fork_asm+0x1a/0x30
[  736.244292][   T31]  </TASK>
[  736.247362][   T31] Kernel Offset: disabled
[  736.251679][   T31] Rebooting in 86400 seconds..