last executing test programs:

1m39.625145054s ago: executing program 1 (id=1262):
r0 = socket(0xa, 0x2, 0x0)
prctl$auto(0x3a, 0x1, 0x0, 0x2, 0x203)
openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f00000000c0)='/dev/audio1\x00', 0x100000a3d9)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(r2, 0x0, 0x1f42)
r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r3, &(0x7f00000000c0)={0x0, 0x7}, 0x3)
r4 = openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/cmdline\x00', 0x2000, 0x0)
read$auto_proc_pid_cmdline_ops_base(r4, &(0x7f0000000040)=""/159, 0x9f)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x3, 0x0, 0xfffffffffffffffc, 0x696b}, 0xed7138c}, 0x2, 0x9)
r5 = socket(0xa, 0x5, 0x84)
sendto$auto(r5, 0x0, 0x401, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c)
r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/sctp/assocs\x00', 0x0, 0x0)
read$auto_proc_reg_file_ops_compat_inode(r6, 0x0, 0xfffffe36)
read$auto_proc_reg_file_ops_compat_inode(r6, &(0x7f0000000040)=""/9, 0x9)
setsockopt$auto(r0, 0x29, 0x37, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
connect$auto(r0, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55)
sendmmsg$auto(0x3, 0x0, 0xee8c, 0x4)

1m39.492382808s ago: executing program 0 (id=1255):
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0)
write$auto(r0, 0x0, 0x7ef)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0)
socket(0xa, 0x1, 0x100)
ioperm$auto(0x7, 0x5ad2, 0xc)
modify_ldt$auto(0x1, 0x0, 0x10)
r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
pread64$auto(r1, 0x0, 0x7ff, 0x400)
socket(0x2, 0x1, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xa, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x20000003, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0)
r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0)
sendfile$auto(r4, r4, 0x0, 0x0)
mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
madvise$auto(0x0, 0x8, 0x16)
ioctl$auto_BLKTRACESETUP32(r3, 0xc0401273, 0x0)
madvise$auto(0x0, 0x200007, 0x19)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)

1m38.239203714s ago: executing program 1 (id=1256):
socket(0x2d, 0x2, 0x0)
socket(0x1e, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
io_uring_setup$auto(0x100, 0x0)
socket(0xa, 0x80803, 0x6)
socket(0x2b, 0x1, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/kvm/parameters/nx_huge_pages\x00', 0x42080, 0x0)
socket(0x10, 0x2, 0x14)
r0 = socket(0x11, 0x3, 0x9)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x5, 0x0)
memfd_create$auto(0x0, 0x2)
socket(0xa, 0x2, 0x0)
openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000000), 0x48001, 0x0)
r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x202002, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket(0x10, 0x2, 0x4)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0xc)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r0, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x8800)
write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef)

1m38.167061605s ago: executing program 0 (id=1258):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x1, 0x0)
setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @empty}, 0x51)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
write$auto(0x3, 0x0, 0x7fffffff)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
madvise$auto(0x0, 0x2003f0, 0x15)
write$auto(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
read$auto_uprobe_profile_ops_trace_uprobe(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x80000, 0x0)
prctl$auto(0x35, 0x8, 0x2, 0x4, 0x3)
getsockopt$auto(0x100000006, 0x1, 0x28, 0xfffffffffffffffc, 0x0)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0)
ioctl$auto_TCFLSH2(r0, 0x8924, 0x0)
mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x404, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
close_range$auto(0x0, 0x5, 0x0)
writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000040000fdef}, 0x1)

1m36.862711427s ago: executing program 0 (id=1269):
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/soft_watchdog\x00', 0x101201, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x4001, 0x0)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/pcm0p/sub0/hw_params\x00', 0x1c1282, 0x0)
read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000280)=""/65, 0x41)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0)
mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv6/neigh/ip_vti0/base_reachable_time_ms\x00', 0x202, 0x0)
openat$auto_proc_timens_offsets_operations_base(0xffffffffffffff9c, &(0x7f0000002440), 0x80c02, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'netdevsim0\x00'})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={0x0}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)
sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4089c}, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
readv$auto(0x3, &(0x7f0000003080)={0x0, 0x4}, 0x9)
r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000b80)='/proc/sys/kernel/kptr_restrict\x00', 0x202, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
read$auto(r3, 0x0, 0xb5)
write$auto(0x3, 0x0, 0xfdef)

1m36.836202332s ago: executing program 1 (id=1261):
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x96141, 0x0)
r0 = socket(0x1b, 0x3, 0x76)
madvise$auto(0x0, 0x2000040080000004, 0xe)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
write$auto(r1, &(0x7f0000000040)='//\xf2\x00', 0x80000000)
getsockopt$auto_SO_RCVPRIORITY(r0, 0x2, 0x52, 0x0, &(0x7f0000000240)=0x7)
openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r4 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000001c0), r0)
r5 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000600)=ANY=[@ANYRESDEC=r1, @ANYBLOB="7e5a999322dcea1636da6970e84c42ec96a38586d50cf6599cd838edc2ed879dcfba767c2db982d07ac41217bcb51a278077826b443ef2458acf7304b9c384064d2975b127daebd77fcfbb8ed1f0ca84d20140a29cd720a17966780620609bb7ffb64b5548ece51a3781c2c33617e11323b9ce2d2ea935cc9fbeac3c4c72d49914619d90ee87ed117339e5489fd4b8707ca316df05880aee58670a10eeeface64c86502e1b1253e0211ee098a37056a3f8c760792be34db788c685f079c6c33ef518", @ANYRESHEX=r4, @ANYRES64=0x0, @ANYRES8=r3, @ANYRES8=r0], 0x1ac}}, 0x24048871)
sendmsg$auto_NL802154_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000780)=ANY=[], 0xf5c}, 0x1, 0x0, 0x0, 0x4044055}, 0x20008811)
recvmmsg$auto(r5, 0x0, 0x10c, 0x8, 0x0)
readahead$auto(0xffffffffffffffff, 0xcc7f, 0x6)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_HWSIM_CMD_GET_RADIO(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24044845}, 0x10)
bpf$auto(0x7, &(0x7f0000000280)=@bpf_attr_7={@prog_id=0xffffffff, 0x8, 0x4, r2}, 0x90)
socket(0x10, 0x5, 0x4)

1m35.5147453s ago: executing program 0 (id=1263):
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
socket(0xa, 0x1, 0x84)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
bind$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
r0 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000180)='/proc/softirqs\x00', 0x400, 0x0)
kill$auto(0x0, 0x12)
preadv$auto(r0, &(0x7f0000009180)={&(0x7f0000008180), 0x7}, 0x26, 0x80, 0x5)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x26, 0x1, 0x0, 0x0, 0x0)
clone$auto(0x20003b46, 0x100000000000005, 0x0, 0x0, 0x2)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/input/event0\x00', 0x40000, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/mnt\x00')
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
mmap$auto(0xfffffffffffffffe, 0x200006, 0x6, 0x40eb1, 0x602, 0xcf05)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
madvise$auto(0x0, 0x20499d, 0x9)
mmap$auto(0x0, 0xffffffffffffffff, 0xffb, 0x8000000008011, r1, 0x8000)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0)
ioctl$auto(r1, 0x541d, 0xffffffffffffffff)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
madvise$auto(0x0, 0x2, 0x2)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)

1m33.905528282s ago: executing program 0 (id=1266):
mmap$auto(0x0, 0x400008, 0x200, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x8002, 0x2)
r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x40302, 0x0)
ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x5, 0x7fff, 0x6, 0x80020000009, 0x1, 0x800, 0x101, 0x5, 0x7f93, 0x6, 0x7ffffffd, 0x3, 0x7, 0x9})
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x5, 0x0)
open(0x0, 0x40842, 0x8)
openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0)
socket(0x10, 0x2, 0x0)
socket(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0)
ioctl$auto(r1, 0x64c6, 0x1e2)
close_range$auto(0x2, 0x8, 0x0)
close_range$auto(0x2, 0xa, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x400008, 0xe3, 0xbb72, 0x2, 0x8000)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
write$auto(0x3, 0x0, 0x100082)
r2 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0)
write$auto_proc_mem_operations_base(r2, &(0x7f0000001680)="a7", 0x80000)
madvise$auto(0x0, 0x20200, 0x15)

1m32.393014499s ago: executing program 0 (id=1270):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
madvise$auto(0xfff, 0x7, 0xab8)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
r1 = socket(0xb, 0x1, 0x0)
setsockopt$auto(0x3, 0x6, 0x100000000, 0xfffffffffffffffc, 0xa)
socket(0x2, 0x801, 0x100)
mmap$auto(0x1, 0x3, 0x3, 0x55, r0, 0x8001)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$auto_check_wx_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/tty/ptyd5/power/runtime_status\x00', 0x0, 0x0)
read$auto_check_wx_fops_(r2, &(0x7f0000000300)=""/228, 0xe4)
mlockall$auto(0x5)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$auto_KVM_GET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0x48f, 0x7, 0xe08}]})
syz_genetlink_get_family_id$auto_nlbl_mgmt(0x0, r1)
io_uring_setup$auto(0x8, 0x0)
unshare$auto(0x40000080)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
socket(0x1e, 0x80000, 0x304)
io_uring_setup$auto(0x6, 0x0)
openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff)
process_vm_writev$auto(0x0, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0)

1m31.602578259s ago: executing program 1 (id=1273):
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0)
write$auto(r0, 0x0, 0x7ef)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0)
socket(0xa, 0x1, 0x100)
ioperm$auto(0x7, 0x5ad2, 0xc)
modify_ldt$auto(0x1, 0x0, 0x10)
r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
pread64$auto(r1, 0x0, 0x7ff, 0x400)
socket(0x2, 0x1, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xa, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x20000003, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0)
r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0)
sendfile$auto(r4, r4, 0x0, 0x0)
mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
madvise$auto(0x0, 0x8, 0x16)
ioctl$auto_BLKTRACESETUP32(r3, 0xc0401273, 0x0)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
close_range$auto(0x2, 0x8, 0x0)

1m30.12193138s ago: executing program 1 (id=1275):
statmount$auto(0x0, &(0x7f0000000640)={0xa, 0x1, 0x1ff, 0x7, 0x1f, 0x394, 0x7, 0x7, 0x3, 0x9, 0x6, 0x3, 0x4, 0x1, 0xb4, 0x9, 0x8, 0x10003, 0x80, 0x4, 0x0, 0xa, 0x2, 0x200, 0x0, 0x3ff, 0x0, 0x1580, 0x0, 0x0, 0xfffffd66, [0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x80, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x9]}, 0x1fe, 0xd)
r0 = socket(0x1d, 0x3, 0x1)
fcntl$auto_F_GETOWNER_UIDS(r0, 0x11, 0xffffffffffffffff)
mmap$auto(0xf, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xd, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
socket(0x1e, 0x1, 0x8)
setsockopt$auto(0x3, 0x6, 0x100000000, 0xfffffffffffffffc, 0xa)
getpid()
mlockall$auto(0x1004)
rt_sigprocmask$auto(0x26, &(0x7f0000000040)={0x80000000}, &(0x7f0000000080)={0x9}, 0x8)
close_range$auto(0x2, 0x8, 0x0)
writev$auto(0xc8, &(0x7f00000028c0)={&(0x7f00000000c0)="6542084a1459f5", 0x200}, 0x9)
io_uring_setup$auto(0xffffff75, 0x0)
unshare$auto(0x40000080)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
socket(0x1e, 0x4, 0x300)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0xa)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00)

1m28.764365011s ago: executing program 1 (id=1277):
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
r0 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyw5\x00', 0x28341, 0x0)
ioctl$auto_TIOCMGET2(r1, 0x5415, 0x0)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, 0x0, 0x4000080)
mknod$auto(&(0x7f0000000080)=':,\x00', 0xcb, 0xfffffffa)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mknod$auto(&(0x7f0000000280)='X))\x00', 0x63c5, 0x7bf)
mknod$auto(&(0x7f0000000340)='\xe1\x9eHU\x00', 0x63c1, 0x7fc)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/devices/virtual/net/bond0/bonding/arp_validate\x00', 0x20042, 0x0)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x66ab80, 0x0)
r2 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000400), 0x101000, 0x0)
ioctl$auto_UI_SET_EVBIT(r2, 0x40045564, &(0x7f0000000440)=0x1)
unshare$auto(0x40000080)
close_range$auto(0x2, 0x8, 0x0)
bpf$auto(0x2, 0x0, 0xc)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
sendfile$auto(r3, r3, 0x0, 0x200)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x129800, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000b80)='/proc/sys/kernel/kptr_restrict\x00', 0x202, 0x0)

1m17.255695499s ago: executing program 32 (id=1270):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
madvise$auto(0xfff, 0x7, 0xab8)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
r1 = socket(0xb, 0x1, 0x0)
setsockopt$auto(0x3, 0x6, 0x100000000, 0xfffffffffffffffc, 0xa)
socket(0x2, 0x801, 0x100)
mmap$auto(0x1, 0x3, 0x3, 0x55, r0, 0x8001)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$auto_check_wx_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/tty/ptyd5/power/runtime_status\x00', 0x0, 0x0)
read$auto_check_wx_fops_(r2, &(0x7f0000000300)=""/228, 0xe4)
mlockall$auto(0x5)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$auto_KVM_GET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0x48f, 0x7, 0xe08}]})
syz_genetlink_get_family_id$auto_nlbl_mgmt(0x0, r1)
io_uring_setup$auto(0x8, 0x0)
unshare$auto(0x40000080)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
socket(0x1e, 0x80000, 0x304)
io_uring_setup$auto(0x6, 0x0)
openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff)
process_vm_writev$auto(0x0, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0)

1m13.625722836s ago: executing program 33 (id=1277):
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
r0 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyw5\x00', 0x28341, 0x0)
ioctl$auto_TIOCMGET2(r1, 0x5415, 0x0)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, 0x0, 0x4000080)
mknod$auto(&(0x7f0000000080)=':,\x00', 0xcb, 0xfffffffa)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mknod$auto(&(0x7f0000000280)='X))\x00', 0x63c5, 0x7bf)
mknod$auto(&(0x7f0000000340)='\xe1\x9eHU\x00', 0x63c1, 0x7fc)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/devices/virtual/net/bond0/bonding/arp_validate\x00', 0x20042, 0x0)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x66ab80, 0x0)
r2 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000400), 0x101000, 0x0)
ioctl$auto_UI_SET_EVBIT(r2, 0x40045564, &(0x7f0000000440)=0x1)
unshare$auto(0x40000080)
close_range$auto(0x2, 0x8, 0x0)
bpf$auto(0x2, 0x0, 0xc)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
sendfile$auto(r3, r3, 0x0, 0x200)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x129800, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000b80)='/proc/sys/kernel/kptr_restrict\x00', 0x202, 0x0)

1m12.437554811s ago: executing program 2 (id=1321):
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000)
close_range$auto(0x0, 0x5, 0x0)
socket(0x23, 0x80805, 0x0)
r0 = epoll_create$auto(0x3e)
epoll_ctl$auto(r0, 0x1, 0x8000000000000000, 0x0)
socket(0x2, 0x80002, 0x73)
r1 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/lu_gp_id\x00', 0x189002, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000880)=<r2=>0x0)
getsockname$auto(r1, &(0x7f00000008c0)=@nfc={0x27, r2, 0x0, 0x3}, &(0x7f0000000900)=0x7)
r3 = socketpair$auto(0xfffffffd, 0x5, 0x9, 0x0)
mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r4, 0x0, 0x20)
r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3)
set_mempolicy$auto(0x5, &(0x7f0000000000)=0x9, 0x21)
mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read$auto(r1, 0x0, 0x24)
write$auto(0x3, 0x0, 0x81)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f0000000040), r3)
mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000)
mlockall$auto(0x7)
migrate_pages$auto(0x0, 0x3, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2)

1m11.72129586s ago: executing program 2 (id=1323):
socket(0x5, 0x3, 0x8)
socket(0x22, 0x1, 0x80000000)
sendfile$auto(0x1, 0x3, 0x0, 0x74c)
unshare$auto(0x40000080)
read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffffff, &(0x7f0000000340)=""/179, 0xb3)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
socket(0xa, 0x2, 0x88)
socket(0x11, 0x3, 0x9)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, 0x0, 0x180b01, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
syz_clone(0x100000, 0x0, 0x0, 0x0, 0x0, 0x0)
select$auto(0x1d8cd6be, &(0x7f0000000040)={[0xa4, 0x0, 0xe7b, 0x5, 0x6, 0x6, 0xfffffffeffffffff, 0x36, 0x0, 0x7, 0x4, 0x2aff, 0x4000000000000, 0x4, 0x1, 0x6]}, &(0x7f0000000140)={[0x0, 0x6, 0xe, 0xfffc000000000000, 0x4a69, 0x6, 0x10000, 0x7ff, 0x7f, 0x2, 0x0, 0x3ff, 0x5, 0x3, 0xffffffffffffffff, 0x7]}, 0x0, &(0x7f0000000240)={0x4, 0x7})
mprotect$auto(0x0, 0x8000000000000001, 0x6)
mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/devices/platform/dummy_hcd.7/usb8/8-0:1.0/bInterfaceNumber\x00', 0xa000, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000001100)=""/4088, 0xff8)
mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/stat/rt_cache\x00', 0x20000, 0x0)
timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x4, 0x4}, {0x0, 0x83}}, 0x0)
timer_delete$auto(0x0)

1m10.194231219s ago: executing program 2 (id=1324):
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x3, 0x0)
unshare$auto(0x40000080)
socket(0x10, 0x2, 0xc)
syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff)
socket(0x10, 0x2, 0x0)
bpf$auto(0x0, 0x0, 0x10)
mmap$auto(0x0, 0xfff, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r0, 0x0, 0x20)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_proc_pid_set_comm_operations_base(0xffffffffffffff9c, 0x0, 0x10500, 0x0)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/stat/rt_cache\x00', 0x20000, 0x0)
mmap$auto(0x0, 0x20009, 0x386, 0xeb1, 0x401, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x3, 0x73)
getsockopt$auto(0x6, 0x40000000029, 0x49, 0x0, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x8000, 0x0)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
clone$auto(0x0, 0x4, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9)
write$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x4, 0x3, 0xeb1, 0x401, 0x8000)

1m8.76374649s ago: executing program 2 (id=1327):
r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
recvmmsg$auto(0x3, 0x0, 0xfffd, 0x8000, 0x0)
sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000)
sched_get_priority_min$auto(0x40)
openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, 0x0, 0x981e82, 0x0)
socket(0x6, 0x2, 0x80000000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x5f}, 0x1, 0x0, 0x0, 0x400c810}, 0x8800)
sendmmsg$auto(0x3, 0x0, 0x2, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
close_range$auto(0x2, 0x8, 0x0)
bpf$auto(0x0, &(0x7f0000000340)=@bpf_attr_5={@target_fd=0x5, 0x7f, 0x9c, 0x7b2, 0x1, @relative_id=0xfa, 0x80}, 0x96)
r1 = openat$auto_ftrace_avail_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/available_events\x00', 0x0, 0x0)
preadv$auto(r1, &(0x7f0000000100)={&(0x7f00000001c0), 0x82}, 0x8, 0x6, 0x5)
r2 = getpgid$auto(0x0)
getpriority$auto_PRIO_PGRP(0x1, r2)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000b00), 0xffffffffffffffff)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000080)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x488cc}, 0x0)
r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
write$auto_console_fops_tty_io(r3, &(0x7f0000000440)="671d2647dd69b6440843b6e6688a2b5ad9df2669e6f9cd2365", 0x19)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x18, 0x0)
bpf$auto(0x7f, 0x0, 0x171)

1m8.009977179s ago: executing program 2 (id=1329):
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
r0 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyw5\x00', 0x28341, 0x0)
ioctl$auto_TIOCMGET2(r1, 0x5415, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, 0x0, 0x4000080)
openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0)
mknod$auto(&(0x7f0000000080)=':,\x00', 0xcb, 0xfffffffa)
mknod$auto(&(0x7f0000000280)='X))\x00', 0x63c5, 0x7bf)
mknod$auto(&(0x7f0000000340)='\xe1\x9eHU\x00', 0x63c1, 0x7fc)
sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(r0, 0x0, 0x48000)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/devices/virtual/net/bond0/bonding/arp_validate\x00', 0x20042, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000280), 0xffffffffffffffff)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x66ab80, 0x0)
r2 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000400), 0x101000, 0x0)
ioctl$auto_UI_SET_EVBIT(r2, 0x40045564, &(0x7f0000000440)=0x1)
unshare$auto(0x40000080)
close_range$auto(0x2, 0x8, 0x0)
bpf$auto(0x2, 0x0, 0xc)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82942, 0x0)
sendfile$auto(r3, r3, 0x0, 0x200)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dri/renderD128\x00', 0x0, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000b80)='/proc/sys/kernel/kptr_restrict\x00', 0x202, 0x0)

1m6.879834332s ago: executing program 2 (id=1332):
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x169780, 0x0)
ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x4c00, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = syz_clone3(&(0x7f0000000080)={0x11, 0x0, 0x0, 0x0, {0x11}, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0}}, 0x58)
waitid$auto_P_PGID(0x2, r1, &(0x7f00000001c0)={@_si_pad}, 0x6, &(0x7f0000000240)={{0x21, 0x7}, {0x1, 0x1}, 0x3ff, 0x6, 0x80000001, 0xffffffffffff7fff, 0xa, 0xcfc, 0x8, 0x1959, 0x6, 0x8, 0xccc, 0x0, 0x7, 0x6})
writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r2 = socket(0x2b, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a)
sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x7, 0xb}, 0x800009}, 0x5, 0x20000000)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
write$auto(r2, 0x0, 0xfffffde9)
recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
r3 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x100, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x2, 0x2)
getsockopt$auto_SO_KEEPALIVE(r2, 0x8, 0x9, &(0x7f0000000000)='/dev/usbmon2\x00', &(0x7f0000000180)=0x9)
r4 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000080)='/dev/usbmon2\x00', 0x40080, 0x0)
listen$auto(r3, 0x5)
ioctl$auto_MON_IOCQ_URB_LEN(r4, 0x9201, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0xb0141, 0x0)
socket(0x1f, 0x800, 0xffffff01)
ioctl$auto(0xffffffffffffffff, 0xc0285629, 0xffffffffffffffff)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x6482, 0x0)
unshare$auto(0x40000080)

51.631220771s ago: executing program 34 (id=1332):
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x169780, 0x0)
ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x4c00, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = syz_clone3(&(0x7f0000000080)={0x11, 0x0, 0x0, 0x0, {0x11}, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0}}, 0x58)
waitid$auto_P_PGID(0x2, r1, &(0x7f00000001c0)={@_si_pad}, 0x6, &(0x7f0000000240)={{0x21, 0x7}, {0x1, 0x1}, 0x3ff, 0x6, 0x80000001, 0xffffffffffff7fff, 0xa, 0xcfc, 0x8, 0x1959, 0x6, 0x8, 0xccc, 0x0, 0x7, 0x6})
writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r2 = socket(0x2b, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a)
sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x7, 0xb}, 0x800009}, 0x5, 0x20000000)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
write$auto(r2, 0x0, 0xfffffde9)
recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
r3 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x100, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x2, 0x2)
getsockopt$auto_SO_KEEPALIVE(r2, 0x8, 0x9, &(0x7f0000000000)='/dev/usbmon2\x00', &(0x7f0000000180)=0x9)
r4 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000080)='/dev/usbmon2\x00', 0x40080, 0x0)
listen$auto(r3, 0x5)
ioctl$auto_MON_IOCQ_URB_LEN(r4, 0x9201, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0xb0141, 0x0)
socket(0x1f, 0x800, 0xffffff01)
ioctl$auto(0xffffffffffffffff, 0xc0285629, 0xffffffffffffffff)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x6482, 0x0)
unshare$auto(0x40000080)

27.885765372s ago: executing program 5 (id=1441):
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/net/rpc/nfs4.nametoid/channel\x00', 0x8f3b7a51b8162d21, 0x0)
write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000040)="5cedd9d1027e0dc0023af10e9bfa1babfa3a3753ca9aee370a", 0x19)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
ioctl$auto(r1, 0x402c542d, 0x38)
getpid()
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0)
write$auto(r2, 0x0, 0x100000a3d9)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$auto(0x10, r3, 0x4, 0x7ff)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
socket(0xa, 0x2, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
close_range$auto(0x2, 0x8, 0x0)

26.788021716s ago: executing program 5 (id=1444):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/bus/usb/023/001\x00', 0x201, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x13, 0xffffffffffffffff, 0xfffffffffffff9e2)
socket(0xa, 0x1, 0x100)
ioperm$auto(0x7, 0x5ad2, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0x2000040080000004, 0xe)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48090}, 0x0)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3)
modify_ldt$auto(0x3, 0x0, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0)
r0 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001480), r1)
pread64$auto(r0, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x400)
openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0)

26.203580754s ago: executing program 5 (id=1448):
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x40040, 0x0)
ioctl$auto_PPPIOCSNPMODE(r0, 0x4008744b, &(0x7f00000000c0)={0xf, 0x2})
mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000)
socket(0xa, 0x801, 0x84)
fcntl$auto(0xffffffffffffffff, 0x7, 0xa553)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
ioperm$auto(0x7, 0x5ad2, 0x8)
modify_ldt$auto(0xc, 0x0, 0x100000000)
setsockopt$auto(0xffffffffffffffff, 0x2b, 0x43b696d3, 0x0, 0x56b)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyd1\x00', 0x40, 0x0)
mmap$auto(0xffffffff, 0x20009, 0x5, 0xeb1, 0x405, 0x8000)
openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6)
process_mrelease$auto(0xffffffffffffffff, 0xa)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
mincore$auto(0x1000, 0x8001, 0x0)
fcntl$auto(0x8000000000000001, 0x7, 0x8)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
fcntl$auto(0x8000000000000001, 0x26, 0x8)
mincore$auto(0x7, 0xc, &(0x7f0000000000)='/dev/ptyd1\x00')
close_range$auto(0x2, 0x8, 0x0)

24.492549808s ago: executing program 5 (id=1453):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x13, 0x202000a, 0x8000000000000003, 0x4000000019, r0, 0xffffffffffffffff)
syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff)
mmap$auto(0x2, 0xaa06, 0xdf, 0xeb1, 0xffffffffffffffff, 0x2)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r1, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
close_range$auto(r1, 0x8, 0x0)
ioctl$auto_dma_heap_fops_dma_heap(0xffffffffffffffff, 0xffffffffffdffe00, &(0x7f0000000140))
openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f0000000040), 0x18000, 0x0)
openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0x42c883, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0)
setresuid$auto(0x2, 0x7, 0x8080)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x1, 0x0)
setsockopt$auto(0x3, 0x6, 0x15, 0x0, 0xfb3)
ioprio_get$auto(0x3, 0x2)

22.69850505s ago: executing program 5 (id=1458):
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty53\x00', 0x200, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0)
select$auto(0x7, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x2, 0x3, 0x95f4da0a, 0xefffffffffffffff, 0x3, 0x62, 0x80000001, 0x10000000000004, 0x6d40, 0x1, 0x2, 0xfffffffffffffffe]}, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2b, 0x1, 0x1)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
socket(0xa, 0x5, 0x94)
mmap$auto(0xf87f, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, &(0x7f0000000040)={0x6, 0x0})
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x4)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
r1 = socket(0x2, 0x1, 0x84)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
setsockopt$auto(r1, 0x10000000084, 0x19, 0x0, 0x8)
pipe2$auto(&(0x7f0000000000)=r1, 0x3ff)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)

21.344445416s ago: executing program 5 (id=1461):
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x3, 0x0)
unshare$auto(0x40000080)
socket(0x10, 0x2, 0xc)
syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff)
socket(0x10, 0x2, 0x0)
bpf$auto(0x0, 0x0, 0x10)
mmap$auto(0x0, 0xfff, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r0, 0x0, 0x20)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_proc_pid_set_comm_operations_base(0xffffffffffffff9c, 0x0, 0x10500, 0x0)
mmap$auto(0x0, 0x20009, 0x386, 0xeb1, 0x401, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x3, 0x73)
io_uring_setup$auto(0x6, 0x0)
getsockopt$auto(0x6, 0x40000000029, 0x49, 0x0, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x8000, 0x0)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
clone$auto(0x0, 0x4, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9)
write$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x4, 0x3, 0xeb1, 0x401, 0x8000)

9.082069625s ago: executing program 6 (id=1481):
prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x6)
syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff)
socket(0x10, 0x4, 0xffffffc0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x120e2, 0x0)
write$auto(r1, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$auto_CTRL_CMD_GETPOLICY(r2, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x28, r3, 0x301, 0x4070bd25, 0x25dfdbff, {}, [@CTRL_ATTR_FAMILY_NAME={0xc, 0x2, 'nl80211\x00'}, @CTRL_ATTR_OP={0x8, 0xa, 0x1ef}]}, 0x28}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040810)
write$auto(r1, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff)
madvise$auto(0x0, 0xffffffffffff0004, 0x1a)
setgroups$auto(0xe32, 0x0)
madvise$auto(0x0, 0x200007, 0x19)
r4 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
read$auto_proc_pid_maps_operations_internal(r4, &(0x7f00000010c0)=""/4082, 0xff2)
setgroups$auto(0x1e9, &(0x7f0000000180)=0x400000)
madvise$auto(0x8, 0xc89, 0xffffff33)

8.913051357s ago: executing program 4 (id=1482):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff)
r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/perf_event_max_contexts_per_stack\x00', 0x202, 0x0)
sendfile$auto(r2, r2, 0x0, 0x7fffe000)
sendmsg$auto_NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x14, r1, 0xb3eaee9e9ed11725, 0x70bd29, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x41000}, 0x64810)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400)
socket(0xa, 0x1, 0x100)
r3 = socket(0x11, 0x3, 0x9)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48})
sendmmsg$auto(r3, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200)="4c0c5833b1dcfffe80a3677337f9eca9075f6bba831b", 0x49}, 0x5, &(0x7f0000000180), 0x5, 0xe}, 0x5}, 0x2, 0x100)
setresuid$auto(0x0, 0x7, 0x8080)
setfsuid$auto(0x0)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/nr7/queues/tx-0/tx_maxrate\x00', 0xa002, 0x0)
write$auto(r4, &(0x7f0000000200)='\x01\x00^\xa2\x02\x00\x00\x00\x00\x00\xd8l\x00\x00\x00\x00\x00\x00\xb2s\x83\xbd\xc5_%\xc1\xa3\xd0\x95Hq\xf4zG\x01[{\x17\x05I\xe0\xb1d)\x04z8L\xe6&[\xa9X6\x7f\xec\x94\xdal\xa1\xbb\x86\x9c\xc2\xef\x02\r9%\x06\xc5\'b%m_\x96A\"\xdd\xe40\xa7\xc3\x9ah\xf3B\xc2\xec\xf8\r\f[\xe5\x9dK\xe1\x99\x86\xfc\xac\x9f\x8ad{\xe9\xa5e\x9a\x80\xa7\xc4\x90\x0f\xef@\x87\x8b\xed\x81\\\xf4\xde3\xe12PY\xdb\x10?', 0x3)
modify_ldt$auto(0x1, 0x0, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0)
syz_genetlink_get_family_id$auto_wireguard(0x0, 0xffffffffffffffff)
sendmsg$auto_WG_CMD_SET_DEVICE(0xffffffffffffffff, 0x0, 0x80)
ioctl$auto_USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522, 0x0)
socket(0x1e, 0x1, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0)
syz_clone(0x141000, &(0x7f00000000c0)="11f23ceb841ae19820b7c42fac9f3b40f30753e35eb0f02500d85d1d14411a8cb322b80aefa046b843a3ac6cef4be37068faeb0c2130c97dffc1f94f20af5e358d5757401bc56f7c641b7ab999f5d4fab56bcf183e163a9679e39747fb4e127cb82e4cdd92aa5ba311ccedbec18ff746b8e64013efb7b01cc67dbdc34da0c72567b6942ccba6863f542b53098bd3cb58c56ad29daaff72caa09ad875f9bfbb9f9ae8364d514fee", 0xa7, &(0x7f0000000000), &(0x7f0000000200), &(0x7f0000000340)="f0dac5a878a6a5ecf68e016231481815549b66e6bd8fc1991bb7ddfb0c32e04beaf771b9cdd3886da47a831c001fe75e036b6f27bd9385b0b9f0c2660bc769c76e951ef3aae1ac494cd38a1a9ce87f51dbe18234a10197463eabaafe6701c0bf31ed8f7029da7d3379c0e1bc9058d30d4c81f6cd591e8d6db1e97dfe63cafe88d46c74793e2d3ffea6e6a9743a9c7dd161c6c5f7c250bd494c871474eb6ea0056c11c12374")
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)

7.935164701s ago: executing program 4 (id=1484):
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0)
r0 = socket(0xa, 0x1, 0x100)
getsockopt$auto_SO_RCVPRIORITY(r0, 0x2, 0x52, 0x0, &(0x7f0000000240)=0x7)
open_by_handle_at$auto(0xffffff9c, 0xffffffffffffffff, 0x9658)
socket(0x1e, 0x1, 0x5)
openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
process_mrelease$auto(0xffffffffffffffff, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r2 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
acct$auto(0x0)
close_range$auto(0x2, 0x8, 0x0)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$auto_CEC_RECEIVE(r2, 0xc0386106, &(0x7f0000000080)={0x2, 0x8, 0x1, 0x4f1330bf, 0x9, 0xffffff00, "b3b2551984016910823df347c47bd20e", 0x9, 0x6, 0x2, 0x5, 0x2, 0x6, 0x3})
ioctl$auto(0x3, 0xae41, r3)
ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0x400000ff, 0x400, 0x9}]})
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0x200007, 0x19)

6.813809508s ago: executing program 6 (id=1486):
socket(0x2, 0x3, 0x100)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
socket(0xa, 0x1, 0x100)
openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x101100, 0x0)
openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000200)='/dev/midi2\x00', 0x1, 0x0)
openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/015/001\x00', 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:1b/power/control\x00', 0xc8a22, 0x0)
open(0x0, 0x261c2, 0x84)
socket(0x2, 0x1, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x40000, 0x19a)
socketpair$auto(0xffffffff, 0x3, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0)
ioctl$auto_CEC_S_MODE(r0, 0x40046109, &(0x7f0000002c40)=0xd0)
ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000040)={"a2e88999", 0x7fff, 0x0, 0x2, 0x9, 0x10000, "7207661b123ebfab150d5b41ec06a2", "daa98e20", "930a0c1a", "310f5514", ["f1448f541c30b99a96561625", "229d96ef5eac0e1bdb7b7eda", "105d6dc99314e86c9f351da7", "77ea06a4b734ff1c8eb66fe0"]})
open(0x0, 0x64842, 0x0)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000011c0)='/dev/ptyq3\x00', 0x40001, 0x0)
ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0)
ioctl$auto(0x3, 0x5411, 0x10000000000402)
close_range$auto(0x2, 0x8, 0x0)

6.562665119s ago: executing program 3 (id=1487):
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/net/rpc/nfs4.nametoid/channel\x00', 0x8f3b7a51b8162d21, 0x0)
write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000040)="5cedd9d1027e0dc0023af10e9bfa1babfa3a3753ca9aee370a", 0x19)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
ioctl$auto(r1, 0x402c542d, 0x38)
getpid()
mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0)
write$auto(r2, 0x0, 0x100000a3d9)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$auto(0x10, r3, 0x4, 0x7ff)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
socket(0xa, 0x2, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
close_range$auto(0x2, 0x8, 0x0)

6.500152729s ago: executing program 6 (id=1488):
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
preadv2$auto(r0, 0x0, 0x6, 0xffffffffffffffff, 0x4, 0x2e)
ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
r1 = socket(0x1e, 0x6, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/midi2\x00', 0x80102, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r2, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccW\x1c\x94t\x98\xc6\xd7\x9dh\xdf\x91\xd9\x1ew\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5,\xcc\xfa`\xfa\x90\xf0C\xdc\xbebBW\x8a\x95\xf4\x14\xc7\x90V\xe7a\xfb*\xcc6\xba\x9ef\x19R\xff\xd2\xd8\x98\xa8\x17\xcb\x84\xe8\xfb\x00`\xc2\xce~U\xca\\\xc1\xb7\xf1\n\xb9\xbfk\x1e\xdb\xed\x81{\x1f\x18j\x16\rk\x0eO\xe3\xa78&Z\x9e\xbf\x84\xd6\x1f\xe8\x88\x1f\xbc\x1eT\xa6{9hb\xbc\x1a\\\xb3\x846&\x1a\xbb\x9c:e\x9c\x18\x11\xf0\x8eQ\xd8\x8a3^?\x13\x00\xcbx\xb2\x18e\x95$\x9d\x804', 0x100000a3d9)
sendmsg$auto_HSR_C_GET_NODE_STATUS(r1, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0x1c, 0x0, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@HSR_A_IF2_AGE={0x8, 0x4, 0xb2c7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000)
mmap$auto(0x0, 0x2020009, 0x8000000007, 0x11, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000080))
getdents$auto(r3, 0x0, 0xfff)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/loop15/queue/discard_granularity\x00', 0x8000, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'})
r5 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NFSD_CMD_THREADS_SET(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000)
write$auto(r5, &(0x7f0000000000)='-\x00', 0x2fb)
unshare$auto(0x40000080)
madvise$auto(0x0, 0xffffffffffff0009, 0x13)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
socket$nl_generic(0x10, 0x3, 0x10)

6.196786025s ago: executing program 35 (id=1461):
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x3, 0x0)
unshare$auto(0x40000080)
socket(0x10, 0x2, 0xc)
syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff)
socket(0x10, 0x2, 0x0)
bpf$auto(0x0, 0x0, 0x10)
mmap$auto(0x0, 0xfff, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r0, 0x0, 0x20)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_proc_pid_set_comm_operations_base(0xffffffffffffff9c, 0x0, 0x10500, 0x0)
mmap$auto(0x0, 0x20009, 0x386, 0xeb1, 0x401, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x3, 0x73)
io_uring_setup$auto(0x6, 0x0)
getsockopt$auto(0x6, 0x40000000029, 0x49, 0x0, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x8000, 0x0)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
clone$auto(0x0, 0x4, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9)
write$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x4, 0x3, 0xeb1, 0x401, 0x8000)

5.223110718s ago: executing program 3 (id=1490):
socket(0x5, 0x3, 0x8)
socket(0x22, 0x1, 0x80000000)
sendfile$auto(0x1, 0x3, 0x0, 0x74c)
unshare$auto(0x40000080)
read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffffff, &(0x7f0000000340)=""/179, 0xb3)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
socket(0xa, 0x2, 0x88)
socket(0x11, 0x3, 0x9)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
syz_clone(0x100000, 0x0, 0x0, 0x0, 0x0, 0x0)
select$auto(0x1d8cd6be, &(0x7f0000000040)={[0xa4, 0x0, 0xe7b, 0x5, 0x6, 0x6, 0xfffffffeffffffff, 0x36, 0x0, 0x7, 0x4, 0x2aff, 0x4000000000000, 0x4, 0x1, 0x6]}, &(0x7f0000000140)={[0x0, 0x6, 0xe, 0xfffc000000000000, 0x4a69, 0x6, 0x10000, 0x7ff, 0x7f, 0x2, 0x0, 0x3ff, 0x5, 0x3, 0xffffffffffffffff, 0x7]}, 0x0, &(0x7f0000000240)={0x4, 0x7})
mprotect$auto(0x0, 0x8000000000000001, 0x6)
bind$auto(0xffffffffffffffff, 0x0, 0x0)
mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/devices/platform/dummy_hcd.7/usb8/8-0:1.0/bInterfaceNumber\x00', 0xa000, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000001100)=""/4088, 0xff8)
mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/stat/rt_cache\x00', 0x20000, 0x0)
timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x4, 0x4}, {0x0, 0x83}}, 0x0)
timer_delete$auto(0x0)

5.174654368s ago: executing program 4 (id=1491):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/bus/usb/023/001\x00', 0x201, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x13, 0xffffffffffffffff, 0xfffffffffffff9e2)
socket(0xa, 0x1, 0x100)
ioperm$auto(0x7, 0x5ad2, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0x2000040080000004, 0xe)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48090}, 0x0)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3)
modify_ldt$auto(0x3, 0x0, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0)
r0 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001480), r1)
pread64$auto(r0, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x400)
openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0)

4.962156597s ago: executing program 6 (id=1492):
mmap$auto(0x0, 0x20009, 0x3, 0x18, 0x401, 0x8000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={0x20, r1, 0x1, 0x72bd22, 0x25dbdbff, {}, [@HWSIM_ATTR_PERM_ADDR={0xb, 0x16, "db38c0b06d9a02"}]}, 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x4004040)
r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
ioctl$auto_SNDRV_PCM_IOCTL_CHANNEL_INFO(0xffffffffffffffff, 0x80184132, &(0x7f0000000040)={0xa, 0x4ccc0000000, 0x3, 0x9})
sendmsg$auto(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x5, 0x4}, 0x0)
r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x68100, 0x0)
ioctl$auto(r3, 0x545c, 0xffffffffffffffff)
socket(0x2, 0x2, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0)
setsockopt$auto(0x3, 0x0, 0x17, 0x0, 0x28)
sysfs$auto(0x2, 0xe, 0x0)
lsm_list_modules$auto(0x0, 0x0, 0x0)
getcwd$auto(0x0, 0xffffffffffffffff)
r4 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0)
ioctl$auto_dvb_demux_fops_dmxdev(r4, 0x40146f2c, 0x0)
fallocate$auto(r3, 0x400, 0x100, 0x8)
r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon3\x00', 0x100, 0x0)
sendfile$auto(r2, r5, 0x0, 0x1000200)
sysfs$auto(0x2, 0x1, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84)
mount$auto(&(0x7f0000000000), &(0x7f0000000380)='./file0\x00', 0x0, 0x9f1e, 0x0)
semctl$auto_SETALL(0x0, 0x2, 0x11, 0x4)

4.246792561s ago: executing program 4 (id=1493):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
r0 = socket(0x10, 0x2, 0xc)
close_range$auto(0x2, 0x8, 0x0)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
fanotify_init$auto(0x65, 0x2)
pipe$auto(0x0)
prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0)
r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x801, 0x0)
write$auto_seq_oss_f_ops_seq_oss(r1, &(0x7f0000000740)="9729facfa507ec17e671250eb63e3b4643a15185858e1926aa9714b851b846a2d1da2df5da43982b9c23e01b488f3d0386c1568864c51e67d549333f7ded20c817a63fa0b76c502e681f3f188908bb69fd2c6abc82dab8d5178580fe430e8d4dcf164474f52dbaad3cb0e4fab7251eb597f32712537ebd3600958999b1c9be17381a7fc6eeb7d5779292b8e45150cd8b018fab763375f09bd15d7bf98c412c69aca4d718757df266a686e4f8a8cf507f21f3e04c1148782a81d6359d68bc3150edc538a69a39e4c1c845830fbc403ffe8c0de34c1421714031b288b89b957b6de556d901223a12f387ad34342a1f95d7684987834076c5e0454adab11d515d8908c593dcb1e6e3417d7e3fb7ed3276507c475a60572ea0d7bb1bb5b2681eca89e2616a601d3b784a845c1fdb366625fd76e2c9262fe5043e0005dda4e22a9892c006b336567a2205b843a2ce65ff64536d1a3fc808308214db380bd615fd1da1e10a35bf410c1bcb7ee2dd94a512240a60b3da7cc5d35504c5bf8dcb2470818607e8bcee7c35c78635a6353227dd64d5fae70e4561c6cb165737b8975c5d59f31676b1bebf68f60faee32521e6edd97b508619b35980744e60f0060171a260604207bb8c22509fdd296fe87f13cbc4f0d52e425b0e9bd9beac5d4bc50445d0ed450f328988e43a2c6fd1c9788209bd55b96b636c53a5552fcf15d9357a57b844781af7fb0c67e4074746bb95bf051899c18d38538d937c23d1c519e0da3e8f3947702ca81ac3b69767b53915e0683bf181ad3edf72be1689bd675659c7c8f1a9c9d5b61642d71d2387e25e358fa65250f60a6789c50275b4c93b50a86123e0fb7d67e9e4d0f44869860046c21551436142338fba4d5a32c663939a2f4decb5f6e58da8b5bf5efef228a6dbd55a627307485d7020b49b9c9cd069e5b22048a57c7c3987c6b2b1f53435974f41a018c7561f80333499783d0e952ee1682f733aa89195fb0fe1132eb00645ebbd279058f853691a0f0ae0869f72b3099949d2e3fc0b54f43112e3136b5164429d16d2d0d27df08565ff797f0b8aeacb56b9af00f865b9e7726afa9084d8e9460cfbb6b30d8104cad7da375867", 0x318)
dup2$auto(0x5, 0x4)
splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9)
write$auto(0x6, 0x0, 0x100000001)
sysfs$auto(0x2, 0x2e, 0x0)
setsockopt$auto(0x3, 0x1, 0x2a, 0x0, 0x9)
recvfrom$auto(0x3, 0x0, 0x80000000002, 0x6, 0x0, 0x0)
r2 = openat$auto_userio_fops_userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
read$auto_userio_fops_userio(r2, 0x0, 0x0)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80)
openat$auto_proc_mountstats_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000), 0x208080, 0x0)
close_range$auto(0x2, 0x8, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
syz_clone(0x68000000, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise$auto(0x0, 0x4, 0x1)
madvise$auto(0x0, 0x2003ec, 0x14)

3.944109851s ago: executing program 6 (id=1494):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = open(0x0, 0xd02, 0xc3)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000)
mbind$auto(0x0, 0x800605, 0x8003, &(0x7f0000000100)=0xffff, 0x3, 0x3)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
socket(0x2, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_START_AP(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x660, 0x0, 0x20, 0x70bd27, 0x25dfdbff, {}, [@NL80211_ATTR_FRAME={0x639, 0x33, "afa6e0335f4a2c0c9b03ed037529ed1f8c19df0534c0c618363857d371dfe3575f074ed09281c32a0f2392027bee6d0506bdc9f52f16c9cddce2ee2bf411b5c37071c69297cbc252870e10ae089076ebd6ce5e42336573f7457224fb6e4d5cbc4b2847351ae8b9723b261b5876aa693b1f99786a8aff10d220aadda3c7f68a53903dbf2891b524fb9d9f1935f6873af22229e32a71276fac61cfbb99a0e9896735a111f46a73d9141b874444d253c3bcc98c2eddc451cb222af5ff8bdf0222e89524e44e1550d57f65061818b2e64ed23cbadd4cd35c4e675a6c76c93487649d5e120e876eef7d33bda62ec8ff4194ac957e81ef9aea0f96d44b4d7d28d0a90f3f3f1ab2302188a33eba4baeb8a36328ff04c2f77de5f5c1a202b358ced0d7ea41158c3745dc867e377ecadeccfcd5b8b519bef4dabe08dc5d923fb1a0bcfb63eb4c8e2143c4d2132e5e9c82712afab78723dc43d092eeb8a1bf619dd7d7c27b9785b953d4506d0d5207f3e8b76284b7749045ca2b5f062013c53f35be3e4489a1b8e3232314c86fbe18a58751f0b58219c53c1907daa47745badd8947431a66134913519262c65969aae0a78e040810ad130354b65c729754e9af226114904d39c5b24eaf02702067fdae7ae01c7fb58aa834b3d815caabb1761ba0d83cf8d53502a268b63fc3501fb67ded5c1b1482367ee4f5214303dc652abe046ce1abf20a3f49e1036026d77c132d332e98878ea17bd994e882becd6fc52d9fd91260ef25c204390f2c88c9e8cccd2d3f51bb9a93f0765f02dd8422bd3715b1205811f72ef91397fd5ab58f60cd10542ef3fa257e6cb0c311287b1af50dac0fb5614eaa5e67563c8efd9e89bb8fc2d7c6c4f64e95768bed149a69a345aadb64c89bb9e4bec361d74bef891543a5c8ba242c434b476bad123aece2a552ad43999907b425f4df57d3e4ca2c2b865568e619be2ef134718b47b6055a0bcc8ea64ff4ebc05339f5481e3c6fceadbd6f4126ccca4fb0e6b2303c4ec0d591cb45a076706a700ff34ad1c569fd11674bcbab1228132f1bfe192d138f25ec2520da501ed6e583492447734f69fa581e64a96f90582f9d757e391c0d33ce8250cc7c9e0d3651801cb285c9eee5bd0224d388dddf8527e49ca9030fd7955e93e3365f9602b4a4ef1aaca177e44e7f1142c8ec0015f2b505a775afe9ae820df18adaad4b3924d8033965991fe1e59acbbad440bc64b3198a4eae215fd32283be418b6ee791a89eaf386422aed1ca9a18a0220f88a7609d536ffd7db73c9654cbe7a7835668771f8f2f98d58cf1d60cff1004ee2fb4c394bf3b48d0232866d382ceeae8f340bddb3ac677edc560982312ac13bf765db179a235e47ec0747d428fe273fda500641154f168cad55351172f93a970ccf26626ec89d52f64d89f0d7456212854f35542794264126abf75567f56cf0081de22def6305d279b2aabdb91ac0813ccd0a4e87dd63b3188cc10a3eee94e7af67e2ab5070bc5e639a204af69b49aef29b61c7efd1a9f4b6bc51659aeb399b34cf21dc827259991979828515c776d86f06cf69ea710e6be91ec0ea9e46e9d08e07ad2ab67a4b43e2d0763a4673a8002df95761309b011b25a6effab4da60e599c27e263394328da81b0af4ebcd6d838c1a9ff729482681115b4964be42bb4b8d8855c71450e9c48999e195227f41eb0fde516123e1da39f0db125045c3e5dadbfba05b329cf3d02dbd9fa01c75856ee233ef96b5e61f845560c640758d3883bb7ca2da85c9c5c15dc0f4033bc8140ec0965f91a4be0692c0348a3cc38fbac8a0e6db18433aeb3f05921c5cf614be4754f76c9e3323026a646d89a7a894e1b493a999af49864886b6ed68ce635ba2eeff167e99ac5fa5696aca29f1517b47f460151ca4b9afb34cc5ffbeb037ece8de9d223d8a1124b6c0ce000928070c021dc17499c9313264903ccc5ba90f9b0eb3c1617cb53c8192a7e2d12c566c83ac35ee265bd5bafb2b3208af0cc938e8306a45b50ccd17ee5e59fbfcf30c09185c2d84db35e05190a3251c097c288d5bfd800f2fc5e60aaaaa7bb297e39e40dfc35da14b1ffa060ed3f02722f35e345e7ad453e6758b5ec8ef2ebd3a57413a1ea68df9684dc4dda5bdeaf81ec602fee0057dfa42fe9bcd7f571e906b31c4044c07070a0cdfab85594b18c54691b269a23e39fcbcb48eb4aab9b7950f145d87c750a5bd301ef6c1816aee61ac31b"}, @NL80211_ATTR_ACL_POLICY={0x8, 0xa5, 0x8}, @NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST={0x6, 0xf7, {0xe, 0x9}}]}, 0x660}, 0x1, 0x0, 0x0, 0x48010}, 0x20000800)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket(0xa, 0x5, 0x0)
bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
socket(0x1e, 0x1, 0x0)
openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/ip6_vti0/stable_secret\x00', 0x2, 0x0)
pwrite64$auto(r1, &(0x7f0000000040)='.\'*&\x04!\x00', 0x1, 0x8)
madvise$auto(0x0, 0x8000000000000000, 0x15)
mmap$auto(0x0, 0x40008, 0xb3, 0x9b72, 0xffffffffffffffff, 0x28000)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
clone$auto(0x20003b46, 0x9, 0x0, 0x0, 0x1)

3.758224968s ago: executing program 3 (id=1495):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = io_uring_setup$auto(0x1, 0x0)
mmap$auto(0x0, 0x20008, 0x4000000000df, 0xeb1, r0, 0x8000)
unshare$auto(0x40000080)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty53\x00', 0x200, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0x7, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x2, 0x3, 0x95f4da0a, 0xefffffffffffffff, 0x3, 0x62, 0x80000001, 0x10000000000004, 0x6d40, 0x1, 0x2, 0xfffffffffffffffe]}, 0x0)
mmap$auto(0x400, 0x1, 0xdf, 0x9b72, r1, 0x200000008000)
r3 = socket(0x2b, 0x1, 0x1)
setsockopt$auto(r3, 0x0, 0x1, 0x0, 0x1e)
write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
mmap$auto(0x0, 0x8, 0xdf, 0xeb1, 0x0, 0x8000)
ioctl$auto_SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
ioctl$auto_IOCTL_VMCI_GET_CONTEXT_ID(r0, 0x7b3, 0x0)
r4 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r5)
ioctl$auto(r4, 0x80045519, 0xf15)
ioctl$auto(r4, 0x5523, r4)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0x0, 0x0)
kill$auto(0x0, 0x101)
socket(0xa, 0x5, 0x94)

2.714843737s ago: executing program 3 (id=1496):
socket(0x2, 0x3, 0x100)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
socket(0xa, 0x1, 0x100)
openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x101100, 0x0)
openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000200)='/dev/midi2\x00', 0x1, 0x0)
openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/015/001\x00', 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:1b/power/control\x00', 0xc8a22, 0x0)
open(0x0, 0x261c2, 0x84)
socket(0x2, 0x1, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x40000, 0x19a)
socketpair$auto(0xffffffff, 0x3, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0)
ioctl$auto_CEC_S_MODE(r0, 0x40046109, &(0x7f0000002c40)=0xd0)
ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000040)={"a2e88999", 0x7fff, 0x0, 0x2, 0x9, 0x10000, "7207661b123ebfab150d5b41ec06a2", "daa98e20", "930a0c1a", "310f5514", ["f1448f541c30b99a96561625", "229d96ef5eac0e1bdb7b7eda", "105d6dc99314e86c9f351da7", "77ea06a4b734ff1c8eb66fe0"]})
open(0x0, 0x64842, 0x0)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000011c0)='/dev/ptyq3\x00', 0x40001, 0x0)
ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0)
ioctl$auto(0x3, 0x5411, 0x10000000000402)
close_range$auto(0x2, 0x8, 0x0)

2.404998096s ago: executing program 3 (id=1497):
set_mempolicy$auto(0x1, &(0x7f0000000180)=0x2, 0x6)
unshare$auto(0x40000080)
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/dummy0/addr_gen_mode\x00', 0x1, 0x0)
pwrite64$auto(r0, 0x0, 0x0, 0x2000000000040007)
landlock_restrict_self$auto(0xffffffffffffffff, 0xffffff0a)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff)
shmctl$auto(0x3, 0x3, &(0x7f00000011c0)={{0x40, 0xee00, 0xee01, 0x4, 0xc6, 0x39ad, 0x9}, 0x107, 0x7, 0x6, 0x0, @raw=0x1, @raw=0x1, 0xfffb, 0x0, &(0x7f00000001c0)="7ea86307c7347e9939b99e3260e9613b7a687c65eb5c7677df164cc215056382c95ab7ed89ab9a406393472e63d1e8f50bfbe57da1ca13f7c9a355296424a09480a6dcade9a8d15a7e98a046905826a722890ff204ddf6bd121d4578a71da09ce4d9722a54b5a02173ad7e0f47129e03d4bb29111647f0bedc5494fa69f95c87abbc5db0759e544b1bf412757be85422414e28230e5a07987d846b71a4fdaee112f3d331e7beb93d6d72cbe5dc6cd4aa05792cc42aeae82ce5999e1f31e9cda64c6178dfbc2d101f4c8c167246275b098b6770d936d58aa30457a73eff8d3818f01dcefe1290f7122bea8d66524b63012bfb8997fe871880d24f9e83e1f09ca76e05d057e46817ff57793639b976b6a879da1af6474dcb0248c15f64d1e65b9fc917b9aabf1c66812d2c1564218f02d823a86310d6278e157572157456d8825adfeb1b1fe9aaebb9b3b0c4f349c906631010ca5bfe15830dab2d3e7ec9755610e5096f206fd963fe26e25ffeee625558fc658f2d226f7b2044261c7e72a7071700a3eec31f59bf0aa019aafaaf6264e94c4c35ca10a76002ee801f8fa42e33b27d752cc10a77a7eef23563db019954a066006d692a52bcc6672e5947ec47496185adeb1650aa585fe1e7d0bae6dfcf147c8f412528f13d6a396421e3125aaf792421b48bb49575e9b4f3aa19597943e71396cc47c90866cd7d128cc5", &(0x7f00000000c0)="5ea2aeaada0ca534171e59be60ce3220a210758d49587dc48b521b1ea23b94f81640fd7fd3748bbe116f92c695cda990f1fa4e062688ed66eb68d4330a2a0bf4708e121de903fb29efb8bdb13b41779cde53688041f7cf8fbe1aac11560dd4cc5393237910c93f1ba02564f7f80d063bdffbe5bf114d72b8"})
getpgrp(0x0)
capset$auto(0x0, 0x0)
select$auto(0x0, &(0x7f0000000040)={[0x9, 0x4, 0x34, 0x9, 0x0, 0x1, 0xa, 0x6, 0x5, 0x1, 0x0, 0xcf, 0x5, 0x213, 0x5, 0xb98]}, 0x0, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0)
ioctl$auto(0xffffffffffffffff, 0x4b67, 0x1)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$auto(0x3, 0x541b, 0x38)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x2, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x13fffffd, 0x2, 0xfffffffe, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f00000001c0)={{0x0, 0x7, 0x0, 0x6, 0x0, 0x85, 0x1001}, 0x5}, 0x2, 0x100)
bpf$auto(0xf7fff011, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x4, 0xfaae, 0x468, 0x9, 0x2, 0x8, 0x3, 0x4, 0x1ff, 0x5, 0xb5, 0x4, 0x806, 0xd9ee}, 0xa3)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0)
read$auto(r1, 0x0, 0x1ff)
write$auto(0x3, 0x0, 0xfdef)

1.049353119s ago: executing program 4 (id=1498):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/bus/usb/023/001\x00', 0x201, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x13, 0xffffffffffffffff, 0xfffffffffffff9e2)
socket(0xa, 0x1, 0x100)
ioperm$auto(0x7, 0x5ad2, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0x2000040080000004, 0xe)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48090}, 0x0)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3)
modify_ldt$auto(0x3, 0x0, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0)
r0 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
pread64$auto(r0, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x400)
socket(0x1e, 0x1, 0x0)
openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0)

895.280009ms ago: executing program 6 (id=1499):
prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0)
r0 = open_by_handle_at$auto(0xffffffffffffffff, 0x0, 0xffffffff)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x15, 0x5, 0x0)
getsockopt$auto(r1, 0x114, 0x2710, 0xfffffffffffffffc, 0x0)
mmap$auto(0x7fffffffffffffff, 0x20009, 0xdf, 0xffffffffffffffff, r0, 0x8000)
write$auto(0xffffffffffffffff, 0x0, 0x4)
mmap$auto(0x0, 0x2020009, 0x3, 0x10011, 0xfffffffffffffffa, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x7cf702, 0x0)
mmap$auto(0x0, 0x810004, 0x2, 0x8000000008011, 0x3, 0x8000)
write$auto(0x3, 0x0, 0xfffffdef)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x10b142, 0x0)
ioctl$auto_MON_IOCQ_URB_LEN(0xffffffffffffffff, 0x9201, 0x0)
mmap$auto(0x0, 0xb991, 0x5, 0x19, 0xffffffffffffffff, 0x2)
clock_adjtime$auto(0x0, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x0, 0x0)
r2 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
read$auto_rng_chrdev_ops_core(r2, &(0x7f0000000040)=""/4096, 0xfffffe82)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
write$auto(0x3, 0x0, 0xfffffdef)
connect$auto(0xffffffffffffffff, 0x0, 0x55)

54.561851ms ago: executing program 3 (id=1500):
socket$nl_generic(0x10, 0x3, 0x10)
read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000003c0)=""/192, 0xc0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/pcm0p/sub0/hw_params\x00', 0x1c1282, 0x0)
read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000280)=""/65, 0x41)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000)
sendmsg$auto_TIPC_NL_NET_SET(0xffffffffffffffff, 0x0, 0x2)
mmap$auto(0x0, 0x2020009, 0x10, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x23, 0x8, 0x2008, 0x0, 0x0)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8800)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3)
mmap$auto(0x0, 0x10000, 0x8000, 0xeb1, 0xfffffffffffffffa, 0x8000)
ppoll$auto(0x0, 0x9, 0x0, 0x0, 0x8)
madvise$auto(0x0, 0x200007, 0x19)
sendmsg$auto_BATADV_CMD_GET_ORIGINATORS(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x28000000}, 0x811)
syz_clone3(0x0, 0x0)
mmap$auto(0x0, 0x2000000002020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x3)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0)
futex_wait$auto(0x0, 0x0, 0x7f, 0x2, 0x0, 0x1)
futex_wake$auto(0x0, 0x7, 0xfffffffb, 0x2)
sysfs$auto(0x2, 0x23, 0x0)
r1 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0)
write$auto(r1, 0x0, 0x4)

0s ago: executing program 4 (id=1501):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/bus/usb/023/001\x00', 0x201, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x13, 0xffffffffffffffff, 0xfffffffffffff9e2)
socket(0xa, 0x1, 0x100)
ioperm$auto(0x7, 0x5ad2, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0x2000040080000004, 0xe)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48090}, 0x0)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3)
modify_ldt$auto(0x3, 0x0, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0)
r0 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001480), r1)
pread64$auto(r0, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x400)
openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0)

kernel console output (not intermixed with test programs):


	




	

	

	

	





			
	
	
	




	

		

		
	


	


		
		
	









	





	



		

		








	








	

	
		



		


		

	
	











	









	




	





		






	
	

	





	

	
	
	
	
	
	

	
	

	
	

	
	

	
	

	
	

	
	
	

	

	


	

	

	
	

	
	

	
	

	

	

	

	
		
	

	
	

	
	
	

	

	

	
		
	

	
		

















































































	
	



	
	
	
	
	
	
	

	
		
	

	
		
	

	
		






	
				
	
		
	
	
		

	
				
	
	



				
		


	
	


	
	

	






	

	
	

	
	

	
			


	

	
		
			


	

	
	

	
	

	
	

	
	

	
	

	
	

	
	

	
	

	

	


				
	
			
	
	

	
		



	


		
			
	
	
	
	



	
	



	
	



	
	
		

	



	
	

	
		


	


	
	

	

	
		
		

	
			
		

	
			


	
	

	

	

	
		


	

	
		

	
		

	


	
	

		
	
		
	

	



			








	




	





	


	


		


		



	
		

		


		

		
		

	


		






	






	







		








	
		

	


	
	

		
	
		
	

	



			








	




	














	


	

	

	

		

	
	

				
		
	
		
	



		

	



		
		
	











	






	




	



		





	

	
		
	
	
	
	
	
	


	
	
	



	
	



	
	



	
	
		

	



	

	
		

	


	
	

		
	
		
	

	



			








	




	





	


	


		


		



	
		

		


		

		
		

	


		






	




	





		





	

	
		
	

	
		
		

	
			
		

	
			
	

	
		


	
	

	
	

	
		
							

	



	
		

	


	
	

		
	
		
	

	



			








	




	





	


	


		


		



	
		

		


		

		
		

	


		






	




	





		






	
		

	


	
	

		
	
		
	

	



			








	




	





		

		


		


		



	
		

		


		

		
		

	


		






	




	





		






	
		

	


	
	

		
	

	
		

	


		

		
	
		
	

	



			








	




	





		


		


		



	

	
		

		


		

		
		

	


		






	




	





		





		
	

	



			








	


	



	

	

	

		

	




	

	


	











	








	






	







		








	
	

	

	
				
	
		


	
	

	
		



	
		

	


	
	

		
	
		
	

	



			








	




	















	

	



	



	




	






	




	




		






		
	


[  485.824597][T11503] tipc: Started in network mode
[  485.829580][T11503] tipc: Node identity ee00, cluster identity 4711
[  485.849796][T11503] tipc: Node number set to 60928
[  491.416869][T11600] FAULT_INJECTION: forcing a failure.
[  491.416869][T11600] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  491.430460][T11600] CPU: 1 UID: 0 PID: 11600 Comm: syz.2.1296 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  491.430495][T11600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  491.430510][T11600] Call Trace:
[  491.430519][T11600]  <TASK>
[  491.430525][T11600]  dump_stack_lvl+0x16c/0x1f0
[  491.430556][T11600]  should_fail_ex+0x512/0x640
[  491.430580][T11600]  should_fail_alloc_page+0xe7/0x130
[  491.430596][T11600]  prepare_alloc_pages+0x3c2/0x610
[  491.430616][T11600]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  491.430640][T11600]  ? stack_trace_save+0x8e/0xc0
[  491.430656][T11600]  ? __pfx_stack_trace_save+0x10/0x10
[  491.430670][T11600]  ? stack_depot_save_flags+0x28/0xa40
[  491.430691][T11600]  ? __kernel_text_address+0xd/0x40
[  491.430715][T11600]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  491.430735][T11600]  ? kasan_save_stack+0x42/0x60
[  491.430755][T11600]  ? kasan_save_track+0x14/0x30
[  491.430774][T11600]  ? snd_pcm_attach_substream+0x441/0xd60
[  491.430793][T11600]  ? snd_pcm_open_substream+0x8d/0x17f0
[  491.430810][T11600]  ? snd_pcm_oss_open+0x735/0x1400
[  491.430824][T11600]  ? soundcore_open+0x409/0x580
[  491.430844][T11600]  ? chrdev_open+0x234/0x6a0
[  491.430870][T11600]  ? do_dentry_open+0x741/0x1c10
[  491.430891][T11600]  ? vfs_open+0x82/0x3f0
[  491.430906][T11600]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  491.430926][T11600]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  491.430950][T11600]  ? policy_nodemask+0xea/0x4e0
[  491.430974][T11600]  alloc_pages_mpol+0x1fb/0x550
[  491.430988][T11600]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  491.431006][T11600]  alloc_pages_noprof+0x131/0x390
[  491.431021][T11600]  alloc_pages_exact_noprof+0x37/0xe0
[  491.431039][T11600]  snd_pcm_attach_substream+0x468/0xd60
[  491.431063][T11600]  snd_pcm_open_substream+0x8d/0x17f0
[  491.431082][T11600]  ? __pfx_snd_pcm_open_substream+0x10/0x10
[  491.431106][T11600]  snd_pcm_oss_open+0x735/0x1400
[  491.431129][T11600]  ? __pfx_snd_pcm_oss_open+0x10/0x10
[  491.431144][T11600]  ? __lock_acquire+0xb8a/0x1c90
[  491.431163][T11600]  ? __pfx_default_wake_function+0x10/0x10
[  491.431179][T11600]  ? __lock_acquire+0xb8a/0x1c90
[  491.431201][T11600]  ? do_raw_spin_lock+0x12c/0x2b0
[  491.431224][T11600]  ? soundcore_open+0x35a/0x580
[  491.431247][T11600]  ? __pfx_snd_pcm_oss_open+0x10/0x10
[  491.431262][T11600]  soundcore_open+0x409/0x580
[  491.431291][T11600]  ? __pfx_soundcore_open+0x10/0x10
[  491.431314][T11600]  chrdev_open+0x234/0x6a0
[  491.431335][T11600]  ? __pfx_apparmor_file_open+0x10/0x10
[  491.431354][T11600]  ? __pfx_chrdev_open+0x10/0x10
[  491.431377][T11600]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  491.431399][T11600]  do_dentry_open+0x741/0x1c10
[  491.431421][T11600]  ? __pfx_chrdev_open+0x10/0x10
[  491.431446][T11600]  vfs_open+0x82/0x3f0
[  491.431463][T11600]  path_openat+0x1de4/0x2cb0
[  491.431502][T11600]  ? __pfx_path_openat+0x10/0x10
[  491.431539][T11600]  ? __lock_acquire+0xb8a/0x1c90
[  491.431576][T11600]  do_filp_open+0x20b/0x470
[  491.431601][T11600]  ? __pfx_do_filp_open+0x10/0x10
[  491.431635][T11600]  ? alloc_fd+0x471/0x7d0
[  491.431659][T11600]  do_sys_openat2+0x11b/0x1d0
[  491.431674][T11600]  ? __pfx_do_sys_openat2+0x10/0x10
[  491.431697][T11600]  __x64_sys_openat+0x174/0x210
[  491.431713][T11600]  ? __pfx___x64_sys_openat+0x10/0x10
[  491.431736][T11600]  do_syscall_64+0xcd/0x490
[  491.431760][T11600]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  491.431774][T11600] RIP: 0033:0x7f9f95f8e929
[  491.431786][T11600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  491.431801][T11600] RSP: 002b:00007f9f96d4f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  491.431816][T11600] RAX: ffffffffffffffda RBX: 00007f9f961b5fa0 RCX: 00007f9f95f8e929
[  491.431825][T11600] RDX: 0000000000008000 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  491.431834][T11600] RBP: 00007f9f96010b39 R08: 0000000000000000 R09: 0000000000000000
[  491.431843][T11600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  491.431852][T11600] R13: 0000000000000000 R14: 00007f9f961b5fa0 R15: 00007ffc76ecbee8
[  491.431871][T11600]  </TASK>
[  492.595398][T11618] .SR: entered promiscuous mode
[  492.635779][T11618] Invalid ELF header magic: != ELF
[  492.990104][T11622] netlink: 296 bytes leftover after parsing attributes in process `syz.3.1301'.
[  492.999444][T11618] could not allocate digest TFM handle 
[  493.073276][T11619] could not allocate digest TFM handle 
[  494.557485][T11651] FAULT_INJECTION: forcing a failure.
[  494.557485][T11651] name failslab, interval 1, probability 0, space 0, times 0
[  494.570535][T11651] CPU: 0 UID: 0 PID: 11651 Comm: syz.3.1306 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  494.570574][T11651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  494.570590][T11651] Call Trace:
[  494.570599][T11651]  <TASK>
[  494.570609][T11651]  dump_stack_lvl+0x16c/0x1f0
[  494.570653][T11651]  should_fail_ex+0x512/0x640
[  494.570688][T11651]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  494.570731][T11651]  should_failslab+0xc2/0x120
[  494.570756][T11651]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  494.570792][T11651]  ? dup_fd+0x4e/0xb90
[  494.570830][T11651]  dup_fd+0x4e/0xb90
[  494.570867][T11651]  ? apparmor_task_alloc+0x2c2/0x3b0
[  494.570898][T11651]  copy_process+0x230c/0x76a0
[  494.570929][T11651]  ? __pfx___futex_wait+0x10/0x10
[  494.570962][T11651]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  494.571011][T11651]  ? __pfx_copy_process+0x10/0x10
[  494.571060][T11651]  kernel_clone+0xfc/0x960
[  494.571093][T11651]  ? __pfx_kernel_clone+0x10/0x10
[  494.571132][T11651]  ? up_write+0x1b2/0x520
[  494.571176][T11651]  ? 0xffffffff81000000
[  494.571195][T11651]  __do_sys_clone+0xce/0x120
[  494.571225][T11651]  ? __pfx___do_sys_clone+0x10/0x10
[  494.571266][T11651]  ? 0xffffffff81000000
[  494.571298][T11651]  ? xfd_validate_state+0x61/0x180
[  494.571345][T11651]  do_syscall_64+0xcd/0x490
[  494.571387][T11651]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  494.571413][T11651] RIP: 0033:0x7f90e358e929
[  494.571433][T11651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  494.571458][T11651] RSP: 002b:00007f90e432b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  494.571484][T11651] RAX: ffffffffffffffda RBX: 00007f90e37b6080 RCX: 00007f90e358e929
[  494.571502][T11651] RDX: 9999999999999999 RSI: 0000000000000004 RDI: 0000000000000000
[  494.571518][T11651] RBP: 00007f90e3610b39 R08: 0000000000000009 R09: 0000000000000000
[  494.571535][T11651] R10: ffffffff81000000 R11: 0000000000000246 R12: 0000000000000000
[  494.571551][T11651] R13: 0000000000000000 R14: 00007f90e37b6080 R15: 00007ffd0dce5cd8
[  494.571575][T11651]  ? 0xffffffff81000000
[  494.571604][T11651]  </TASK>
[  495.280691][T11658] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137
[  495.315582][T11658] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138
[  495.371633][T11658] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum
[  495.839874][T11665] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  495.848639][T11665] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  495.859851][T11665] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  495.869381][T11665] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  495.877463][T11665] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  495.980672][T11670] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1311'.
[  496.435999][T11664] chnl_net:caif_netlink_parms(): no params data found
[  497.177527][T11664] bridge0: port 1(bridge_slave_0) entered blocking state
[  497.243382][T11664] bridge0: port 1(bridge_slave_0) entered disabled state
[  497.253124][T11664] bridge_slave_0: entered allmulticast mode
[  497.261733][T11664] bridge_slave_0: entered promiscuous mode
[  497.303645][T11664] bridge0: port 2(bridge_slave_1) entered blocking state
[  497.311807][T11664] bridge0: port 2(bridge_slave_1) entered disabled state
[  497.319657][T11664] bridge_slave_1: entered allmulticast mode
[  497.327734][T11664] bridge_slave_1: entered promiscuous mode
[  497.433708][T11664] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  497.451187][T11664] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  497.543097][T11664] team0: Port device team_slave_0 added
[  497.554511][T11664] team0: Port device team_slave_1 added
[  497.584182][T11664] batman_adv: batadv0: Adding interface: batadv_slave_0
[  497.591554][T11664] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  497.633318][T11664] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  497.671509][T11664] batman_adv: batadv0: Adding interface: batadv_slave_1
[  497.729486][T11664] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  497.809404][T11664] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  497.969113][T11665] Bluetooth: hci4: command tx timeout
[  498.026796][T11664] hsr_slave_0: entered promiscuous mode
[  498.059873][T11664] hsr_slave_1: entered promiscuous mode
[  498.080082][T11664] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  498.106248][T11664] Cannot create hsr debugfs directory
[  498.674262][T11664] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  498.707409][T11664] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  498.719496][T11695] kexec: Could not allocate control_code_buffer
[  498.740039][T11664] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  498.752652][T11664] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  498.968345][   T30] audit: type=1800 audit(4295005910.876:14): pid=11701 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1316" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0
[  499.019005][T11664] 8021q: adding VLAN 0 to HW filter on device bond0
[  499.052581][T11664] 8021q: adding VLAN 0 to HW filter on device team0
[  499.255297][T10467] bridge0: port 1(bridge_slave_0) entered blocking state
[  499.262524][T10467] bridge0: port 1(bridge_slave_0) entered forwarding state
[  499.296700][T10467] bridge0: port 2(bridge_slave_1) entered blocking state
[  499.303931][T10467] bridge0: port 2(bridge_slave_1) entered forwarding state
[  499.435007][T11664] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  499.457038][T11664] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  499.559496][T10519] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  499.573422][T10519] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  499.581898][T11722] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  499.595123][T11722] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  499.603781][T11722] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  499.947626][T11664] 8021q: adding VLAN 0 to HW filter on device batadv0
[  500.050966][T11722] Bluetooth: hci4: command tx timeout
[  500.130959][T11735] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1320'.
[  500.172897][   T30] audit: type=1800 audit(4295005912.086:15): pid=11737 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1321" name="lu_gp_id" dev="configfs" ino=60359 res=0 errno=0
[  500.291260][T11718] chnl_net:caif_netlink_parms(): no params data found
[  500.399751][T11737] ALUA LU Group already has a valid ID, ignoring request
[  500.613623][T11718] bridge0: port 1(bridge_slave_0) entered blocking state
[  500.621941][T11718] bridge0: port 1(bridge_slave_0) entered disabled state
[  500.630325][T11718] bridge_slave_0: entered allmulticast mode
[  500.638449][T11718] bridge_slave_0: entered promiscuous mode
[  500.647901][T11718] bridge0: port 2(bridge_slave_1) entered blocking state
[  500.655432][T11718] bridge0: port 2(bridge_slave_1) entered disabled state
[  500.663066][T11718] bridge_slave_1: entered allmulticast mode
[  500.671460][T11718] bridge_slave_1: entered promiscuous mode
[  500.811364][T11718] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  500.833399][T11718] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  500.934535][T11664] veth0_vlan: entered promiscuous mode
[  500.943080][T11748] FAULT_INJECTION: forcing a failure.
[  500.943080][T11748] name failslab, interval 1, probability 0, space 0, times 0
[  500.957667][T11748] CPU: 1 UID: 0 PID: 11748 Comm: syz.3.1322 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  500.957716][T11748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  500.957733][T11748] Call Trace:
[  500.957742][T11748]  <TASK>
[  500.957753][T11748]  dump_stack_lvl+0x16c/0x1f0
[  500.957798][T11748]  should_fail_ex+0x512/0x640
[  500.957834][T11748]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  500.957873][T11748]  should_failslab+0xc2/0x120
[  500.957899][T11748]  __kmalloc_cache_noprof+0x6a/0x3e0
[  500.957932][T11748]  ? kasan_save_track+0x14/0x30
[  500.957970][T11748]  ? snd_info_text_entry_open+0xfb/0x2a0
[  500.958005][T11748]  snd_info_text_entry_open+0xfb/0x2a0
[  500.958034][T11748]  ? __pfx_snd_info_text_entry_open+0x10/0x10
[  500.958061][T11748]  ? trace_kmem_cache_alloc+0x28/0xc0
[  500.958088][T11748]  ? __pfx_apparmor_file_open+0x10/0x10
[  500.958120][T11748]  ? proc_reg_open+0x21d/0x610
[  500.958156][T11748]  ? __pfx_snd_info_text_entry_open+0x10/0x10
[  500.958185][T11748]  proc_reg_open+0x289/0x610
[  500.958223][T11748]  do_dentry_open+0x741/0x1c10
[  500.958261][T11748]  ? __pfx_proc_reg_open+0x10/0x10
[  500.958304][T11748]  vfs_open+0x82/0x3f0
[  500.958337][T11748]  path_openat+0x1de4/0x2cb0
[  500.958386][T11748]  ? __pfx_path_openat+0x10/0x10
[  500.958424][T11748]  ? __lock_acquire+0xb8a/0x1c90
[  500.958460][T11748]  do_filp_open+0x20b/0x470
[  500.958497][T11748]  ? __pfx_do_filp_open+0x10/0x10
[  500.958561][T11748]  ? alloc_fd+0x471/0x7d0
[  500.958607][T11748]  do_sys_openat2+0x11b/0x1d0
[  500.958637][T11748]  ? __pfx_do_sys_openat2+0x10/0x10
[  500.958687][T11748]  __x64_sys_openat+0x174/0x210
[  500.958719][T11748]  ? __pfx___x64_sys_openat+0x10/0x10
[  500.958764][T11748]  do_syscall_64+0xcd/0x490
[  500.958807][T11748]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  500.958838][T11748] RIP: 0033:0x7f90e358e929
[  500.958859][T11748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  500.958884][T11748] RSP: 002b:00007f90e432b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  500.958907][T11748] RAX: ffffffffffffffda RBX: 00007f90e37b6080 RCX: 00007f90e358e929
[  500.958921][T11748] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  500.958938][T11748] RBP: 00007f90e3610b39 R08: 0000000000000000 R09: 0000000000000000
[  500.958954][T11748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  500.958969][T11748] R13: 0000000000000000 R14: 00007f90e37b6080 R15: 00007ffd0dce5cd8
[  500.959004][T11748]  </TASK>
[  501.287570][T11718] team0: Port device team_slave_0 added
[  501.313597][T11718] team0: Port device team_slave_1 added
[  501.379314][T11664] veth1_vlan: entered promiscuous mode
[  501.496715][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  501.503618][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  501.610904][T11718] batman_adv: batadv0: Adding interface: batadv_slave_0
[  501.617900][T11718] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  501.654129][T11722] Bluetooth: hci5: command tx timeout
[  501.662758][T11718] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  501.679664][T11718] batman_adv: batadv0: Adding interface: batadv_slave_1
[  501.696863][T11718] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  501.751110][T11718] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  501.908400][T11718] hsr_slave_0: entered promiscuous mode
[  501.920443][T11718] hsr_slave_1: entered promiscuous mode
[  501.940263][T11718] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  501.947870][T11718] Cannot create hsr debugfs directory
[  502.066973][T11664] veth0_macvtap: entered promiscuous mode
[  502.126313][T11664] veth1_macvtap: entered promiscuous mode
[  502.133963][T11722] Bluetooth: hci4: command tx timeout
[  502.191069][T11664] batman_adv: batadv0: Interface activated: batadv_slave_0
[  502.241198][T11664] batman_adv: batadv0: Interface activated: batadv_slave_1
[  502.391056][T11664] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  502.408881][T11664] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  502.418721][T11664] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  502.432409][T11763] FAULT_INJECTION: forcing a failure.
[  502.432409][T11763] name failslab, interval 1, probability 0, space 0, times 0
[  502.438934][T11664] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  502.456964][T11763] CPU: 1 UID: 0 PID: 11763 Comm: syz.2.1324 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  502.457002][T11763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  502.457017][T11763] Call Trace:
[  502.457026][T11763]  <TASK>
[  502.457036][T11763]  dump_stack_lvl+0x16c/0x1f0
[  502.457081][T11763]  should_fail_ex+0x512/0x640
[  502.457116][T11763]  ? __kmalloc_noprof+0xbf/0x510
[  502.457156][T11763]  ? lsm_blob_alloc+0x68/0x90
[  502.457191][T11763]  should_failslab+0xc2/0x120
[  502.457216][T11763]  __kmalloc_noprof+0xd2/0x510
[  502.457260][T11763]  lsm_blob_alloc+0x68/0x90
[  502.457295][T11763]  security_prepare_creds+0x30/0x270
[  502.457332][T11763]  prepare_creds+0x56f/0x7d0
[  502.457370][T11763]  copy_creds+0xa7/0xa50
[  502.457409][T11763]  copy_process+0xff6/0x76a0
[  502.457436][T11763]  ? preempt_schedule_thunk+0x16/0x30
[  502.457483][T11763]  ? __pfx_copy_process+0x10/0x10
[  502.457510][T11763]  ? plist_check_head+0xa3/0x150
[  502.457554][T11763]  ? futex_private_hash_put+0xc7/0x240
[  502.457584][T11763]  kernel_clone+0xfc/0x960
[  502.457610][T11763]  ? __pfx_futex_wake+0x10/0x10
[  502.457638][T11763]  ? __pfx_kernel_clone+0x10/0x10
[  502.457668][T11763]  ? up_write+0x1b2/0x520
[  502.457703][T11763]  ? 0xffffffff81000000
[  502.457717][T11763]  __do_sys_clone+0xce/0x120
[  502.457741][T11763]  ? __pfx___do_sys_clone+0x10/0x10
[  502.457767][T11763]  ? 0xffffffff81000000
[  502.457792][T11763]  ? xfd_validate_state+0x61/0x180
[  502.457827][T11763]  do_syscall_64+0xcd/0x490
[  502.457859][T11763]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  502.457880][T11763] RIP: 0033:0x7f9f95f8e929
[  502.457896][T11763] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  502.457916][T11763] RSP: 002b:00007f9f96d2e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  502.457937][T11763] RAX: ffffffffffffffda RBX: 00007f9f961b6080 RCX: 00007f9f95f8e929
[  502.457952][T11763] RDX: 9999999999999999 RSI: 0000000000000004 RDI: 0000000000000000
[  502.457965][T11763] RBP: 00007f9f96010b39 R08: 0000000000000009 R09: 0000000000000000
[  502.457979][T11763] R10: ffffffff81000000 R11: 0000000000000246 R12: 0000000000000000
[  502.457992][T11763] R13: 0000000000000000 R14: 00007f9f961b6080 R15: 00007ffc76ecbee8
[  502.458012][T11763]  ? 0xffffffff81000000
[  502.458034][T11763]  </TASK>
[  503.060585][T11718] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  503.085850][T11718] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  503.126724][T11718] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  503.238205][T11718] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  503.430844][T11111] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  503.463682][T11111] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  503.556586][T10489] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  503.565788][T10489] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  503.691933][T11718] 8021q: adding VLAN 0 to HW filter on device bond0
[  503.729796][T11665] Bluetooth: hci5: command tx timeout
[  503.747617][T11718] 8021q: adding VLAN 0 to HW filter on device team0
[  503.793161][T10475] bridge0: port 1(bridge_slave_0) entered blocking state
[  503.800384][T10475] bridge0: port 1(bridge_slave_0) entered forwarding state
[  503.837677][T11111] bridge0: port 2(bridge_slave_1) entered blocking state
[  503.844986][T11111] bridge0: port 2(bridge_slave_1) entered forwarding state
[  504.212540][T11665] Bluetooth: hci4: command tx timeout
[  504.755136][T11718] 8021q: adding VLAN 0 to HW filter on device batadv0
[  505.812402][T11665] Bluetooth: hci5: command tx timeout
[  505.840534][T11718] veth0_vlan: entered promiscuous mode
[  505.925044][T11718] veth1_vlan: entered promiscuous mode
[  506.283068][T11718] veth0_macvtap: entered promiscuous mode
[  506.294563][T11718] veth1_macvtap: entered promiscuous mode
[  506.367068][T11718] batman_adv: batadv0: Interface activated: batadv_slave_0
[  506.441219][T11718] batman_adv: batadv0: Interface activated: batadv_slave_1
[  506.484964][T11718] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  506.497621][T11718] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  506.511028][T11718] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  506.532112][T11718] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  506.897598][T11111] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  506.931506][T11111] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  507.011296][T11111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  507.043617][T11111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  507.238577][T11847] FAULT_INJECTION: forcing a failure.
[  507.238577][T11847] name failslab, interval 1, probability 0, space 0, times 0
[  507.263859][T11847] CPU: 1 UID: 0 PID: 11847 Comm: syz.4.1334 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  507.263903][T11847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  507.263917][T11847] Call Trace:
[  507.263925][T11847]  <TASK>
[  507.263936][T11847]  dump_stack_lvl+0x16c/0x1f0
[  507.263976][T11847]  should_fail_ex+0x512/0x640
[  507.264007][T11847]  ? __kmalloc_node_noprof+0xc5/0x500
[  507.264043][T11847]  should_failslab+0xc2/0x120
[  507.264063][T11847]  __kmalloc_node_noprof+0xd8/0x500
[  507.264096][T11847]  ? __vmalloc_node_range_noprof+0x3e5/0x14b0
[  507.264132][T11847]  __vmalloc_node_range_noprof+0x3e5/0x14b0
[  507.264162][T11847]  ? local_lock_release+0x99/0x140
[  507.264194][T11847]  ? kernel_clone+0xfc/0x960
[  507.264224][T11847]  ? rcu_read_unlock+0x17/0x60
[  507.264255][T11847]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  507.264299][T11847]  ? kernel_clone+0xfc/0x960
[  507.264328][T11847]  __vmalloc_node_noprof+0xad/0xf0
[  507.264354][T11847]  ? kernel_clone+0xfc/0x960
[  507.264386][T11847]  copy_process+0x2c70/0x76a0
[  507.264415][T11847]  ? preempt_schedule_thunk+0x16/0x30
[  507.264453][T11847]  ? try_to_wake_up+0xa2f/0x1680
[  507.264482][T11847]  ? __pfx_copy_process+0x10/0x10
[  507.264509][T11847]  ? plist_check_head+0xa3/0x150
[  507.264543][T11847]  ? futex_private_hash_put+0xc7/0x240
[  507.264574][T11847]  kernel_clone+0xfc/0x960
[  507.264603][T11847]  ? __pfx_futex_wake+0x10/0x10
[  507.264635][T11847]  ? __pfx_kernel_clone+0x10/0x10
[  507.264677][T11847]  ? up_write+0x1b2/0x520
[  507.264718][T11847]  ? 0xffffffff81000000
[  507.264729][T11847]  __do_sys_clone+0xce/0x120
[  507.264746][T11847]  ? __pfx___do_sys_clone+0x10/0x10
[  507.264764][T11847]  ? 0xffffffff81000000
[  507.264780][T11847]  ? xfd_validate_state+0x61/0x180
[  507.264804][T11847]  do_syscall_64+0xcd/0x490
[  507.264828][T11847]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  507.264842][T11847] RIP: 0033:0x7f8b3e38e929
[  507.264853][T11847] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  507.264866][T11847] RSP: 002b:00007f8b3f18e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  507.264880][T11847] RAX: ffffffffffffffda RBX: 00007f8b3e5b6080 RCX: 00007f8b3e38e929
[  507.264890][T11847] RDX: 9999999999999999 RSI: 0000000000000004 RDI: 0000000000000000
[  507.264905][T11847] RBP: 00007f8b3e410b39 R08: 0000000000000009 R09: 0000000000000000
[  507.264914][T11847] R10: ffffffff81000000 R11: 0000000000000246 R12: 0000000000000000
[  507.264923][T11847] R13: 0000000000000000 R14: 00007f8b3e5b6080 R15: 00007ffc2ecab928
[  507.264935][T11847]  ? 0xffffffff81000000
[  507.264951][T11847]  </TASK>
[  507.531241][    C1] vkms_vblank_simulate: vblank timer overrun
[  507.546694][T11847] syz.4.1334: vmalloc error: size 32768, failed to allocated page array size 64, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  507.564182][T11847] CPU: 0 UID: 0 PID: 11847 Comm: syz.4.1334 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  507.564221][T11847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  507.564237][T11847] Call Trace:
[  507.564245][T11847]  <TASK>
[  507.564255][T11847]  dump_stack_lvl+0x16c/0x1f0
[  507.564307][T11847]  warn_alloc+0x248/0x3a0
[  507.564347][T11847]  ? __pfx_warn_alloc+0x10/0x10
[  507.564382][T11847]  ? dump_stack_lvl+0x1a1/0x1f0
[  507.564430][T11847]  ? rcu_is_watching+0x12/0xc0
[  507.564457][T11847]  ? __kmalloc_node_noprof+0x23b/0x500
[  507.564504][T11847]  __vmalloc_node_range_noprof+0x101b/0x14b0
[  507.564536][T11847]  ? local_lock_release+0x99/0x140
[  507.564573][T11847]  ? kernel_clone+0xfc/0x960
[  507.564612][T11847]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  507.564657][T11847]  ? kernel_clone+0xfc/0x960
[  507.564686][T11847]  __vmalloc_node_noprof+0xad/0xf0
[  507.564714][T11847]  ? kernel_clone+0xfc/0x960
[  507.564745][T11847]  copy_process+0x2c70/0x76a0
[  507.564774][T11847]  ? preempt_schedule_thunk+0x16/0x30
[  507.564811][T11847]  ? try_to_wake_up+0xa2f/0x1680
[  507.564840][T11847]  ? __pfx_copy_process+0x10/0x10
[  507.564867][T11847]  ? plist_check_head+0xa3/0x150
[  507.564907][T11847]  ? futex_private_hash_put+0xc7/0x240
[  507.564940][T11847]  kernel_clone+0xfc/0x960
[  507.564969][T11847]  ? __pfx_futex_wake+0x10/0x10
[  507.565001][T11847]  ? __pfx_kernel_clone+0x10/0x10
[  507.565039][T11847]  ? up_write+0x1b2/0x520
[  507.565094][T11847]  ? 0xffffffff81000000
[  507.565114][T11847]  __do_sys_clone+0xce/0x120
[  507.565146][T11847]  ? __pfx___do_sys_clone+0x10/0x10
[  507.565180][T11847]  ? 0xffffffff81000000
[  507.565212][T11847]  ? xfd_validate_state+0x61/0x180
[  507.565256][T11847]  do_syscall_64+0xcd/0x490
[  507.565296][T11847]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  507.565322][T11847] RIP: 0033:0x7f8b3e38e929
[  507.565343][T11847] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  507.565368][T11847] RSP: 002b:00007f8b3f18e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  507.565393][T11847] RAX: ffffffffffffffda RBX: 00007f8b3e5b6080 RCX: 00007f8b3e38e929
[  507.565412][T11847] RDX: 9999999999999999 RSI: 0000000000000004 RDI: 0000000000000000
[  507.565428][T11847] RBP: 00007f8b3e410b39 R08: 0000000000000009 R09: 0000000000000000
[  507.565444][T11847] R10: ffffffff81000000 R11: 0000000000000246 R12: 0000000000000000
[  507.565460][T11847] R13: 0000000000000000 R14: 00007f8b3e5b6080 R15: 00007ffc2ecab928
[  507.565483][T11847]  ? 0xffffffff81000000
[  507.565512][T11847]  </TASK>
[  507.565530][T11847] Mem-Info:
[  507.839075][T11847] active_anon:27282 inactive_anon:0 isolated_anon:0
[  507.839075][T11847]  active_file:17524 inactive_file:40997 isolated_file:0
[  507.839075][T11847]  unevictable:1799 dirty:536 writeback:25
[  507.839075][T11847]  slab_reclaimable:12045 slab_unreclaimable:148820
[  507.839075][T11847]  mapped:38720 shmem:8047 pagetables:1186
[  507.839075][T11847]  sec_pagetables:0 bounce:0
[  507.839075][T11847]  kernel_misc_reclaimable:0
[  507.839075][T11847]  free:1200952 free_pcp:30250 free_cma:0
[  507.884738][    C1] vkms_vblank_simulate: vblank timer overrun
[  507.899489][T11847] Node 0 active_anon:109196kB inactive_anon:0kB active_file:70096kB inactive_file:163860kB unevictable:5660kB isolated(anon):0kB isolated(file):0kB mapped:155004kB dirty:2184kB writeback:4kB shmem:30652kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:15644kB pagetables:4644kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  507.901004][T11665] Bluetooth: hci5: command tx timeout
[  507.933178][    C1] vkms_vblank_simulate: vblank timer overrun
[  507.933313][T11847] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:8kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  507.933390][T11847] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  507.933460][T11847] lowmem_reserve[]: 0 2481 2482 2482 2482
[  507.933509][T11847] Node 0 DMA32 free:907556kB boost:0kB min:34332kB low:42912kB high:51492kB reserved_highatomic:0KB free_highatomic:0KB active_anon:109096kB inactive_anon:0kB active_file:70096kB inactive_file:162548kB unevictable:5660kB writepending:2212kB present:3129332kB managed:2540892kB mlocked:4124kB bounce:0kB free_pcp:90484kB local_pcp:42408kB free_cma:0kB
[  507.933585][T11847] lowmem_reserve[]: 0 0 1 1 1
[  507.933634][T11847] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1312kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:24kB local_pcp:12kB free_cma:0kB
[  507.933706][T11847] lowmem_reserve[]: 0 0 0 0 0
[  507.933755][T11847] Node 1 Normal free:3888304kB boost:0kB min:55548kB low:69432kB high:83316kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB writepending:8kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:22912kB local_pcp:8096kB free_cma:0kB
[  507.933837][T11847] lowmem_reserve[]: 0 0 0 0 0
[  507.933886][T11847] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 
[  507.977054][    C1] vkms_vblank_simulate: vblank timer overrun
[  508.045042][    C1] vkms_vblank_simulate: vblank timer overrun
[  508.079684][    C1] vkms_vblank_simulate: vblank timer overrun
[  508.115769][    C1] vkms_vblank_simulate: vblank timer overrun
[  508.272684][T11847] 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  508.335577][T11847] Node 0 DMA32: 4723*4kB (ME) 135*8kB (UME) 117*16kB (ME) 154*32kB (UME) 514*64kB (UM) 356*128kB (UM) 161*256kB (UM) 81*512kB (M) 36*1024kB (UM) 8*2048kB (ME) 162*4096kB (M) = 904724kB
[  508.393461][T11853] random: crng reseeded on system resumption
[  508.406553][T10475] ERROR: Out of memory at tomoyo_memory_ok.
[  508.424466][T11847] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[  508.436551][T11847] Node 1 Normal: 4*4kB (UE) 8*8kB (UE) 4*16kB (E) 11*32kB (UE) 5*64kB (UME) 5*128kB (UE) 5*256kB (UME) 15*512kB (UME) 9*1024kB (UME) 7*2048kB (UME) 941*4096kB (UM) = 3888304kB
[  508.454621][T11847] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  508.475416][T11847] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  508.529152][T11847] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  508.552895][T11847] Node 1 hugepages_total=7 hugepages_free=7 hugepages_surp=0 hugepages_size=2048kB
[  508.571022][T11847] 67311 total pagecache pages
[  508.583997][T11847] 1 pages in swap cache
[  508.592809][T11847] Free swap  = 124992kB
[  508.602152][T11847] Total swap = 124996kB
[  508.611789][T11847] 2097051 pages RAM
[  508.623843][T11847] 0 pages HighMem/MovableOnly
[  508.634446][T11847] 429850 pages reserved
[  508.654586][T11847] 0 pages cma reserved
[  513.120164][T11931] Process accounting resumed
[  513.150384][T11930] FAULT_INJECTION: forcing a failure.
[  513.150384][T11930] name failslab, interval 1, probability 0, space 0, times 0
[  513.181244][T11930] CPU: 1 UID: 0 PID: 11930 Comm: syz.4.1352 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  513.181285][T11930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  513.181300][T11930] Call Trace:
[  513.181309][T11930]  <TASK>
[  513.181320][T11930]  dump_stack_lvl+0x16c/0x1f0
[  513.181365][T11930]  should_fail_ex+0x512/0x640
[  513.181401][T11930]  ? __build_skb_around+0x278/0x3b0
[  513.181437][T11930]  should_failslab+0xc2/0x120
[  513.181463][T11930]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  513.181502][T11930]  ? sctp_chunkify+0x51/0x2d0
[  513.181538][T11930]  ? __lock_acquire+0x622/0x1c90
[  513.181583][T11930]  sctp_chunkify+0x51/0x2d0
[  513.181622][T11930]  _sctp_make_chunk+0x148/0x270
[  513.181662][T11930]  sctp_make_control+0x2f/0x2d0
[  513.181702][T11930]  sctp_make_shutdown+0xb6/0x1d0
[  513.181743][T11930]  ? __pfx_sctp_make_shutdown+0x10/0x10
[  513.181785][T11930]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  513.181828][T11930]  sctp_sf_do_9_2_start_shutdown+0x27/0x490
[  513.181867][T11930]  sctp_sf_do_9_2_prm_shutdown+0x11c/0x150
[  513.181904][T11930]  ? __pfx_sctp_pname+0x10/0x10
[  513.181942][T11930]  sctp_do_sm+0x17e/0x5c80
[  513.181979][T11930]  ? __kernel_text_address+0xd/0x40
[  513.182015][T11930]  ? unwind_get_return_address+0x59/0xa0
[  513.182054][T11930]  ? arch_stack_walk+0xa6/0x100
[  513.182093][T11930]  ? __pfx_sctp_do_sm+0x10/0x10
[  513.182124][T11930]  ? look_up_lock_class+0x59/0x150
[  513.182162][T11930]  ? register_lock_class+0x41/0x4c0
[  513.182235][T11930]  ? mark_held_locks+0x49/0x80
[  513.182267][T11930]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  513.182303][T11930]  ? lockdep_hardirqs_on+0x7c/0x110
[  513.182338][T11930]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  513.182379][T11930]  sctp_primitive_SHUTDOWN+0x9f/0xd0
[  513.182418][T11930]  sctp_close+0x3ff/0x940
[  513.182453][T11930]  ? __pfx_sctp_close+0x10/0x10
[  513.182480][T11930]  ? __pfx___might_resched+0x10/0x10
[  513.182515][T11930]  ? ip_mc_drop_socket+0x1f/0x280
[  513.182542][T11930]  ? down_write+0x14d/0x200
[  513.182579][T11930]  inet_release+0x13c/0x280
[  513.182617][T11930]  inet6_release+0x4f/0x70
[  513.182656][T11930]  __sock_release+0xb3/0x270
[  513.182685][T11930]  ? __pfx_sock_close+0x10/0x10
[  513.182707][T11930]  sock_close+0x1c/0x30
[  513.182729][T11930]  __fput+0x402/0xb70
[  513.182765][T11930]  task_work_run+0x14d/0x240
[  513.182805][T11930]  ? __pfx_task_work_run+0x10/0x10
[  513.182843][T11930]  ? __pfx___do_sys_close_range+0x10/0x10
[  513.182888][T11930]  exit_to_user_mode_loop+0xeb/0x110
[  513.182929][T11930]  do_syscall_64+0x3f6/0x490
[  513.182970][T11930]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  513.182997][T11930] RIP: 0033:0x7f8b3e38e929
[  513.183019][T11930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  513.183044][T11930] RSP: 002b:00007f8b3f1af038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  513.183068][T11930] RAX: 0000000000000000 RBX: 00007f8b3e5b5fa0 RCX: 00007f8b3e38e929
[  513.183085][T11930] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002
[  513.183100][T11930] RBP: 00007f8b3e410b39 R08: 0000000000000000 R09: 0000000000000000
[  513.183116][T11930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  513.183130][T11930] R13: 0000000000000000 R14: 00007f8b3e5b5fa0 R15: 00007ffc2ecab928
[  513.183167][T11930]  </TASK>
[  514.485066][T11953] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1355'.
[  514.631313][T11947] ERROR: Out of memory at tomoyo_memory_ok.
[  515.317822][T11973] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18
[  515.507911][T11974] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1360'.
[  519.037980][T12017] netlink: 94 bytes leftover after parsing attributes in process `syz.3.1370'.
[  522.144683][T11722] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  522.153994][T11722] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  522.164496][T11722] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  522.194243][T11722] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  522.204017][T11722] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  522.624154][T12068] chnl_net:caif_netlink_parms(): no params data found
[  522.842975][T12068] bridge0: port 1(bridge_slave_0) entered blocking state
[  522.859315][T12068] bridge0: port 1(bridge_slave_0) entered disabled state
[  522.866729][T12068] bridge_slave_0: entered allmulticast mode
[  522.875322][T12068] bridge_slave_0: entered promiscuous mode
[  522.884847][T12068] bridge0: port 2(bridge_slave_1) entered blocking state
[  522.892349][T12068] bridge0: port 2(bridge_slave_1) entered disabled state
[  522.900330][T12068] bridge_slave_1: entered allmulticast mode
[  522.909877][T12068] bridge_slave_1: entered promiscuous mode
[  522.994924][T12068] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  523.014439][T12068] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  523.105364][T12068] team0: Port device team_slave_0 added
[  523.276169][T12068] team0: Port device team_slave_1 added
[  523.518690][T12068] batman_adv: batadv0: Adding interface: batadv_slave_0
[  523.542881][T12068] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  523.568931][    C0] vkms_vblank_simulate: vblank timer overrun
[  523.889277][T12068] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  524.008596][T12068] batman_adv: batadv0: Adding interface: batadv_slave_1
[  524.032665][T12068] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  524.098764][T12068] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  524.289004][T11722] Bluetooth: hci6: command tx timeout
[  524.312723][T12094] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1381'.
[  524.735368][T12068] hsr_slave_0: entered promiscuous mode
[  524.765596][T12068] hsr_slave_1: entered promiscuous mode
[  524.780520][T12068] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  524.788230][T12068] Cannot create hsr debugfs directory
[  525.422855][T12068] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  525.536224][T12068] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  525.620905][T12068] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  525.702667][T12068] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  525.834940][T12115] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1386'.
[  526.001472][T12115] hsr_slave_0 (unregistering): left promiscuous mode
[  526.373235][T11722] Bluetooth: hci6: command tx timeout
[  526.408176][T12126] random: crng reseeded on system resumption
[  526.416660][T10754] ERROR: Out of memory at tomoyo_memory_ok.
[  526.448256][T10467] ERROR: Out of memory at tomoyo_memory_ok.
[  526.824289][T12129] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  526.855065][T12068] 8021q: adding VLAN 0 to HW filter on device bond0
[  527.025056][T12068] 8021q: adding VLAN 0 to HW filter on device team0
[  527.060681][T10474] bridge0: port 1(bridge_slave_0) entered blocking state
[  527.067906][T10474] bridge0: port 1(bridge_slave_0) entered forwarding state
[  527.107585][T10474] bridge0: port 2(bridge_slave_1) entered blocking state
[  527.114740][T10474] bridge0: port 2(bridge_slave_1) entered forwarding state
[  527.317772][T12068] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  527.332079][T12068] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  527.539477][T12149] random: crng reseeded on system resumption
[  528.147476][T12068] 8021q: adding VLAN 0 to HW filter on device batadv0
[  528.350101][T12149] Restarting kernel threads ...
[  528.369883][T12149] Done restarting kernel threads.
[  528.449493][T11722] Bluetooth: hci6: command tx timeout
[  528.815689][T12169] Invalid ELF header magic: != ELF
[  529.381709][T12068] veth0_vlan: entered promiscuous mode
[  529.511598][T12068] veth1_vlan: entered promiscuous mode
[  529.673995][T12068] veth0_macvtap: entered promiscuous mode
[  529.685336][T12068] veth1_macvtap: entered promiscuous mode
[  529.710265][T12068] batman_adv: batadv0: Interface activated: batadv_slave_0
[  529.723787][T12068] batman_adv: batadv0: Interface activated: batadv_slave_1
[  529.746026][T12068] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  529.798268][T12068] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  529.807493][T12068] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  529.818039][T12068] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  530.092545][T10474] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  530.104181][T10474] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  530.116903][T12190] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  530.219716][T11111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  530.243638][T11111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  530.497312][T12205] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1397'.
[  530.529357][T11722] Bluetooth: hci6: command tx timeout
[  533.063757][T12237] FAULT_INJECTION: forcing a failure.
[  533.063757][T12237] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  533.096692][T12237] CPU: 1 UID: 0 PID: 12237 Comm: syz.4.1407 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  533.096729][T12237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  533.096745][T12237] Call Trace:
[  533.096754][T12237]  <TASK>
[  533.096764][T12237]  dump_stack_lvl+0x16c/0x1f0
[  533.096809][T12237]  should_fail_ex+0x512/0x640
[  533.096850][T12237]  should_fail_alloc_page+0xe7/0x130
[  533.096878][T12237]  prepare_alloc_pages+0x3c2/0x610
[  533.096915][T12237]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  533.096956][T12237]  ? copy_splice_read+0x1a8/0xba0
[  533.096986][T12237]  ? stack_trace_save+0x8e/0xc0
[  533.097014][T12237]  ? __pfx_stack_trace_save+0x10/0x10
[  533.097041][T12237]  ? stack_depot_save_flags+0x28/0xa40
[  533.097086][T12237]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  533.097122][T12237]  ? kasan_save_stack+0x33/0x60
[  533.097157][T12237]  ? __kasan_kmalloc+0xaa/0xb0
[  533.097190][T12237]  ? copy_splice_read+0x1a8/0xba0
[  533.097218][T12237]  ? do_splice_read+0x285/0x370
[  533.097247][T12237]  ? splice_direct_to_actor+0x2a1/0xa30
[  533.097276][T12237]  ? do_splice_direct+0x174/0x240
[  533.097305][T12237]  ? do_sendfile+0xb06/0xe50
[  533.097335][T12237]  ? __x64_sys_sendfile64+0x1d8/0x220
[  533.097357][T12237]  ? do_syscall_64+0xcd/0x490
[  533.097421][T12237]  alloc_pages_bulk_noprof+0x71c/0x1410
[  533.097471][T12237]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[  533.097517][T12237]  ? trace_kmalloc+0x2b/0xd0
[  533.097541][T12237]  ? __kmalloc_noprof+0x242/0x510
[  533.097595][T12237]  copy_splice_read+0x1e1/0xba0
[  533.097629][T12237]  ? __pfx_pipe_to_null+0x10/0x10
[  533.097674][T12237]  ? __pfx_copy_splice_read+0x10/0x10
[  533.097704][T12237]  ? pipe_unlock+0x4a/0x70
[  533.097741][T12237]  ? __pfx_splice_from_pipe+0x10/0x10
[  533.097784][T12237]  ? __pfx_pipe_lock_cmp_fn+0x10/0x10
[  533.097821][T12237]  ? __pfx_copy_splice_read+0x10/0x10
[  533.097851][T12237]  do_splice_read+0x285/0x370
[  533.097886][T12237]  splice_direct_to_actor+0x2a1/0xa30
[  533.097921][T12237]  ? __pfx_direct_splice_actor+0x10/0x10
[  533.097960][T12237]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  533.098003][T12237]  do_splice_direct+0x174/0x240
[  533.098036][T12237]  ? __pfx_do_splice_direct+0x10/0x10
[  533.098069][T12237]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  533.098103][T12237]  ? bpf_lsm_file_permission+0x9/0x10
[  533.098129][T12237]  ? security_file_permission+0x71/0x210
[  533.098163][T12237]  ? rw_verify_area+0xcf/0x680
[  533.098198][T12237]  do_sendfile+0xb06/0xe50
[  533.098239][T12237]  ? __pfx_do_sendfile+0x10/0x10
[  533.098278][T12237]  ? __x64_sys_futex+0x1e0/0x4c0
[  533.098308][T12237]  ? __x64_sys_futex+0x1e9/0x4c0
[  533.098343][T12237]  __x64_sys_sendfile64+0x1d8/0x220
[  533.098369][T12237]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[  533.098406][T12237]  do_syscall_64+0xcd/0x490
[  533.098448][T12237]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  533.098475][T12237] RIP: 0033:0x7f8b3e38e929
[  533.098497][T12237] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  533.098522][T12237] RSP: 002b:00007f8b3f1af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  533.098555][T12237] RAX: ffffffffffffffda RBX: 00007f8b3e5b5fa0 RCX: 00007f8b3e38e929
[  533.098573][T12237] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000007
[  533.098589][T12237] RBP: 00007f8b3e410b39 R08: 0000000000000000 R09: 0000000000000000
[  533.098605][T12237] R10: 0010000800000003 R11: 0000000000000246 R12: 0000000000000000
[  533.098622][T12237] R13: 0000000000000000 R14: 00007f8b3e5b5fa0 R15: 00007ffc2ecab928
[  533.098656][T12237]  </TASK>
[  535.964461][T12285] FAULT_INJECTION: forcing a failure.
[  535.964461][T12285] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  535.978086][T12285] CPU: 1 UID: 0 PID: 12285 Comm: syz.3.1418 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  535.978123][T12285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  535.978139][T12285] Call Trace:
[  535.978148][T12285]  <TASK>
[  535.978157][T12285]  dump_stack_lvl+0x16c/0x1f0
[  535.978200][T12285]  should_fail_ex+0x512/0x640
[  535.978240][T12285]  should_fail_alloc_page+0xe7/0x130
[  535.978264][T12285]  prepare_alloc_pages+0x3c2/0x610
[  535.978294][T12285]  ? rcu_is_watching+0x12/0xc0
[  535.978324][T12285]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  535.978368][T12285]  ? rcu_is_watching+0x12/0xc0
[  535.978391][T12285]  ? trace_mm_page_alloc+0x11f/0x1a0
[  535.978419][T12285]  ? __alloc_frozen_pages_noprof+0x294/0x23f0
[  535.978457][T12285]  ? __pfx_stack_trace_save+0x10/0x10
[  535.978485][T12285]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  535.978532][T12285]  ? alloc_vmap_area+0xdc8/0x29c0
[  535.978563][T12285]  ? __vmalloc_node_range_noprof+0x271/0x14b0
[  535.978592][T12285]  ? __do_sys_listmount+0x1c2/0xec0
[  535.978622][T12285]  ? do_syscall_64+0xcd/0x490
[  535.978657][T12285]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  535.978698][T12285]  alloc_pages_bulk_noprof+0x71c/0x1410
[  535.978733][T12285]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  535.978772][T12285]  ? policy_nodemask+0xea/0x4e0
[  535.978810][T12285]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[  535.978849][T12285]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  535.978888][T12285]  kasan_populate_vmalloc+0xf1/0x1f0
[  535.978927][T12285]  alloc_vmap_area+0x959/0x29c0
[  535.978969][T12285]  ? __pfx_alloc_vmap_area+0x10/0x10
[  535.979006][T12285]  __get_vm_area_node+0x1ca/0x330
[  535.979043][T12285]  __vmalloc_node_range_noprof+0x271/0x14b0
[  535.979076][T12285]  ? __do_sys_listmount+0x1c2/0xec0
[  535.979115][T12285]  ? __lock_acquire+0xb8a/0x1c90
[  535.979146][T12285]  ? __do_sys_listmount+0x1c2/0xec0
[  535.979187][T12285]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  535.979220][T12285]  ? __alloc_pages_noprof+0xb/0x1b0
[  535.979255][T12285]  ? ___kmalloc_large_node+0x84/0x1e0
[  535.979282][T12285]  ? find_held_lock+0x2b/0x80
[  535.979312][T12285]  __kvmalloc_node_noprof+0x30a/0x620
[  535.979347][T12285]  ? __do_sys_listmount+0x1c2/0xec0
[  535.979380][T12285]  ? __do_sys_listmount+0x1c2/0xec0
[  535.979417][T12285]  ? __do_sys_listmount+0x1c2/0xec0
[  535.979446][T12285]  __do_sys_listmount+0x1c2/0xec0
[  535.979481][T12285]  ? __x64_sys_futex+0x1e0/0x4c0
[  535.979510][T12285]  ? __x64_sys_futex+0x1e9/0x4c0
[  535.979540][T12285]  ? __pfx___do_sys_listmount+0x10/0x10
[  535.979596][T12285]  do_syscall_64+0xcd/0x490
[  535.979637][T12285]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  535.979664][T12285] RIP: 0033:0x7f90e358e929
[  535.979686][T12285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  535.979709][T12285] RSP: 002b:00007f90e434c038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca
[  535.979734][T12285] RAX: ffffffffffffffda RBX: 00007f90e37b5fa0 RCX: 00007f90e358e929
[  535.979752][T12285] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100
[  535.979769][T12285] RBP: 00007f90e3610b39 R08: 0000000000000000 R09: 0000000000000000
[  535.979785][T12285] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[  535.979801][T12285] R13: 0000000000000000 R14: 00007f90e37b5fa0 R15: 00007ffd0dce5cd8
[  535.979837][T12285]  </TASK>
[  536.373882][T12285] syz.3.1418: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[  536.540584][T12285] CPU: 1 UID: 0 PID: 12285 Comm: syz.3.1418 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  536.540624][T12285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  536.540640][T12285] Call Trace:
[  536.540649][T12285]  <TASK>
[  536.540659][T12285]  dump_stack_lvl+0x16c/0x1f0
[  536.540703][T12285]  warn_alloc+0x248/0x3a0
[  536.540743][T12285]  ? __pfx_warn_alloc+0x10/0x10
[  536.540783][T12285]  ? kfree+0x2b4/0x4d0
[  536.540822][T12285]  ? __get_vm_area_node+0x208/0x330
[  536.540859][T12285]  __vmalloc_node_range_noprof+0xb2d/0x14b0
[  536.540900][T12285]  ? __lock_acquire+0xb8a/0x1c90
[  536.540933][T12285]  ? __do_sys_listmount+0x1c2/0xec0
[  536.540972][T12285]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  536.541006][T12285]  ? __alloc_pages_noprof+0xb/0x1b0
[  536.541041][T12285]  ? ___kmalloc_large_node+0x84/0x1e0
[  536.541067][T12285]  ? find_held_lock+0x2b/0x80
[  536.541096][T12285]  __kvmalloc_node_noprof+0x30a/0x620
[  536.541128][T12285]  ? __do_sys_listmount+0x1c2/0xec0
[  536.541157][T12285]  ? __do_sys_listmount+0x1c2/0xec0
[  536.541205][T12285]  ? __do_sys_listmount+0x1c2/0xec0
[  536.541233][T12285]  __do_sys_listmount+0x1c2/0xec0
[  536.541270][T12285]  ? __x64_sys_futex+0x1e0/0x4c0
[  536.541298][T12285]  ? __x64_sys_futex+0x1e9/0x4c0
[  536.541326][T12285]  ? __pfx___do_sys_listmount+0x10/0x10
[  536.541376][T12285]  do_syscall_64+0xcd/0x490
[  536.541416][T12285]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  536.541443][T12285] RIP: 0033:0x7f90e358e929
[  536.541464][T12285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  536.541490][T12285] RSP: 002b:00007f90e434c038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca
[  536.541524][T12285] RAX: ffffffffffffffda RBX: 00007f90e37b5fa0 RCX: 00007f90e358e929
[  536.541542][T12285] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100
[  536.541559][T12285] RBP: 00007f90e3610b39 R08: 0000000000000000 R09: 0000000000000000
[  536.541575][T12285] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[  536.541592][T12285] R13: 0000000000000000 R14: 00007f90e37b5fa0 R15: 00007ffd0dce5cd8
[  536.541626][T12285]  </TASK>
[  536.541636][T12285] Mem-Info:
[  536.869505][T12285] active_anon:31181 inactive_anon:0 isolated_anon:10
[  536.869505][T12285]  active_file:19267 inactive_file:41304 isolated_file:0
[  536.869505][T12285]  unevictable:1799 dirty:561 writeback:21
[  536.869505][T12285]  slab_reclaimable:12363 slab_unreclaimable:165708
[  536.869505][T12285]  mapped:46189 shmem:8045 pagetables:1345
[  536.869505][T12285]  sec_pagetables:0 bounce:0
[  536.869505][T12285]  kernel_misc_reclaimable:0
[  536.869505][T12285]  free:1180285 free_pcp:16572 free_cma:0
[  536.973292][T12285] Node 0 active_anon:119436kB inactive_anon:0kB active_file:77068kB inactive_file:165084kB unevictable:5660kB isolated(anon):2156kB isolated(file):0kB mapped:184764kB dirty:2252kB writeback:0kB shmem:30644kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB writeback_tmp:0kB kernel_stack:17616kB pagetables:5252kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  537.106239][T12285] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  537.142122][T12285] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  537.175943][T12285] lowmem_reserve[]: 0 2481 2482 2482 2482
[  537.182017][T12285] Node 0 DMA32 free:807616kB boost:0kB min:34332kB low:42912kB high:51492kB reserved_highatomic:0KB free_highatomic:0KB active_anon:123836kB inactive_anon:0kB active_file:77068kB inactive_file:163772kB unevictable:5660kB writepending:2352kB present:3129332kB managed:2540892kB mlocked:4124kB bounce:0kB free_pcp:52532kB local_pcp:32184kB free_cma:0kB
[  537.298296][T12285] lowmem_reserve[]: 0 0 1 1 1
[  537.337416][T12285] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1312kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:24kB local_pcp:12kB free_cma:0kB
[  537.426542][T12285] lowmem_reserve[]: 0 0 0 0 0
[  537.443203][T12285] Node 1 Normal free:3892608kB boost:0kB min:55548kB low:69432kB high:83316kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:18560kB local_pcp:12796kB free_cma:0kB
[  537.517750][T12285] lowmem_reserve[]: 0 0 0 0 0
[  537.527745][T12285] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  537.588938][T12285] Node 0 DMA32: 796*4kB (UM) 1204*8kB (M) 1295*16kB (UME) 806*32kB (UME) 442*64kB (UME) 278*128kB (M) 132*256kB (ME) 82*512kB (M) 37*1024kB (ME) 6*2048kB (UM) 136*4096kB (UM) = 806208kB
[  537.671813][T12285] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[  537.766124][T12285] Node 1 Normal: 4*4kB (UE) 6*8kB (UE) 4*16kB (E) 10*32kB (UE) 31*64kB (UME) 10*128kB (UE) 15*256kB (UME) 14*512kB (UME) 9*1024kB (UME) 7*2048kB (UME) 941*4096kB (UM) = 3892608kB
[  537.798755][T12285] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  537.951639][T12285] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  537.981739][T12285] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  538.038966][T12285] Node 1 hugepages_total=7 hugepages_free=7 hugepages_surp=0 hugepages_size=2048kB
[  538.093986][T12285] 69890 total pagecache pages
[  538.145426][T12285] 1 pages in swap cache
[  538.219624][T12285] Free swap  = 124992kB
[  538.240415][T12285] Total swap = 124996kB
[  538.294610][T12285] 2097051 pages RAM
[  538.318704][T12285] 0 pages HighMem/MovableOnly
[  538.320732][T12317] ERROR: Out of memory at tomoyo_memory_ok.
[  538.366149][T12285] 429850 pages reserved
[  538.399401][T12285] 0 pages cma reserved
[  538.428309][T12317] FAULT_INJECTION: forcing a failure.
[  538.428309][T12317] name failslab, interval 1, probability 0, space 0, times 0
[  538.499369][T12317] CPU: 1 UID: 0 PID: 12317 Comm: syz.4.1423 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  538.499408][T12317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  538.499419][T12317] Call Trace:
[  538.499424][T12317]  <TASK>
[  538.499431][T12317]  dump_stack_lvl+0x16c/0x1f0
[  538.499458][T12317]  should_fail_ex+0x512/0x640
[  538.499478][T12317]  ? __kvmalloc_node_noprof+0x124/0x620
[  538.499502][T12317]  should_failslab+0xc2/0x120
[  538.499517][T12317]  __kvmalloc_node_noprof+0x137/0x620
[  538.499535][T12317]  ? do_setup+0x2bd/0x3a0
[  538.499550][T12317]  ? alloc_netdev_mqs+0xb5b/0x1570
[  538.499576][T12317]  ? alloc_netdev_mqs+0xb5b/0x1570
[  538.499597][T12317]  alloc_netdev_mqs+0xb5b/0x1570
[  538.499621][T12317]  ? ovs_vport_alloc+0x2a0/0x3d0
[  538.499636][T12317]  internal_dev_create+0x8a/0x520
[  538.499652][T12317]  ovs_vport_add+0x144/0x4d0
[  538.499666][T12317]  new_vport+0x16/0x1d0
[  538.499685][T12317]  ovs_dp_cmd_new+0x6ba/0xe60
[  538.499710][T12317]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[  538.499734][T12317]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  538.499753][T12317]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  538.499776][T12317]  genl_family_rcv_msg_doit+0x206/0x2f0
[  538.499795][T12317]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  538.499813][T12317]  ? trace_cap_capable+0x18d/0x200
[  538.499841][T12317]  ? bpf_lsm_capable+0x9/0x10
[  538.499858][T12317]  ? security_capable+0x7e/0x260
[  538.499881][T12317]  ? ns_capable+0xd7/0x110
[  538.499897][T12317]  genl_rcv_msg+0x55c/0x800
[  538.499917][T12317]  ? __pfx_genl_rcv_msg+0x10/0x10
[  538.499935][T12317]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[  538.499961][T12317]  netlink_rcv_skb+0x155/0x420
[  538.499977][T12317]  ? __pfx_genl_rcv_msg+0x10/0x10
[  538.499995][T12317]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  538.500031][T12317]  ? netlink_deliver_tap+0x1ae/0xd30
[  538.500049][T12317]  genl_rcv+0x28/0x40
[  538.500066][T12317]  netlink_unicast+0x53a/0x7f0
[  538.500083][T12317]  ? __pfx_netlink_unicast+0x10/0x10
[  538.500105][T12317]  netlink_sendmsg+0x8d1/0xdd0
[  538.500124][T12317]  ? __pfx_netlink_sendmsg+0x10/0x10
[  538.500146][T12317]  ____sys_sendmsg+0xa95/0xc70
[  538.500164][T12317]  ? copy_msghdr_from_user+0x10a/0x160
[  538.500186][T12317]  ? __pfx_____sys_sendmsg+0x10/0x10
[  538.500206][T12317]  ? __pfx_futex_wake_mark+0x10/0x10
[  538.500230][T12317]  ___sys_sendmsg+0x134/0x1d0
[  538.500255][T12317]  ? __pfx____sys_sendmsg+0x10/0x10
[  538.500275][T12317]  ? __lock_acquire+0x622/0x1c90
[  538.500349][T12317]  __sys_sendmsg+0x16d/0x220
[  538.500388][T12317]  ? __pfx___sys_sendmsg+0x10/0x10
[  538.500420][T12317]  ? __x64_sys_futex+0x1e0/0x4c0
[  538.500466][T12317]  do_syscall_64+0xcd/0x490
[  538.500502][T12317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  538.500525][T12317] RIP: 0033:0x7f8b3e38e929
[  538.500544][T12317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  538.500567][T12317] RSP: 002b:00007f8b3f1af038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  538.500589][T12317] RAX: ffffffffffffffda RBX: 00007f8b3e5b5fa0 RCX: 00007f8b3e38e929
[  538.500604][T12317] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 000000000000000b
[  538.500619][T12317] RBP: 00007f8b3e410b39 R08: 0000000000000000 R09: 0000000000000000
[  538.500633][T12317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  538.500646][T12317] R13: 0000000000000000 R14: 00007f8b3e5b5fa0 R15: 00007ffc2ecab928
[  538.500678][T12317]  </TASK>
[  540.159358][T12340] FAULT_INJECTION: forcing a failure.
[  540.159358][T12340] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  540.173031][T12340] CPU: 1 UID: 0 PID: 12340 Comm: syz.4.1425 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  540.173052][T12340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  540.173062][T12340] Call Trace:
[  540.173067][T12340]  <TASK>
[  540.173073][T12340]  dump_stack_lvl+0x16c/0x1f0
[  540.173101][T12340]  should_fail_ex+0x512/0x640
[  540.173124][T12340]  should_fail_alloc_page+0xe7/0x130
[  540.173140][T12340]  prepare_alloc_pages+0x3c2/0x610
[  540.173162][T12340]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  540.173186][T12340]  ? stack_trace_save+0x8e/0xc0
[  540.173210][T12340]  ? __pfx_stack_trace_save+0x10/0x10
[  540.173225][T12340]  ? stack_depot_save_flags+0x28/0xa40
[  540.173246][T12340]  ? stack_trace_save+0x8e/0xc0
[  540.173263][T12340]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  540.173285][T12340]  ? kasan_save_stack+0x33/0x60
[  540.173306][T12340]  ? __kasan_kmalloc+0xaa/0xb0
[  540.173325][T12340]  ? ring_buffer_read_prepare+0x101/0x320
[  540.173341][T12340]  ? tracing_open+0xbe8/0xf90
[  540.173355][T12340]  ? do_dentry_open+0x741/0x1c10
[  540.173374][T12340]  ? vfs_open+0x82/0x3f0
[  540.173387][T12340]  ? path_openat+0x1de4/0x2cb0
[  540.173405][T12340]  ? do_filp_open+0x20b/0x470
[  540.173437][T12340]  ? ring_buffer_read_prepare+0x171/0x320
[  540.173452][T12340]  __alloc_pages_noprof+0xb/0x1b0
[  540.173472][T12340]  ___kmalloc_large_node+0x84/0x1e0
[  540.173491][T12340]  ? ring_buffer_read_prepare+0x171/0x320
[  540.173506][T12340]  __kmalloc_large_node_noprof+0x1c/0x70
[  540.173524][T12340]  __kmalloc_noprof.cold+0xc/0x61
[  540.173546][T12340]  ? kasan_save_track+0x14/0x30
[  540.173568][T12340]  ring_buffer_read_prepare+0x171/0x320
[  540.173586][T12340]  tracing_open+0xbe8/0xf90
[  540.173605][T12340]  do_dentry_open+0x741/0x1c10
[  540.173625][T12340]  ? __pfx_tracing_open+0x10/0x10
[  540.173644][T12340]  vfs_open+0x82/0x3f0
[  540.173660][T12340]  path_openat+0x1de4/0x2cb0
[  540.173686][T12340]  ? __pfx_path_openat+0x10/0x10
[  540.173707][T12340]  ? __lock_acquire+0xb8a/0x1c90
[  540.173728][T12340]  do_filp_open+0x20b/0x470
[  540.173748][T12340]  ? __pfx_do_filp_open+0x10/0x10
[  540.173781][T12340]  ? alloc_fd+0x471/0x7d0
[  540.173806][T12340]  do_sys_openat2+0x11b/0x1d0
[  540.173821][T12340]  ? __pfx_do_sys_openat2+0x10/0x10
[  540.173844][T12340]  __x64_sys_openat+0x174/0x210
[  540.173860][T12340]  ? __pfx___x64_sys_openat+0x10/0x10
[  540.173883][T12340]  do_syscall_64+0xcd/0x490
[  540.173906][T12340]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  540.173921][T12340] RIP: 0033:0x7f8b3e38e929
[  540.173933][T12340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  540.173946][T12340] RSP: 002b:00007f8b3f18e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  540.173960][T12340] RAX: ffffffffffffffda RBX: 00007f8b3e5b6080 RCX: 00007f8b3e38e929
[  540.173970][T12340] RDX: 0000000000000002 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  540.173979][T12340] RBP: 00007f8b3e410b39 R08: 0000000000000000 R09: 0000000000000000
[  540.173987][T12340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  540.173995][T12340] R13: 0000000000000000 R14: 00007f8b3e5b6080 R15: 00007ffc2ecab928
[  540.174014][T12340]  </TASK>
[  542.199470][T12313] kexec: Could not allocate control_code_buffer
[  542.219209][T12375] FAULT_INJECTION: forcing a failure.
[  542.219209][T12375] name failslab, interval 1, probability 0, space 0, times 0
[  542.278945][T12375] CPU: 1 UID: 0 PID: 12375 Comm: syz.3.1432 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  542.278982][T12375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  542.278998][T12375] Call Trace:
[  542.279006][T12375]  <TASK>
[  542.279017][T12375]  dump_stack_lvl+0x16c/0x1f0
[  542.279067][T12375]  should_fail_ex+0x512/0x640
[  542.279101][T12375]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  542.279137][T12375]  should_failslab+0xc2/0x120
[  542.279162][T12375]  __kmalloc_cache_noprof+0x6a/0x3e0
[  542.279195][T12375]  ? snd_ctl_get_preferred_subdevice+0x16c/0x1f0
[  542.279228][T12375]  ? snd_pcm_attach_substream+0x441/0xd60
[  542.279267][T12375]  snd_pcm_attach_substream+0x441/0xd60
[  542.279309][T12375]  snd_pcm_open_substream+0x8d/0x17f0
[  542.279345][T12375]  ? __pfx_snd_pcm_open_substream+0x10/0x10
[  542.279390][T12375]  snd_pcm_oss_open+0x735/0x1400
[  542.279433][T12375]  ? __pfx_snd_pcm_oss_open+0x10/0x10
[  542.279462][T12375]  ? __lock_acquire+0xb8a/0x1c90
[  542.279495][T12375]  ? __pfx_default_wake_function+0x10/0x10
[  542.279524][T12375]  ? __lock_acquire+0xb8a/0x1c90
[  542.279564][T12375]  ? do_raw_spin_lock+0x12c/0x2b0
[  542.279603][T12375]  ? soundcore_open+0x35a/0x580
[  542.279641][T12375]  ? __pfx_snd_pcm_oss_open+0x10/0x10
[  542.279670][T12375]  soundcore_open+0x409/0x580
[  542.279719][T12375]  ? __pfx_soundcore_open+0x10/0x10
[  542.279757][T12375]  chrdev_open+0x234/0x6a0
[  542.279794][T12375]  ? __pfx_apparmor_file_open+0x10/0x10
[  542.279825][T12375]  ? __pfx_chrdev_open+0x10/0x10
[  542.279865][T12375]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  542.279904][T12375]  do_dentry_open+0x741/0x1c10
[  542.279939][T12375]  ? __pfx_chrdev_open+0x10/0x10
[  542.279984][T12375]  vfs_open+0x82/0x3f0
[  542.280015][T12375]  path_openat+0x1de4/0x2cb0
[  542.280062][T12375]  ? __pfx_path_openat+0x10/0x10
[  542.280098][T12375]  ? __lock_acquire+0xb8a/0x1c90
[  542.280134][T12375]  do_filp_open+0x20b/0x470
[  542.280169][T12375]  ? __pfx_do_filp_open+0x10/0x10
[  542.280231][T12375]  ? alloc_fd+0x471/0x7d0
[  542.280274][T12375]  do_sys_openat2+0x11b/0x1d0
[  542.280301][T12375]  ? __pfx_do_sys_openat2+0x10/0x10
[  542.280344][T12375]  __x64_sys_openat+0x174/0x210
[  542.280373][T12375]  ? __pfx___x64_sys_openat+0x10/0x10
[  542.280416][T12375]  do_syscall_64+0xcd/0x490
[  542.280457][T12375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  542.280483][T12375] RIP: 0033:0x7f90e358e929
[  542.280503][T12375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  542.280528][T12375] RSP: 002b:00007f90e432b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  542.280552][T12375] RAX: ffffffffffffffda RBX: 00007f90e37b6080 RCX: 00007f90e358e929
[  542.280570][T12375] RDX: 0000000000008000 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  542.280587][T12375] RBP: 00007f90e3610b39 R08: 0000000000000000 R09: 0000000000000000
[  542.280602][T12375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  542.280618][T12375] R13: 0000000000000000 R14: 00007f90e37b6080 R15: 00007ffd0dce5cd8
[  542.280654][T12375]  </TASK>
[  543.117324][T12385] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1434'.
[  543.944248][T12384] Process accounting paused
[  544.087519][T12413] FAULT_INJECTION: forcing a failure.
[  544.087519][T12413] name fail_futex, interval 1, probability 0, space 0, times 0
[  544.125677][T12413] CPU: 0 UID: 0 PID: 12413 Comm: syz.4.1439 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  544.125701][T12413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  544.125710][T12413] Call Trace:
[  544.125716][T12413]  <TASK>
[  544.125721][T12413]  dump_stack_lvl+0x16c/0x1f0
[  544.125752][T12413]  should_fail_ex+0x512/0x640
[  544.125776][T12413]  get_futex_key+0x1d0/0x1540
[  544.125798][T12413]  ? __pfx_get_futex_key+0x10/0x10
[  544.125820][T12413]  futex_wake+0xea/0x530
[  544.125838][T12413]  ? futex_wait+0x120/0x380
[  544.125860][T12413]  ? __pfx_futex_wake+0x10/0x10
[  544.125878][T12413]  ? __lock_acquire+0x622/0x1c90
[  544.125899][T12413]  ? rcu_is_watching+0x12/0xc0
[  544.125917][T12413]  do_futex+0x1e3/0x350
[  544.125934][T12413]  ? __pfx_do_futex+0x10/0x10
[  544.125956][T12413]  __x64_sys_futex+0x1e0/0x4c0
[  544.125975][T12413]  ? __pfx___x64_sys_futex+0x10/0x10
[  544.125992][T12413]  ? __sys_getsockopt+0x144/0x1b0
[  544.126019][T12413]  do_syscall_64+0xcd/0x490
[  544.126041][T12413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.126056][T12413] RIP: 0033:0x7f8b3e38e929
[  544.126068][T12413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  544.126081][T12413] RSP: 002b:00007f8b3f18e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  544.126095][T12413] RAX: ffffffffffffffda RBX: 00007f8b3e5b6088 RCX: 00007f8b3e38e929
[  544.126105][T12413] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f8b3e5b608c
[  544.126113][T12413] RBP: 00007f8b3e5b6080 R08: 00007f8b3f1b0000 R09: 0000000000000000
[  544.126122][T12413] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f8b3e5b608c
[  544.126131][T12413] R13: 0000000000000000 R14: 00007ffc2ecab840 R15: 00007ffc2ecab928
[  544.126148][T12413]  </TASK>
[  544.807977][T12424] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000
[  544.817725][T12424] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  544.826624][T12424] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  544.842531][T12424] page_type: f5(slab)
[  544.846730][T12424] raw: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000
[  544.855499][T12424] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  544.868082][T12424] head: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000
[  544.878787][T12424] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  544.888650][T12424] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff
[  545.189017][T12424] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  545.247172][T12424] page dumped because: unmovable page
[  545.268902][T12424] page_owner tracks the page as allocated
[  545.289426][T12424] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd60c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5836, tgid 5836 (syz-executor), ts 87572233843, free_ts 87513401741
[  545.315977][ T5186] ERROR: Out of memory at tomoyo_memory_ok.
[  545.387703][T12424]  post_alloc_hook+0x1c0/0x230
[  545.406830][T12424]  get_page_from_freelist+0x1321/0x3890
[  545.431111][T12424]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  545.438579][T12424]  alloc_pages_mpol+0x1fb/0x550
[  545.443713][T12424]  new_slab+0x23b/0x330
[  545.448014][T12424]  ___slab_alloc+0xd9c/0x1940
[  545.453016][T12424]  __slab_alloc.constprop.0+0x56/0xb0
[  545.459982][T12424]  __kvmalloc_node_noprof+0x3b1/0x620
[  545.465621][T12424]  veth_dev_init+0x377/0x570
[  545.470676][T12424]  register_netdevice+0x650/0x2270
[  545.476016][T12424]  veth_newlink+0x446/0xa00
[  545.480733][T12424]  rtnl_newlink+0xc42/0x2000
[  545.485541][T12424]  rtnetlink_rcv_msg+0x95e/0xe90
[  545.499059][T12424]  netlink_rcv_skb+0x155/0x420
[  545.504698][T12424]  netlink_unicast+0x53a/0x7f0
[  545.512745][T12424]  netlink_sendmsg+0x8d1/0xdd0
[  545.689653][T12424] page last free pid 5831 tgid 5831 stack trace:
[  545.696061][T12424]  __free_frozen_pages+0x7fe/0x1180
[  545.762167][T12424]  __put_partials+0x16d/0x1c0
[  545.788154][T12424]  qlist_free_all+0x4d/0x120
[  545.809124][T12424]  kasan_quarantine_reduce+0x195/0x1e0
[  545.827905][T12424]  __kasan_slab_alloc+0x69/0x90
[  545.899248][T12424]  __kmalloc_cache_noprof+0x1f1/0x3e0
[  545.907278][T12424]  ref_tracker_alloc+0x18e/0x5b0
[  545.915159][T12424]  register_netdevice+0x1689/0x2270
[  545.918779][T12449] tipc: Started in network mode
[  545.924030][T12424]  macvlan_common_newlink+0x10e7/0x1a20
[  545.925510][T12449] tipc: Node identity ee00, cluster identity 4711
[  545.931151][T12424]  rtnl_newlink+0xc42/0x2000
[  545.939087][T12449] tipc: Node number set to 60928
[  545.943684][T12424]  rtnetlink_rcv_msg+0x95e/0xe90
[  545.953042][T12424]  netlink_rcv_skb+0x155/0x420
[  545.958072][T12424]  netlink_unicast+0x53a/0x7f0
[  545.963088][T12424]  netlink_sendmsg+0x8d1/0xdd0
[  545.967979][T12424]  __sys_sendto+0x4a0/0x520
[  545.981468][T12424]  __x64_sys_sendto+0xe0/0x1c0
[  546.096750][T12447] Process accounting resumed
[  547.341464][T12473] FAULT_INJECTION: forcing a failure.
[  547.341464][T12473] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  547.378148][T12473] CPU: 0 UID: 0 PID: 12473 Comm: syz.6.1451 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  547.378191][T12473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  547.378206][T12473] Call Trace:
[  547.378216][T12473]  <TASK>
[  547.378226][T12473]  dump_stack_lvl+0x16c/0x1f0
[  547.378270][T12473]  should_fail_ex+0x512/0x640
[  547.378310][T12473]  strncpy_from_user+0x3b/0x2e0
[  547.378346][T12473]  getname_flags.part.0+0x8f/0x550
[  547.378379][T12473]  getname_flags+0x93/0xf0
[  547.378411][T12473]  do_sys_openat2+0xb8/0x1d0
[  547.378439][T12473]  ? __pfx_do_sys_openat2+0x10/0x10
[  547.378479][T12473]  __x64_sys_openat+0x174/0x210
[  547.378506][T12473]  ? __pfx___x64_sys_openat+0x10/0x10
[  547.378555][T12473]  do_syscall_64+0xcd/0x490
[  547.378597][T12473]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  547.378623][T12473] RIP: 0033:0x7fc89b18e929
[  547.378644][T12473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  547.378669][T12473] RSP: 002b:00007fc898fd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  547.378693][T12473] RAX: ffffffffffffffda RBX: 00007fc89b3b6080 RCX: 00007fc89b18e929
[  547.378709][T12473] RDX: 0000000000008000 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  547.378724][T12473] RBP: 00007fc89b210b39 R08: 0000000000000000 R09: 0000000000000000
[  547.378740][T12473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  547.378754][T12473] R13: 0000000000000000 R14: 00007fc89b3b6080 R15: 00007ffcc7940f38
[  547.378788][T12473]  </TASK>
[  548.199744][T12487] FAULT_INJECTION: forcing a failure.
[  548.199744][T12487] name failslab, interval 1, probability 0, space 0, times 0
[  548.257288][T12487] CPU: 1 UID: 0 PID: 12487 Comm: syz.3.1454 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  548.257316][T12487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  548.257326][T12487] Call Trace:
[  548.257332][T12487]  <TASK>
[  548.257338][T12487]  dump_stack_lvl+0x16c/0x1f0
[  548.257365][T12487]  should_fail_ex+0x512/0x640
[  548.257386][T12487]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  548.257410][T12487]  should_failslab+0xc2/0x120
[  548.257425][T12487]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  548.257452][T12487]  ? find_held_lock+0x2b/0x80
[  548.257467][T12487]  ? skb_clone+0x190/0x3f0
[  548.257492][T12487]  skb_clone+0x190/0x3f0
[  548.257515][T12487]  netlink_broadcast_filtered+0xb19/0xf10
[  548.257537][T12487]  ? sprintf+0xcc/0x100
[  548.257556][T12487]  ? __pfx_netlink_broadcast_filtered+0x10/0x10
[  548.257576][T12487]  ? netlink_has_listeners+0x20f/0x430
[  548.257593][T12487]  netlink_broadcast+0x39/0x50
[  548.257608][T12487]  kobject_uevent_env+0xc6a/0x1870
[  548.257628][T12487]  ? bus_to_subsys+0x131/0x160
[  548.257648][T12487]  device_add+0x10dd/0x1a70
[  548.257663][T12487]  ? __pfx_device_add+0x10/0x10
[  548.257684][T12487]  nfc_register_device+0x41/0x3c0
[  548.257701][T12487]  nci_register_device+0x7f1/0xb80
[  548.257722][T12487]  ? __pfx_nci_register_device+0x10/0x10
[  548.257744][T12487]  ? lockdep_init_map_type+0x5c/0x280
[  548.257767][T12487]  virtual_ncidev_open+0x141/0x220
[  548.257784][T12487]  ? __pfx_virtual_ncidev_open+0x10/0x10
[  548.257801][T12487]  misc_open+0x35d/0x420
[  548.257819][T12487]  ? __pfx_misc_open+0x10/0x10
[  548.257835][T12487]  chrdev_open+0x234/0x6a0
[  548.257856][T12487]  ? __pfx_apparmor_file_open+0x10/0x10
[  548.257874][T12487]  ? __pfx_chrdev_open+0x10/0x10
[  548.257897][T12487]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  548.257920][T12487]  do_dentry_open+0x741/0x1c10
[  548.257941][T12487]  ? __pfx_chrdev_open+0x10/0x10
[  548.257967][T12487]  vfs_open+0x82/0x3f0
[  548.257984][T12487]  path_openat+0x1de4/0x2cb0
[  548.258011][T12487]  ? __pfx_path_openat+0x10/0x10
[  548.258032][T12487]  ? __lock_acquire+0xb8a/0x1c90
[  548.258052][T12487]  do_filp_open+0x20b/0x470
[  548.258073][T12487]  ? __pfx_do_filp_open+0x10/0x10
[  548.258107][T12487]  ? alloc_fd+0x471/0x7d0
[  548.258131][T12487]  do_sys_openat2+0x11b/0x1d0
[  548.258147][T12487]  ? __pfx_do_sys_openat2+0x10/0x10
[  548.258170][T12487]  __x64_sys_openat+0x174/0x210
[  548.258189][T12487]  ? __pfx___x64_sys_openat+0x10/0x10
[  548.258213][T12487]  do_syscall_64+0xcd/0x490
[  548.258237][T12487]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  548.258251][T12487] RIP: 0033:0x7f90e358e929
[  548.258263][T12487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  548.258278][T12487] RSP: 002b:00007f90e434c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  548.258292][T12487] RAX: ffffffffffffffda RBX: 00007f90e37b5fa0 RCX: 00007f90e358e929
[  548.258301][T12487] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c
[  548.258310][T12487] RBP: 00007f90e3610b39 R08: 0000000000000000 R09: 0000000000000000
[  548.258318][T12487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  548.258327][T12487] R13: 0000000000000000 R14: 00007f90e37b5fa0 R15: 00007ffd0dce5cd8
[  548.258346][T12487]  </TASK>
[  548.701633][T12496] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20
[  548.832364][ T5189] ERROR: Out of memory at tomoyo_memory_ok.
[  551.348152][T12540] FAULT_INJECTION: forcing a failure.
[  551.348152][T12540] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  551.475872][T12540] CPU: 1 UID: 0 PID: 12540 Comm: syz.5.1461 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  551.475915][T12540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  551.475931][T12540] Call Trace:
[  551.475940][T12540]  <TASK>
[  551.475951][T12540]  dump_stack_lvl+0x16c/0x1f0
[  551.475995][T12540]  should_fail_ex+0x512/0x640
[  551.476037][T12540]  strncpy_from_user+0x3b/0x2e0
[  551.476076][T12540]  getname_flags.part.0+0x8f/0x550
[  551.476109][T12540]  getname_flags+0x93/0xf0
[  551.476143][T12540]  do_sys_openat2+0xb8/0x1d0
[  551.476170][T12540]  ? __pfx_do_sys_openat2+0x10/0x10
[  551.476213][T12540]  __x64_sys_openat+0x174/0x210
[  551.476242][T12540]  ? __pfx___x64_sys_openat+0x10/0x10
[  551.476286][T12540]  do_syscall_64+0xcd/0x490
[  551.476326][T12540]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  551.476353][T12540] RIP: 0033:0x7fa5e418e929
[  551.476375][T12540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  551.476400][T12540] RSP: 002b:00007fa5e4f90038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  551.476425][T12540] RAX: ffffffffffffffda RBX: 00007fa5e43b6080 RCX: 00007fa5e418e929
[  551.476443][T12540] RDX: 0000000000008000 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  551.476460][T12540] RBP: 00007fa5e4210b39 R08: 0000000000000000 R09: 0000000000000000
[  551.476476][T12540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  551.476492][T12540] R13: 0000000000000000 R14: 00007fa5e43b6080 R15: 00007fffcc7d5878
[  551.476524][T12540]  </TASK>
[  553.810511][T11665] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  553.821294][T11665] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  553.829621][T11665] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  553.838013][T11665] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  553.845706][T11665] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  554.631209][T12560] chnl_net:caif_netlink_parms(): no params data found
[  555.132572][T12560] bridge0: port 1(bridge_slave_0) entered blocking state
[  555.171806][T12560] bridge0: port 1(bridge_slave_0) entered disabled state
[  555.204329][T12560] bridge_slave_0: entered allmulticast mode
[  555.264993][T12560] bridge_slave_0: entered promiscuous mode
[  555.311308][T12560] bridge0: port 2(bridge_slave_1) entered blocking state
[  555.318567][T12560] bridge0: port 2(bridge_slave_1) entered disabled state
[  555.352094][T12560] bridge_slave_1: entered allmulticast mode
[  555.379089][T12560] bridge_slave_1: entered promiscuous mode
[  555.596101][T12560] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  555.650398][T12560] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  555.891348][T11665] Bluetooth: hci4: command tx timeout
[  556.018483][T12560] team0: Port device team_slave_0 added
[  556.106456][T12560] team0: Port device team_slave_1 added
[  556.533429][T12560] batman_adv: batadv0: Adding interface: batadv_slave_0
[  556.548897][T12560] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  556.669577][T12560] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  556.738729][T12560] batman_adv: batadv0: Adding interface: batadv_slave_1
[  556.786478][T12560] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  556.876644][T12560] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  557.052758][T12560] hsr_slave_0: entered promiscuous mode
[  557.061382][T12560] hsr_slave_1: entered promiscuous mode
[  557.067609][T12560] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  557.119106][T12560] Cannot create hsr debugfs directory
[  557.848286][T12560] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  557.969492][T11722] Bluetooth: hci4: command tx timeout
[  558.111927][T12560] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  558.213618][T12560] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  558.341422][T12560] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  558.791038][T12560] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  558.832976][T12560] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  558.853699][T12560] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  558.991288][T12560] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  559.422699][T12560] 8021q: adding VLAN 0 to HW filter on device bond0
[  559.480873][T12560] 8021q: adding VLAN 0 to HW filter on device team0
[  559.513868][T10754] bridge0: port 1(bridge_slave_0) entered blocking state
[  559.521113][T10754] bridge0: port 1(bridge_slave_0) entered forwarding state
[  559.565960][T10754] bridge0: port 2(bridge_slave_1) entered blocking state
[  559.573180][T10754] bridge0: port 2(bridge_slave_1) entered forwarding state
[  559.631987][   T30] audit: type=1800 audit(4295005971.546:16): pid=12613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.1474" name="lu_gp_id" dev="configfs" ino=66593 res=0 errno=0
[  560.054291][T11722] Bluetooth: hci4: command tx timeout
[  560.146788][T12613] ALUA LU Group already has a valid ID, ignoring request
[  560.211847][T12560] 8021q: adding VLAN 0 to HW filter on device batadv0
[  560.979717][T12560] veth0_vlan: entered promiscuous mode
[  560.994228][T12560] veth1_vlan: entered promiscuous mode
[  561.053708][T12560] veth0_macvtap: entered promiscuous mode
[  561.067282][T12560] veth1_macvtap: entered promiscuous mode
[  561.116747][T12560] batman_adv: batadv0: Interface activated: batadv_slave_0
[  561.138743][T12560] batman_adv: batadv0: Interface activated: batadv_slave_1
[  561.190763][T12560] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  561.201963][T12560] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  561.261111][T12560] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  561.291589][T12560] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  561.639125][T12533] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  561.705233][T12533] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  561.855691][T12533] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  561.855718][T12533] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  562.131926][T11722] Bluetooth: hci4: command tx timeout
[  562.957725][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  562.964268][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  564.570761][T12679] FAULT_INJECTION: forcing a failure.
[  564.570761][T12679] name failslab, interval 1, probability 0, space 0, times 0
[  564.589186][T12679] CPU: 1 UID: 0 PID: 12679 Comm: syz.3.1483 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  564.589224][T12679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  564.589239][T12679] Call Trace:
[  564.589249][T12679]  <TASK>
[  564.589258][T12679]  dump_stack_lvl+0x16c/0x1f0
[  564.589303][T12679]  should_fail_ex+0x512/0x640
[  564.589338][T12679]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  564.589383][T12679]  should_failslab+0xc2/0x120
[  564.589408][T12679]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  564.589446][T12679]  ? rhashtable_init_noprof+0x4ed/0x7e0
[  564.589477][T12679]  ? rhashtable_init_noprof+0x55e/0x7e0
[  564.589507][T12679]  ? ipv4_frags_init_net+0x14d/0x3d0
[  564.589535][T12679]  kmemdup_noprof+0x29/0x60
[  564.589571][T12679]  ipv4_frags_init_net+0x14d/0x3d0
[  564.589596][T12679]  ? __pfx_ipv4_frags_init_net+0x10/0x10
[  564.589619][T12679]  ops_init+0x1e2/0x5f0
[  564.589648][T12679]  setup_net+0x1ff/0x510
[  564.589671][T12679]  ? lockdep_init_map_type+0x5c/0x280
[  564.589707][T12679]  ? __pfx_setup_net+0x10/0x10
[  564.589733][T12679]  ? debug_mutex_init+0x37/0x70
[  564.589772][T12679]  copy_net_ns+0x2a6/0x5f0
[  564.589805][T12679]  create_new_namespaces+0x3ea/0xa90
[  564.589844][T12679]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  564.589877][T12679]  ksys_unshare+0x45b/0xa40
[  564.589913][T12679]  ? __pfx_ksys_unshare+0x10/0x10
[  564.589950][T12679]  ? syscall_user_dispatch+0x78/0x140
[  564.589997][T12679]  __x64_sys_unshare+0x31/0x40
[  564.590030][T12679]  do_syscall_64+0xcd/0x490
[  564.590071][T12679]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  564.590100][T12679] RIP: 0033:0x7f90e358e929
[  564.590121][T12679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  564.590146][T12679] RSP: 002b:00007f90e434c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  564.590172][T12679] RAX: ffffffffffffffda RBX: 00007f90e37b5fa0 RCX: 00007f90e358e929
[  564.590189][T12679] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  564.590205][T12679] RBP: 00007f90e3610b39 R08: 0000000000000000 R09: 0000000000000000
[  564.590222][T12679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  564.590238][T12679] R13: 0000000000000000 R14: 00007f90e37b5fa0 R15: 00007ffd0dce5cd8
[  564.590274][T12679]  </TASK>
[  567.504885][T11665] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  567.522009][T11665] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  567.536529][T11665] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  567.555373][T11665] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  567.568814][T11665] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  567.610727][T12719] netlink: 'syz.6.1492': attribute type 11 has an invalid length.
[  567.724501][T12721] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  568.586424][T12715] chnl_net:caif_netlink_parms(): no params data found
[  569.203643][T12715] bridge0: port 1(bridge_slave_0) entered blocking state
[  569.244796][T12715] bridge0: port 1(bridge_slave_0) entered disabled state
[  569.381711][T12715] bridge_slave_0: entered allmulticast mode
[  569.401068][T12715] bridge_slave_0: entered promiscuous mode
[  569.514899][T12715] bridge0: port 2(bridge_slave_1) entered blocking state
[  569.561198][T12715] bridge0: port 2(bridge_slave_1) entered disabled state
[  569.649468][T12715] bridge_slave_1: entered allmulticast mode
[  569.660719][T11722] Bluetooth: hci7: command tx timeout
[  569.672322][T12715] bridge_slave_1: entered promiscuous mode
[  570.097933][T12715] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  570.134866][T12715] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  570.506103][T12715] team0: Port device team_slave_0 added
[  570.527726][T12715] team0: Port device team_slave_1 added
[  570.765277][T12715] batman_adv: batadv0: Adding interface: batadv_slave_0
[  570.781154][T12715] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  570.861900][T12715] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  570.922950][T12715] batman_adv: batadv0: Adding interface: batadv_slave_1
[  570.944517][T12715] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  570.999008][T12715] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  571.217643][T12715] hsr_slave_0: entered promiscuous mode
[  571.245618][T12715] hsr_slave_1: entered promiscuous mode
[  571.268653][T12715] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  571.286849][T12715] Cannot create hsr debugfs directory
[  571.739215][T11722] Bluetooth: hci7: command tx timeout
[  572.540864][   T31] INFO: task kworker/u8:9:3484 blocked for more than 143 seconds.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  572.583036][   T31]       Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0
[  572.599011][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  572.607819][   T31] task:kworker/u8:9    state:D stack:23096 pid:3484  tgid:3484  ppid:2      task_flags:0x4208060 flags:0x00004000
[  572.621802][   T31] Workqueue: netns cleanup_net
[  572.626631][   T31] Call Trace:
[  572.630432][   T31]  <TASK>
[  572.633397][   T31]  __schedule+0x116a/0x5de0
[  572.637977][   T31]  ? __lock_acquire+0x622/0x1c90
[  572.643619][   T31]  ? __pfx___schedule+0x10/0x10
[  572.652173][   T31]  ? find_held_lock+0x2b/0x80
[  572.656888][   T31]  ? schedule+0x2d7/0x3a0
[  572.666564][   T31]  schedule+0xe7/0x3a0
[  572.670975][   T31]  schedule_timeout+0x257/0x290
[  572.676106][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  572.682076][   T31]  ? mark_held_locks+0x49/0x80
[  572.686891][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  572.696052][   T31]  __wait_for_common+0x2ff/0x4e0
[  572.701530][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  572.706968][   T31]  ? __pfx___wait_for_common+0x10/0x10
[  572.712921][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  572.718180][   T31]  ? flush_workqueue_prep_pwqs+0x2e9/0x510
[  572.724533][   T31]  __flush_workqueue+0x3e2/0x1230
[  572.729934][   T31]  ? __pfx___flush_workqueue+0x10/0x10
[  572.735471][   T31]  ? reacquire_held_locks+0xcd/0x1f0
[  572.741166][   T31]  ? __pfx_sock_def_readable+0x10/0x10
[  572.748570][   T31]  ? __pfx_sock_def_readable+0x10/0x10
[  572.773133][   T31]  rds_tcp_listen_stop+0x104/0x150
[  572.778351][   T31]  ? __pfx_rds_tcp_exit_net+0x10/0x10
[  572.784464][   T31]  rds_tcp_exit_net+0xcb/0x810
[  572.796098][   T31]  ? __pfx_rds_tcp_exit_net+0x10/0x10
[  572.805164][   T31]  ? __pfx___might_resched+0x10/0x10
[  572.812295][T12715] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  572.818535][   T31]  ? __pfx_rds_tcp_exit_net+0x10/0x10
[  572.863272][   T31]  ops_undo_list+0x2ee/0xab0
[  572.868695][   T31]  ? __pfx_ops_undo_list+0x10/0x10
[  572.874221][   T31]  ? __local_bh_enable_ip+0xa4/0x120
[  572.883801][   T31]  cleanup_net+0x408/0x890
[  572.888272][   T31]  ? __pfx_cleanup_net+0x10/0x10
[  572.893324][   T31]  ? rcu_is_watching+0x12/0xc0
[  572.898150][   T31]  process_one_work+0x9cc/0x1b70
[  572.903614][   T31]  ? __pfx_process_one_work+0x10/0x10
[  572.918748][   T31]  ? assign_work+0x1a0/0x250
[  572.924774][   T31]  worker_thread+0x6c8/0xf10
[  572.948957][   T31]  ? __pfx_worker_thread+0x10/0x10
[  572.957596][   T31]  kthread+0x3c5/0x780
[  573.061574][   T31]  ? __pfx_kthread+0x10/0x10
[  573.078972][   T31]  ? rcu_is_watching+0x12/0xc0
[  573.084022][   T31]  ? __pfx_kthread+0x10/0x10
[  573.088665][   T31]  ret_from_fork+0x5d7/0x6f0
[  573.108325][   T31]  ? __pfx_kthread+0x10/0x10
[  573.118976][   T31]  ret_from_fork_asm+0x1a/0x30
[  573.126293][   T31]  </TASK>
[  573.139070][   T31] 
[  573.139070][   T31] Showing all locks held in the system:
[  573.145216][T12715] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  573.192790][   T31] 1 lock held by khungtaskd/31:
[  573.229868][   T31]  #0: ffffffff8e5c4700 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[  573.298440][   T31] 3 locks held by kworker/u8:9/3484:
[  573.336498][   T31]  #0: ffff88801c6fe148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  573.376343][   T31]  #1: ffffc9000bc27d10 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  573.396739][   T31]  #2: ffffffff90337f50 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x890
[  573.419053][   T31] 3 locks held by udevd/5204:
[  573.449492][   T31] 2 locks held by syz-executor/5822:
[  573.454841][   T31] 3 locks held by kworker/u10:4/10489:
[  573.561996][   T31]  #0: ffff8880312eb148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  573.639020][   T31]  #1: ffffc90003407d10 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  573.681597][   T31]  #2: ffffffff9034dfa8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x120/0x14e0
[  573.729050][   T31] 1 lock held by syz.0.1270/11439:
[  573.739173][   T31]  #0: ffffffff90337f50 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0
[  573.798485][   T31] 1 lock held by syz.1.1277/11476:
[  573.813608][T11722] Bluetooth: hci7: command tx timeout
[  573.832341][   T31]  #0: ffffffff90337f50 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0
[  573.842212][   T31] 2 locks held by getty/11498:
[  573.847002][   T31]  #0: ffff888031f130a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  573.857250][   T31]  #1: ffffc90003c1f2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[  573.867798][   T31] 1 lock held by syz.2.1332/11836:
[  573.875052][   T31]  #0: ffffffff90337f50 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0
[  573.886288][   T31] 3 locks held by kworker/u10:7/12533:
[  573.894641][   T31]  #0: ffff88801b889148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  573.906218][   T31]  #1: ffffc90017567d10 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  573.916848][   T31]  #2: ffffffff9034dfa8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0
[  573.926147][   T31] 1 lock held by syz.5.1461/12539:
[  573.932204][   T31]  #0: ffffffff90337f50 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0
[  573.943782][   T31] 1 lock held by syz-executor/12560:
[  573.949289][   T31] 3 locks held by syz-executor/12715:
[  573.954737][   T31]  #0: ffffffff9034dfa8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x600/0x2000
[  573.979467][   T31]  #1: ffff888099bf0d30 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: do_setlink.constprop.0+0x2e9/0x4380
[  574.031389][T12776] Process accounting resumed
[  574.053467][   T31]  #2: ffffffff8e5cfcf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x284/0x3c0
[  574.081390][   T31] 2 locks held by syz.6.1494/12756:
[  574.086650][   T31] 1 lock held by syz.4.1501/12777:
[  574.120817][   T31]  #0: ffffffff8e5cfcf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0
[  574.145171][   T31] 
[  574.147918][   T31] =============================================
[  574.147918][   T31] 
[  574.158205][   T31] NMI backtrace for cpu 0
[  574.158224][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  574.158255][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  574.158269][   T31] Call Trace:
[  574.158278][   T31]  <TASK>
[  574.158287][   T31]  dump_stack_lvl+0x116/0x1f0
[  574.158328][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  574.158355][   T31]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  574.158390][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  574.158422][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  574.158455][   T31]  watchdog+0xf70/0x12c0
[  574.158495][   T31]  ? __pfx_watchdog+0x10/0x10
[  574.158526][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  574.158562][   T31]  ? __kthread_parkme+0x19e/0x250
[  574.158593][   T31]  ? __pfx_watchdog+0x10/0x10
[  574.158626][   T31]  kthread+0x3c5/0x780
[  574.158658][   T31]  ? __pfx_kthread+0x10/0x10
[  574.158692][   T31]  ? rcu_is_watching+0x12/0xc0
[  574.158717][   T31]  ? __pfx_kthread+0x10/0x10
[  574.158750][   T31]  ret_from_fork+0x5d7/0x6f0
[  574.158780][   T31]  ? __pfx_kthread+0x10/0x10
[  574.158813][   T31]  ret_from_fork_asm+0x1a/0x30
[  574.158855][   T31]  </TASK>
[  574.278207][   T31] Sending NMI from CPU 0 to CPUs 1:
[  574.284689][    C1] NMI backtrace for cpu 1
[  574.284705][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  574.284733][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  574.284746][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  574.284780][    C1] Code: bb 75 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 cf 2d 00 fb f4 <e9> 0c fb 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  574.284800][    C1] RSP: 0018:ffffc90000197df8 EFLAGS: 000002c2
[  574.284817][    C1] RAX: 000000000032e2a3 RBX: 0000000000000001 RCX: ffffffff8b7c3be9
[  574.284831][    C1] RDX: 0000000000000000 RSI: ffffffff8de13a25 RDI: ffffffff8c1562a0
[  574.284850][    C1] RBP: ffffed1003cd7b40 R08: 0000000000000001 R09: ffffed10170a6645
[  574.284864][    C1] R10: ffff8880b853322b R11: 0000000000000001 R12: 0000000000000001
[  574.284878][    C1] R13: ffff88801e6bda00 R14: ffffffff90a82a50 R15: 0000000000000000
[  574.284892][    C1] FS:  0000000000000000(0000) GS:ffff888124861000(0000) knlGS:0000000000000000
[  574.284912][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  574.284927][    C1] CR2: 0000001b307c7ff8 CR3: 000000007da52000 CR4: 00000000003526f0
[  574.284941][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  574.284954][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  574.284967][    C1] Call Trace:
[  574.284973][    C1]  <TASK>
[  574.284980][    C1]  default_idle+0x13/0x20
[  574.285000][    C1]  default_idle_call+0x6d/0xb0
[  574.285021][    C1]  do_idle+0x391/0x510
[  574.285044][    C1]  ? __pfx_do_idle+0x10/0x10
[  574.285064][    C1]  ? trace_sched_exit_tp+0x31/0x130
[  574.285091][    C1]  cpu_startup_entry+0x4f/0x60
[  574.285112][    C1]  start_secondary+0x21d/0x2b0
[  574.285137][    C1]  ? __pfx_start_secondary+0x10/0x10
[  574.285165][    C1]  common_startup_64+0x13e/0x148
[  574.285203][    C1]  </TASK>
[  574.499484][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  574.506902][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  574.518725][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  574.528780][   T31] Call Trace:
[  574.532055][   T31]  <TASK>
[  574.534976][   T31]  dump_stack_lvl+0x3d/0x1f0
[  574.539578][   T31]  panic+0x71c/0x800
[  574.543594][   T31]  ? __pfx___irq_work_queue_local+0x10/0x10
[  574.549523][   T31]  ? __pfx_panic+0x10/0x10
[  574.553969][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  574.559352][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  574.565360][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  574.570760][   T31]  ? watchdog+0xdda/0x12c0
[  574.575204][   T31]  ? watchdog+0xdcd/0x12c0
[  574.579655][   T31]  watchdog+0xdeb/0x12c0
[  574.583911][   T31]  ? __pfx_watchdog+0x10/0x10
[  574.588594][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  574.593808][   T31]  ? __kthread_parkme+0x19e/0x250
[  574.598839][   T31]  ? __pfx_watchdog+0x10/0x10
[  574.603615][   T31]  kthread+0x3c5/0x780
[  574.607694][   T31]  ? __pfx_kthread+0x10/0x10
[  574.612294][   T31]  ? rcu_is_watching+0x12/0xc0
[  574.617062][   T31]  ? __pfx_kthread+0x10/0x10
[  574.621668][   T31]  ret_from_fork+0x5d7/0x6f0
[  574.626269][   T31]  ? __pfx_kthread+0x10/0x10
[  574.630873][   T31]  ret_from_fork_asm+0x1a/0x30
[  574.635650][   T31]  </TASK>
[  574.638895][   T31] Kernel Offset: disabled
[  574.643220][   T31] Rebooting in 86400 seconds..