last executing test programs:

2m24.866059165s ago: executing program 1 (id=324):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6gre0\x00', <r1=>0x0})
bpf$auto(0x0, &(0x7f0000000340)=@bpf_attr_5={@target_ifindex=r1, 0x7f, 0x99, 0x8, 0x1, @relative_id=0x8, 0x6}, 0x92)
socketpair$auto(0x1e, 0x5, 0x80000000, 0x0)
socket(0xa, 0x5, 0x0)
socket(0xa, 0x801, 0x84)
connect$auto(0x3, 0x0, 0x55)
listen$auto(0x3, 0x81)
setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8)
accept$auto(0x3, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6gre0\x00'}) (async)
bpf$auto(0x0, &(0x7f0000000340)=@bpf_attr_5={@target_ifindex=r1, 0x7f, 0x99, 0x8, 0x1, @relative_id=0x8, 0x6}, 0x92) (async)
socketpair$auto(0x1e, 0x5, 0x80000000, 0x0) (async)
socket(0xa, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x84) (async)
connect$auto(0x3, 0x0, 0x55) (async)
listen$auto(0x3, 0x81) (async)
setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) (async)
accept$auto(0x3, 0x0, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0) (async)

2m24.063221216s ago: executing program 1 (id=326):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44805}, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x47, 0x8000)
socketpair$auto(0x22, 0x5, 0x5, 0x0)
r2 = socket(0x1a, 0x2, 0x8)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$auto(0x0, 0x0, 0xa3)
bpf$auto(0x0, &(0x7f0000000000)=@link_update={0xa, @new_map_fd=0x2, 0x7, @old_map_fd=r3}, 0xa3)
fsconfig$auto_SHMEM_HUGE_DENY(r1, 0x5, &(0x7f0000000000)='ethtool\x00', &(0x7f0000000040)="c9394d956629ae80671a741019e64e7560509994c2819ed996b663fe8794e317eef719d01e73577452b1d3518a8aeb8090d1ea0188aafc980306a0afeb0a20", 0xffffffffffffffff)
write$auto(r2, 0x0, 0x8)
mmap$auto(0x0, 0x9, 0xc00000072, 0x8b72, 0x1000000002, 0x8000)
read$auto(0xffffffffffffffff, 0x0, 0x7fff)
r4 = socket(0x2b, 0x1, 0x1)
ioctl$auto(r4, 0x8983, 0x4)

2m22.493840758s ago: executing program 1 (id=332):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC1D1p\x00', 0x800, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
memfd_secret$auto(0x0)
socket(0xa, 0x801, 0x106)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x18, 0x6, 0x0)
getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0)
ioctl$auto_SNDRV_PCM_IOCTL_STATUS_EXT64(r0, 0xc0984124, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000)
openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
r1 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x80800, 0x0)
read$auto(r1, 0x0, 0x39b8)
r2 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8402, 0x0)
ioctl$auto_SG_SET_FORCE_PACK_ID(r2, 0x227b, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
clone$auto(0x400d56e, 0x5, 0x0, 0x0, 0x8c5)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22040, 0x75)
socket(0x840000000002, 0x3, 0xff)
connect$auto(0x3, &(0x7f0000000000), 0x55)
connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x4, @multicast2}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
io_uring_setup$auto(0x9e6, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
sendmsg$auto_NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, 0x0, 0x20000000)

2m19.794846308s ago: executing program 1 (id=336):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_wireguard(0x0, r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'wg0\x00'})
sendmsg$auto_WG_CMD_SET_DEVICE(r0, 0x0, 0x810)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/workqueue/cpumask\x00', 0x2, 0x0)
write$auto(r1, &(0x7f0000000180)='1\x00\\\xa0\x04|\x9d$\xdcM)\xb9\xdd\xd6', 0x5)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2)
syz_clone3(&(0x7f0000000400)={0x9840100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r2 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0)
read$auto(r2, 0x0, 0x39b8)
writev$auto(0x3, 0x0, 0x8)
r3 = openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000140), 0x101, 0x0)
dup2$auto(r0, r3)
read$auto_fake_panic_fops_(0xffffffffffffffff, 0x0, 0x0)
socket(0x26, 0x6, 0x3)
r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/rpc/nfsd.fh/content\x00', 0x40c80, 0x0)
socket(0x29, 0x2, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
read$auto(0xffffffffffffffff, 0x0, 0x20)
ioctl$auto(0x3, 0x89e2, 0x91)
pread64$auto(r4, &(0x7f0000000540)='veth1\x00\xe0,\x17\xa0\xf7\x89Pl\x84K?\x01\x84\xa1i\xe00\x81p\xa0U \f\xdbP`:\xe2\'\xa7\xbf\xbd\x04\x18\xad\x90I^\x99M\xe0W\x14\x11\xf4\xeb\x90:\v\xc5\x13*\xfe\x90\xb1\xa9O\xa5\x05\xaa\x8fTi\xd6\x88Q\xda\xca', 0x20000000003f, 0x1)

2m15.468125534s ago: executing program 1 (id=352):
rseq$auto(0x0, 0x3fd, 0x9b3d, 0x4)
madvise$auto(0x5, 0xd, 0x7)
close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x3)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
fcntl$auto_F_SETOWN(0xffffffffffffffff, 0x8, 0x0)
r0 = signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0)
read$auto(r0, 0x0, 0x80000000006)
signalfd$auto(r0, 0x0, 0x8) (fail_nth: 2)

2m14.175271306s ago: executing program 1 (id=355):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
getpid()
ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0)
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0)
readv$auto(r1, &(0x7f0000000680)={0x0, 0x40200}, 0x3)
ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, 0x0)
ppoll$auto(&(0x7f0000000000)={<r2=>r0, 0x40}, 0x2, 0x0, 0x0, 0x8)
modify_ldt$auto(0x1, 0x0, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0)
r3 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/lru_gen_full\x00', 0x0, 0x0)
pread64$auto(r3, 0x0, 0x7ff, 0x400)
inotify_rm_watch$auto(r1, 0x8001)
r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
getpid()
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r5 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0)
r6 = fcntl$auto_F_GETOWN(r5, 0x9, 0x4)
ioctl$auto_LOOP_CTL_GET_FREE(r2, 0x4c82, r6)
write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0x2, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x8, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x6, 0x7, 0x5, 0xd, 0x2, 0x6]}, 0x0)
mmap$auto(0xc, 0x3, 0x0, 0xeb1, r3, 0x8002)
write$auto(0x3, 0x0, 0xffd8)
unshare$auto(0x40000080)
r7 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r7, &(0x7f0000000040)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x1, &(0x7f00000001c0)="0b3ef5b27b6263b8bd27a3edcd96a28982b44e8e8c3a50b887f3f7b75bb89d792d8e277b31cb976a0fb8320c71a789b15f916e8535bac740d8987173cb01e32e1cb4278e07f82d28bfa74ef7bc5ddc04ec1e6183ffd27eb060b93d0ae619d124d6d18083abe4cfc98ee9dc399d3b127bbb601612b116aa259a473e87febcfacf397c16a2f8fb38279f99ce2b177ec763606d680cdc3128810664fa19f7ce164c57c5ee2cde9e7045714b5840ab25925a30e367", 0x1, 0xa505}, 0x804}, 0x7, 0x4008)
setsockopt$auto_SO_DEBUG(r7, 0x8, 0x1, &(0x7f0000000080)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0xffffffff)
openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs1\x00', 0x48080, 0x0)
fcntl$auto(0x3, 0x4, 0xa553)
process_mrelease$auto(0xffffffffffffffff, 0x0)

1m59.002312605s ago: executing program 32 (id=355):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
getpid()
ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0)
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0)
readv$auto(r1, &(0x7f0000000680)={0x0, 0x40200}, 0x3)
ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, 0x0)
ppoll$auto(&(0x7f0000000000)={<r2=>r0, 0x40}, 0x2, 0x0, 0x0, 0x8)
modify_ldt$auto(0x1, 0x0, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0)
r3 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/lru_gen_full\x00', 0x0, 0x0)
pread64$auto(r3, 0x0, 0x7ff, 0x400)
inotify_rm_watch$auto(r1, 0x8001)
r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
getpid()
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r5 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0)
r6 = fcntl$auto_F_GETOWN(r5, 0x9, 0x4)
ioctl$auto_LOOP_CTL_GET_FREE(r2, 0x4c82, r6)
write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0x2, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x8, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x6, 0x7, 0x5, 0xd, 0x2, 0x6]}, 0x0)
mmap$auto(0xc, 0x3, 0x0, 0xeb1, r3, 0x8002)
write$auto(0x3, 0x0, 0xffd8)
unshare$auto(0x40000080)
r7 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r7, &(0x7f0000000040)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x1, &(0x7f00000001c0)="0b3ef5b27b6263b8bd27a3edcd96a28982b44e8e8c3a50b887f3f7b75bb89d792d8e277b31cb976a0fb8320c71a789b15f916e8535bac740d8987173cb01e32e1cb4278e07f82d28bfa74ef7bc5ddc04ec1e6183ffd27eb060b93d0ae619d124d6d18083abe4cfc98ee9dc399d3b127bbb601612b116aa259a473e87febcfacf397c16a2f8fb38279f99ce2b177ec763606d680cdc3128810664fa19f7ce164c57c5ee2cde9e7045714b5840ab25925a30e367", 0x1, 0xa505}, 0x804}, 0x7, 0x4008)
setsockopt$auto_SO_DEBUG(r7, 0x8, 0x1, &(0x7f0000000080)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0xffffffff)
openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs1\x00', 0x48080, 0x0)
fcntl$auto(0x3, 0x4, 0xa553)
process_mrelease$auto(0xffffffffffffffff, 0x0)

1m37.751479041s ago: executing program 0 (id=479):
sendmsg$auto_IEEE802154_LLSEC_LIST_SECLEVEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRESOCT], 0x1c}, 0x1, 0x0, 0x0, 0x20000081}, 0x2004c000)
r0 = socket(0x9, 0x1, 0x5)
sendmmsg$auto(r0, &(0x7f0000000180)={{&(0x7f0000000040), 0xc88, 0x0, 0x0, &(0x7f0000000140), 0x8, 0x80000000}, 0x5}, 0x3b8b, 0xa)
r1 = open(&(0x7f0000000000)='./file1\x00', 0x1652c2, 0xe1d2b27bdc14aa98)
fanotify_mark$auto(0x400000000000, 0x105, 0xf2b, r1, 0x0)
ioctl$auto_SNDCTL_SYNTH_INFO(r1, 0xc08c5102, &(0x7f0000000500)="1303bb76571e098c0da38f9896515a21557808546e6e2d45abb0dcb23bbcd6333be63e0cd893555fade3aba70c6362b0c1994f6a4e06a6d89616a15e1d5228e83aa7abb1f56f637ce5ecc57bc01e2e6ffa2445cf8abed3d7f261ce97a95f0826254511e80859bb4db5414f4dd3b0fb3deec3c3a58272e5ea426fa67a0b02b1e19971bcba507b9cbd4bb6791937b32d05603e209f6f25a0a87957c915557a7bd8feb59dfb3d56a6f3ed8f3fa34d10183ca482689f020da3e768017f2e9e6303de6f48da30f8ac8a97e21fe990e250c96ea44921ba243fd469370e8e75181d549c4d26195230b396514dc4d76c59fa454bf3e6686a81af064eabee6d64d6621d8b9ea8543e0ede174137d8e21586f284c1981f65f9f5bf49524c5ae6a92acc36df4990c05ac8a51f1bbd90b4556e7c8f6a2efb194de273e76c58d0b19d0dc951dc6d3822e6b7181709a6c31233546267cb9163b8c06db2d861aec4cdb7b0022f4809a752d209d606dcf8c669a1e72693f4df30e307a5cc4b4a2f895f1ef4c5836fcb8145e8e407e5d05113")
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40045}, 0x0)
kexec_load$auto(0xff, 0x2, &(0x7f0000000080)={@kbuf, 0x2, 0x8000, 0x3000}, 0x4)
r2 = open(&(0x7f00000000c0)='./file1\x00', 0x0, 0xe1d2b27bdc14aabc)
mmap$auto(0x0, 0x4ee, 0x4000000000e3, 0xeb8, r0, 0x300000000000)
socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
getpid()
mmap$auto(0xfffffffffffffffe, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x2000, 0x0)
socketpair$auto(0x3, 0x42, 0x4, 0x0)
select$auto(0x5, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0xfffffffffffffffc, 0x948b, 0x7, 0x95f4da0a, 0xfffd, 0x3, 0x62, 0x80000003, 0x7, 0x6d3f, 0x1000000d, 0x2, 0xfffffffffffffffe]}, 0x0)
write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948f, 0x23, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x5, 0x2, 0x2]}, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
socket(0xa, 0x2, 0x800)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
flock$auto(r2, 0x1)
r4 = openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x109500, 0x0)
read$auto(r4, &(0x7f0000000040)='(-{%\x00', 0x4b)

1m36.624693133s ago: executing program 0 (id=482):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000040), r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00'})
mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
ioctl$auto(0xc8, 0x800454e1, 0x5c8d)
close_range$auto(0x2, 0x8, 0xffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/asound/card1/pcm1p/sub5/sw_params\x00', 0x8f3b7a51b8360c21, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/bdi/43:384/max_bytes\x00', 0x181482, 0x0)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0)
mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xfffefffffffffffa, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
io_uring_setup$auto(0x2, 0x0)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0)
io_uring_setup$auto(0x1, 0x0)
r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS2\x00', 0x101f81, 0x0)
ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0)
ioctl$auto_TIOCVHANGUP2(r2, 0x5437, 0x0)
mmap$auto(0x0, 0x4020009, 0xe2, 0xeb2, 0x401, 0x8000)
ioctl$auto_SNDRV_CTL_IOCTL_CARD_INFO(0xffffffffffffffff, 0x81785501, &(0x7f0000000500)={0x0, 0x0, "a68a78cddb9af7ac4c80865002a0d2e3", "213ea76652ad28e8b96ec5ed5243aea3", "25222c3aac25ccff5de7b81eefde747e7674da7f6154e6bcf81ec7dadaa3b485", "12f251f2492bb43c598ef0237d522cb86954c0763131c2f67eaa6356799448a9576c948fc3fb995daec2f1fc9170a70b4b71b44f04809f3ca99cb9b4e9d3abb67d33f3d3fe57d0289938f4ce01d60bfd", "e9e7f824968ee78f73dc2749d12c7e05", "402beaf8e2dfaba5303a6efa74256963183267b80c0b5a1f17a2c919b4c43dc3817ea4719a3e48cdb8c3e9873ecfe260f627c94bc35f96d615979b05547405d7e633a060cdb0fc80f9562c947ed257fd", "5c84948d2c357792b0c4be9a3a15ecfee836d93ae475d2bc8193e8ac53c0494bf16e9a6d85fa65416177e39fac9de9d4869f6e9602c6f01a500ba2ba3d5fef158c908f502afdfe316cf3ac63f1f4842ec3c180d103084776592ff9e4a66125f8f285cabc67891f381c9bcc345f41ee4f2d7f4bffb05d58b0377a76a50de67bb8"})
r4 = getpgid(0x0)
ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f00000001c0)={{@inferred, 0x1, 0x6, 0x80000001, "a2b8e85fc56865ba529faa0000000000000000000000692a240000008000", @raw=0x6b}, 0x6, 0x5, 0x7, @inferred=r4, @reserved="fb99d320be0de941ac3f58d7aae0c84cbe332d618e0342771e3ac6e9a9df07cf9b1c017c611ac455c01804d0d4c89bee7005c5affd5ab891b44e48364e8de3f344584996c31f9ae16c6c4f062d38f590125ed264000000000000000000000000000000000000000600", "a4697d6c0a0000000000007de94b4123f97006000000c667377fcc5db584d81592f4ab0700000052295e00af4909001000803400000000010000000000000040"})
ioctl$auto_SNDRV_CTL_IOCTL_ELEM_REMOVE(0xffffffffffffffff, 0xc0405519, &(0x7f00000000c0)={@inferred=r4, 0x6, 0xd, 0xa4, "e3eabf11dce36a2eac9cb4682c339b3ce615a9b97386d4462bc6553245da56e4978f37368e849db4a6e0aa4e", @inferred=r4})
setsockopt$auto_SO_BSDCOMPAT(0xffffffffffffffff, 0x7f, 0xe, &(0x7f00000018c0)='\x00', 0x4)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000000), 0x9, 0x0, 0x0, &(0x7f0000000200)="64cbaa33427ba6be9cd444df224685889427509a1720cf345ba94c91045757c0a35df6b0297857d03966f6c2cd8c3afa326cd440846511065e8892d7723bc51ad7702bc459f3d9b4c94976c979f14d6015fecc3ff6570a1fb125d52b2e88505bff97691dbb7b2481114f62afa95877289da5ede4d9d073b23054a762b0becaffe9ed6ba428a866455999db927e3beaf1c2ddbcb318ec3e1b608498", 0x7a7, 0x6}, 0x3}, 0x4, 0x81, &(0x7f0000000180)={0x9, 0x7})
write$auto(0x3, 0x0, 0x100082)
ioctl$auto_SNDCTL_DSP_RESET(r1, 0x5000, 0x0)

1m34.460653998s ago: executing program 0 (id=486):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
unshare$auto(0x40000080)
setfsgid$auto(0x9)
mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4)
lstat$auto(&(0x7f0000000500)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0)
close_range$auto(0x2, 0x8, 0x0)
socketpair$auto(0xffffff6c, 0x4, 0x8000000, 0x0)
r0 = socket(0x11, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX(r0, 0x8955, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptyt5\x00', 0x20800, 0x0)
mmap$auto(0x0, 0x2020005, 0x6, 0x11, 0xfffffffffffffffa, 0x8000)
r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/007/001\x00', 0xa901, 0x0)
ioctl$auto_USBDEVFS_SUBMITURB32(r1, 0x802c550a, &(0x7f0000000300)=ANY=[@ANYBLOB="020000060000e6ff040000000100400008"])
r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0xfffffffffffffffc, 0x5, 0x5, 0xebd, r2, 0x9)
ioctl$auto_PPPIOCSDEBUG(r2, 0x40047440, &(0x7f0000000100)=0x7)
r3 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vcsa1\x00', 0x10d4c2, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x129800, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
socket(0xa, 0x1, 0x100)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/midiC2D0\x00', 0x200241, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x3, 0xfffffffffffffffe]}, 0x0)
write$auto(r3, &(0x7f00000000c0)=')[\x00', 0x5)
close_range$auto(0x2, 0x8, 0x0)
msgctl$auto_MSG_INFO(0x5, 0xc, &(0x7f0000000280)={{0xdb, 0xffffffffffffffff, <r4=>0xffffffffffffffff, 0x2, 0x287f, 0x2, 0x3}, 0x0, 0x0, 0x2, 0x4000009, 0x8, 0x6, 0x0, 0x7fff, 0xfc2, 0x27f, @inferred, @raw=0x9})
setresgid$auto(0xffffffffffffffff, 0xffffffffffffffff, r4)
socket(0x22, 0x2, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)

1m33.170435361s ago: executing program 0 (id=492):
mmap$auto(0x0, 0x9, 0x2, 0x40eb2, 0x401, 0x300000000000)
r0 = socket(0xa, 0x801, 0x84)
setsockopt$auto(r0, 0x10000000084, 0x22, 0x0, 0x10)
r1 = openat$auto_ptdump_curusr_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x2200, 0x0)
r2 = prctl$auto_PR_SYS_DISPATCH_ON(0x7, 0x1, 0xffffffffffffffff, 0x8000000000000000, 0x2)
ioctl$auto_RTC_PARAM_GET(r2, 0x40187013, &(0x7f0000000000)={0x7f, @svalue=0xfffffffffffffffa, 0x9})
read$auto_ptdump_curusr_fops_(r1, &(0x7f00000000c0)=""/182, 0xb6)

1m29.261614561s ago: executing program 0 (id=514):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000002b40)={0x44, r1, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@HWSIM_ATTR_RADIO_NAME={0x2d, 0x11, '/P\x13jE\f\xf9r\xf5\xa3\xd2\x84y\xf9*\x9b\"\x1c\xa4l-\x19\xfd\xa4\xf4y\x02\xc2\x96\xfa\x84L\x12\xcd\x83\xf7\x12\xd3\xc4\x1e]'}]}, 0x44}, 0x1, 0xffe4, 0x0, 0x4008040}, 0x40800)

1m28.475777397s ago: executing program 0 (id=520):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0x80000, 0x0)
read$auto(r0, 0x0, 0x3)
socket$nl_generic(0x10, 0x3, 0x10)
landlock_add_rule$auto(0xffffffffffffffff, 0x3, &(0x7f0000000140), 0x2)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2b, 0x2, 0x80)
close_range$auto(0x2, 0x8, 0x0)
mknod$auto(0x0, 0x5, 0x4)
lstat$auto(0x0, 0x0)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
r1 = socket(0x11, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX(r1, 0x8953, 0x0)
write$auto(0xffffffffffffffff, 0x0, 0x7ef)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x40040, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r2, 0x0, 0x0)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x82040, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r3 = io_uring_setup$auto(0x58, 0x0)
r4 = syz_genetlink_get_family_id$auto_nl80211(0x0, r3)
sendmsg$auto_NL80211_CMD_DEL_STATION(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="18000000", @ANYRES16=r4, @ANYBLOB], 0x18}, 0x1, 0x0, 0x0, 0x4048011}, 0x81)
socket(0x2, 0x2, 0x0)
bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
lsm_list_modules$auto(0x0, 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)

1m23.933989775s ago: executing program 4 (id=542):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC1D1p\x00', 0x800, 0x0)
ioctl$auto_SNDRV_PCM_IOCTL_STATUS_EXT64(r0, 0xc0984124, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000)
openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
r1 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x80800, 0x0)
read$auto(r1, 0x0, 0x39b8)
r2 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8402, 0x0)
ioctl$auto_SG_SET_FORCE_PACK_ID(r2, 0x227b, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
clone$auto(0x400d56e, 0x5, 0x0, 0x0, 0x8c5)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22040, 0x75)
socket(0x840000000002, 0x3, 0xff)
connect$auto(0x3, &(0x7f0000000000), 0x55)
connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x4, @multicast2}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) (fail_nth: 9)
io_uring_setup$auto(0x9e6, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
sendmsg$auto_NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, 0x0, 0x20000000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)

1m22.943124339s ago: executing program 4 (id=545):
unshare$auto(0x40000080)
mmap$auto(0x0, 0x40009, 0xa, 0x9b72, 0x2, 0x28000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20080, 0x0)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
clone$auto(0x21002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0xffffffff)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dsp\x00', 0x0, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x800000002}, 0x2000000400)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000300)='/proc/asound/card0/pcm0c/sub0/status\x00', 0x100, 0x0)
pread64$auto(r0, 0x0, 0x40000000f42c, 0x80002)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x28, 0x801, 0x0)
r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kcore\x00', 0x101000, 0x0)
sendfile$auto(0x3, r1, 0x0, 0x2)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, 0x0, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0)
read$auto(r2, 0x0, 0x20)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x4048000)
r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8002, 0x0)
writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000480)='/dev/video18\x00', 0x802, 0x0)
r4 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r4, 0x6, 0x1, 0x0, 0x7)
sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8040)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b71, 0x2, 0x8000)
mprotect$auto(0x1000, 0x400000, 0x4)

1m20.348286665s ago: executing program 4 (id=555):
r0 = openat$auto_event_trigger_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/trigger\x00', 0x5ca80, 0x0)
name_to_handle_at$auto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x8)
openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
r1 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0)
r2 = socket(0xa, 0x1, 0x84)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, r2, 0x8000)
setsockopt$auto(0x3, 0x10000000084, 0x22, 0x0, 0x8)
execveat$auto(r1, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0)
write$auto_console_fops_tty_io(r1, &(0x7f00000000c0)="0fd5ac84e60219d68d1144b1388d597ef104601b0777d783154e0c3c5bef20e9b64565b8b7d37c9bd7958ccf9070f9c47376e5a594ed", 0x36)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = io_uring_setup$auto(0x6, 0x0)
r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/core/rps_default_mask\x00', 0x82, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r5 = socket(0x2b, 0x1, 0x0)
setsockopt$auto_SO_TIMESTAMP_OLD(r3, 0xec, 0x1d, &(0x7f0000000080)='/proc/sys/net/core/rps_default_mask\x00', 0x3)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vkms/graphics/fb0/console\x00', 0x8802, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
openat$auto_dfs_sched_itmt_fops_itmt(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/netdevsim/netdevsim1/udp_ports_open_only\x00', 0x52241, 0x0)
openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy1/airtime_flags\x00', 0x2, 0x0)
r6 = getpid()
prctl$auto(0x7fff, 0x10000001, r6, 0x1, 0x10004)
ptrace$auto_PTRACE_LISTEN(0x4208, r6, 0xd8a, 0x9)
sendmsg$auto_NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r1, &(0x7f0000000340)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000ac0)=ANY=[], 0xb44}, 0x1, 0x0, 0x0, 0x400c010}, 0x20004081)
write$auto_proc_sys_file_operations_proc_sysctl(r4, 0x0, 0x0)
fcntl$auto_F_DUPFD_QUERY(r3, 0x403, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000280)={'erspan0\x00'})
r7 = socket(0x11, 0x3, 0x2)
getsockopt$auto(r7, 0x107, 0x1, 0x0, 0x0)
bpf$auto(0x7, &(0x7f0000000100)=@bpf_attr_4={0x20000004, 0xffffffffffffffff, 0xa, r3}, 0x0)
write$auto_event_trigger_fops_trace(r0, &(0x7f0000000240)='!', 0x1)

1m19.663854898s ago: executing program 4 (id=559):
sendmsg$auto_L2TP_CMD_SESSION_MODIFY(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="83000000", @ANYRES16=0x0, @ANYBLOB="010027bd70f1fddbdf2507"], 0x14}, 0x1, 0x0, 0x0, 0x8108}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="01"], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x20008800)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000180), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)

1m19.17821245s ago: executing program 4 (id=562):
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), 0xffffffffffffffff) (async, rerun: 64)
mmap$auto(0x2, 0xaa06, 0xdf, 0xeb1, 0xffffffffffffffff, 0x2) (async, rerun: 64)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/zram0\x00', 0x84000, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r0, 0x8000) (async)
madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
ioctl$auto_dma_heap_fops_dma_heap(0xffffffffffffffff, 0xffffffffffdffe00, &(0x7f0000000140)=';') (async)
r1 = openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f0000000040), 0x18000, 0x0)
openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0x42c883, 0x0) (async, rerun: 64)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (rerun: 64)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
r3 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
ioctl$auto(r3, 0x40246f4c, 0x38) (async)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async)
write$auto(r2, &(0x7f0000000240)='/d\xfd\xff/audio\x9c\b\xfe\xb2u\xe6+.\x0f\xc3\x00', 0x100000a3d9) (async)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
syz_clone3(&(0x7f0000000040)={0x8020000, 0x0, 0x0, 0x0, {0x29}, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[0x0, 0x0, 0x0], 0x3}, 0x58) (async)
prctl$auto(0x1000000003b, 0x8, 0x0, 0x2, 0x2) (async, rerun: 64)
setsockopt$auto_SO_TXTIME(r1, 0x2, 0x3d, &(0x7f0000000200)='/d\xfd\xff/audio\x9c\b\xfe\xb2u\xe6+.\x0f\xc3\x00', 0x7) (async, rerun: 64)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) (async)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
io_getevents$auto(0x1, 0x1ff, 0x9, &(0x7f0000000080)={0xffffffff, 0xc, 0xffffffffffffffff, 0x9}, &(0x7f0000000180)={0x6})
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
writev$auto(0x3, 0x0, 0x8)
getsockopt$auto(0xffffffffffffffff, 0x89, 0x3fc, 0x0, &(0x7f0000000000)=0x10c00)
openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0)

1m17.971114972s ago: executing program 4 (id=565):
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/rose14/carrier_changes\x00', 0x103000, 0x0)
socket(0x2, 0x80002, 0x73)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/usb_storage/parameters/delay_use\x00', 0x181942, 0x0)
mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3)
socket(0x10, 0x2, 0x0)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x20009, 0x4000000000db, 0x12, 0x400, 0x18002)
mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000)
r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40040, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f0000000040)='{\x00', 0xfff)
write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
r3 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='&\x00', @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
read$auto(r3, &(0x7f0000002300)='MAC802154_HWSIM\x00', 0xfdef)
openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/pcmC1D1p\x00', 0x20a02, 0x0)
mmap$auto(0x5, 0x40009, 0xe0, 0x9b72, 0xffffffffffffffff, 0xa)
r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop2\x00', 0x200000, 0x0)
open(0x0, 0x161342, 0x0)
listmount$auto(&(0x7f00000000c0)={0x2, @inferred=r4, 0x5, 0x2, 0x9}, &(0x7f00000001c0)=0x6, 0x4, 0x101)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000100), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)

1m13.185476489s ago: executing program 33 (id=520):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0x80000, 0x0)
read$auto(r0, 0x0, 0x3)
socket$nl_generic(0x10, 0x3, 0x10)
landlock_add_rule$auto(0xffffffffffffffff, 0x3, &(0x7f0000000140), 0x2)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2b, 0x2, 0x80)
close_range$auto(0x2, 0x8, 0x0)
mknod$auto(0x0, 0x5, 0x4)
lstat$auto(0x0, 0x0)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
r1 = socket(0x11, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX(r1, 0x8953, 0x0)
write$auto(0xffffffffffffffff, 0x0, 0x7ef)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x40040, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r2, 0x0, 0x0)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x82040, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r3 = io_uring_setup$auto(0x58, 0x0)
r4 = syz_genetlink_get_family_id$auto_nl80211(0x0, r3)
sendmsg$auto_NL80211_CMD_DEL_STATION(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="18000000", @ANYRES16=r4, @ANYBLOB], 0x18}, 0x1, 0x0, 0x0, 0x4048011}, 0x81)
socket(0x2, 0x2, 0x0)
bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
lsm_list_modules$auto(0x0, 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)

1m4.598960766s ago: executing program 2 (id=594):
acct$auto(&(0x7f0000000180)='/proc/12/smp_ity_li3Z\x0e\xd0\xf3\x87(\xbf\xd7*\x00\x00\xf0\x00\x00$I,\xccy\xdc\x9c\x97;l\xd88\xec\x06\x13U6l\xbey\\\xabe&\xfbZ\xac]w\x18\xe3B\x97\b\xed*x\x89\xd9\x02\x00\x00\x00\x00\x00\x00\x00\xd4lO\x00\v3p\x06\v%\xc6`\x93\xe9\xb7\t\x1a\x96\xf7\n\xa7\xba\x91q\x86\x02\xb1%\xfe\xf0\x89\n\xb8\xb0\xb1\x025\xbe\x9f\xba1\x18\xc1N\xc9\xc1:\x11\x1bB\x17\xb0\x14\x18RS\\\xcd\xe2\x9d\xd11\xb1>\xe0\xc5\x86\x91\x91\x9f\b\x15:-\x02_\xc1\x05\x18\xc9\xc2,\xaa\x01\xe1T\xee|\xe0\x88\x16Vj\xd3T\'n]\a\xe5\x98\xdd+m\x85\xe2\x91`\xe3s\x91,\x82)`\x1f\xe9bL\x0e\xa9w\xba\xbf\xaf\x8e/\x81\xd2\xf9\t\x8f\xb8\x06\xe3\x97){\xd5\x8a\x1e\xbdXL\x8e\xff\xe3\xae\x93\xff]?\xbc\x89\a\x85\xc2\x82`B!\xcf\x17\xd6\xf1/\xe4\x17h\x15F6\x19R(\xcf\xef\x01L\xaa\x87\xde\x940\xf2\x0f\xde\xf4Z\xa98\xac\x1a\xfc;\x88\x02\x18Q\xbb\x9b\x94\xdf\xaef\xe9<\xdb@p.D \x88\xe7n\xca\vn\x04\n/\x98\xfe\xa4\x04\x9cD\xca\xe2bI\xa1\xb6\xa8^\xa0\x9e\xcf\xd8\xd3\x96\x06r_\x19\xfa\xea[4p8\x91%\x10\x84\xd8\xc9\xcc\xd4\"\"?\x9c\x19\xd6;\xd4\xb0j\xa6EpA\xb2Z\x9a\x80\xbbs\xa2\xed\xcd\f#\xf6\xe3$\xb9J\xc3\xf0\x13_,2\x1e\xd99\xa1@\xc9\xebT1\x01\xe7\xa1f\xc9c\x9c\xc5Y\x0e\xa4=\xbc[\xfd\fdk\xe8')

1m4.136057788s ago: executing program 2 (id=595):
mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000)
setuid$auto(0xe)
bpf$auto(0x5, &(0x7f0000003c80)=@bpf_attr_7={@map_id=0x8, 0x81, 0xf}, 0x5)
syz_open_procfs$namespace(0x0, &(0x7f0000000240)='ns/time_for_children\x00')
ioctl$auto(0x3, 0xc0485619, 0x38)

1m3.741814164s ago: executing program 2 (id=596):
mmap$auto(0x0, 0x2020009, 0x126, 0xf8, 0xffffffffffffffff, 0x8000)
socketpair$auto(0x9, 0x4, 0xfffa, 0x0)
mmap$auto(0x0, 0x40008, 0xb3, 0x9b72, 0xffffffffffffffff, 0x28000)
r0 = io_uring_setup$auto(0xfffffdfb, 0x0)
close_range$auto(0x2, r0, 0x0)
r1 = clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
ptrace$auto(0x4206, r1, 0x0, 0x200005)
r2 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
read$auto_rng_chrdev_ops_core(r2, &(0x7f0000000040)=""/4096, 0xfffffe82)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/net/rose3/name_assign_type\x00', 0x0, 0x0)
read$auto(r3, 0x0, 0x6)
waitid$auto_P_ALL(0x0, 0xffffffffffffffff, 0x0, 0x8, 0x0)
kill$auto(r1, 0x240)

1m3.167390203s ago: executing program 2 (id=597):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="01002bbd7000fddbdf3a04000000050011002e"], 0x1c}, 0x1, 0x0, 0x0, 0x801}, 0x4044820)

1m2.198031967s ago: executing program 34 (id=565):
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/rose14/carrier_changes\x00', 0x103000, 0x0)
socket(0x2, 0x80002, 0x73)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/usb_storage/parameters/delay_use\x00', 0x181942, 0x0)
mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3)
socket(0x10, 0x2, 0x0)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x20009, 0x4000000000db, 0x12, 0x400, 0x18002)
mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000)
r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40040, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f0000000040)='{\x00', 0xfff)
write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
r3 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='&\x00', @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
read$auto(r3, &(0x7f0000002300)='MAC802154_HWSIM\x00', 0xfdef)
openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/pcmC1D1p\x00', 0x20a02, 0x0)
mmap$auto(0x5, 0x40009, 0xe0, 0x9b72, 0xffffffffffffffff, 0xa)
r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop2\x00', 0x200000, 0x0)
open(0x0, 0x161342, 0x0)
listmount$auto(&(0x7f00000000c0)={0x2, @inferred=r4, 0x5, 0x2, 0x9}, &(0x7f00000001c0)=0x6, 0x4, 0x101)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000100), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)

1m1.720650688s ago: executing program 2 (id=602):
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
r0 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r1 = openat$auto_sco_debugfs_fops_(0xffffffffffffff9c, 0x0, 0x242, 0x0)
read$auto_sco_debugfs_fops_(r1, 0x0, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
pread64$auto(r0, &(0x7f0000000200)='/proc/self/net/ip6_tables_targets\x00', 0x34b, 0x10000)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
adjtimex$auto(&(0x7f0000000000)={0x1, 0x0, 0x2, 0x5b, 0x1000, 0x1e, 0x4, 0x0, 0x3, 0x3, 0x6, {0x7}, 0x3, 0x6, 0x2, 0x4, 0x0, 0x7, 0xfddc, 0x401, 0x7f, 0x3})
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x801, 0x106)
socket(0x28, 0x5, 0x0)
r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0)
ioctl$auto_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000540)={"ef65ce7cb454168d6c0000000000002713df81000000ffffffffffffffff00", 0x3ff, 0x8, 0x1000, 0x400004, 0x200000000040000d})
ioctl$auto_BLKTRACETEARDOWN(r2, 0x1276, 0x0)
syz_clone(0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)

58.510177187s ago: executing program 2 (id=608):
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/input/event2\x00', 0xd40, 0x0)
mmap$auto(0x0, 0x202000b, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000040), 0x12a382, 0x0)
write$auto_split_huge_pages_fops_huge_memory(r1, &(0x7f0000000100)='1', 0x1)
r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0)
ioctl$auto_SNDCTL_DSP_SETSYNCRO(r2, 0x5015, 0x0)
ioctl$auto_OSS_GETVERSION2(r2, 0x80044d76, &(0x7f0000000080)="bdf609c672ff9c806345801ffd7a5ec74b053e936c64fb139db569d5716741159e05f3ce3dda964b156e8cdb8721a3408ad980aab1d147579d0703fcbd78bdaa2a81e2630890b48c58bda184517d50f5de8c6af0c6a287da027a3cd5135fef5a1b57e231b0931c0baebf5dd7f63b42cab64e2ae306993c09cee3446ff7fa181a2edb141fa04a2207dd554839cb8c26bcbe18bc873ca9986599ae1b55fc7b1326eda6ac29f9f8ad59a858f2b67b34923d33467f2ffa720202dcf0c2af5efe6bf35f1643d909fba6775f2300a85b45729d3c085eca552b3eff29b5")
ioctl$auto_SOUND_MIXER_WRITE_RECSRC2(r2, 0xc0044dff, &(0x7f0000000040)="83f613e951d15d836808")
ioctl$auto_EVIOCSCLOCKID(r0, 0x5452, &(0x7f00000000c0)=0xbc9)

43.186178148s ago: executing program 35 (id=608):
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/input/event2\x00', 0xd40, 0x0)
mmap$auto(0x0, 0x202000b, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000040), 0x12a382, 0x0)
write$auto_split_huge_pages_fops_huge_memory(r1, &(0x7f0000000100)='1', 0x1)
r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0)
ioctl$auto_SNDCTL_DSP_SETSYNCRO(r2, 0x5015, 0x0)
ioctl$auto_OSS_GETVERSION2(r2, 0x80044d76, &(0x7f0000000080)="bdf609c672ff9c806345801ffd7a5ec74b053e936c64fb139db569d5716741159e05f3ce3dda964b156e8cdb8721a3408ad980aab1d147579d0703fcbd78bdaa2a81e2630890b48c58bda184517d50f5de8c6af0c6a287da027a3cd5135fef5a1b57e231b0931c0baebf5dd7f63b42cab64e2ae306993c09cee3446ff7fa181a2edb141fa04a2207dd554839cb8c26bcbe18bc873ca9986599ae1b55fc7b1326eda6ac29f9f8ad59a858f2b67b34923d33467f2ffa720202dcf0c2af5efe6bf35f1643d909fba6775f2300a85b45729d3c085eca552b3eff29b5")
ioctl$auto_SOUND_MIXER_WRITE_RECSRC2(r2, 0xc0044dff, &(0x7f0000000040)="83f613e951d15d836808")
ioctl$auto_EVIOCSCLOCKID(r0, 0x5452, &(0x7f00000000c0)=0xbc9)

26.362630865s ago: executing program 5 (id=668):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
mmap$auto(0x0, 0xa, 0x220000000070, 0x19, r0, 0x7fffffffffffffff)
r1 = socket(0x15, 0x5, 0x0)
getsockopt$auto(r1, 0x114, 0x271f, 0xfffffffffffffffc, 0x0)

25.758109519s ago: executing program 5 (id=670):
close_range$auto(0x2, 0x8, 0x200000)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/arch_status\x00', 0x40000, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/power/resume\x00', 0x189002, 0x0)
openat$auto_l2cap_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x280, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_MACSEC_CMD_ADD_RXSC(r0, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000001300)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@MACSEC_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40b4ff743f26f506}, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ram4\x00', 0x62000, 0x0)
r2 = openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/tracing_cpumask\x00', 0x8042, 0x0)
mmap$auto(0x0, 0xe984, 0xdf, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/rpc/auth.unix.gid/content\x00', 0x20000, 0x0)
openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty0\x00', 0xb5604749e0ec6176, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
inotify_init1$auto(0x3000000000000)
socket(0xa, 0x2, 0x3a)
socketpair$auto(0xd79, 0x2, 0xffffffff, 0x0)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$auto(0x1e, 0x9, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0xffffffffffffffff, 0x0)
open(0x0, 0x22240, 0x55)
io_uring_setup$auto(0x6, &(0x7f00000001c0)={0x4, 0x8001, 0x0, 0x2, 0x4, 0x5, r2, [0x0, 0xffffacda, 0x3], {0x7ff, 0x7, 0x9, 0x7, 0x4f0, 0x1, 0x1, 0x2, 0xfffffffffffffffb}, {0x2, 0x1, 0x6, 0x485, 0x9, 0xe, 0x3, 0x40, 0x80000001}})
openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x90982, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0)

24.765893162s ago: executing program 5 (id=674):
sendmsg$auto_L2TP_CMD_SESSION_MODIFY(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="83000000", @ANYRES16=0x0, @ANYBLOB="010027bd70f1fddbdf2507"], 0x14}, 0x1, 0x0, 0x0, 0x8108}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="013b"], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x20008800)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, 0x0, 0x2, &(0x7f0000000180), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)

24.252534228s ago: executing program 5 (id=677):
mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000)
setuid$auto(0xe)
bpf$auto(0x5, 0x0, 0x5)

23.720840829s ago: executing program 5 (id=678):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$auto_SEG6_CMD_DUMPHMAC(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x14, r1, 0x323, 0x70bd2b, 0x25dfdbff}, 0x14}}, 0x20008804)
close_range$auto(0x2, 0x8, 0x0)
r2 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/oom_score\x00', 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/nbd10/queue/zone_append_max_bytes\x00', 0x80, 0x0)
read$auto_proc_single_file_operations_base(r2, &(0x7f0000000000)=""/48, 0x30)

23.446159238s ago: executing program 5 (id=680):
socket(0x15, 0x5, 0x0)
openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000580), 0x2802, 0x0)
openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, &(0x7f0000000000)='/dev/media8\x00', 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x42200, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x801, 0x0)
r0 = open(&(0x7f0000000140)='./file0\x00', 0x161342, 0x100)
write$auto(r0, &(0x7f0000000000)='}\x00', 0x5)
unshare$auto(0x40000080)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000004d40), 0xffffffffffffffff)
sendmsg$auto_MACSEC_CMD_DEL_RXSC(r2, &(0x7f0000007500)={0x0, 0x0, &(0x7f00000074c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002abd7000fedbdf2502f000000c000280080001000400000008000100", @ANYRES32=0x0, @ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x80)
r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000007c0), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(r1, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000f00)=ANY=[@ANYBLOB="00000004", @ANYRES16=r4, @ANYBLOB="050725bd7000fbdbdf251c000000"], 0x14}, 0x1, 0x0, 0x0, 0x20000005}, 0x880)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000080), 0xffffffffffffffff)
r7 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x2081, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP_WRITE(r7, 0x40085507, &(0x7f0000000080)={0x101, 0x0, 0x9})
semctl$auto_GETVAL(0x0, 0x1, 0xc, 0x10000)
sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(r5, &(0x7f0000003480)={0x0, 0x0, &(0x7f0000003440)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\'\x00\x00', @ANYRES16=r6, @ANYBLOB="010029bd7000fedbdf2502000000040001800805018003052f80800022003ee6e53c4c07ea5d20478f32b73dab93bda17a38691d14cc7389d7c01028c43754a4fb5f8a12d6b77f0cde3683abeb97f5bc35d14655c93dec83474ae0e23bc53f9ad75829e2b91ff11ac72fef15a647d6cccb3152fc263d3ebc8588a7c6dfef87cbec3a9363e1a83299887f7475c25579dcaa6f4489de497816a6b32b4d02edce816134154a0f50376a72eb390400f7802bb6aff7fd456404268008002300", @ANYRES32=0x0, @ANYBLOB="8601138008003300e0000001f3003580251833cbb52fb6e9a8a6c734d4b32e43485e1a777ff5d38ae7d38b165bdd0ada0d5fc84472c2824af615a5b9c9d4aef4847e6cd61f302c4c84d37c389d4aee42df3fde39d2471c974947269cd1e3e1fffd060286f1ef42c152732bc0e76652410a1b3faef2f661b3a01f96e963498e7e1680995aee71840cb8d56a573fccee540455ff19054a0bdc0e49fdb498bd369ace53d516de6b953bc1400b740fdbfd09863a8396786acc83b46f8af0a99ceedc581d0507f2ddfbfc3128e82296efda855e3c5c83606a8f8988ff87fc7d7366e2a4fa16d2fe496f8132cc740e20bd90d5de040e0989894a3b4ef44c9f4eb8340008009600", @ANYRES32=r5, @ANYBLOB="0400e68008002000ac1e000104000c800f9d32d5079945ea8a0cbbfc8e5b5525d7e700d590fa4fb163be94295eb78970aa03c852df55ae144d3878d262da8fe7b20303dd048578017a985e4b453fd5238d53f95e41baf72169f537cb8afadd1818d300546a8674b85db33b6cb8e32f0d1a914f4b19ae0331beba04002e80000034ffd86410324c53d21c1e5e71647d80bcc4a7d8049c8b174ab4269dcbd30585966befea69c7694d5c07d4029f4ede2ad39ce9cbb64e4f5fc72c5be01b4bf8c64da0bc6ff9f6f22b2cd76c796348536cef4e98d87d9d79b8bf4c56fa711ed70705bfe691e6b5e21c6962732f0c007b0007000000000000000800df00ac14142e35028e80040047804d7a5e32cc45408bd5c81d2c877681e21a9dfee200a4a7cba16e66f2ffccdd7dc44ae705c22a4d912fab92f2314e8b9199ca8666e3ce403f77188ff3ba9fed574ab237a74deae64d9dbf27537bef028ef7f58b82e643218a629f01f1806702d50ca53b7e5e50b7e67ee3bc3f2af134a62c499984b62b6eaa11d937dacf907386a66b28b97f93ecddd71e1ee554758098eed0292d43dfd7a75e594efe06fe36811614e021cb270040258043db6aa750f3a496fbdb17be6dbf4ac357482347fecfef7fa1db9db7522106531defa62eac69d0b207f1a090782ff9d7cb3206129120a0073afeb8aac2be947709d25d4dfebd6fb101464d18c26d462f7cc40384c8faefc4c11fd20df3bdecba20b6e0f9dff72c2e1c07912a62bdb2fc5add76ba15b437119b304ea69c543fba932fdaa8fd33929d2101975ad38b510edf06007ca73a08002500", @ANYRES32=r5, @ANYBLOB="04005000f87b9416806f64201a21270c0a3ff7b336f58a7b0b9018d9560bfbec945affd5dac9331511c6a463d7751882550b5a973531d670d3b1fabd9be47f231020225ee5c38bbc151f79175b29ad35f552640060228b90ef7e72a5eb3b7cfe4e604e302772050613d65a1983c85d091fbfd199cd7ac46da186efa6a0664282478ee3a362fc98609d7df18cfd5580a36e94eaaff631d7edc5e37b304de9cc2fa44fa1e7c01884a61f368712fb1ccebda65ea228e863f2ce24305412cee7907118a7134d26f019072232c5778fa5ae86c2ffefe2d0fa0cc82a3e32a2fbdd8841b26f3a0f2c0000000c00ec00000000000000000009005680382fc93a8d00000000"], 0x520}, 0x1, 0x0, 0x0, 0x40c4}, 0xc000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
ioctl$auto_UI_SET_EVBIT(r0, 0x40045564, &(0x7f00000000c0)=0x3)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0xd5, 0x8, 0x4)
madvise$auto(0x0, 0x2003f0, 0x15)
ioperm$auto(0x7, 0x86, 0x9)
r8 = openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/current_tracer\x00', 0x40000, 0x0)
dup2$auto(r8, r8)

10.225362685s ago: executing program 6 (id=726):
r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000500)='/proc/lockdep_stats\x00', 0x400, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000540)=""/104, 0x68)
acct$auto(&(0x7f0000000180)='/proc/12/smp_ity_li3Z\x0e\xd0\xf3\x87(\xbf\xd7*\x00\x00\x00\x00\x00$I,\xccy\xdc\x9c\x97;l\xd88\xec\x06\x13U6l\xbey\\\xabe&\xfbZ\xac]w\x18\xe3B\x97\b\xed*x\x89\xd9\x02\x00\x00\x00\x00\x00\x00\x00\xd4lO\x00\v3p\x06\v%\xc6`\x93\xe9\xb7\t\x1a\x96\xf7\n\xa7\xba\x91q\x86\x02\xb1%\xfe\xf0\x89\n\xb8\xb0\xb1\x025\xbe\x9f\xba1\x18\xc1N\xc9\xc1:\x11\x1bB\x17\xb0\x14\x18RS\\\xcd\xe2\x9d\xd11\xb1>\xe0\xc5\x86\x91\x91\x9f\b\x15:-\x02_\xc1\x05\x18\xc9\xc2,\xaa\x01\xe1T\xee|\xe0\x88\x16Vj\xd3T\'n]\a\xe5\x98\xdd+m\x85\xe2\x91`\xe3s\x91,\x82)`\x1f\xe9bL\x0e\xa9w\xba\xbf\xaf\x8e/\x81\xd2\xf9\t\x8f\xb8\x06\xe3\x97){\xd5\x8a\x1e\xbdXL\x8e\xff\xe3\xae\x93\xff]?\xbc\x89\a\x85\xc2\x82`B!\xcf\x17\xd6\xf1/\xe4\x17h\x15F6\x19R(\xcf\xef\x01L\xaa\x87\xde\x940\xf2\x0f\xde\xf4Z\xa98\xac\x1a\xfc;\x88\x02\x18Q\xbb\x9b\x94\xdf\xaef\xe9<\xdb@p.D \x88\xe7n\xca\vn\x04\n/\x98\xfe\xa4\x04\x9cD\xca\xe2bI\xa1\xb6\xa8^\xa0\x9e\xcf\xd8\xd3\x96\x06r_\x19\xfa\xea[4p8\x91%\x10\x84\xd8\xc9\xcc\xd4\"\"?\x9c\x19\xd6;\xd4\xb0j\xa6EpA\xb2Z\x9a\x80\xbbs\xa2\xed\xcd\f#\xf6\xe3$\xb9J\xc3\xf0\x13_,2\x1e\xd99\xa1@\xc9\xebT1\x01\xe7\xa1f\xc9c\x9c\xc5Y\x0e\xa4=\xbc[\xfd\fdk\xe8')

9.917468477s ago: executing program 6 (id=727):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = socket(0x1a, 0x2, 0x0)
fcntl$auto_F_SETOWN_EX(r0, 0xf, 0x5a5)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, 0x0, 0x24000044)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0)
r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0)
sendfile$auto(r2, r2, 0x0, 0x7fffe000)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0)
write$auto(0x3, 0x0, 0x100082)
mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xffffffffffffffff, 0x4)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r3 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
getdents64$auto(r3, &(0x7f0000000140)={0x986e0000000, 0x6d7f, 0x200, 0x8, "87bfdb33844068b462241bfed9b689fc70fe8a31ffe577a1f137e57819a4b8aff52c9ab2ef5ff1e25d4e3d65d3a3cdffc41a5e8bc4907e76ad215211cc7350a159206f09fc670e6edfe9286b63e1367c837de8551acbd56ee3859b4758a71b5c76ef350365291bd2a99f1dbe4631ee68b4eab8ee357145cae39d8083918d0cdf99ea3d4bdbaf11fb0e78cc64fb63929ed2ff211cf55f55179a84447c35885cf15b4d984a5c7852b4935ae0ddc8a9bef02cd4e987aba97a4be50b07beff937a58d1cb458ded5a4737b2f135df8895f3510350079d138a4dd906a0f1bb"}, 0x101)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
lstat$auto(0x0, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
mseal$auto(0x0, 0x7dda, 0x0)
syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff)
setsockopt$auto_SO_NO_CHECK(r3, 0x7, 0xb, &(0x7f0000000100)='/sys/devices/virtual/block/loop12/queue/wbt_lat_usec\x00', 0x6)
mmap$auto(0x0, 0x1000020009, 0x4000000000e1, 0xeb1, 0x0, 0xdf)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop12/queue/wbt_lat_usec\x00', 0x102, 0x0)
sendfile$auto(r1, r4, 0x0, 0x1)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000)
socket(0xa, 0x3, 0x3a)
socketpair$auto(0x1, 0x7, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/transparent_hugepage/khugepaged/max_ptes_shared\x00', 0x20b42, 0x0)
sendfile$auto(r5, r5, 0x0, 0x4f64a1d2)

8.941114011s ago: executing program 6 (id=729):
mmap$auto(0x0, 0x9, 0xdf, 0x9b72, 0x2, 0x8000)
io_uring_setup$auto(0x406, 0x0)
poll$auto(&(0x7f0000000d40)={0x3, 0x3, 0xa}, 0x5, 0x3fc)
mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0)
getrandom$auto(0x0, 0x6000000, 0x3)
io_uring_enter$auto(0x3, 0xa84, 0x7ffffffe, 0xa, 0x0, 0x46)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0)
mmap$auto(0xfffffffffffffffd, 0x20009, 0x4000000000df, 0x11, 0x401, 0x8400)
socket(0xa, 0x1, 0x100)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
capget$auto(0x0, 0xfffffffffffffffe)
statx$auto(0xffffffffffffffff, 0x0, 0xfffffffb, 0x2, 0x0)
unshare$auto(0x40000080)
bpf$auto(0x8, &(0x7f0000000280)=@bpf_attr_0={0x7, 0xb5, 0xe, 0x4, 0x53400000, 0xffffffffffffffff, 0x9, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x8005, 0x7, 0x7, 0x6}, 0x10)
ioctl$auto_USBDEVFS_SUBMITURB32(0xffffffffffffffff, 0x802c550a, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
open(0x0, 0x261c2, 0x84)
read$auto(0xffffffffffffffff, 0x0, 0x6)
memfd_create$auto(0x0, 0x12)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty12\x00', 0x900, 0x0)
r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
ioctl$auto(r0, 0x541c, r1)
write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8402, 0x0)
mmap$auto(0x0, 0x9, 0x2, 0x40eb2, 0x401, 0x300000000000)
arch_prctl$auto(0x5002, 0x2)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
fsopen$auto(&(0x7f0000000000)='/dev/tty12\x00', 0x32a)

8.143725074s ago: executing program 36 (id=680):
socket(0x15, 0x5, 0x0)
openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000580), 0x2802, 0x0)
openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, &(0x7f0000000000)='/dev/media8\x00', 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x42200, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x801, 0x0)
r0 = open(&(0x7f0000000140)='./file0\x00', 0x161342, 0x100)
write$auto(r0, &(0x7f0000000000)='}\x00', 0x5)
unshare$auto(0x40000080)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000004d40), 0xffffffffffffffff)
sendmsg$auto_MACSEC_CMD_DEL_RXSC(r2, &(0x7f0000007500)={0x0, 0x0, &(0x7f00000074c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002abd7000fedbdf2502f000000c000280080001000400000008000100", @ANYRES32=0x0, @ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x80)
r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000007c0), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(r1, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000f00)=ANY=[@ANYBLOB="00000004", @ANYRES16=r4, @ANYBLOB="050725bd7000fbdbdf251c000000"], 0x14}, 0x1, 0x0, 0x0, 0x20000005}, 0x880)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000080), 0xffffffffffffffff)
r7 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x2081, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP_WRITE(r7, 0x40085507, &(0x7f0000000080)={0x101, 0x0, 0x9})
semctl$auto_GETVAL(0x0, 0x1, 0xc, 0x10000)
sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(r5, &(0x7f0000003480)={0x0, 0x0, &(0x7f0000003440)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\'\x00\x00', @ANYRES16=r6, @ANYBLOB="010029bd7000fedbdf2502000000040001800805018003052f80800022003ee6e53c4c07ea5d20478f32b73dab93bda17a38691d14cc7389d7c01028c43754a4fb5f8a12d6b77f0cde3683abeb97f5bc35d14655c93dec83474ae0e23bc53f9ad75829e2b91ff11ac72fef15a647d6cccb3152fc263d3ebc8588a7c6dfef87cbec3a9363e1a83299887f7475c25579dcaa6f4489de497816a6b32b4d02edce816134154a0f50376a72eb390400f7802bb6aff7fd456404268008002300", @ANYRES32=0x0, @ANYBLOB="8601138008003300e0000001f3003580251833cbb52fb6e9a8a6c734d4b32e43485e1a777ff5d38ae7d38b165bdd0ada0d5fc84472c2824af615a5b9c9d4aef4847e6cd61f302c4c84d37c389d4aee42df3fde39d2471c974947269cd1e3e1fffd060286f1ef42c152732bc0e76652410a1b3faef2f661b3a01f96e963498e7e1680995aee71840cb8d56a573fccee540455ff19054a0bdc0e49fdb498bd369ace53d516de6b953bc1400b740fdbfd09863a8396786acc83b46f8af0a99ceedc581d0507f2ddfbfc3128e82296efda855e3c5c83606a8f8988ff87fc7d7366e2a4fa16d2fe496f8132cc740e20bd90d5de040e0989894a3b4ef44c9f4eb8340008009600", @ANYRES32=r5, @ANYBLOB="0400e68008002000ac1e000104000c800f9d32d5079945ea8a0cbbfc8e5b5525d7e700d590fa4fb163be94295eb78970aa03c852df55ae144d3878d262da8fe7b20303dd048578017a985e4b453fd5238d53f95e41baf72169f537cb8afadd1818d300546a8674b85db33b6cb8e32f0d1a914f4b19ae0331beba04002e80000034ffd86410324c53d21c1e5e71647d80bcc4a7d8049c8b174ab4269dcbd30585966befea69c7694d5c07d4029f4ede2ad39ce9cbb64e4f5fc72c5be01b4bf8c64da0bc6ff9f6f22b2cd76c796348536cef4e98d87d9d79b8bf4c56fa711ed70705bfe691e6b5e21c6962732f0c007b0007000000000000000800df00ac14142e35028e80040047804d7a5e32cc45408bd5c81d2c877681e21a9dfee200a4a7cba16e66f2ffccdd7dc44ae705c22a4d912fab92f2314e8b9199ca8666e3ce403f77188ff3ba9fed574ab237a74deae64d9dbf27537bef028ef7f58b82e643218a629f01f1806702d50ca53b7e5e50b7e67ee3bc3f2af134a62c499984b62b6eaa11d937dacf907386a66b28b97f93ecddd71e1ee554758098eed0292d43dfd7a75e594efe06fe36811614e021cb270040258043db6aa750f3a496fbdb17be6dbf4ac357482347fecfef7fa1db9db7522106531defa62eac69d0b207f1a090782ff9d7cb3206129120a0073afeb8aac2be947709d25d4dfebd6fb101464d18c26d462f7cc40384c8faefc4c11fd20df3bdecba20b6e0f9dff72c2e1c07912a62bdb2fc5add76ba15b437119b304ea69c543fba932fdaa8fd33929d2101975ad38b510edf06007ca73a08002500", @ANYRES32=r5, @ANYBLOB="04005000f87b9416806f64201a21270c0a3ff7b336f58a7b0b9018d9560bfbec945affd5dac9331511c6a463d7751882550b5a973531d670d3b1fabd9be47f231020225ee5c38bbc151f79175b29ad35f552640060228b90ef7e72a5eb3b7cfe4e604e302772050613d65a1983c85d091fbfd199cd7ac46da186efa6a0664282478ee3a362fc98609d7df18cfd5580a36e94eaaff631d7edc5e37b304de9cc2fa44fa1e7c01884a61f368712fb1ccebda65ea228e863f2ce24305412cee7907118a7134d26f019072232c5778fa5ae86c2ffefe2d0fa0cc82a3e32a2fbdd8841b26f3a0f2c0000000c00ec00000000000000000009005680382fc93a8d00000000"], 0x520}, 0x1, 0x0, 0x0, 0x40c4}, 0xc000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
ioctl$auto_UI_SET_EVBIT(r0, 0x40045564, &(0x7f00000000c0)=0x3)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0xd5, 0x8, 0x4)
madvise$auto(0x0, 0x2003f0, 0x15)
ioperm$auto(0x7, 0x86, 0x9)
r8 = openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/current_tracer\x00', 0x40000, 0x0)
dup2$auto(r8, r8)

7.507834886s ago: executing program 6 (id=732):
r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, r0, 0x8000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_SET_REKEY_OFFLOAD(r1, 0x0, 0x20048014)
sendmsg$auto_NL80211_CMD_SET_HW_TIMESTAMP(0xffffffffffffffff, 0x0, 0x4008080)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r2 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r2, 0x4107, 0x6, 0x0, 0xad0)
close_range$auto(0x2, r2, 0x0)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
getsockopt$auto_SO_BUSY_POLL(r3, 0x9, 0x2e, &(0x7f0000000280)='$^%*/%{:!/-:\x00', &(0x7f00000002c0)=0xffff8001)
r4 = ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0x10000000000402)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/boot_params/data\x00', 0x2c40, 0x0)
r5 = socketpair$auto(0x80, 0xf, 0x2, &(0x7f0000000100)=0x4)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, r3, 0x6)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
semctl$auto(0x1, 0xfffffffffffffffa, 0x3, 0x100000000000)
ioctl$auto(r4, 0xc008ae67, r6)
mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000)
prctl$auto(0x4003b, 0x1, 0x4, 0x16, 0x9)
r7 = pidfd_open$auto(0x1, 0x0)
read$auto_trace_time_stamp_mode_fops_trace(r5, &(0x7f0000000180)=""/216, 0xd8)
setns(r7, 0x60020000)
umount2$auto(&(0x7f0000000000)='.\x00', 0x8)
r8 = openat$auto_u32_array_fops_file(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim4/ports/2/udp_ports_table1\x00', 0x20000, 0x0)
read$auto_u32_array_fops_file(r8, &(0x7f0000000040)=""/154, 0x9a)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp1\x00', 0x698141, 0x0)
ioctl$auto_SNDCTL_DSP_GETOPTR(r4, 0x800c5012, &(0x7f0000000340)="1c62ac2d2a5669fcf07c5bf272a00000000000004fc814f72e0deea0b4b5ee11fd1700")

7.323788759s ago: executing program 3 (id=733):
sendmsg$auto_L2TP_CMD_SESSION_MODIFY(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="83000000", @ANYRES16=0x0, @ANYBLOB="010027bd70f1fddbdf2507"], 0x14}, 0x1, 0x0, 0x0, 0x8108}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="013b"], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x20008800)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)

6.585691261s ago: executing program 6 (id=734):
r0 = socket(0xa, 0x2, 0x0)
sendto$auto(r0, 0x0, 0x402, 0xacf8, &(0x7f0000000040)=@generic={0xa, "e2e18340cba8fe8000000080fe00"}, 0x1c)

6.494672131s ago: executing program 3 (id=735):
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = socket(0x2, 0x3, 0x2)
setsockopt$auto(0x3, 0x0, 0xc8, 0xfffffffffffffffc, 0x4)
sendmmsg$auto(r0, &(0x7f0000000280)={{&(0x7f0000000180), 0xf5f41b92, 0x0, 0x9, 0x0, 0x6, 0x5}, 0x3}, 0x0, 0x3)
open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100)
io_uring_setup$auto(0x58, 0x0)
close_range$auto(0x2, 0xa, 0x0)
nanosleep$auto(&(0x7f0000000180)={0x0, 0x44d4}, 0x0)
clock_nanosleep$auto(0x9, 0x0, 0x0, 0x0)

5.775144649s ago: executing program 6 (id=736):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket(0x10, 0x2, 0x0)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x34, 0x0, 0x1b, 0x70bd26, 0x25dfdbfc, {}, [@OVS_PACKET_ATTR_MRU={0x6, 0x9, 0x6}, @OVS_PACKET_ATTR_ACTIONS={0x18, 0x3, 0x0, 0x1, [@typed={0x14, 0xc, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4c894}, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0)
ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0)
poll$auto(&(0x7f0000000d40)={0x3, 0x1, 0xa}, 0x5, 0x400)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x2, 0x4, 0x81fe, 0x2, 0x8, 0xc, 0xe3, 0x4000000002, 0x2000000003}, 0x6f4)
pipe$auto(&(0x7f0000000040)=<r2=>r1)
write$auto_tracing_mark_raw_fops_trace(r2, &(0x7f0000000080)="832814e318e918ecca892a4b584ed48f8d7bcea32fcbdc92f54e7cb50a037976bce7ed8d0d47badf84409329ae76e04ab1281461ca4c485db3d8fcca79526877bfc99871b4ccbdf7ed6bc8dae4acd52f2b19330b707bcb03969f3a1dfc39ce6a37a763af4c0ca287be46549bb6b7e265e0cf1bc4c6ed1e14cda4344d93a3a72c2bd8806eeb63c991c40c1f73b40791a18b0577d2399e83044cef0c7b2643b48981448c0cedf9feb5c11adaa35029bfd895b1dcffbcec8263e5d92b373cf8a4ae53224fa7d92b96af764679", 0xcb)
madvise$auto(0x0, 0x2003f0, 0x15)
open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84)
socket(0x11, 0x3, 0x40009)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x27, 0x3, 0x1)
sendfile$auto(0xffffffffffffffff, 0x3, 0x0, 0x400000fffffdef)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/system/node/node1/cpumap\x00', 0x48000, 0x0)
sendmsg$auto_NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x80)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'veth1_macvtap\x00'})
r3 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/ieee80211/phy1/rate_ctrl_alg\x00', 0x0, 0x0)
readv$auto(r3, &(0x7f0000000100)={&(0x7f0000000280), 0x1}, 0x4)
ioctl$auto_FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000080))
openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/dynamic_events\x00', 0x80301, 0x0)

5.000908315s ago: executing program 3 (id=738):
unshare$auto(0x40000080)
mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
r0 = socket(0xa, 0x1, 0x100)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/net/bond0/bonding/primary_reselect\x00', 0x1e2142, 0x0)
r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0)
select$auto(0x800, 0x0, 0x0, &(0x7f0000000580)={[0xe83, 0x8, 0xfffffffffffffc01, 0x0, 0xfff9, 0x9, 0x14, 0x7fffffff, 0x8, 0x3fe, 0x4, 0x3, 0x5, 0x2, 0x5]}, 0x0)
sendmmsg$auto(r2, &(0x7f00000003c0)={{0x0, 0x8f, 0x0, 0x5, &(0x7f0000000380), 0x100, 0x8}, 0x1a}, 0x3, 0x6)
write$auto(r2, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9)
sendfile$auto(r1, r1, 0x0, 0x7fff)
unshare$auto(0xa4)
r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x100, 0x0)
ioctl$auto_SNDCTL_SEQ_OUTOFBAND(r3, 0x40085112, &(0x7f00000001c0)="ff")
read$auto(0x3, 0x0, 0x7)
setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b)
r4 = seccomp$auto(0xfffffffc, 0xffff7fff, &(0x7f0000000400)="422e2c2e574b7d3b46d227d628c1e4620f4ff309533f4f49084158b649d2c4aacec087fad5e126678053282b97cba3e9fbb46ed14db2dcec873ec1aca94eeb9f47e442e2e4da493394c0f97edb9e668055b62975efe0156ffc9a026f4e6a12d3d14b7746a137e240d17013608eb91bdba3c2cbf38f09c8fc9ae10e35f2c86c8ff7d56f7b2a769c47aed9e1606ab478d54ea151dfb02c722aad3a4f6412ee0bca72647e990dc9e386064a31256e4d86940d3cb40574ac1807a75e1fc83333079e727163862ca9b5eab2a4bca29f3ec24de6821723531161922e2149259dbeb6ae32")
mmap$auto(0x8, 0x67, 0xffffffffffffffff, 0x18, r4, 0xa)
ioctl$auto_SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0)
r5 = socket(0x0, 0x3, 0x3c)
unshare$auto(0x40000080)
r6 = syz_genetlink_get_family_id$auto_nlctrl(0x0, 0xffffffffffffffff)
sendmsg$auto_CTRL_CMD_GETPOLICY(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='q\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="4cb245184f86db27df250a000a"], 0xf8}, 0x1, 0x0, 0x0, 0x46080}, 0x1405805c)
sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x64f4040a6ccda016}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fffffffd", @ANYRES16=r6, @ANYBLOB="00012cbd7000fcdbdf250a00000005000200000000000600010061c5000008000a000c000000060001005d00000008000a001803000006000100b438000008000a000100010008000a000200000008000a0006000000"], 0x5c}, 0x1, 0x0, 0x0, 0x220088c0}, 0x40)
openat$auto_urandom_fops_random(0xffffffffffffff9c, 0x0, 0x10902, 0x0)
close_range$auto(0x2, 0x8, 0x0)
syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e</\xfd\x9b\xe4\x99G\xeaS\x9a\xadu(:\x94:\xaf\x06c=3>1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x6)
mmap$auto(0xfffffffffffffffc, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2008000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)

3.863929511s ago: executing program 7 (id=741):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
syz_genetlink_get_family_id$auto_net_shaper(0x0, 0xffffffffffffffff)
sendmsg$auto_NET_SHAPER_CMD_GROUP(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2004c804}, 0x14)
openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
readv$auto(0x3, &(0x7f0000000500)={0x0, 0xf7}, 0x7)
close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0)
ioctl$auto__ctl_fops_dm_ioctl(r0, 0xfffffff7effffd0c, &(0x7f00000001c0))
bpf$auto(0x6ec4, &(0x7f0000000440)=@batch={0x7fff, 0x1, 0x4, 0xd4, 0x7, r0, 0xfffffffffffffffb, 0xffff}, 0x6)
openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, 0x0, 0x2, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x2003f0, 0x15)
madvise$auto(0x0, 0x200007, 0x19)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
mmap$auto(0x10400000000000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_null_fops_mem(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r2 = socket(0xa, 0x1, 0x84)
setsockopt$auto(r2, 0x0, 0x11, 0x0, 0x10000)
ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x1, 0x1, 0x8}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"})
ioctl$auto_SNDRV_TIMER_IOCTL_INFO(0xffffffffffffffff, 0x80e85411, &(0x7f00000002c0)={0x7fe3, 0x6, "b908674cfda2f7f351c66f681b0cf4a6f675fcee96065fdca6f219ea386de55097e14dbb38e0462dd9d44d7c6c55e2a5937efe361800", "3b6e33d493a9c79b3387938d612ceab5a4a20e605cd0842aa149397ff8063b45d44f8ce95fa39df1e5e1fc5e51f00fa2dfcc38c9b1ef6596b9e746f5e48ac07048156ea6be1e1ca5d281c7bb11333d0f", 0x397, 0x3, "d3bc655e384df871894a5771758ff164f2cd8098ac193333046911421bc3f1a0cf5d0300000000000000a9001fa7efb0600cc93b5b84a000"})
r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r2)
r4 = ioctl$auto_TUNGETVNETLE2(0xffffffffffffffff, 0x800454dd, &(0x7f0000000100)=0xc2)
sendmsg$auto_GTP_CMD_NEWPDP(r2, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x60, r3, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@GTPA_PEER_ADDRESS={0x8, 0x4, @initdev={0xac, 0x1e, 0x6, 0x0}}, @GTPA_VERSION={0x8, 0x2, 0x5}, @GTPA_NET_NS_FD={0x8, 0x7, r4}, @GTPA_I_TEI={0x8, 0x8, 0x9}, @GTPA_LINK={0x8, 0x1, 0x2}, @GTPA_MS_ADDRESS={0x8, 0x5, @private=0xa010102}, @GTPA_PEER_ADDR6={0x14, 0xb, @private0}, @GTPA_MS_ADDRESS={0x8, 0x5, @remote}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x20000005)

2.482429979s ago: executing program 7 (id=742):
sendmsg$auto_L2TP_CMD_SESSION_MODIFY(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="83000000", @ANYRES16=0x0, @ANYBLOB="010027bd70f1fddbdf2507"], 0x14}, 0x1, 0x0, 0x0, 0x8108}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="013b"], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x20008800)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)

2.302718714s ago: executing program 7 (id=743):
mmap$auto(0x0, 0x0, 0x20000a, 0x1013, 0x1000000002, 0xfffffffffffffffc)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/02.0\x00', 0x40c8c1, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
getrandom$auto(0x0, 0x6000000, 0x7)
listmount$auto(0xfffffffffffffffd, 0x0, 0x8, 0x0)
remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4)
mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2)
madvise$auto(0x110c230000, 0x1, 0x9)
r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/pagetypeinfo\x00', 0x43102, 0x0)
futex$auto(0x0, 0xc, 0xffffffff, 0x0, 0x0, 0x4)
read$auto_proc_iter_file_ops_compat_inode(r1, &(0x7f0000000180)=""/178, 0xb2)
mmap$auto(0x0, 0x2020009, 0x3, 0xebf, 0xfffffffffffffffa, 0x8000)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xac}, 0x5f, 0x0, 0x1, 0x4}, 0xed7138c}, 0x2, 0x9)
recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0)
mmap$auto(0x0, 0x7, 0x3, 0xeb2, 0xffffffffffffffff, 0x8000)
close_range$auto(0x0, r0, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x23, 0x80805, 0x0)
shmget$auto(0xffffffffffffffff, 0x80000b10, 0xa7db6ba)
unshare$auto(0x8000400)
memfd_secret$auto(0x0)
fchownat$auto(0x2, 0x0, 0x4, 0x8001, 0x1000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001180), 0xffffffffffffffff)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000040)=ANY=[@ANYBLOB="14321534", @ANYRES16=0x0, @ANYBLOB="01002abd7000fddbdf2504000000"], 0x14}, 0x1, 0x0, 0x0, 0x404c091}, 0x40008)

1.234599598s ago: executing program 7 (id=744):
r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0xa02, 0x0)
ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000001c0)={{@inferred, 0x1, 0x6, 0x80000001, "a2b8e85fc56865ba529faa0000000000000002000000692a240000008000"}, 0x6, 0x5, 0x7, @raw, @reserved="fb99d320be0de941ac3f58d7aae0c84cbe332d618e0342771e3ac6e9a9df07cf9b1c017c611ac455c01804d0d4c89bee7005c5affd5ab891b44e48364e8de3f344584996c31f9ae16c6c4f062d38f590125ed264000000000000000000000000000000000000000600", "a4699d30a05edbe0d28473c399a7dc920b153e9b1675451d7de94b4123f970bedd3460c667373fcc59b584d81592f4ab606c276852295e00af49090000008034"})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nbd(&(0x7f0000002100), 0xffffffffffffffff)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44805}, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x47, 0x8000)
socketpair$auto(0x22, 0x5, 0x5, 0x0)
r2 = socket(0xa, 0x2, 0x0)
write$auto(r2, 0x0, 0x8)
mmap$auto(0x0, 0x9, 0xc00000072, 0x8b72, 0x1000000002, 0x8000)
read$auto(0xffffffffffffffff, 0x0, 0x7fff)
r3 = socket(0x2b, 0x1, 0x1)
ioctl$auto(r3, 0x8983, 0x4)

896.728766ms ago: executing program 7 (id=745):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/wakeup/wakeup8/max_time_ms\x00', 0x80000, 0x0)
read$auto(r0, 0x0, 0x9)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.0/usb1/authorized\x00', 0xe2400, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000280)=""/101, 0x65)
openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x24800, 0x0)
socket(0x2b, 0x1, 0x1)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x7)
msync$auto(0x1ffff000, 0x0, 0x400000004)
r2 = openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x80800, 0x0)
mremap$auto(0xc41a, 0x7, 0x7fe000000000000, 0x0, 0xb)
connect$auto(r2, &(0x7f0000000080)=@nl=@proc={0x10, 0x0, 0x25dfdbfc, 0x8}, 0x54)
openat$auto_rb_simple_fops_trace(0xffffffffffffff9c, &(0x7f0000002440)='/sys/kernel/tracing/tracing_on\x00', 0x2, 0x0)
pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/tty/tty5/power/runtime_active_time\x00', 0x20000, 0x0)
listen$auto(0x3, 0x81)

700.216353ms ago: executing program 7 (id=746):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
open(0x0, 0x1676c1, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/sound/ctl-led/mic/card0/reset\x00', 0xa001, 0x0)
write$auto(0x3, 0x0, 0xfffffdef)
madvise$auto(0x274e5b32, 0x0, 0x8)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
init_module$auto(0x0, 0xfffff, 0x0)

488.689161ms ago: executing program 3 (id=747):
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
mmap$auto(0x0, 0xfffffffffffff54a, 0xffb, 0x8000000008011, 0x3, 0x0)
io_uring_setup$auto(0x1000, 0x0)
socket(0x2, 0x3, 0xa)
socket(0x2, 0x5, 0x0)
setsockopt$auto(0x4, 0x84, 0xc, &(0x7f0000000200)='\xf3\xc6uy\x90:\xf2\xb3}\xfb\xa9n\xbf\f\x8a\x16\x1a#\x866}\t\xcb-K\x962\xf4,;\xe4\"=\t#\xe9B\x1dq[\xe6\xf6\xd1\xf9\xdd\xfe\x1e\xc8\xa1\xea\xf9\x93\f\x95\x14\t\t\x01\x13Z0O@\xb6~8\x0ej\xf1\x8dH\x9ddK6\\|\x12\x82L\x84\x9d\x14\xd0\xa9{\xb1\xb4\xc5\xe0\xaf\x15RT\x98\xd9\x10D\xa1Y\x80\x1fe\xc1. \x9d\x84\x8b\x9a\x9a`q\x00\x8c8c:%\x97\x15\x80-\r\x94\xcb\xda\xa2\x1d\\;f\xcds\xa7q]?\'\xf5\x9eA\x841f\x1e\xce\xc0\x1d{tEc\xa3\fp\x1b\xd2\'\xcd1\x8d\x87\xf1\x02\xc4Q\x8e\xab\xf9L\xbf\xa4_\x85\xf1\xb6\xe0\xca\x9e3\x9b\xf7\n\xe7\xdf\x12\xef_ \x9dC\x1f\xb8k\xfbu\x8f\xd9\xaa>\xe3\xda\x1f\'\x00'/219, 0x800e)
r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84)
close_range$auto(0x2, 0x8000, 0x0)
r1 = socket(0xa, 0x2, 0x88)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_fd=r2, r3, 0x4, 0x1ff, r1, @relative_fd=r0, 0x100000e600}, 0xf)
bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x3}, 0xc)
r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram6\x00', 0x0, 0x0)
ioctl$auto_BLKTRACESETUP(r4, 0xc0481273, &(0x7f00000004c0)={"141aa80f29513aca2dcac92008f5ef686ab6650b603d7fb9fe94f9d26800", 0x1, 0x4, 0x20000002})

276.526004ms ago: executing program 3 (id=748):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket(0x10, 0x2, 0x0)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x34, 0x0, 0x1b, 0x70bd26, 0x25dfdbfc, {}, [@OVS_PACKET_ATTR_MRU={0x6, 0x9, 0x6}, @OVS_PACKET_ATTR_ACTIONS={0x18, 0x3, 0x0, 0x1, [@typed={0x14, 0xc, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x4c894}, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0)
ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0)
poll$auto(&(0x7f0000000d40)={0x3, 0x1, 0xa}, 0x5, 0x400)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x2, 0x4, 0x81fe, 0x2, 0x8, 0xc, 0xe3, 0x4000000002, 0x2000000003}, 0x6f4)
pipe$auto(&(0x7f0000000040)=<r2=>r1)
write$auto_tracing_mark_raw_fops_trace(r2, &(0x7f0000000080)="832814e318e918ecca892a4b584ed48f8d7bcea32fcbdc92f54e7cb50a037976bce7ed8d0d47badf84409329ae76e04ab1281461ca4c485db3d8fcca79526877bfc99871b4ccbdf7ed6bc8dae4acd52f2b19330b707bcb03969f3a1dfc39ce6a37a763af4c0ca287be46549bb6b7e265e0cf1bc4c6ed1e14cda4344d93a3a72c2bd8806eeb63c991c40c1f73b40791a18b0577d2399e83044cef0c7b2643b48981448c0cedf9feb5c11adaa35029bfd895b1dcffbcec8263e5d92b373cf8a4ae53224fa7d92b96af764679", 0xcb)
madvise$auto(0x0, 0x2003f0, 0x15)
open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84)
socket(0x11, 0x3, 0x40009)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x27, 0x3, 0x1)
sendfile$auto(0xffffffffffffffff, 0x3, 0x0, 0x400000fffffdef)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/system/node/node1/cpumap\x00', 0x48000, 0x0)
sendmsg$auto_NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x80)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'veth1_macvtap\x00'})
r3 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/ieee80211/phy1/rate_ctrl_alg\x00', 0x0, 0x0)
readv$auto(r3, &(0x7f0000000100)={&(0x7f0000000280), 0x1}, 0x4)
ioctl$auto_FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000080))
openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/dynamic_events\x00', 0x80301, 0x0)

0s ago: executing program 3 (id=749):
socket(0x1d, 0x1, 0xd)
socket(0x2, 0x1, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x428000, 0x0)
preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x9}, 0x5, 0xffffffffffffffff, 0x7, 0x3f)
pread64$auto(0xffffffffffffffff, 0x0, 0x7ff, 0x400)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r1 = socketcall$auto_SYS_SOCKET(0x1, &(0x7f0000000280)=0xfffffffffffffffd)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000340)=""/156, 0x9c)
r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/arp_tables_matches\x00', 0x80, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r2, &(0x7f0000000180)=""/248, 0xf8)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0)
mmap$auto(0x0, 0x2020009, 0x2, 0xf8, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r3 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000001140)='/proc/self/oom_adj\x00', 0x8042, 0x0)
read$auto(r3, 0x0, 0x1f40)
r4 = openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/buffer_size_kb\x00', 0x1, 0x0)
writev$auto(r4, &(0x7f0000000200)={0x0, 0xa}, 0x3)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x6, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0xc, 0x2, 0x6]}, 0x0)
mmap$auto(0xc, 0x20009, 0x5, 0x13, 0x405, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
futex$auto(0x0, 0x85, 0x2, 0x0, 0x0, 0x9)
ioctl$auto(0x3, 0x2287, 0xffffffffffffffff)
mmap$auto(0x0, 0x400008, 0x200, 0x9b72, 0x2, 0x8000)
r5 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0)
write$auto_proc_mem_operations_base(r5, &(0x7f0000001680)="a7", 0x80000)

kernel console output (not intermixed with test programs):

[  217.562086][ T7301]  <TASK>
[  217.562105][ T7301]  dump_stack_lvl+0x16c/0x1f0
[  217.562156][ T7301]  should_fail_ex+0x512/0x640
[  217.562197][ T7301]  ? fs_reclaim_acquire+0xae/0x150
[  217.562236][ T7301]  should_failslab+0xc2/0x120
[  217.562265][ T7301]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  217.562310][ T7301]  ? security_inode_alloc+0x3b/0x2b0
[  217.562349][ T7301]  security_inode_alloc+0x3b/0x2b0
[  217.562384][ T7301]  inode_init_always_gfp+0xce4/0x1030
[  217.562432][ T7301]  alloc_inode+0x86/0x240
[  217.562463][ T7301]  new_inode+0x22/0x1c0
[  217.562497][ T7301]  shmem_get_inode+0x19a/0xfb0
[  217.562540][ T7301]  shmem_symlink+0xf8/0x9f0
[  217.562587][ T7301]  ? __pfx_shmem_symlink+0x10/0x10
[  217.562629][ T7301]  ? bpf_lsm_inode_permission+0x9/0x10
[  217.562656][ T7301]  ? security_inode_permission+0xbf/0x260
[  217.562693][ T7301]  ? inode_permission+0x156/0x630
[  217.562731][ T7301]  vfs_symlink+0x400/0x680
[  217.562772][ T7301]  do_symlinkat+0x261/0x310
[  217.562820][ T7301]  ? __pfx_do_symlinkat+0x10/0x10
[  217.562864][ T7301]  ? getname_flags.part.0+0x1c5/0x550
[  217.562907][ T7301]  __x64_sys_symlink+0x75/0x90
[  217.562953][ T7301]  do_syscall_64+0xcd/0x490
[  217.563003][ T7301]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.563033][ T7301] RIP: 0033:0x7f411dd8e929
[  217.563058][ T7301] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  217.563085][ T7301] RSP: 002b:00007f411eb1c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[  217.563121][ T7301] RAX: ffffffffffffffda RBX: 00007f411dfb5fa0 RCX: 00007f411dd8e929
[  217.563141][ T7301] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180
[  217.563158][ T7301] RBP: 00007f411de10b39 R08: 0000000000000000 R09: 0000000000000000
[  217.563175][ T7301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  217.563192][ T7301] R13: 0000000000000000 R14: 00007f411dfb5fa0 R15: 00007ffd82889628
[  217.563237][ T7301]  </TASK>
[  217.789142][    C0] vkms_vblank_simulate: vblank timer overrun
[  219.882017][ T7330] phram: parameter too long
[  219.932851][ T7330] FAULT_INJECTION: forcing a failure.
[  219.932851][ T7330] name failslab, interval 1, probability 0, space 0, times 0
[  220.000971][ T7330] CPU: 0 UID: 0 PID: 7330 Comm: syz.0.351 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  220.001019][ T7330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  220.001037][ T7330] Call Trace:
[  220.001047][ T7330]  <TASK>
[  220.001059][ T7330]  dump_stack_lvl+0x16c/0x1f0
[  220.001121][ T7330]  should_fail_ex+0x512/0x640
[  220.001172][ T7330]  should_failslab+0xc2/0x120
[  220.001202][ T7330]  __kmalloc_cache_noprof+0x6a/0x3e0
[  220.001244][ T7330]  ? sdev_prefix_printk+0xe8/0x230
[  220.001296][ T7330]  sdev_prefix_printk+0xe8/0x230
[  220.001340][ T7330]  ? __pfx_sdev_prefix_printk+0x10/0x10
[  220.001387][ T7330]  ? __pfx_scsi_execute_cmd+0x10/0x10
[  220.001421][ T7330]  ? kasan_save_stack+0x33/0x60
[  220.001462][ T7330]  ? kasan_save_track+0x14/0x30
[  220.001503][ T7330]  ? kasan_save_free_info+0x3b/0x60
[  220.001545][ T7330]  sd_pr_out_command.isra.0+0x37f/0x3d0
[  220.001584][ T7330]  ? __pfx_sd_pr_out_command.isra.0+0x10/0x10
[  220.001619][ T7330]  ? __lock_acquire+0xb8a/0x1c90
[  220.001685][ T7330]  ? find_held_lock+0x2b/0x80
[  220.001714][ T7330]  ? __might_fault+0xe3/0x190
[  220.001757][ T7330]  ? __might_fault+0x13b/0x190
[  220.001807][ T7330]  ? block_pr_type_to_scsi+0x62/0x80
[  220.001858][ T7330]  blkdev_pr_preempt+0x2a9/0x310
[  220.001896][ T7330]  ? __pfx_blkdev_pr_preempt+0x10/0x10
[  220.001947][ T7330]  blkdev_common_ioctl+0x8d1/0x2480
[  220.001981][ T7330]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  220.002016][ T7330]  ? futex_wake+0x1ad/0x530
[  220.002054][ T7330]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  220.002112][ T7330]  ? __pfx_blkdev_common_ioctl+0x10/0x10
[  220.002150][ T7330]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  220.002219][ T7330]  ? find_held_lock+0x2b/0x80
[  220.002258][ T7330]  blkdev_ioctl+0x1cb/0x6d0
[  220.002295][ T7330]  ? __pfx_blkdev_ioctl+0x10/0x10
[  220.002337][ T7330]  ? __pfx_blkdev_ioctl+0x10/0x10
[  220.002374][ T7330]  __x64_sys_ioctl+0x18b/0x210
[  220.002413][ T7330]  do_syscall_64+0xcd/0x490
[  220.002464][ T7330]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  220.002495][ T7330] RIP: 0033:0x7f411dd8e929
[  220.002521][ T7330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  220.002551][ T7330] RSP: 002b:00007f411eb1c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  220.002581][ T7330] RAX: ffffffffffffffda RBX: 00007f411dfb5fa0 RCX: 00007f411dd8e929
[  220.002601][ T7330] RDX: 000000000000000a RSI: 00000000401870cb RDI: 000000000000000a
[  220.002618][ T7330] RBP: 00007f411de10b39 R08: 0000000000000000 R09: 0000000000000000
[  220.002637][ T7330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  220.002654][ T7330] R13: 0000000000000000 R14: 00007f411dfb5fa0 R15: 00007ffd82889628
[  220.002694][ T7330]  </TASK>
[  220.362049][ T7330] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  220.368904][ T7330] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  220.600276][ T7319] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000
[  220.620463][ T7336] FAULT_INJECTION: forcing a failure.
[  220.620463][ T7336] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  220.659628][ T7319] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  220.699644][ T7319] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  220.731208][ T7336] CPU: 1 UID: 0 PID: 7336 Comm: syz.1.352 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  220.731242][ T7336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  220.731258][ T7336] Call Trace:
[  220.731268][ T7336]  <TASK>
[  220.731279][ T7336]  dump_stack_lvl+0x16c/0x1f0
[  220.731328][ T7336]  should_fail_ex+0x512/0x640
[  220.731376][ T7336]  _copy_to_user+0x32/0xd0
[  220.731423][ T7336]  simple_read_from_buffer+0xcb/0x170
[  220.731464][ T7336]  proc_fail_nth_read+0x197/0x270
[  220.731499][ T7336]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  220.731536][ T7336]  ? rw_verify_area+0xcf/0x680
[  220.731570][ T7336]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  220.731604][ T7336]  vfs_read+0x1e4/0xc60
[  220.731648][ T7336]  ? __pfx___mutex_lock+0x10/0x10
[  220.731692][ T7336]  ? __pfx_vfs_read+0x10/0x10
[  220.731742][ T7336]  ? __fget_files+0x20e/0x3c0
[  220.731793][ T7336]  ksys_read+0x12a/0x250
[  220.731841][ T7336]  ? __pfx_ksys_read+0x10/0x10
[  220.731890][ T7336]  do_syscall_64+0xcd/0x490
[  220.731937][ T7336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  220.731967][ T7336] RIP: 0033:0x7f9f7098d33c
[  220.731990][ T7336] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  220.732016][ T7336] RSP: 002b:00007f9f717ae030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  220.732042][ T7336] RAX: ffffffffffffffda RBX: 00007f9f70bb6080 RCX: 00007f9f7098d33c
[  220.732061][ T7336] RDX: 000000000000000f RSI: 00007f9f717ae0a0 RDI: 0000000000000004
[  220.732077][ T7336] RBP: 00007f9f717ae090 R08: 0000000000000000 R09: 0000000000000000
[  220.732100][ T7336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  220.732117][ T7336] R13: 0000000000000001 R14: 00007f9f70bb6080 R15: 00007ffe82e62418
[  220.732155][ T7336]  </TASK>
[  220.732461][ T7319] page_type: f5(slab)
[  220.923222][ T7319] raw: 00fff00000000040 ffff88801ce95640 dead000000000122 0000000000000000
[  220.965199][ T7319] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000
[  220.982697][ T7319] head: 00fff00000000040 ffff88801ce95640 dead000000000122 0000000000000000
[  221.049668][ T7319] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000
[  221.079648][ T7319] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff
[  221.112090][ T7319] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  221.158097][ T7319] page dumped because: unmovable page
[  221.196599][ T7319] page_owner tracks the page as allocated
[  221.211323][ T7319] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5201, tgid 5201 (udevd), ts 213015979603, free_ts 213009260940
[  221.279648][ T7319]  post_alloc_hook+0x1c0/0x230
[  221.293354][ T7319]  get_page_from_freelist+0x1321/0x3890
[  221.298951][ T7319]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  221.305367][ T7319]  alloc_pages_mpol+0x1fb/0x550
[  221.310565][ T7319]  new_slab+0x23b/0x330
[  221.314756][ T7319]  ___slab_alloc+0xd9c/0x1940
[  221.320052][ T7319]  __slab_alloc.constprop.0+0x56/0xb0
[  221.326884][ T7319]  kmem_cache_alloc_noprof+0xef/0x3b0
[  221.332783][ T7319]  getname_flags.part.0+0x4c/0x550
[  221.339886][ T7319]  __x64_sys_unlink+0xb0/0x110
[  221.344705][ T7319]  do_syscall_64+0xcd/0x490
[  221.401934][ T7319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.407899][ T7319] page last free pid 5201 tgid 5201 stack trace:
[  221.479759][ T7319]  __free_frozen_pages+0x7fe/0x1180
[  221.569673][ T7319]  __put_partials+0x16d/0x1c0
[  221.782128][ T7319]  qlist_free_all+0x4d/0x120
[  221.847976][ T7319]  kasan_quarantine_reduce+0x195/0x1e0
[  221.881674][ T7319]  __kasan_slab_alloc+0x69/0x90
[  221.886641][ T7319]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  221.923144][ T7319]  getname_flags.part.0+0x4c/0x550
[  221.928329][ T7319]  __x64_sys_unlink+0xb0/0x110
[  221.991643][ T7319]  do_syscall_64+0xcd/0x490
[  222.019780][ T7319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  222.444983][ T7355] netlink: 342 bytes leftover after parsing attributes in process `syz.0.357'.
[  223.149164][ T7367] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(12)
[  223.326458][ T7365] sysfs: cannot create duplicate filename '/class/ieee80211/!PjEùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]'
[  223.348755][ T7365] CPU: 1 UID: 0 PID: 7365 Comm: syz.2.360 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  223.348799][ T7365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  223.348815][ T7365] Call Trace:
[  223.348824][ T7365]  <TASK>
[  223.348835][ T7365]  dump_stack_lvl+0x16c/0x1f0
[  223.348882][ T7365]  sysfs_warn_dup+0x7f/0xa0
[  223.348922][ T7365]  sysfs_do_create_link_sd+0x124/0x140
[  223.348962][ T7365]  sysfs_create_link+0x61/0xc0
[  223.349001][ T7365]  device_add+0x62c/0x1a70
[  223.349032][ T7365]  ? __pfx_device_add+0x10/0x10
[  223.349058][ T7365]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  223.349113][ T7365]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  223.349173][ T7365]  wiphy_register+0x1c9c/0x2850
[  223.349205][ T7365]  ? netdev_run_todo+0x864/0x1320
[  223.349247][ T7365]  ? __pfx_wiphy_register+0x10/0x10
[  223.349300][ T7365]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  223.349336][ T7365]  ieee80211_register_hw+0x24ac/0x4140
[  223.349387][ T7365]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  223.349422][ T7365]  ? find_held_lock+0x2b/0x80
[  223.349448][ T7365]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  223.349493][ T7365]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  223.349525][ T7365]  ? __hrtimer_setup+0x176/0x280
[  223.349574][ T7365]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  223.349636][ T7365]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  223.349691][ T7365]  hwsim_new_radio_nl+0xb51/0x12c0
[  223.349735][ T7365]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  223.349790][ T7365]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  223.349826][ T7365]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  223.349867][ T7365]  genl_family_rcv_msg_doit+0x206/0x2f0
[  223.349906][ T7365]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  223.349944][ T7365]  ? trace_cap_capable+0x18d/0x200
[  223.349984][ T7365]  ? bpf_lsm_capable+0x9/0x10
[  223.350017][ T7365]  ? security_capable+0x7e/0x260
[  223.350058][ T7365]  ? ns_capable+0xd7/0x110
[  223.350097][ T7365]  genl_rcv_msg+0x55c/0x800
[  223.350136][ T7365]  ? __pfx_genl_rcv_msg+0x10/0x10
[  223.350172][ T7365]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  223.350230][ T7365]  netlink_rcv_skb+0x155/0x420
[  223.350263][ T7365]  ? __pfx_genl_rcv_msg+0x10/0x10
[  223.350302][ T7365]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  223.350353][ T7365]  ? netlink_deliver_tap+0x1ae/0xd30
[  223.350386][ T7365]  genl_rcv+0x28/0x40
[  223.350416][ T7365]  netlink_unicast+0x53a/0x7f0
[  223.350452][ T7365]  ? __pfx_netlink_unicast+0x10/0x10
[  223.350493][ T7365]  netlink_sendmsg+0x8d1/0xdd0
[  223.350532][ T7365]  ? __pfx_netlink_sendmsg+0x10/0x10
[  223.350576][ T7365]  ____sys_sendmsg+0xa95/0xc70
[  223.350611][ T7365]  ? copy_msghdr_from_user+0x10a/0x160
[  223.350650][ T7365]  ? __pfx_____sys_sendmsg+0x10/0x10
[  223.350690][ T7365]  ? __pfx_futex_wake_mark+0x10/0x10
[  223.350735][ T7365]  ___sys_sendmsg+0x134/0x1d0
[  223.350778][ T7365]  ? __pfx____sys_sendmsg+0x10/0x10
[  223.350811][ T7365]  ? __lock_acquire+0x622/0x1c90
[  223.350883][ T7365]  __sys_sendmsg+0x16d/0x220
[  223.350917][ T7365]  ? __pfx___sys_sendmsg+0x10/0x10
[  223.350950][ T7365]  ? __x64_sys_futex+0x1e0/0x4c0
[  223.350998][ T7365]  do_syscall_64+0xcd/0x490
[  223.351036][ T7365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  223.351058][ T7365] RIP: 0033:0x7f3a2658e929
[  223.351086][ T7365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  223.351107][ T7365] RSP: 002b:00007f3a27322038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  223.351129][ T7365] RAX: ffffffffffffffda RBX: 00007f3a267b5fa0 RCX: 00007f3a2658e929
[  223.351143][ T7365] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000003
[  223.351157][ T7365] RBP: 00007f3a26610b39 R08: 0000000000000000 R09: 0000000000000000
[  223.351170][ T7365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  223.351183][ T7365] R13: 0000000000000000 R14: 00007f3a267b5fa0 R15: 00007ffe5f9c64a8
[  223.351217][ T7365]  </TASK>
[  224.952245][ T7374] netlink: 28 bytes leftover after parsing attributes in process `syz.0.361'.
[  225.598865][ T7378] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x78009
[  225.613404][ T7378] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  225.651466][ T7378] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  225.685872][ T7378] raw: ffff888000000000 0000000000000000 00000001ffffffff 0000000000000000
[  225.719833][ T7378] page dumped because: unmovable page
[  225.725301][ T7378] page_owner tracks the page as allocated
[  225.756185][ T7378] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xcc0(GFP_KERNEL), pid 7347, tgid 7347 (syz.2.356), ts 222710240293, free_ts 222411166245
[  225.799914][ T7378]  post_alloc_hook+0x1c0/0x230
[  225.809723][ T7378]  get_page_from_freelist+0x1321/0x3890
[  225.825767][ T7378]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  225.859773][ T7378]  alloc_pages_bulk_noprof+0x71c/0x1410
[  225.869709][ T7378]  kasan_populate_vmalloc+0xf1/0x1f0
[  225.879710][ T7378]  alloc_vmap_area+0x959/0x29c0
[  225.884650][ T7378]  __get_vm_area_node+0x1ca/0x330
[  225.909776][ T7378]  __vmalloc_node_range_noprof+0x271/0x14b0
[  225.915788][ T7378]  __vmalloc_node_noprof+0xad/0xf0
[  225.939688][ T7378]  __snd_dma_alloc_pages+0x53/0x90
[  225.955186][ T7378]  snd_dma_alloc_dir_pages+0x151/0x240
[  225.965319][ T7378]  do_alloc_pages+0x115/0x280
[  225.985592][ T7378]  snd_pcm_lib_malloc_pages+0x3df/0x980
[  225.999781][ T7378]  snd_pcm_hw_params+0x15e1/0x1b40
[  226.005006][ T7378]  snd_pcm_kernel_ioctl+0x147/0x2e0
[  226.029720][ T7378]  snd_pcm_oss_change_params_locked+0x1432/0x3a30
[  226.040010][ T7378] page last free pid 15 tgid 15 stack trace:
[  226.046055][ T7378]  __free_frozen_pages+0x7fe/0x1180
[  226.065532][ T7378]  tlb_remove_table_rcu+0x116/0x1a0
[  226.068224][ T7384] binder: 7382:7384 ioctl 400c620e 0 returned -22
[  226.082177][ T7378]  rcu_core+0x799/0x14e0
[  226.089944][ T7378]  handle_softirqs+0x216/0x8e0
[  226.100428][ T7378]  run_ksoftirqd+0x3a/0x60
[  226.110746][ T7378]  smpboot_thread_fn+0x3f4/0xae0
[  226.122605][ T7378]  kthread+0x3c5/0x780
[  226.131510][ T7378]  ret_from_fork+0x5d4/0x6f0
[  226.142549][ T7378]  ret_from_fork_asm+0x1a/0x30
[  226.169888][ T7374] hsr_slave_0: left promiscuous mode
[  226.205110][ T7374] hsr_slave_1: left promiscuous mode
[  226.683616][ T7389] debugfs: Directory '!PjEùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' with parent 'ieee80211' already present!
[  227.687525][ T7397] block2mtd: illegal erase size
[  229.638624][ T7411] could not allocate digest TFM handle 
[  230.171116][ T7427] FAULT_INJECTION: forcing a failure.
[  230.171116][ T7427] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  230.269758][ T7427] CPU: 1 UID: 0 PID: 7427 Comm: syz.3.375 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  230.269796][ T7427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  230.269810][ T7427] Call Trace:
[  230.269819][ T7427]  <TASK>
[  230.269829][ T7427]  dump_stack_lvl+0x16c/0x1f0
[  230.269875][ T7427]  should_fail_ex+0x512/0x640
[  230.269916][ T7427]  should_fail_alloc_page+0xe7/0x130
[  230.269942][ T7427]  prepare_alloc_pages+0x3c2/0x610
[  230.269979][ T7427]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  230.270017][ T7427]  ? __alloc_frozen_pages_noprof+0x294/0x23f0
[  230.270057][ T7427]  ? kasan_save_stack+0x42/0x60
[  230.270096][ T7427]  ? kasan_save_stack+0x33/0x60
[  230.270141][ T7427]  ? kasan_save_track+0x14/0x30
[  230.270178][ T7427]  ? __kasan_slab_alloc+0x89/0x90
[  230.270217][ T7427]  ? kmem_cache_alloc_noprof+0x1cb/0x3b0
[  230.270255][ T7427]  ? __pmd_alloc+0xbf/0x930
[  230.270283][ T7427]  ? __handle_mm_fault+0xaac/0x5490
[  230.270316][ T7427]  ? handle_mm_fault+0x589/0xd10
[  230.270345][ T7427]  ? do_user_addr_fault+0x7a6/0x1370
[  230.270378][ T7427]  ? exc_page_fault+0x5c/0xb0
[  230.270413][ T7427]  ? asm_exc_page_fault+0x26/0x30
[  230.270441][ T7427]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  230.270481][ T7427]  ? kernfs_fop_read_iter+0x40f/0x5a0
[  230.270508][ T7427]  ? ksys_read+0x12a/0x250
[  230.270542][ T7427]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.270593][ T7427]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  230.270638][ T7427]  ? policy_nodemask+0xea/0x4e0
[  230.270669][ T7427]  alloc_pages_mpol+0x1fb/0x550
[  230.270699][ T7427]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  230.270730][ T7427]  ? do_raw_spin_lock+0x12c/0x2b0
[  230.270771][ T7427]  ? find_held_lock+0x2b/0x80
[  230.270802][ T7427]  alloc_pages_noprof+0x131/0x390
[  230.270831][ T7427]  pte_alloc_one+0x1c/0x3a0
[  230.270873][ T7427]  __do_fault+0x320/0x490
[  230.270913][ T7427]  ? __pfx_filemap_map_pages+0x10/0x10
[  230.270956][ T7427]  __handle_mm_fault+0x374c/0x5490
[  230.271006][ T7427]  ? __pfx___handle_mm_fault+0x10/0x10
[  230.271041][ T7427]  ? __pfx_mt_find+0x10/0x10
[  230.271092][ T7427]  ? find_vma+0xbf/0x140
[  230.271129][ T7427]  ? __pfx_find_vma+0x10/0x10
[  230.271163][ T7427]  handle_mm_fault+0x589/0xd10
[  230.271202][ T7427]  ? __pkru_allows_pkey+0x41/0xb0
[  230.271242][ T7427]  do_user_addr_fault+0x7a6/0x1370
[  230.271285][ T7427]  ? rcu_is_watching+0x12/0xc0
[  230.271320][ T7427]  exc_page_fault+0x5c/0xb0
[  230.271363][ T7427]  asm_exc_page_fault+0x26/0x30
[  230.271389][ T7427] RIP: 0010:rep_movs_alternative+0x11/0x90
[  230.271424][ T7427] Code: c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 bd 10 04 00 66 66 2e 0f
[  230.271451][ T7427] RSP: 0018:ffffc90003ddfaf0 EFLAGS: 00050202
[  230.271475][ T7427] RAX: 0000000000000030 RBX: 0000000000000002 RCX: 0000000000000002
[  230.271492][ T7427] RDX: ffffed100643e801 RSI: ffff8880321f4000 RDI: 0000000000000000
[  230.271510][ T7427] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed100643e800
[  230.271527][ T7427] R10: ffff8880321f4001 R11: 0000000000000001 R12: ffffc90003ddfda0
[  230.271544][ T7427] R13: 0000000000000002 R14: ffff8880321f4000 R15: 00007ffffffff000
[  230.271588][ T7427]  _copy_to_iter+0x383/0x16f0
[  230.271636][ T7427]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  230.271685][ T7427]  ? __pfx__copy_to_iter+0x10/0x10
[  230.271749][ T7427]  ? kernfs_seq_stop+0xcd/0x120
[  230.271787][ T7427]  ? kernfs_put_active+0x86/0xe0
[  230.271835][ T7427]  seq_read_iter+0xcf8/0x12c0
[  230.271892][ T7427]  kernfs_fop_read_iter+0x40f/0x5a0
[  230.271921][ T7427]  ? rw_verify_area+0xcf/0x680
[  230.271969][ T7427]  vfs_read+0x8bf/0xc60
[  230.272013][ T7427]  ? __pfx___mutex_lock+0x10/0x10
[  230.272055][ T7427]  ? __pfx_vfs_read+0x10/0x10
[  230.272134][ T7427]  ksys_read+0x12a/0x250
[  230.272172][ T7427]  ? __pfx_ksys_read+0x10/0x10
[  230.272226][ T7427]  do_syscall_64+0xcd/0x490
[  230.272273][ T7427]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.272301][ T7427] RIP: 0033:0x7f227498e929
[  230.272323][ T7427] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  230.272349][ T7427] RSP: 002b:00007f22758d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  230.272373][ T7427] RAX: ffffffffffffffda RBX: 00007f2274bb5fa0 RCX: 00007f227498e929
[  230.272399][ T7427] RDX: 0000000000000020 RSI: 0000000000000000 RDI: 0000000000000003
[  230.272415][ T7427] RBP: 00007f22758d5090 R08: 0000000000000000 R09: 0000000000000000
[  230.272431][ T7427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  230.272446][ T7427] R13: 0000000000000000 R14: 00007f2274bb5fa0 R15: 00007ffd1c8d2cf8
[  230.272490][ T7427]  </TASK>
[  230.744325][    C1] vkms_vblank_simulate: vblank timer overrun
[  231.033481][ T7434] binder: 7428:7434 ioctl 400c620e 0 returned -22
[  231.899923][ T7438] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000
[  231.908822][ T7438] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  232.006700][ T7438] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  232.115733][ T7438] page_type: f5(slab)
[  232.139865][ T7438] raw: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000
[  232.190304][ T7438] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  232.209811][ T7438] head: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000
[  232.223237][ T7438] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  232.233470][ T7438] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff
[  232.263974][ T7438] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  232.275065][ T7438] page dumped because: unmovable page
[  232.283262][ T7438] page_owner tracks the page as allocated
[  232.289410][ T7438] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6992, tgid 6992 (kworker/u10:0), ts 228171746040, free_ts 228116612625
[  232.326483][ T7438]  post_alloc_hook+0x1c0/0x230
[  232.360286][ T7438]  get_page_from_freelist+0x1321/0x3890
[  232.366117][ T7438]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  232.407993][ T7438]  alloc_pages_mpol+0x1fb/0x550
[  232.415437][ T7438]  new_slab+0x23b/0x330
[  232.422491][ T7438]  ___slab_alloc+0xd9c/0x1940
[  232.432138][ T7438]  __slab_alloc.constprop.0+0x56/0xb0
[  232.438296][ T7438]  __kmalloc_node_track_caller_noprof+0x2ee/0x510
[  232.447936][ T7438]  kmalloc_reserve+0xef/0x2c0
[  232.456060][ T7438]  __alloc_skb+0x166/0x380
[  232.461904][ T7438]  nsim_dev_trap_report_work+0x2b1/0xcf0
[  232.468329][ T7438]  process_one_work+0x9cc/0x1b70
[  232.477615][ T7438]  worker_thread+0x6c8/0xf10
[  232.484767][ T7438]  kthread+0x3c5/0x780
[  232.493254][ T7438]  ret_from_fork+0x5d4/0x6f0
[  232.500154][ T7438]  ret_from_fork_asm+0x1a/0x30
[  232.505546][ T7438] page last free pid 5820 tgid 5820 stack trace:
[  232.515919][ T7438]  __free_frozen_pages+0x7fe/0x1180
[  232.521724][ T7438]  __folio_put+0x329/0x450
[  232.526498][ T7438]  skb_release_data+0x7fb/0x9c0
[  232.536484][ T7438]  __kfree_skb+0x4f/0x70
[  232.541252][ T7438]  tcp_ack+0x19b2/0x5c90
[  232.547708][ T7438]  tcp_rcv_established+0xda1/0x22e0
[  232.559429][ T7438]  tcp_v4_do_rcv+0x5ca/0xa90
[  232.566021][ T7438]  __release_sock+0x31b/0x400
[  232.575855][ T7438]  release_sock+0x5a/0x220
[  232.581289][ T7438]  tcp_sendmsg+0x38/0x50
[  232.594012][ T7438]  inet_sendmsg+0xb9/0x140
[  232.598487][ T7438]  sock_write_iter+0x4aa/0x5b0
[  232.603878][ T7438]  vfs_write+0x6c7/0x1150
[  232.608681][ T7438]  ksys_write+0x1f8/0x250
[  232.616889][ T7438]  do_syscall_64+0xcd/0x490
[  232.621772][ T7438]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.806403][ T7446] netlink: 342 bytes leftover after parsing attributes in process `syz.0.381'.
[  233.887959][ T7468] netlink: 342 bytes leftover after parsing attributes in process `syz.3.391'.
[  234.473405][ T7480] FAULT_INJECTION: forcing a failure.
[  234.473405][ T7480] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  234.509788][ T7480] CPU: 1 UID: 0 PID: 7480 Comm: syz.3.395 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  234.509831][ T7480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  234.509848][ T7480] Call Trace:
[  234.509857][ T7480]  <TASK>
[  234.509868][ T7480]  dump_stack_lvl+0x16c/0x1f0
[  234.509918][ T7480]  should_fail_ex+0x512/0x640
[  234.509966][ T7480]  _copy_to_user+0x32/0xd0
[  234.510012][ T7480]  simple_read_from_buffer+0xcb/0x170
[  234.510051][ T7480]  proc_fail_nth_read+0x197/0x270
[  234.510086][ T7480]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  234.510121][ T7480]  ? rw_verify_area+0xcf/0x680
[  234.510155][ T7480]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  234.510187][ T7480]  vfs_read+0x1e4/0xc60
[  234.510231][ T7480]  ? __pfx___mutex_lock+0x10/0x10
[  234.510273][ T7480]  ? __pfx_vfs_read+0x10/0x10
[  234.510323][ T7480]  ? __fget_files+0x20e/0x3c0
[  234.510374][ T7480]  ksys_read+0x12a/0x250
[  234.510410][ T7480]  ? __pfx_ksys_read+0x10/0x10
[  234.510461][ T7480]  do_syscall_64+0xcd/0x490
[  234.510507][ T7480]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  234.510536][ T7480] RIP: 0033:0x7f227498d33c
[  234.510559][ T7480] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  234.510584][ T7480] RSP: 002b:00007f22758d5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  234.510611][ T7480] RAX: ffffffffffffffda RBX: 00007f2274bb5fa0 RCX: 00007f227498d33c
[  234.510631][ T7480] RDX: 000000000000000f RSI: 00007f22758d50a0 RDI: 0000000000000003
[  234.510646][ T7480] RBP: 00007f22758d5090 R08: 0000000000000000 R09: 0000000000000000
[  234.510662][ T7480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  234.510678][ T7480] R13: 0000000000000000 R14: 00007f2274bb5fa0 R15: 00007ffd1c8d2cf8
[  234.510714][ T7480]  </TASK>
[  234.703980][    C1] vkms_vblank_simulate: vblank timer overrun

syzkaller
syzkaller login: [  237.293099][ T7512] FAULT_INJECTION: forcing a failure.
[  237.293099][ T7512] name failslab, interval 1, probability 0, space 0, times 0
[  237.339395][ T7512] CPU: 0 UID: 0 PID: 7512 Comm: syz.3.401 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  237.339441][ T7512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  237.339459][ T7512] Call Trace:
[  237.339469][ T7512]  <TASK>
[  237.339479][ T7512]  dump_stack_lvl+0x16c/0x1f0
[  237.339530][ T7512]  should_fail_ex+0x512/0x640
[  237.339573][ T7512]  ? kmem_cache_alloc_bulk_noprof+0x6d/0xbc0
[  237.339619][ T7512]  should_failslab+0xc2/0x120
[  237.339645][ T7512]  kmem_cache_alloc_bulk_noprof+0x85/0xbc0
[  237.339688][ T7512]  ? trace_kmem_cache_alloc+0x28/0xc0
[  237.339716][ T7512]  ? kmem_cache_alloc_noprof+0x21e/0x3b0
[  237.339754][ T7512]  ? mas_alloc_nodes+0x18b/0x8b0
[  237.339796][ T7512]  ? mas_alloc_nodes+0x2f1/0x8b0
[  237.339828][ T7512]  mas_alloc_nodes+0x2f1/0x8b0
[  237.339872][ T7512]  mas_node_count_gfp+0x105/0x130
[  237.339912][ T7512]  mas_preallocate+0x7e0/0xde0
[  237.339951][ T7512]  ? __pfx_mas_preallocate+0x10/0x10
[  237.339993][ T7512]  ? rcu_read_unlock+0x17/0x60
[  237.340029][ T7512]  vma_link+0x135/0x6a0
[  237.340082][ T7512]  ? __pfx_vma_link+0x10/0x10
[  237.340123][ T7512]  ? rcu_is_watching+0x12/0xc0
[  237.340158][ T7512]  ? anon_vma_clone+0x405/0x5c0
[  237.340194][ T7512]  ? anon_vma_name+0x75/0x100
[  237.340230][ T7512]  copy_vma+0x6c2/0xaa0
[  237.340281][ T7512]  ? __pfx_copy_vma+0x10/0x10
[  237.340322][ T7512]  ? lockdep_hardirqs_on+0x7c/0x110
[  237.340377][ T7512]  ? register_lock_class+0x41/0x4c0
[  237.340415][ T7512]  ? __schedule+0x1181/0x5de0
[  237.340472][ T7512]  ? __lock_acquire+0x622/0x1c90
[  237.340518][ T7512]  copy_vma_and_data+0x1cf/0x750
[  237.340566][ T7512]  ? __pfx_copy_vma_and_data+0x10/0x10
[  237.340619][ T7512]  ? __vma_enter_locked+0x163/0x3f0
[  237.340663][ T7512]  ? find_held_lock+0x2b/0x80
[  237.340690][ T7512]  ? move_vma+0x536/0x1740
[  237.340736][ T7512]  move_vma+0x548/0x1740
[  237.340782][ T7512]  ? __pfx_move_vma+0x10/0x10
[  237.340817][ T7512]  ? mm_get_unmapped_area+0x95/0xe0
[  237.340849][ T7512]  ? shmem_get_unmapped_area+0x170/0xa00
[  237.340885][ T7512]  ? cap_mmap_addr+0x4b/0x120
[  237.340909][ T7512]  ? bpf_lsm_mmap_addr+0x9/0x10
[  237.340935][ T7512]  ? security_mmap_addr+0x6c/0x1e0
[  237.340970][ T7512]  ? __get_unmapped_area+0x267/0x440
[  237.341004][ T7512]  ? vrm_set_new_addr+0x208/0x290
[  237.341051][ T7512]  __do_sys_mremap+0xe07/0x1590
[  237.341096][ T7512]  ? __pfx___do_sys_mremap+0x10/0x10
[  237.341141][ T7512]  ? __fget_files+0x204/0x3c0
[  237.341184][ T7512]  ? __x64_sys_futex+0x1e0/0x4c0
[  237.341240][ T7512]  do_syscall_64+0xcd/0x490
[  237.341282][ T7512]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.341307][ T7512] RIP: 0033:0x7f227498e929
[  237.341330][ T7512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  237.341356][ T7512] RSP: 002b:00007f2275872038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  237.341383][ T7512] RAX: ffffffffffffffda RBX: 00007f2274bb6240 RCX: 00007f227498e929
[  237.341400][ T7512] RDX: 0000000000000008 RSI: 0000000000000004 RDI: 0000000000000000
[  237.341416][ T7512] RBP: 00007f2274a10b39 R08: 00007effffffb000 R09: 0000000000000000
[  237.341432][ T7512] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
[  237.341448][ T7512] R13: 0000000000000000 R14: 00007f2274bb6240 R15: 00007ffd1c8d2cf8
[  237.341483][ T7512]  </TASK>
[  238.076749][ T7003] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  238.090067][ T7003] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  238.101939][ T7003] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  238.112969][ T7003] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  238.120376][ T7524] random: crng reseeded on system resumption
[  238.132252][ T7003] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  238.926123][ T7520] chnl_net:caif_netlink_parms(): no params data found
[  239.602612][ T7554] netlink: 4 bytes leftover after parsing attributes in process `syz.3.415'.
[  239.621062][ T7520] bridge0: port 1(bridge_slave_0) entered blocking state
[  239.628300][ T7520] bridge0: port 1(bridge_slave_0) entered disabled state
[  239.680005][ T7520] bridge_slave_0: entered allmulticast mode
[  239.697080][ T7554] delete_channel: no stack
[  239.708760][ T7520] bridge_slave_0: entered promiscuous mode
[  239.759352][ T7520] bridge0: port 2(bridge_slave_1) entered blocking state
[  239.799774][ T7520] bridge0: port 2(bridge_slave_1) entered disabled state
[  239.831125][ T7520] bridge_slave_1: entered allmulticast mode
[  239.865916][ T7520] bridge_slave_1: entered promiscuous mode
[  240.024768][ T7520] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  240.077238][ T7520] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  240.229688][ T7003] Bluetooth: hci4: command tx timeout

syzkaller
syzkaller login: [  240.383596][ T7520] team0: Port device team_slave_0 added
[  240.470625][ T7520] team0: Port device team_slave_1 added
[  240.776804][ T7520] batman_adv: batadv0: Adding interface: batadv_slave_0
[  240.795359][ T7520] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  240.879515][ T7520] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  240.979797][ T7566] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000
[  241.013183][ T7520] batman_adv: batadv0: Adding interface: batadv_slave_1
[  241.037898][ T7520] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  241.100224][ T7566] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  241.108839][ T7566] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  241.139807][ T7520] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  241.203523][ T7566] page_type: f5(slab)
[  241.239072][ T7566] raw: 00fff00000000040 ffff88801ce95640 dead000000000122 0000000000000000
[  241.306194][ T7566] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000
[  241.345014][ T7566] head: 00fff00000000040 ffff88801ce95640 dead000000000122 0000000000000000
[  241.409808][ T7566] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000
[  241.418713][ T7566] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff
[  241.453017][ T7566] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  241.468083][ T7520] hsr_slave_0: entered promiscuous mode
[  241.486579][ T7520] hsr_slave_1: entered promiscuous mode
[  241.486648][ T7576] netlink: 146 bytes leftover after parsing attributes in process `syz.2.422'.
[  241.533483][ T7566] page dumped because: unmovable page
[  241.569700][ T7566] page_owner tracks the page as allocated
[  241.575516][ T7566] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5201, tgid 5201 (udevd), ts 236005322981, free_ts 236004670980
[  241.697765][ T7566]  post_alloc_hook+0x1c0/0x230
[  241.724139][ T7566]  get_page_from_freelist+0x1321/0x3890
[  241.749083][ T7566]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  241.769416][ T7566]  alloc_pages_mpol+0x1fb/0x550
[  241.774674][ T7566]  new_slab+0x23b/0x330
[  241.778917][ T7566]  ___slab_alloc+0xd9c/0x1940
[  241.795509][ T7566]  __slab_alloc.constprop.0+0x56/0xb0
[  241.803192][ T7566]  kmem_cache_alloc_noprof+0xef/0x3b0
[  241.812816][ T7566]  getname_flags.part.0+0x4c/0x550
[  241.819505][ T7566]  __x64_sys_unlink+0xb0/0x110
[  241.826173][ T7566]  do_syscall_64+0xcd/0x490
[  241.832875][ T7566]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  241.840610][ T7566] page last free pid 5201 tgid 5201 stack trace:
[  241.849054][ T7566]  __free_frozen_pages+0x7fe/0x1180
[  241.875403][ T7566]  __put_partials+0x16d/0x1c0
[  241.919729][ T7566]  qlist_free_all+0x4d/0x120
[  241.930441][ T7566]  kasan_quarantine_reduce+0x195/0x1e0
[  241.946877][ T7566]  __kasan_slab_alloc+0x69/0x90
[  241.959703][ T7566]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  241.969996][ T7566]  getname_flags.part.0+0x4c/0x550
[  241.987366][ T7566]  __x64_sys_unlink+0xb0/0x110
[  241.992649][ T7566]  do_syscall_64+0xcd/0x490
[  242.001009][ T7566]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  242.310045][ T7003] Bluetooth: hci4: command tx timeout
[  242.777607][ T7520] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  242.807719][ T7520] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  242.883217][ T7520] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  242.968565][ T7520] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  243.537078][ T7520] 8021q: adding VLAN 0 to HW filter on device bond0
[  243.596883][ T7520] 8021q: adding VLAN 0 to HW filter on device team0
[  243.716145][ T7200] bridge0: port 1(bridge_slave_0) entered blocking state
[  243.723528][ T7200] bridge0: port 1(bridge_slave_0) entered forwarding state
[  243.775666][ T7200] bridge0: port 2(bridge_slave_1) entered blocking state
[  243.783007][ T7200] bridge0: port 2(bridge_slave_1) entered forwarding state
[  243.911091][ T7520] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  244.393195][ T7003] Bluetooth: hci4: command tx timeout
[  244.565389][ T7520] 8021q: adding VLAN 0 to HW filter on device batadv0
[  244.875050][ T7634] binder: 7631:7634 ioctl 400c620e 0 returned -22
[  244.999690][ T7633] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x78009
[  245.103363][ T7633] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  245.197923][ T7633] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  245.295528][ T7633] raw: ffff888000000000 0000000000000000 00000001ffffffff 0000000000000000
[  245.383537][ T7633] page dumped because: unmovable page
[  245.443240][ T7520] veth0_vlan: entered promiscuous mode
[  245.443993][ T7633] page_owner tracks the page as allocated
[  245.482853][ T7520] veth1_vlan: entered promiscuous mode
[  245.531526][ T7633] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xcc0(GFP_KERNEL), pid 7347, tgid 7347 (syz.2.356), ts 222710240293, free_ts 222411166245
[  245.543846][ T7520] veth0_macvtap: entered promiscuous mode
[  245.563520][ T7520] veth1_macvtap: entered promiscuous mode
[  245.607520][ T7520] batman_adv: batadv0: Interface activated: batadv_slave_0
[  245.634188][ T7520] batman_adv: batadv0: Interface activated: batadv_slave_1
[  245.657455][ T7520] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  245.670776][ T7633]  post_alloc_hook+0x1c0/0x230
[  245.675840][ T7633]  get_page_from_freelist+0x1321/0x3890
[  245.681985][ T7520] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  245.701479][ T7520] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  245.717116][ T7520] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  245.726994][ T7633]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  245.783817][ T7633]  alloc_pages_bulk_noprof+0x71c/0x1410
[  245.827640][ T7633]  kasan_populate_vmalloc+0xf1/0x1f0
[  245.835244][ T7633]  alloc_vmap_area+0x959/0x29c0
[  245.845692][ T7633]  __get_vm_area_node+0x1ca/0x330
[  245.853164][ T7633]  __vmalloc_node_range_noprof+0x271/0x14b0
[  245.859231][ T7633]  __vmalloc_node_noprof+0xad/0xf0
[  245.867628][ T7633]  __snd_dma_alloc_pages+0x53/0x90
[  245.874981][ T7633]  snd_dma_alloc_dir_pages+0x151/0x240
[  245.884652][ T7633]  do_alloc_pages+0x115/0x280
[  245.889451][ T7633]  snd_pcm_lib_malloc_pages+0x3df/0x980
[  245.905513][ T7633]  snd_pcm_hw_params+0x15e1/0x1b40
[  245.916190][ T7633]  snd_pcm_kernel_ioctl+0x147/0x2e0
[  245.921968][ T7633]  snd_pcm_oss_change_params_locked+0x1432/0x3a30
[  245.936573][ T7633] page last free pid 15 tgid 15 stack trace:
[  245.944383][ T7633]  __free_frozen_pages+0x7fe/0x1180
[  245.966684][ T7633]  tlb_remove_table_rcu+0x116/0x1a0
[  245.974252][ T7633]  rcu_core+0x799/0x14e0
[  245.978768][ T7633]  handle_softirqs+0x216/0x8e0
[  245.985308][ T7633]  run_ksoftirqd+0x3a/0x60
[  245.997591][ T7633]  smpboot_thread_fn+0x3f4/0xae0
[  246.004641][ T7633]  kthread+0x3c5/0x780
[  246.019215][ T7633]  ret_from_fork+0x5d4/0x6f0
[  246.037070][ T7633]  ret_from_fork_asm+0x1a/0x30
[  246.449758][ T7200] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  246.466757][ T7200] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  246.474619][ T7003] Bluetooth: hci4: command tx timeout
[  246.814744][ T6992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  247.015258][ T6992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  247.523160][ T7659] sysfs: cannot create duplicate filename '/class/ieee80211/!PjEùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]'
[  247.579445][ T7659] CPU: 0 UID: 0 PID: 7659 Comm: syz.2.442 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  247.579492][ T7659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  247.579510][ T7659] Call Trace:
[  247.579520][ T7659]  <TASK>
[  247.579533][ T7659]  dump_stack_lvl+0x16c/0x1f0
[  247.579585][ T7659]  sysfs_warn_dup+0x7f/0xa0
[  247.579622][ T7659]  sysfs_do_create_link_sd+0x124/0x140
[  247.579662][ T7659]  sysfs_create_link+0x61/0xc0
[  247.579702][ T7659]  device_add+0x62c/0x1a70
[  247.579738][ T7659]  ? __pfx_device_add+0x10/0x10
[  247.579766][ T7659]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  247.579812][ T7659]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  247.579870][ T7659]  wiphy_register+0x1c9c/0x2850
[  247.579900][ T7659]  ? netdev_run_todo+0x864/0x1320
[  247.579941][ T7659]  ? __pfx_wiphy_register+0x10/0x10
[  247.579990][ T7659]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  247.580037][ T7659]  ieee80211_register_hw+0x24ac/0x4140
[  247.580090][ T7659]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  247.580132][ T7659]  ? find_held_lock+0x2b/0x80
[  247.580163][ T7659]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  247.580210][ T7659]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  247.580242][ T7659]  ? __hrtimer_setup+0x176/0x280
[  247.580291][ T7659]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  247.580362][ T7659]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  247.580418][ T7659]  hwsim_new_radio_nl+0xb51/0x12c0
[  247.580463][ T7659]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  247.580519][ T7659]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  247.580557][ T7659]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  247.580605][ T7659]  genl_family_rcv_msg_doit+0x206/0x2f0
[  247.580645][ T7659]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  247.580680][ T7659]  ? trace_cap_capable+0x18d/0x200
[  247.580720][ T7659]  ? bpf_lsm_capable+0x9/0x10
[  247.580751][ T7659]  ? security_capable+0x7e/0x260
[  247.580796][ T7659]  ? ns_capable+0xd7/0x110
[  247.580832][ T7659]  genl_rcv_msg+0x55c/0x800
[  247.580873][ T7659]  ? __pfx_genl_rcv_msg+0x10/0x10
[  247.580910][ T7659]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  247.580965][ T7659]  netlink_rcv_skb+0x155/0x420
[  247.580996][ T7659]  ? __pfx_genl_rcv_msg+0x10/0x10
[  247.581041][ T7659]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  247.581091][ T7659]  ? netlink_deliver_tap+0x1ae/0xd30
[  247.581127][ T7659]  genl_rcv+0x28/0x40
[  247.581158][ T7659]  netlink_unicast+0x53a/0x7f0
[  247.581197][ T7659]  ? __pfx_netlink_unicast+0x10/0x10
[  247.581242][ T7659]  netlink_sendmsg+0x8d1/0xdd0
[  247.581281][ T7659]  ? __pfx_netlink_sendmsg+0x10/0x10
[  247.581329][ T7659]  ____sys_sendmsg+0xa95/0xc70
[  247.581365][ T7659]  ? copy_msghdr_from_user+0x10a/0x160
[  247.581406][ T7659]  ? __pfx_____sys_sendmsg+0x10/0x10
[  247.581449][ T7659]  ? __pfx_futex_wake_mark+0x10/0x10
[  247.581498][ T7659]  ___sys_sendmsg+0x134/0x1d0
[  247.581542][ T7659]  ? __pfx____sys_sendmsg+0x10/0x10
[  247.581581][ T7659]  ? __lock_acquire+0x622/0x1c90
[  247.581668][ T7659]  __sys_sendmsg+0x16d/0x220
[  247.581714][ T7659]  ? __pfx___sys_sendmsg+0x10/0x10
[  247.581758][ T7659]  ? __x64_sys_futex+0x1e0/0x4c0
[  247.581818][ T7659]  do_syscall_64+0xcd/0x490
[  247.581867][ T7659]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.581896][ T7659] RIP: 0033:0x7f3a2658e929
[  247.581920][ T7659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  247.581945][ T7659] RSP: 002b:00007f3a27322038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  247.581971][ T7659] RAX: ffffffffffffffda RBX: 00007f3a267b5fa0 RCX: 00007f3a2658e929
[  247.581989][ T7659] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000003
[  247.582006][ T7659] RBP: 00007f3a26610b39 R08: 0000000000000000 R09: 0000000000000000
[  247.582033][ T7659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  247.582050][ T7659] R13: 0000000000000000 R14: 00007f3a267b5fa0 R15: 00007ffe5f9c64a8
[  247.582093][ T7659]  </TASK>
[  248.631042][ T7003] Bluetooth: hci0: unexpected event 0x06 length: 440 > 3
[  248.929747][ T7679] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x78009
[  248.977182][ T7679] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  248.989808][ T7679] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  249.006623][ T7679] raw: ffff888000000000 0000000000000000 00000001ffffffff 0000000000000000
[  249.019103][ T7679] page dumped because: unmovable page
[  249.039767][ T7679] page_owner tracks the page as allocated
[  249.048395][ T7679] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xcc0(GFP_KERNEL), pid 7347, tgid 7347 (syz.2.356), ts 222710240293, free_ts 222411166245
[  249.077977][ T7679]  post_alloc_hook+0x1c0/0x230
[  249.084654][ T7679]  get_page_from_freelist+0x1321/0x3890
[  249.093339][ T7679]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  249.107619][ T7679]  alloc_pages_bulk_noprof+0x71c/0x1410
[  249.126389][ T7684] FAULT_INJECTION: forcing a failure.
[  249.126389][ T7684] name failslab, interval 1, probability 0, space 0, times 0
[  249.127237][ T7679]  kasan_populate_vmalloc+0xf1/0x1f0
[  249.150433][ T7679]  alloc_vmap_area+0x959/0x29c0
[  249.155658][ T7679]  __get_vm_area_node+0x1ca/0x330
[  249.164566][ T7679]  __vmalloc_node_range_noprof+0x271/0x14b0
[  249.184286][ T7684] CPU: 1 UID: 0 PID: 7684 Comm: syz.4.449 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  249.184327][ T7684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  249.184344][ T7684] Call Trace:
[  249.184353][ T7684]  <TASK>
[  249.184364][ T7684]  dump_stack_lvl+0x16c/0x1f0
[  249.184412][ T7684]  should_fail_ex+0x512/0x640
[  249.184452][ T7684]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  249.184499][ T7684]  should_failslab+0xc2/0x120
[  249.184527][ T7684]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  249.184567][ T7684]  ? do_raw_spin_lock+0x12c/0x2b0
[  249.184608][ T7684]  ? ptlock_alloc+0x1f/0x70
[  249.184650][ T7684]  ptlock_alloc+0x1f/0x70
[  249.184685][ T7684]  pte_alloc_one+0x82/0x3a0
[  249.184729][ T7684]  __do_fault+0x320/0x490
[  249.184769][ T7684]  ? __pfx_filemap_map_pages+0x10/0x10
[  249.184813][ T7684]  __handle_mm_fault+0x374c/0x5490
[  249.184864][ T7684]  ? __pfx___handle_mm_fault+0x10/0x10
[  249.184898][ T7684]  ? __pfx_mt_find+0x10/0x10
[  249.184955][ T7684]  ? find_vma+0xbf/0x140
[  249.184990][ T7684]  ? __pfx_find_vma+0x10/0x10
[  249.185023][ T7684]  handle_mm_fault+0x589/0xd10
[  249.185062][ T7684]  ? __pkru_allows_pkey+0x41/0xb0
[  249.185101][ T7684]  do_user_addr_fault+0x7a6/0x1370
[  249.185143][ T7684]  ? rcu_is_watching+0x12/0xc0
[  249.185176][ T7684]  exc_page_fault+0x5c/0xb0
[  249.185218][ T7684]  asm_exc_page_fault+0x26/0x30
[  249.185246][ T7684] RIP: 0010:rep_movs_alternative+0x11/0x90
[  249.185280][ T7684] Code: c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 bd 10 04 00 66 66 2e 0f
[  249.185313][ T7684] RSP: 0018:ffffc9000ba37af0 EFLAGS: 00050202
[  249.185335][ T7684] RAX: 0000000000000030 RBX: 0000000000000002 RCX: 0000000000000002
[  249.185352][ T7684] RDX: ffffed100672a001 RSI: ffff888033950000 RDI: 0000000000000000
[  249.185370][ T7684] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed100672a000
[  249.185386][ T7684] R10: ffff888033950001 R11: 0000000000000001 R12: ffffc9000ba37da0
[  249.185404][ T7684] R13: 0000000000000002 R14: ffff888033950000 R15: 00007ffffffff000
[  249.185448][ T7684]  _copy_to_iter+0x383/0x16f0
[  249.185496][ T7684]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  249.185546][ T7684]  ? __pfx__copy_to_iter+0x10/0x10
[  249.185592][ T7684]  ? kernfs_seq_stop+0xcd/0x120
[  249.185630][ T7684]  ? kernfs_put_active+0x86/0xe0
[  249.185679][ T7684]  seq_read_iter+0xcf8/0x12c0
[  249.185735][ T7684]  kernfs_fop_read_iter+0x40f/0x5a0
[  249.185763][ T7684]  ? rw_verify_area+0xcf/0x680
[  249.185803][ T7684]  vfs_read+0x8bf/0xc60
[  249.185850][ T7684]  ? __pfx___mutex_lock+0x10/0x10
[  249.185892][ T7684]  ? __pfx_vfs_read+0x10/0x10
[  249.185965][ T7684]  ksys_read+0x12a/0x250
[  249.186012][ T7684]  ? __pfx_ksys_read+0x10/0x10
[  249.186066][ T7684]  do_syscall_64+0xcd/0x490
[  249.186114][ T7684]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.186141][ T7684] RIP: 0033:0x7fc75df8e929
[  249.186163][ T7684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  249.186189][ T7684] RSP: 002b:00007fc75ee91038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  249.186214][ T7684] RAX: ffffffffffffffda RBX: 00007fc75e1b5fa0 RCX: 00007fc75df8e929
[  249.186231][ T7684] RDX: 0000000000000020 RSI: 0000000000000000 RDI: 0000000000000003
[  249.186248][ T7684] RBP: 00007fc75ee91090 R08: 0000000000000000 R09: 0000000000000000
[  249.186264][ T7684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  249.186280][ T7684] R13: 0000000000000000 R14: 00007fc75e1b5fa0 R15: 00007fff6d85dff8
[  249.186319][ T7684]  </TASK>
[  249.192843][ T7679]  __vmalloc_node_noprof+0xad/0xf0
[  249.594341][ T7679]  __snd_dma_alloc_pages+0x53/0x90
[  249.603002][ T7679]  snd_dma_alloc_dir_pages+0x151/0x240
[  249.608562][ T7679]  do_alloc_pages+0x115/0x280
[  249.614285][ T7679]  snd_pcm_lib_malloc_pages+0x3df/0x980
[  249.623295][ T7679]  snd_pcm_hw_params+0x15e1/0x1b40
[  249.628493][ T7679]  snd_pcm_kernel_ioctl+0x147/0x2e0
[  249.634861][ T7679]  snd_pcm_oss_change_params_locked+0x1432/0x3a30
[  249.644965][ T7679] page last free pid 15 tgid 15 stack trace:
[  249.652097][ T7679]  __free_frozen_pages+0x7fe/0x1180
[  249.657422][ T7679]  tlb_remove_table_rcu+0x116/0x1a0
[  249.669752][ T7679]  rcu_core+0x799/0x14e0
[  249.674206][ T7679]  handle_softirqs+0x216/0x8e0
[  249.679049][ T7679]  run_ksoftirqd+0x3a/0x60
[  249.714227][ T7679]  smpboot_thread_fn+0x3f4/0xae0
[  249.719320][ T7679]  kthread+0x3c5/0x780
[  249.727883][ T7679]  ret_from_fork+0x5d4/0x6f0
[  249.733885][ T7679]  ret_from_fork_asm+0x1a/0x30
[  249.788512][ T7691] FAULT_INJECTION: forcing a failure.
[  249.788512][ T7691] name failslab, interval 1, probability 0, space 0, times 0
[  249.828050][ T7691] CPU: 0 UID: 0 PID: 7691 Comm: syz.3.452 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  249.828090][ T7691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  249.828107][ T7691] Call Trace:
[  249.828116][ T7691]  <TASK>
[  249.828127][ T7691]  dump_stack_lvl+0x16c/0x1f0
[  249.828175][ T7691]  should_fail_ex+0x512/0x640
[  249.828215][ T7691]  ? fs_reclaim_acquire+0xae/0x150
[  249.828252][ T7691]  ? tomoyo_encode2+0x100/0x3e0
[  249.828287][ T7691]  should_failslab+0xc2/0x120
[  249.828314][ T7691]  __kmalloc_noprof+0xd2/0x510
[  249.828353][ T7691]  ? d_absolute_path+0x136/0x1a0
[  249.828390][ T7691]  tomoyo_encode2+0x100/0x3e0
[  249.828432][ T7691]  tomoyo_encode+0x29/0x50
[  249.828468][ T7691]  tomoyo_realpath_from_path+0x18f/0x6e0
[  249.828519][ T7691]  tomoyo_path_number_perm+0x245/0x580
[  249.828551][ T7691]  ? tomoyo_path_number_perm+0x237/0x580
[  249.828588][ T7691]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  249.828622][ T7691]  ? find_held_lock+0x2b/0x80
[  249.828687][ T7691]  ? find_held_lock+0x2b/0x80
[  249.828714][ T7691]  ? hook_file_ioctl_common+0x145/0x410
[  249.828765][ T7691]  ? __fget_files+0x20e/0x3c0
[  249.828812][ T7691]  security_file_ioctl+0x9b/0x240
[  249.828850][ T7691]  __x64_sys_ioctl+0xb7/0x210
[  249.828888][ T7691]  do_syscall_64+0xcd/0x490
[  249.828933][ T7691]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.828961][ T7691] RIP: 0033:0x7f227498e929
[  249.828984][ T7691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  249.829011][ T7691] RSP: 002b:00007f22758d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  249.829038][ T7691] RAX: ffffffffffffffda RBX: 00007f2274bb5fa0 RCX: 00007f227498e929
[  249.829057][ T7691] RDX: 00002000000000c0 RSI: 0000000000005452 RDI: 0000000000000003
[  249.829075][ T7691] RBP: 00007f22758d5090 R08: 0000000000000000 R09: 0000000000000000
[  249.829092][ T7691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  249.829108][ T7691] R13: 0000000000000000 R14: 00007f2274bb5fa0 R15: 00007ffd1c8d2cf8
[  249.829147][ T7691]  </TASK>
[  249.829175][ T7691] ERROR: Out of memory at tomoyo_realpath_from_path.

	
		

	


		

		
	
		
	
	



			








	







	





	

	


	






	




	






		







syzkaller
syzkaller login: [  252.299205][ T7740] syz.4.469 uses obsolete (PF_INET,SOCK_PACKET)
[  252.822967][ T7742] FAULT_INJECTION: forcing a failure.
[  252.822967][ T7742] name failslab, interval 1, probability 0, space 0, times 0
[  253.016666][ T7742] CPU: 1 UID: 0 PID: 7742 Comm: syz.4.469 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  253.016711][ T7742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  253.016729][ T7742] Call Trace:
[  253.016739][ T7742]  <TASK>
[  253.016752][ T7742]  dump_stack_lvl+0x16c/0x1f0
[  253.016802][ T7742]  should_fail_ex+0x512/0x640
[  253.016841][ T7742]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  253.016887][ T7742]  should_failslab+0xc2/0x120
[  253.016916][ T7742]  __kmalloc_cache_noprof+0x6a/0x3e0
[  253.016954][ T7742]  ? __pfx_trace_seq_printf+0x10/0x10
[  253.016988][ T7742]  ? tracing_log_err+0x490/0x6a0
[  253.017044][ T7742]  tracing_log_err+0x490/0x6a0
[  253.017098][ T7742]  append_filter_err+0x380/0x5e0
[  253.017144][ T7742]  apply_subsystem_event_filter+0x740/0x17a0
[  253.017202][ T7742]  ? __pfx_apply_subsystem_event_filter+0x10/0x10
[  253.017255][ T7742]  ? _copy_from_user+0x59/0xd0
[  253.017327][ T7742]  subsystem_filter_write+0x95/0x120
[  253.017371][ T7742]  ? __pfx_subsystem_filter_write+0x10/0x10
[  253.017410][ T7742]  vfs_write+0x29d/0x1150
[  253.017461][ T7742]  ? __pfx___mutex_lock+0x10/0x10
[  253.017510][ T7742]  ? __pfx_vfs_write+0x10/0x10
[  253.017565][ T7742]  ? __fget_files+0x20e/0x3c0
[  253.017619][ T7742]  ksys_write+0x12a/0x250
[  253.017663][ T7742]  ? __pfx_ksys_write+0x10/0x10
[  253.017734][ T7742]  do_syscall_64+0xcd/0x490
[  253.017784][ T7742]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.017813][ T7742] RIP: 0033:0x7fc75df8e929
[  253.017839][ T7742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  253.017868][ T7742] RSP: 002b:00007fc75ee70038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  253.017897][ T7742] RAX: ffffffffffffffda RBX: 00007fc75e1b6080 RCX: 00007fc75df8e929
[  253.017932][ T7742] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000005
[  253.017950][ T7742] RBP: 00007fc75e010b39 R08: 0000000000000000 R09: 0000000000000000
[  253.017969][ T7742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  253.017987][ T7742] R13: 0000000000000000 R14: 00007fc75e1b6080 R15: 00007fff6d85dff8
[  253.018029][ T7742]  </TASK>
[  255.065175][ T7760] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x78009
[  255.386243][ T7760] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  255.410728][ T7760] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  255.421695][ T7760] raw: ffff888000000000 0000000000000000 00000001ffffffff 0000000000000000
[  255.436437][ T7760] page dumped because: unmovable page
[  255.449347][ T7760] page_owner tracks the page as allocated
[  255.502044][ T7760] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xcc0(GFP_KERNEL), pid 7347, tgid 7347 (syz.2.356), ts 222710240293, free_ts 222411166245
[  255.532965][ T7776] FAULT_INJECTION: forcing a failure.
[  255.532965][ T7776] name failslab, interval 1, probability 0, space 0, times 0
[  255.600343][ T7776] CPU: 1 UID: 0 PID: 7776 Comm: syz.0.475 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  255.600386][ T7776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  255.600403][ T7776] Call Trace:
[  255.600413][ T7776]  <TASK>
[  255.600425][ T7776]  dump_stack_lvl+0x16c/0x1f0
[  255.600474][ T7776]  should_fail_ex+0x512/0x640
[  255.600514][ T7776]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  255.600562][ T7776]  should_failslab+0xc2/0x120
[  255.600590][ T7776]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  255.600632][ T7776]  ? __alloc_skb+0x2b2/0x380
[  255.600680][ T7776]  __alloc_skb+0x2b2/0x380
[  255.600732][ T7776]  ? __pfx___alloc_skb+0x10/0x10
[  255.600777][ T7776]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  255.600816][ T7776]  netlink_alloc_large_skb+0x69/0x130
[  255.600851][ T7776]  netlink_sendmsg+0x6a1/0xdd0
[  255.600889][ T7776]  ? __pfx_netlink_sendmsg+0x10/0x10
[  255.600935][ T7776]  ____sys_sendmsg+0xa95/0xc70
[  255.600970][ T7776]  ? copy_msghdr_from_user+0x10a/0x160
[  255.601013][ T7776]  ? __pfx_____sys_sendmsg+0x10/0x10
[  255.601065][ T7776]  ___sys_sendmsg+0x134/0x1d0
[  255.601112][ T7776]  ? __pfx____sys_sendmsg+0x10/0x10
[  255.601153][ T7776]  ? __lock_acquire+0x622/0x1c90
[  255.601239][ T7776]  __sys_sendmsg+0x16d/0x220
[  255.601284][ T7776]  ? __pfx___sys_sendmsg+0x10/0x10
[  255.601359][ T7776]  do_syscall_64+0xcd/0x490
[  255.601408][ T7776]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  255.601437][ T7776] RIP: 0033:0x7f411dd8e929
[  255.601461][ T7776] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  255.601489][ T7776] RSP: 002b:00007f411eb1c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  255.601517][ T7776] RAX: ffffffffffffffda RBX: 00007f411dfb5fa0 RCX: 00007f411dd8e929
[  255.601536][ T7776] RDX: 0000000000040000 RSI: 0000200000000240 RDI: 0000000000000003
[  255.601553][ T7776] RBP: 00007f411eb1c090 R08: 0000000000000000 R09: 0000000000000000
[  255.601571][ T7776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  255.601587][ T7776] R13: 0000000000000000 R14: 00007f411dfb5fa0 R15: 00007ffd82889628
[  255.601625][ T7776]  </TASK>
[  255.827206][ T7767] syz.3.474 (7767) used greatest stack depth: 19800 bytes left

syzkaller
syzkaller login: [  256.090274][ T7766] FAULT_INJECTION: forcing a failure.
[  256.090274][ T7766] name failslab, interval 1, probability 0, space 0, times 0
[  256.129775][ T7760]  post_alloc_hook+0x1c0/0x230
[  256.134650][ T7760]  get_page_from_freelist+0x1321/0x3890
[  256.139546][ T7766] CPU: 0 UID: 0 PID: 7766 Comm: syz.2.472 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  256.139580][ T7766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  256.139595][ T7766] Call Trace:
[  256.139603][ T7766]  <TASK>
[  256.139613][ T7766]  dump_stack_lvl+0x16c/0x1f0
[  256.139653][ T7766]  should_fail_ex+0x512/0x640
[  256.139688][ T7766]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  256.139723][ T7766]  should_failslab+0xc2/0x120
[  256.139748][ T7766]  __kmalloc_cache_noprof+0x6a/0x3e0
[  256.139780][ T7766]  ? io_wq_create+0x6a/0x9d0
[  256.139810][ T7766]  io_wq_create+0x6a/0x9d0
[  256.139839][ T7766]  io_uring_alloc_task_context+0x1e1/0x650
[  256.139869][ T7766]  ? __pfx_io_uring_alloc_task_context+0x10/0x10
[  256.139905][ T7766]  __io_uring_add_tctx_node+0x2dd/0x500
[  256.139931][ T7766]  ? __pfx___io_uring_add_tctx_node+0x10/0x10
[  256.139967][ T7766]  ? __fget_files+0x20e/0x3c0
[  256.140004][ T7766]  __io_uring_add_tctx_node_from_submit+0x89/0x130
[  256.140033][ T7766]  __do_sys_io_uring_enter+0x123a/0x1630
[  256.140071][ T7766]  ? __fget_files+0x20e/0x3c0
[  256.140102][ T7766]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  256.140138][ T7766]  ? fput+0x70/0xf0
[  256.140162][ T7766]  ? ksys_write+0x1ac/0x250
[  256.140195][ T7766]  ? __pfx_ksys_write+0x10/0x10
[  256.140241][ T7766]  do_syscall_64+0xcd/0x490
[  256.140283][ T7766]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.140310][ T7766] RIP: 0033:0x7f3a2658e929
[  256.140332][ T7766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  256.140358][ T7766] RSP: 002b:00007f3a243f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  256.140384][ T7766] RAX: ffffffffffffffda RBX: 00007f3a267b6080 RCX: 00007f3a2658e929
[  256.140402][ T7766] RDX: 00000000000005f3 RSI: 0000000000000005 RDI: 0000000000000003
[  256.140418][ T7766] RBP: 00007f3a243f6090 R08: 0000000000000000 R09: 0000000000000002
[  256.140435][ T7766] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001
[  256.140450][ T7766] R13: 0000000000000000 R14: 00007f3a267b6080 R15: 00007ffe5f9c64a8
[  256.140491][ T7766]  </TASK>
[  256.515136][ T7760]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  256.579838][ T7760]  alloc_pages_bulk_noprof+0x71c/0x1410
[  256.595441][ T7760]  kasan_populate_vmalloc+0xf1/0x1f0
[  256.622292][ T7760]  alloc_vmap_area+0x959/0x29c0
[  256.654945][ T7760]  __get_vm_area_node+0x1ca/0x330
[  256.733420][ T7760]  __vmalloc_node_range_noprof+0x271/0x14b0
[  256.739478][ T7760]  __vmalloc_node_noprof+0xad/0xf0
[  256.788291][ T7760]  __snd_dma_alloc_pages+0x53/0x90
[  257.411730][ T7760]  snd_dma_alloc_dir_pages+0x151/0x240
[  257.438173][ T7760]  do_alloc_pages+0x115/0x280
[  257.478581][ T7760]  snd_pcm_lib_malloc_pages+0x3df/0x980
[  257.498895][ T7760]  snd_pcm_hw_params+0x15e1/0x1b40
[  257.537274][ T7760]  snd_pcm_kernel_ioctl+0x147/0x2e0
[  257.579098][ T7760]  snd_pcm_oss_change_params_locked+0x1432/0x3a30
[  257.619680][ T7760] page last free pid 15 tgid 15 stack trace:
[  257.658330][ T7760]  __free_frozen_pages+0x7fe/0x1180
[  257.729151][ T7788] random: crng reseeded on system resumption
[  257.794424][ T7760]  tlb_remove_table_rcu+0x116/0x1a0
[  257.839707][ T7760]  rcu_core+0x799/0x14e0
[  257.854016][ T7760]  handle_softirqs+0x216/0x8e0
[  257.878882][ T7760]  run_ksoftirqd+0x3a/0x60
[  257.889934][ T7760]  smpboot_thread_fn+0x3f4/0xae0
[  257.895043][ T7760]  kthread+0x3c5/0x780
[  257.939649][ T7760]  ret_from_fork+0x5d4/0x6f0
[  258.059920][ T7760]  ret_from_fork_asm+0x1a/0x30
[  258.811536][ T7802] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(12)
[  259.218191][ T7781] Invalid ELF header magic: != ELF
[  261.097703][ T7827] netlink: 4 bytes leftover after parsing attributes in process `syz.4.488'.
[  261.123603][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  261.131479][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  266.252323][ T7904] sysfs: cannot create duplicate filename '/class/ieee80211/!PjEùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]'
[  266.289656][ T7904] CPU: 1 UID: 0 PID: 7904 Comm: syz.0.514 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  266.289713][ T7904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  266.289730][ T7904] Call Trace:
[  266.289741][ T7904]  <TASK>
[  266.289753][ T7904]  dump_stack_lvl+0x16c/0x1f0
[  266.289803][ T7904]  sysfs_warn_dup+0x7f/0xa0
[  266.289841][ T7904]  sysfs_do_create_link_sd+0x124/0x140
[  266.289886][ T7904]  sysfs_create_link+0x61/0xc0
[  266.289927][ T7904]  device_add+0x62c/0x1a70
[  266.289963][ T7904]  ? __pfx_device_add+0x10/0x10
[  266.289991][ T7904]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  266.290038][ T7904]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  266.290097][ T7904]  wiphy_register+0x1c9c/0x2850
[  266.290130][ T7904]  ? netdev_run_todo+0x864/0x1320
[  266.290173][ T7904]  ? __pfx_wiphy_register+0x10/0x10
[  266.290221][ T7904]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  266.290259][ T7904]  ieee80211_register_hw+0x24ac/0x4140
[  266.290309][ T7904]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  266.290348][ T7904]  ? find_held_lock+0x2b/0x80
[  266.290379][ T7904]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  266.290425][ T7904]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  266.290457][ T7904]  ? __hrtimer_setup+0x176/0x280
[  266.290506][ T7904]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  266.290573][ T7904]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  266.290622][ T7904]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  266.290664][ T7904]  ? __asan_memcpy+0x3c/0x60
[  266.290718][ T7904]  hwsim_new_radio_nl+0xb51/0x12c0
[  266.290765][ T7904]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  266.290811][ T7904]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  266.290843][ T7904]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  266.290880][ T7904]  genl_family_rcv_msg_doit+0x206/0x2f0
[  266.290911][ T7904]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  266.290940][ T7904]  ? trace_cap_capable+0x18d/0x200
[  266.290971][ T7904]  ? bpf_lsm_capable+0x9/0x10
[  266.290998][ T7904]  ? security_capable+0x7e/0x260
[  266.291035][ T7904]  ? ns_capable+0xd7/0x110
[  266.291061][ T7904]  genl_rcv_msg+0x55c/0x800
[  266.291093][ T7904]  ? __pfx_genl_rcv_msg+0x10/0x10
[  266.291123][ T7904]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  266.291168][ T7904]  netlink_rcv_skb+0x155/0x420
[  266.291193][ T7904]  ? __pfx_genl_rcv_msg+0x10/0x10
[  266.291223][ T7904]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  266.291275][ T7904]  ? netlink_deliver_tap+0x1ae/0xd30
[  266.291304][ T7904]  genl_rcv+0x28/0x40
[  266.291331][ T7904]  netlink_unicast+0x53a/0x7f0
[  266.291363][ T7904]  ? __pfx_netlink_unicast+0x10/0x10
[  266.291400][ T7904]  netlink_sendmsg+0x8d1/0xdd0
[  266.291433][ T7904]  ? __pfx_netlink_sendmsg+0x10/0x10
[  266.291475][ T7904]  ____sys_sendmsg+0xa95/0xc70
[  266.291505][ T7904]  ? copy_msghdr_from_user+0x10a/0x160
[  266.291541][ T7904]  ? __pfx_____sys_sendmsg+0x10/0x10
[  266.291579][ T7904]  ? __pfx_futex_wake_mark+0x10/0x10
[  266.291619][ T7904]  ___sys_sendmsg+0x134/0x1d0
[  266.291658][ T7904]  ? __pfx____sys_sendmsg+0x10/0x10
[  266.291695][ T7904]  ? __lock_acquire+0x622/0x1c90
[  266.291775][ T7904]  __sys_sendmsg+0x16d/0x220
[  266.291811][ T7904]  ? __pfx___sys_sendmsg+0x10/0x10
[  266.291844][ T7904]  ? __x64_sys_futex+0x1e0/0x4c0
[  266.291895][ T7904]  do_syscall_64+0xcd/0x490
[  266.291934][ T7904]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.291957][ T7904] RIP: 0033:0x7f411dd8e929
[  266.291977][ T7904] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  266.292001][ T7904] RSP: 002b:00007f411eb1c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  266.292025][ T7904] RAX: ffffffffffffffda RBX: 00007f411dfb5fa0 RCX: 00007f411dd8e929
[  266.292040][ T7904] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000003
[  266.292055][ T7904] RBP: 00007f411de10b39 R08: 0000000000000000 R09: 0000000000000000
[  266.292077][ T7904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  266.292095][ T7904] R13: 0000000000000000 R14: 00007f411dfb5fa0 R15: 00007ffd82889628
[  266.292129][ T7904]  </TASK>
[  266.699720][    C1] vkms_vblank_simulate: vblank timer overrun
[  267.040133][ T7918] sysfs: cannot create duplicate filename '/class/ieee80211/!PjEùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]'
[  267.051475][ T7918] CPU: 1 UID: 0 PID: 7918 Comm: syz.2.521 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  267.051500][ T7918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  267.051511][ T7918] Call Trace:
[  267.051517][ T7918]  <TASK>
[  267.051524][ T7918]  dump_stack_lvl+0x16c/0x1f0
[  267.051554][ T7918]  sysfs_warn_dup+0x7f/0xa0
[  267.051577][ T7918]  sysfs_do_create_link_sd+0x124/0x140
[  267.051602][ T7918]  sysfs_create_link+0x61/0xc0
[  267.051625][ T7918]  device_add+0x62c/0x1a70
[  267.051646][ T7918]  ? __pfx_device_add+0x10/0x10
[  267.051662][ T7918]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  267.051691][ T7918]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  267.051722][ T7918]  wiphy_register+0x1c9c/0x2850
[  267.051740][ T7918]  ? netdev_run_todo+0x864/0x1320
[  267.051764][ T7918]  ? __pfx_wiphy_register+0x10/0x10
[  267.051789][ T7918]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  267.051810][ T7918]  ieee80211_register_hw+0x24ac/0x4140
[  267.051837][ T7918]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  267.051859][ T7918]  ? find_held_lock+0x2b/0x80
[  267.051876][ T7918]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  267.051901][ T7918]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  267.051929][ T7918]  ? __hrtimer_setup+0x176/0x280
[  267.051958][ T7918]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  267.051996][ T7918]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  267.052029][ T7918]  hwsim_new_radio_nl+0xb51/0x12c0
[  267.052055][ T7918]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  267.052086][ T7918]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  267.052109][ T7918]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  267.052136][ T7918]  genl_family_rcv_msg_doit+0x206/0x2f0
[  267.052160][ T7918]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  267.052180][ T7918]  ? trace_cap_capable+0x18d/0x200
[  267.052203][ T7918]  ? bpf_lsm_capable+0x9/0x10
[  267.052223][ T7918]  ? security_capable+0x7e/0x260
[  267.052249][ T7918]  ? ns_capable+0xd7/0x110
[  267.052268][ T7918]  genl_rcv_msg+0x55c/0x800
[  267.052290][ T7918]  ? __pfx_genl_rcv_msg+0x10/0x10
[  267.052311][ T7918]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  267.052343][ T7918]  netlink_rcv_skb+0x155/0x420
[  267.052360][ T7918]  ? __pfx_genl_rcv_msg+0x10/0x10
[  267.052382][ T7918]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  267.052409][ T7918]  ? netlink_deliver_tap+0x1ae/0xd30
[  267.052429][ T7918]  genl_rcv+0x28/0x40
[  267.052447][ T7918]  netlink_unicast+0x53a/0x7f0
[  267.052467][ T7918]  ? __pfx_netlink_unicast+0x10/0x10
[  267.052491][ T7918]  netlink_sendmsg+0x8d1/0xdd0
[  267.052513][ T7918]  ? __pfx_netlink_sendmsg+0x10/0x10
[  267.052540][ T7918]  ____sys_sendmsg+0xa95/0xc70
[  267.052560][ T7918]  ? copy_msghdr_from_user+0x10a/0x160
[  267.052585][ T7918]  ? __pfx_____sys_sendmsg+0x10/0x10
[  267.052609][ T7918]  ? __pfx_futex_wake_mark+0x10/0x10
[  267.052636][ T7918]  ___sys_sendmsg+0x134/0x1d0
[  267.052662][ T7918]  ? __pfx____sys_sendmsg+0x10/0x10
[  267.052686][ T7918]  ? __lock_acquire+0x622/0x1c90
[  267.052734][ T7918]  __sys_sendmsg+0x16d/0x220
[  267.052759][ T7918]  ? __pfx___sys_sendmsg+0x10/0x10
[  267.052783][ T7918]  ? __x64_sys_futex+0x1e0/0x4c0
[  267.052816][ T7918]  do_syscall_64+0xcd/0x490
[  267.052843][ T7918]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.052861][ T7918] RIP: 0033:0x7f3a2658e929
[  267.052876][ T7918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  267.052892][ T7918] RSP: 002b:00007f3a27322038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  267.052909][ T7918] RAX: ffffffffffffffda RBX: 00007f3a267b5fa0 RCX: 00007f3a2658e929
[  267.052926][ T7918] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000003
[  267.052936][ T7918] RBP: 00007f3a26610b39 R08: 0000000000000000 R09: 0000000000000000
[  267.052946][ T7918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  267.052955][ T7918] R13: 0000000000000000 R14: 00007f3a267b5fa0 R15: 00007ffe5f9c64a8
[  267.052977][ T7918]  </TASK>
[  267.447247][    C1] vkms_vblank_simulate: vblank timer overrun
[  269.184945][ T7947] netlink: 8 bytes leftover after parsing attributes in process `syz.4.531'.
[  270.992912][ T7962] zswap: compressor  not available
[  271.731538][ T7978] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  272.822362][ T7991] openvswitch: netlink: Flow actions attr not present in new flow.
[  272.922137][ T7991] netlink: 146 bytes leftover after parsing attributes in process `syz.3.546'.
[  272.989001][   T30] audit: type=1800 audit(1751084416.747:4): pid=7991 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.546" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0
[  273.349492][ T8000] netlink: 342 bytes leftover after parsing attributes in process `syz.2.548'.
[  274.100401][ T8009] random: crng reseeded on system resumption

syzkaller
syzkaller login: [  274.801148][ T8022] netlink: 346 bytes leftover after parsing attributes in process `syz.2.553'.
[  275.679384][ T8036] FAULT_INJECTION: forcing a failure.
[  275.679384][ T8036] name failslab, interval 1, probability 0, space 0, times 0
[  275.695585][ T8036] CPU: 0 UID: 0 PID: 8036 Comm: syz.2.558 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  275.695629][ T8036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  275.695646][ T8036] Call Trace:
[  275.695656][ T8036]  <TASK>
[  275.695668][ T8036]  dump_stack_lvl+0x16c/0x1f0
[  275.695721][ T8036]  should_fail_ex+0x512/0x640
[  275.695781][ T8036]  should_failslab+0xc2/0x120
[  275.695811][ T8036]  __kmalloc_cache_noprof+0x6a/0x3e0
[  275.695849][ T8036]  ? sctp_add_bind_addr+0xae/0x3f0
[  275.695898][ T8036]  sctp_add_bind_addr+0xae/0x3f0
[  275.695946][ T8036]  sctp_copy_local_addr_list+0x39d/0x5a0
[  275.695998][ T8036]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  275.696046][ T8036]  ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360
[  275.696088][ T8036]  ? sctp_bind_addr_copy+0x331/0x530
[  275.696134][ T8036]  sctp_bind_addr_copy+0x331/0x530
[  275.696187][ T8036]  sctp_connect_new_asoc+0x1d7/0x790
[  275.696229][ T8036]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  275.696273][ T8036]  ? sctp_get_af_specific+0x62/0x70
[  275.696309][ T8036]  __sctp_connect+0x3f3/0xc60
[  275.696349][ T8036]  ? do_raw_spin_lock+0x12c/0x2b0
[  275.696395][ T8036]  ? __pfx___sctp_connect+0x10/0x10
[  275.696432][ T8036]  ? __pfx_sctp_inet_connect+0x10/0x10
[  275.696483][ T8036]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  275.696531][ T8036]  ? __pfx_sctp_inet_connect+0x10/0x10
[  275.696566][ T8036]  sctp_inet_connect+0x15f/0x200
[  275.696604][ T8036]  __sys_connect_file+0x13e/0x1a0
[  275.696645][ T8036]  __sys_connect+0x13b/0x160
[  275.696684][ T8036]  ? __pfx___sys_connect+0x10/0x10
[  275.696737][ T8036]  ? xfd_validate_state+0x61/0x180
[  275.696769][ T8036]  ? __pfx___do_sys_close_range+0x10/0x10
[  275.696819][ T8036]  __x64_sys_connect+0x72/0xb0
[  275.696857][ T8036]  ? lockdep_hardirqs_on+0x7c/0x110
[  275.696900][ T8036]  do_syscall_64+0xcd/0x490
[  275.696947][ T8036]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  275.696978][ T8036] RIP: 0033:0x7f3a2658e929
[  275.697014][ T8036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  275.697045][ T8036] RSP: 002b:00007f3a27322038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  275.697072][ T8036] RAX: ffffffffffffffda RBX: 00007f3a267b5fa0 RCX: 00007f3a2658e929
[  275.697093][ T8036] RDX: 0000000000000055 RSI: 0000000000000000 RDI: 0000000000000003
[  275.697111][ T8036] RBP: 00007f3a26610b39 R08: 0000000000000000 R09: 0000000000000000
[  275.697126][ T8036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  275.697143][ T8036] R13: 0000000000000000 R14: 00007f3a267b5fa0 R15: 00007ffe5f9c64a8
[  275.697185][ T8036]  </TASK>
[  276.739751][ T8048] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000)
[  279.483122][ T8067] FAULT_INJECTION: forcing a failure.
[  279.483122][ T8067] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  279.559849][ T8067] CPU: 0 UID: 0 PID: 8067 Comm: syz.3.566 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  279.559906][ T8067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  279.559924][ T8067] Call Trace:
[  279.559935][ T8067]  <TASK>
[  279.559947][ T8067]  dump_stack_lvl+0x16c/0x1f0
[  279.559999][ T8067]  should_fail_ex+0x512/0x640
[  279.560049][ T8067]  should_fail_alloc_page+0xe7/0x130
[  279.560083][ T8067]  prepare_alloc_pages+0x3c2/0x610
[  279.560131][ T8067]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  279.560184][ T8067]  ? __kasan_slab_alloc+0x89/0x90
[  279.560244][ T8067]  ? lock_acquire+0x179/0x350
[  279.560286][ T8067]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  279.560329][ T8067]  ? find_held_lock+0x2b/0x80
[  279.560360][ T8067]  ? page_table_check_set+0x627/0x750
[  279.560422][ T8067]  ? look_up_lock_class+0x6b/0x150
[  279.560469][ T8067]  ? register_lock_class+0x41/0x4c0
[  279.560510][ T8067]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  279.560559][ T8067]  ? policy_nodemask+0xea/0x4e0
[  279.560593][ T8067]  alloc_pages_mpol+0x1fb/0x550
[  279.560623][ T8067]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  279.560668][ T8067]  alloc_pages_noprof+0x131/0x390
[  279.560700][ T8067]  pte_alloc_one+0x1c/0x3a0
[  279.560748][ T8067]  __pte_alloc+0x6d/0x3c0
[  279.560777][ T8067]  ? __pfx___pte_alloc+0x10/0x10
[  279.560805][ T8067]  ? __pfx___might_resched+0x10/0x10
[  279.560833][ T8067]  ? copy_page_range+0x13f0/0x5740
[  279.560884][ T8067]  copy_page_range+0x1aed/0x5740
[  279.560938][ T8067]  ? __lock_acquire+0x622/0x1c90
[  279.561006][ T8067]  ? __pfx_copy_page_range+0x10/0x10
[  279.561057][ T8067]  ? __pfx___might_resched+0x10/0x10
[  279.561086][ T8067]  ? __vma_enter_locked+0x163/0x3f0
[  279.561129][ T8067]  ? dup_mmap+0xe38/0x21d0
[  279.561163][ T8067]  ? down_write+0x14d/0x200
[  279.561197][ T8067]  ? up_write+0x1b2/0x520
[  279.561247][ T8067]  dup_mmap+0xe88/0x21d0
[  279.561299][ T8067]  ? __pfx_dup_mmap+0x10/0x10
[  279.561366][ T8067]  copy_process+0x4081/0x76a0
[  279.561404][ T8067]  ? __pfx___futex_wait+0x10/0x10
[  279.561464][ T8067]  ? __pfx_copy_process+0x10/0x10
[  279.561523][ T8067]  kernel_clone+0xfc/0x960
[  279.561563][ T8067]  ? __pfx_kernel_clone+0x10/0x10
[  279.561624][ T8067]  __do_sys_clone+0xce/0x120
[  279.561660][ T8067]  ? __pfx___do_sys_clone+0x10/0x10
[  279.561695][ T8067]  ? ksys_unshare+0x687/0xa40
[  279.561751][ T8067]  ? xfd_validate_state+0x61/0x180
[  279.561805][ T8067]  do_syscall_64+0xcd/0x490
[  279.561854][ T8067]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.561893][ T8067] RIP: 0033:0x7f227498e929
[  279.561919][ T8067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  279.561948][ T8067] RSP: 002b:00007f22758d4fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  279.561978][ T8067] RAX: ffffffffffffffda RBX: 00007f2274bb5fa0 RCX: 00007f227498e929
[  279.561998][ T8067] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411
[  279.562015][ T8067] RBP: 00007f2274a10b39 R08: 0000000000000000 R09: 0000000000000000
[  279.562033][ T8067] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  279.562050][ T8067] R13: 0000000000000000 R14: 00007f2274bb5fa0 R15: 00007ffd1c8d2cf8
[  279.562089][ T8067]  </TASK>
[  283.064075][ T7015] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  283.076908][ T7015] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  283.086117][ T7015] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  283.096205][ T7015] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  283.105913][ T7015] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  283.634976][ T8123] chnl_net:caif_netlink_parms(): no params data found
[  283.919070][ T8123] bridge0: port 1(bridge_slave_0) entered blocking state
[  283.945652][ T8123] bridge0: port 1(bridge_slave_0) entered disabled state
[  283.971512][ T8123] bridge_slave_0: entered allmulticast mode
[  283.998810][ T8123] bridge_slave_0: entered promiscuous mode
[  284.059697][ T8123] bridge0: port 2(bridge_slave_1) entered blocking state
[  284.084507][ T8123] bridge0: port 2(bridge_slave_1) entered disabled state
[  284.098640][ T8123] bridge_slave_1: entered allmulticast mode
[  284.113450][ T8123] bridge_slave_1: entered promiscuous mode
[  284.213269][ T8123] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  284.267761][ T8123] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  284.420501][ T8123] team0: Port device team_slave_0 added
[  284.470182][ T8123] team0: Port device team_slave_1 added
[  284.709214][ T8123] batman_adv: batadv0: Adding interface: batadv_slave_0
[  284.724470][ T8123] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  284.750996][ T8123] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  284.841379][ T8123] batman_adv: batadv0: Adding interface: batadv_slave_1
[  284.848400][ T8123] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  284.920493][ T8123] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  285.189964][ T7015] Bluetooth: hci5: command tx timeout
[  285.224858][ T8123] hsr_slave_0: entered promiscuous mode
[  285.242233][ T8123] hsr_slave_1: entered promiscuous mode
[  285.248804][ T8123] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  285.280144][ T8123] Cannot create hsr debugfs directory
[  286.131762][ T8155] FAULT_INJECTION: forcing a failure.
[  286.131762][ T8155] name failslab, interval 1, probability 0, space 0, times 0
[  286.171141][ T8123] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  286.189861][ T8155] CPU: 1 UID: 0 PID: 8155 Comm: syz.3.584 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  286.189906][ T8155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  286.189924][ T8155] Call Trace:
[  286.189934][ T8155]  <TASK>
[  286.189946][ T8155]  dump_stack_lvl+0x16c/0x1f0
[  286.189997][ T8155]  should_fail_ex+0x512/0x640
[  286.190039][ T8155]  ? fs_reclaim_acquire+0xae/0x150
[  286.190076][ T8155]  ? tomoyo_encode2+0x100/0x3e0
[  286.190113][ T8155]  should_failslab+0xc2/0x120
[  286.190142][ T8155]  __kmalloc_noprof+0xd2/0x510
[  286.190184][ T8155]  ? d_absolute_path+0x136/0x1a0
[  286.190220][ T8155]  tomoyo_encode2+0x100/0x3e0
[  286.190267][ T8155]  tomoyo_encode+0x29/0x50
[  286.190316][ T8155]  tomoyo_realpath_from_path+0x18f/0x6e0
[  286.190370][ T8155]  tomoyo_check_open_permission+0x2ab/0x3c0
[  286.190410][ T8155]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  286.190491][ T8155]  ? do_raw_spin_lock+0x12c/0x2b0
[  286.190549][ T8155]  tomoyo_file_open+0x6b/0x90
[  286.190603][ T8155]  security_file_open+0x84/0x1e0
[  286.190641][ T8155]  do_dentry_open+0x596/0x1c10
[  286.190697][ T8155]  vfs_open+0x82/0x3f0
[  286.190733][ T8155]  path_openat+0x1de4/0x2cb0
[  286.190791][ T8155]  ? __pfx_path_openat+0x10/0x10
[  286.190840][ T8155]  ? __lock_acquire+0xb8a/0x1c90
[  286.190883][ T8155]  do_filp_open+0x20b/0x470
[  286.190927][ T8155]  ? __pfx_do_filp_open+0x10/0x10
[  286.191000][ T8155]  ? alloc_fd+0x471/0x7d0
[  286.191051][ T8155]  do_sys_openat2+0x11b/0x1d0
[  286.191084][ T8155]  ? __pfx_do_sys_openat2+0x10/0x10
[  286.191120][ T8155]  ? do_fcntl+0x1eb/0x15a0
[  286.191158][ T8155]  __x64_sys_openat+0x174/0x210
[  286.191191][ T8155]  ? __pfx___x64_sys_openat+0x10/0x10
[  286.191242][ T8155]  do_syscall_64+0xcd/0x490
[  286.191291][ T8155]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.191321][ T8155] RIP: 0033:0x7f227498e929
[  286.191346][ T8155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  286.191374][ T8155] RSP: 002b:00007f22758b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  286.191402][ T8155] RAX: ffffffffffffffda RBX: 00007f2274bb6080 RCX: 00007f227498e929
[  286.191421][ T8155] RDX: 0000000000068182 RSI: 000020000000e680 RDI: ffffffffffffff9c
[  286.191440][ T8155] RBP: 00007f2274a10b39 R08: 0000000000000000 R09: 0000000000000000
[  286.191457][ T8155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  286.191474][ T8155] R13: 0000000000000000 R14: 00007f2274bb6080 R15: 00007ffd1c8d2cf8
[  286.191513][ T8155]  </TASK>
[  286.193078][ T8155] ERROR: Out of memory at tomoyo_realpath_from_path.
[  286.450494][ T8156] overlayfs: missing 'lowerdir'
[  286.582687][ T8123] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  286.803507][ T8123] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  286.858318][ T8123] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  287.178965][ T8123] 8021q: adding VLAN 0 to HW filter on device bond0
[  287.243235][ T8123] 8021q: adding VLAN 0 to HW filter on device team0
[  287.271322][ T7015] Bluetooth: hci5: command tx timeout
[  287.288492][ T7201] bridge0: port 1(bridge_slave_0) entered blocking state
[  287.295851][ T7201] bridge0: port 1(bridge_slave_0) entered forwarding state
[  287.335674][ T7201] bridge0: port 2(bridge_slave_1) entered blocking state
[  287.343047][ T7201] bridge0: port 2(bridge_slave_1) entered forwarding state
[  287.516172][ T8123] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  287.590561][ T8171] FAULT_INJECTION: forcing a failure.
[  287.590561][ T8171] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  287.644781][ T8171] CPU: 1 UID: 0 PID: 8171 Comm: syz.2.586 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  287.644824][ T8171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  287.644841][ T8171] Call Trace:
[  287.644851][ T8171]  <TASK>
[  287.644862][ T8171]  dump_stack_lvl+0x16c/0x1f0
[  287.644912][ T8171]  should_fail_ex+0x512/0x640
[  287.644969][ T8171]  _copy_to_user+0x32/0xd0
[  287.645018][ T8171]  simple_read_from_buffer+0xcb/0x170
[  287.645059][ T8171]  proc_fail_nth_read+0x197/0x270
[  287.645095][ T8171]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  287.645133][ T8171]  ? rw_verify_area+0xcf/0x680
[  287.645168][ T8171]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  287.645202][ T8171]  vfs_read+0x1e4/0xc60
[  287.645247][ T8171]  ? __pfx___mutex_lock+0x10/0x10
[  287.645291][ T8171]  ? __pfx_vfs_read+0x10/0x10
[  287.645342][ T8171]  ? __fget_files+0x20e/0x3c0
[  287.645393][ T8171]  ksys_read+0x12a/0x250
[  287.645432][ T8171]  ? __pfx_ksys_read+0x10/0x10
[  287.645468][ T8171]  ? 0xffffffffff600000
[  287.645503][ T8171]  do_syscall_64+0xcd/0x490
[  287.645551][ T8171]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.645581][ T8171] RIP: 0033:0x7f3a2658d33c
[  287.645602][ T8171] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  287.645629][ T8171] RSP: 002b:00007f3a27322030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  287.645657][ T8171] RAX: ffffffffffffffda RBX: 00007f3a267b5fa0 RCX: 00007f3a2658d33c
[  287.645677][ T8171] RDX: 000000000000000f RSI: 00007f3a273220a0 RDI: 0000000000000004
[  287.645693][ T8171] RBP: 00007f3a27322090 R08: 0000000000000000 R09: 0000000000000000
[  287.645710][ T8171] R10: ffffffffff600000 R11: 0000000000000246 R12: 0000000000000001
[  287.645727][ T8171] R13: 0000000000000000 R14: 00007f3a267b5fa0 R15: 00007ffe5f9c64a8
[  287.645752][ T8171]  ? 0xffffffffff600000
[  287.645785][ T8171]  </TASK>
[  288.686807][ T8123] 8021q: adding VLAN 0 to HW filter on device batadv0
[  289.353619][ T7015] Bluetooth: hci5: command tx timeout
[  290.331886][ T8123] veth0_vlan: entered promiscuous mode
[  290.461062][ T8207] netlink: 342 bytes leftover after parsing attributes in process `syz.2.593'.
[  290.472431][ T8123] veth1_vlan: entered promiscuous mode
[  290.678239][ T8123] veth0_macvtap: entered promiscuous mode
[  290.793521][ T8123] veth1_macvtap: entered promiscuous mode
[  290.904551][ T8123] batman_adv: batadv0: Interface activated: batadv_slave_0
[  290.922572][ T8123] batman_adv: batadv0: Interface activated: batadv_slave_1
[  291.037616][ T8123] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  291.075233][ T8123] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  291.110418][ T8123] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  291.139696][ T8123] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  291.429950][ T7015] Bluetooth: hci5: command tx timeout
[  291.670059][ T7201] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  291.702626][ T7201] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50

syzkaller
syzkaller login: [  291.917543][ T7200] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  291.936058][ T7200] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  293.610512][ T8237] random: crng reseeded on system resumption
[  293.693366][   T30] audit: type=1800 audit(1751084437.467:5): pid=8237 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.601" name="lu_gp_id" dev="configfs" ino=27375 res=0 errno=0
[  294.397997][ T7003] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  294.416252][ T7003] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  294.427687][ T7003] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  294.444647][ T7003] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  294.453666][ T7003] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  295.253967][ T8255] FAULT_INJECTION: forcing a failure.
[  295.253967][ T8255] name failslab, interval 1, probability 0, space 0, times 0
[  295.348178][ T8255] CPU: 1 UID: 0 PID: 8255 Comm: syz.3.605 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  295.348220][ T8255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  295.348237][ T8255] Call Trace:
[  295.348246][ T8255]  <TASK>
[  295.348257][ T8255]  dump_stack_lvl+0x16c/0x1f0
[  295.348306][ T8255]  should_fail_ex+0x512/0x640
[  295.348352][ T8255]  should_failslab+0xc2/0x120
[  295.348380][ T8255]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  295.348422][ T8255]  ? __lock_acquire+0x622/0x1c90
[  295.348458][ T8255]  ? dst_alloc+0x99/0x1a0
[  295.348501][ T8255]  dst_alloc+0x99/0x1a0
[  295.348542][ T8255]  rt_dst_alloc+0x35/0x3a0
[  295.348577][ T8255]  ip_route_output_key_hash_rcu+0x87a/0x28f0
[  295.348624][ T8255]  ip_route_output_key_hash+0x137/0x2e0
[  295.348666][ T8255]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  295.348720][ T8255]  ? find_held_lock+0x2b/0x80
[  295.348754][ T8255]  ip_route_output_flow+0x27/0x150
[  295.348798][ T8255]  raw_sendmsg+0xd70/0x3820
[  295.348868][ T8255]  ? __pfx_raw_sendmsg+0x10/0x10
[  295.348908][ T8255]  ? __lock_acquire+0x622/0x1c90
[  295.348956][ T8255]  ? __lock_acquire+0x622/0x1c90
[  295.349014][ T8255]  ? __pfx___might_resched+0x10/0x10
[  295.349042][ T8255]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  295.349088][ T8255]  ? aa_sk_perm+0x2f4/0xb10
[  295.349126][ T8255]  ? __import_iovec+0x1dd/0x650
[  295.349165][ T8255]  ? __might_fault+0xe3/0x190
[  295.349198][ T8255]  ? __might_fault+0x13b/0x190
[  295.349235][ T8255]  ? __pfx_raw_sendmsg+0x10/0x10
[  295.349276][ T8255]  inet_sendmsg+0x119/0x140
[  295.349316][ T8255]  ____sys_sendmsg+0x973/0xc70
[  295.349351][ T8255]  ? copy_msghdr_from_user+0x10a/0x160
[  295.349392][ T8255]  ? __pfx_____sys_sendmsg+0x10/0x10
[  295.349430][ T8255]  ? kfree+0x24f/0x4d0
[  295.349460][ T8255]  ? __pfx__kstrtoull+0x10/0x10
[  295.349503][ T8255]  ___sys_sendmsg+0x134/0x1d0
[  295.349550][ T8255]  ? __pfx____sys_sendmsg+0x10/0x10
[  295.349624][ T8255]  ? __pfx___might_resched+0x10/0x10
[  295.349662][ T8255]  __sys_sendmmsg+0x200/0x420
[  295.349711][ T8255]  ? __pfx___sys_sendmmsg+0x10/0x10
[  295.349768][ T8255]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  295.349846][ T8255]  ? fput+0x70/0xf0
[  295.349873][ T8255]  ? ksys_write+0x1ac/0x250
[  295.349912][ T8255]  ? __pfx_ksys_write+0x10/0x10
[  295.349960][ T8255]  __x64_sys_sendmmsg+0x9c/0x100
[  295.349999][ T8255]  ? lockdep_hardirqs_on+0x7c/0x110
[  295.350040][ T8255]  do_syscall_64+0xcd/0x490
[  295.350085][ T8255]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  295.350113][ T8255] RIP: 0033:0x7f227498e929
[  295.350136][ T8255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  295.350163][ T8255] RSP: 002b:00007f22758d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  295.350189][ T8255] RAX: ffffffffffffffda RBX: 00007f2274bb5fa0 RCX: 00007f227498e929
[  295.350207][ T8255] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003
[  295.350224][ T8255] RBP: 00007f22758d5090 R08: 0000000000000000 R09: 0000000000000000
[  295.350240][ T8255] R10: 0000000007fffffe R11: 0000000000000246 R12: 0000000000000002
[  295.350257][ T8255] R13: 0000000000000000 R14: 00007f2274bb5fa0 R15: 00007ffd1c8d2cf8
[  295.350295][ T8255]  </TASK>
[  295.687722][ T8247] chnl_net:caif_netlink_parms(): no params data found
[  296.385192][ T8247] bridge0: port 1(bridge_slave_0) entered blocking state
[  296.410410][ T8247] bridge0: port 1(bridge_slave_0) entered disabled state
[  296.444736][ T8247] bridge_slave_0: entered allmulticast mode
[  296.462140][ T8271] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(12)
[  296.467841][ T8247] bridge_slave_0: entered promiscuous mode
[  296.501622][ T8247] bridge0: port 2(bridge_slave_1) entered blocking state
[  296.559689][ T7003] Bluetooth: hci6: command tx timeout
[  296.564406][ T8247] bridge0: port 2(bridge_slave_1) entered disabled state
[  296.593390][ T8247] bridge_slave_1: entered allmulticast mode
[  296.631856][ T8247] bridge_slave_1: entered promiscuous mode
[  297.025190][ T8247] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  297.080215][ T8247] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  297.365309][ T8247] team0: Port device team_slave_0 added
[  297.396430][ T8247] team0: Port device team_slave_1 added
[  298.306820][ T8247] batman_adv: batadv0: Adding interface: batadv_slave_0
[  298.324308][ T8247] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  298.429660][ T8247] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  298.542003][ T8247] batman_adv: batadv0: Adding interface: batadv_slave_1
[  298.579642][ T8247] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  298.630061][ T7003] Bluetooth: hci6: command tx timeout
[  298.689676][ T8247] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  298.779874][ T8291] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(12)
[  299.408550][ T8247] hsr_slave_0: entered promiscuous mode
[  299.435573][ T8247] hsr_slave_1: entered promiscuous mode
[  299.460632][ T8247] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  299.468272][ T8247] Cannot create hsr debugfs directory
[  300.709752][ T7003] Bluetooth: hci6: command tx timeout
[  301.640173][ T8247] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  301.717859][ T8247] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  301.823757][ T8247] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  301.902399][ T8247] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  302.764767][ T8247] 8021q: adding VLAN 0 to HW filter on device bond0
[  302.799615][ T7003] Bluetooth: hci6: command tx timeout
[  302.873986][ T8247] 8021q: adding VLAN 0 to HW filter on device team0
[  302.946131][ T7200] bridge0: port 1(bridge_slave_0) entered blocking state
[  302.953415][ T7200] bridge0: port 1(bridge_slave_0) entered forwarding state
[  302.985883][ T7005] bridge0: port 2(bridge_slave_1) entered blocking state
[  302.993157][ T7005] bridge0: port 2(bridge_slave_1) entered forwarding state
[  303.821747][ T8247] 8021q: adding VLAN 0 to HW filter on device batadv0
[  304.051194][ T8324] netlink: 342 bytes leftover after parsing attributes in process `syz.5.616'.
[  305.196863][ T8247] veth0_vlan: entered promiscuous mode
[  305.257601][ T8247] veth1_vlan: entered promiscuous mode
[  305.283340][ T8336] netlink: 342 bytes leftover after parsing attributes in process `syz.5.618'.
[  305.415959][ T8247] veth0_macvtap: entered promiscuous mode
[  305.492728][ T8247] veth1_macvtap: entered promiscuous mode
[  305.577714][ T8247] batman_adv: batadv0: Interface activated: batadv_slave_0
[  305.622661][ T8247] batman_adv: batadv0: Interface activated: batadv_slave_1
[  305.700694][ T8339] mkiss: ax0: crc mode is auto.
[  305.721853][ T8247] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  305.759944][ T8247] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  305.809681][ T8247] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  305.829939][ T8247] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  306.309331][ T6992] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  306.340944][ T6992] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  306.465441][ T6992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  306.516422][ T6992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50

syzkaller
syzkaller login: [  308.779796][ T8360] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  313.552288][ T7015] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  313.577942][ T7015] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  313.596781][ T7015] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  313.619931][ T7015] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  313.634654][ T7015] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  315.494430][ T8420] chnl_net:caif_netlink_parms(): no params data found
[  315.749882][ T7015] Bluetooth: hci7: command tx timeout
[  315.911409][ T8418] ptrace attach of "./syz-executor exec"[8123] was attempted by "./syz-executor exec"[8418]
[  316.592065][ T8420] bridge0: port 1(bridge_slave_0) entered blocking state
[  316.639832][ T8420] bridge0: port 1(bridge_slave_0) entered disabled state
[  316.647307][ T8420] bridge_slave_0: entered allmulticast mode
[  316.703445][ T8420] bridge_slave_0: entered promiscuous mode
[  316.821388][ T8420] bridge0: port 2(bridge_slave_1) entered blocking state
[  316.828699][ T8420] bridge0: port 2(bridge_slave_1) entered disabled state
[  316.930031][ T8420] bridge_slave_1: entered allmulticast mode
[  317.000100][ T8420] bridge_slave_1: entered promiscuous mode
[  317.383495][ T8420] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  317.464952][ T8420] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  317.834021][ T7015] Bluetooth: hci7: command tx timeout
[  318.054110][ T8420] team0: Port device team_slave_0 added
[  318.098228][ T8420] team0: Port device team_slave_1 added
[  318.700256][ T8458] netlink: 342 bytes leftover after parsing attributes in process `syz.3.647'.
[  318.817610][ T8420] batman_adv: batadv0: Adding interface: batadv_slave_0
[  318.859612][ T8420] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  318.954867][ T8420] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  319.040891][ T8420] batman_adv: batadv0: Adding interface: batadv_slave_1
[  319.065558][ T8420] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  319.173854][ T8420] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  319.570630][ T8420] hsr_slave_0: entered promiscuous mode
[  319.598292][ T8420] hsr_slave_1: entered promiscuous mode
[  319.619718][ T8420] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  319.627364][ T8420] Cannot create hsr debugfs directory
[  319.918979][ T7015] Bluetooth: hci7: command tx timeout

syzkaller
syzkaller login: [  320.484247][ T8477] =======================================================
[  320.484247][ T8477] WARNING: The mand mount option has been deprecated and
[  320.484247][ T8477]          and is ignored by this kernel. Remove the mand
[  320.484247][ T8477]          option from the mount to silence this warning.
[  320.484247][ T8477] =======================================================
[  320.957281][ T7015] Bluetooth: hci1: unexpected event for opcode 0x7c89
[  321.438359][ T8420] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  321.720809][ T8420] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  321.940643][ T8420] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  321.999852][ T7015] Bluetooth: hci7: command tx timeout
[  322.049302][ T8420] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  322.436036][ T8499] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(12)
[  322.560785][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  322.567325][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  322.864127][ T8420] 8021q: adding VLAN 0 to HW filter on device bond0
[  323.055208][ T8420] 8021q: adding VLAN 0 to HW filter on device team0
[  323.401770][ T6992] bridge0: port 1(bridge_slave_0) entered blocking state
[  323.409267][ T6992] bridge0: port 1(bridge_slave_0) entered forwarding state
[  323.571262][ T6992] bridge0: port 2(bridge_slave_1) entered blocking state
[  323.578564][ T6992] bridge0: port 2(bridge_slave_1) entered forwarding state
[  324.030332][ T8420] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  324.041976][ T8420] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  325.126220][ T8420] 8021q: adding VLAN 0 to HW filter on device batadv0
[  326.261074][ T8420] veth0_vlan: entered promiscuous mode
[  326.321257][ T8420] veth1_vlan: entered promiscuous mode
[  326.481361][ T8546] FAULT_INJECTION: forcing a failure.
[  326.481361][ T8546] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  326.484375][ T8420] veth0_macvtap: entered promiscuous mode
[  326.589732][ T8546] CPU: 0 UID: 0 PID: 8546 Comm: syz.3.662 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  326.589773][ T8546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  326.589788][ T8546] Call Trace:
[  326.589797][ T8546]  <TASK>
[  326.589807][ T8546]  dump_stack_lvl+0x16c/0x1f0
[  326.589852][ T8546]  should_fail_ex+0x512/0x640
[  326.589897][ T8546]  _copy_from_user+0x2e/0xd0
[  326.589941][ T8546]  copy_msghdr_from_user+0x98/0x160
[  326.589987][ T8546]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  326.590034][ T8546]  ? kfree+0x24f/0x4d0
[  326.590066][ T8546]  ? __pfx__kstrtoull+0x10/0x10
[  326.590106][ T8546]  ___sys_sendmsg+0xfe/0x1d0
[  326.590151][ T8546]  ? __pfx____sys_sendmsg+0x10/0x10
[  326.590229][ T8546]  ? __pfx___might_resched+0x10/0x10
[  326.590269][ T8546]  __sys_sendmmsg+0x200/0x420
[  326.590315][ T8546]  ? __pfx___sys_sendmmsg+0x10/0x10
[  326.590371][ T8546]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  326.590431][ T8546]  ? fput+0x70/0xf0
[  326.590457][ T8546]  ? ksys_write+0x1ac/0x250
[  326.590494][ T8546]  ? __pfx_ksys_write+0x10/0x10
[  326.590540][ T8546]  __x64_sys_sendmmsg+0x9c/0x100
[  326.590582][ T8546]  ? lockdep_hardirqs_on+0x7c/0x110
[  326.590623][ T8546]  do_syscall_64+0xcd/0x490
[  326.590668][ T8546]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.590703][ T8546] RIP: 0033:0x7f227498e929
[  326.590726][ T8546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  326.590751][ T8546] RSP: 002b:00007f22758d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  326.590778][ T8546] RAX: ffffffffffffffda RBX: 00007f2274bb5fa0 RCX: 00007f227498e929
[  326.590797][ T8546] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003
[  326.590814][ T8546] RBP: 00007f22758d5090 R08: 0000000000000000 R09: 0000000000000000
[  326.590830][ T8546] R10: 0000000007fffffe R11: 0000000000000246 R12: 0000000000000002
[  326.590846][ T8546] R13: 0000000000000000 R14: 00007f2274bb5fa0 R15: 00007ffd1c8d2cf8
[  326.590883][ T8546]  </TASK>
[  326.596345][ T8420] veth1_macvtap: entered promiscuous mode
[  326.887270][ T8420] batman_adv: batadv0: Interface activated: batadv_slave_0
[  326.938066][ T8420] batman_adv: batadv0: Interface activated: batadv_slave_1
[  326.983244][ T8420] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  326.998614][ T8420] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  327.028866][ T8420] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  327.069308][ T8420] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  327.276027][ T8558] sysfs: cannot create duplicate filename '/class/ieee80211/!PjEùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]'
[  327.349808][ T8558] CPU: 1 UID: 0 PID: 8558 Comm: syz.3.664 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  327.349854][ T8558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  327.349872][ T8558] Call Trace:
[  327.349883][ T8558]  <TASK>
[  327.349894][ T8558]  dump_stack_lvl+0x16c/0x1f0
[  327.349946][ T8558]  sysfs_warn_dup+0x7f/0xa0
[  327.349984][ T8558]  sysfs_do_create_link_sd+0x124/0x140
[  327.350030][ T8558]  sysfs_create_link+0x61/0xc0
[  327.350071][ T8558]  device_add+0x62c/0x1a70
[  327.350107][ T8558]  ? __pfx_device_add+0x10/0x10
[  327.350136][ T8558]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  327.350182][ T8558]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  327.350241][ T8558]  wiphy_register+0x1c9c/0x2850
[  327.350273][ T8558]  ? netdev_run_todo+0x864/0x1320
[  327.350316][ T8558]  ? __pfx_wiphy_register+0x10/0x10
[  327.350363][ T8558]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  327.350400][ T8558]  ieee80211_register_hw+0x24ac/0x4140
[  327.350448][ T8558]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  327.350487][ T8558]  ? find_held_lock+0x2b/0x80
[  327.350518][ T8558]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  327.350561][ T8558]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  327.350594][ T8558]  ? __hrtimer_setup+0x176/0x280
[  327.350643][ T8558]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  327.350723][ T8558]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  327.350771][ T8558]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  327.350819][ T8558]  ? __asan_memcpy+0x3c/0x60
[  327.350865][ T8558]  hwsim_new_radio_nl+0xb51/0x12c0
[  327.350912][ T8558]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  327.350969][ T8558]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  327.351010][ T8558]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  327.351057][ T8558]  genl_family_rcv_msg_doit+0x206/0x2f0
[  327.351100][ T8558]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  327.351137][ T8558]  ? trace_cap_capable+0x18d/0x200
[  327.351178][ T8558]  ? bpf_lsm_capable+0x9/0x10
[  327.351210][ T8558]  ? security_capable+0x7e/0x260
[  327.351260][ T8558]  ? ns_capable+0xd7/0x110
[  327.351293][ T8558]  genl_rcv_msg+0x55c/0x800
[  327.351336][ T8558]  ? __pfx_genl_rcv_msg+0x10/0x10
[  327.351372][ T8558]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  327.351429][ T8558]  netlink_rcv_skb+0x155/0x420
[  327.351458][ T8558]  ? __pfx_genl_rcv_msg+0x10/0x10
[  327.351493][ T8558]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  327.351544][ T8558]  ? netlink_deliver_tap+0x1ae/0xd30
[  327.351580][ T8558]  genl_rcv+0x28/0x40
[  327.351612][ T8558]  netlink_unicast+0x53a/0x7f0
[  327.351650][ T8558]  ? __pfx_netlink_unicast+0x10/0x10
[  327.351706][ T8558]  netlink_sendmsg+0x8d1/0xdd0
[  327.351747][ T8558]  ? __pfx_netlink_sendmsg+0x10/0x10
[  327.351801][ T8558]  ____sys_sendmsg+0xa95/0xc70
[  327.351837][ T8558]  ? copy_msghdr_from_user+0x10a/0x160
[  327.351884][ T8558]  ? __pfx_____sys_sendmsg+0x10/0x10
[  327.351930][ T8558]  ? __pfx_futex_wake_mark+0x10/0x10
[  327.351985][ T8558]  ___sys_sendmsg+0x134/0x1d0
[  327.352033][ T8558]  ? __pfx____sys_sendmsg+0x10/0x10
[  327.352075][ T8558]  ? __lock_acquire+0x622/0x1c90
[  327.352179][ T8558]  __sys_sendmsg+0x16d/0x220
[  327.352225][ T8558]  ? __pfx___sys_sendmsg+0x10/0x10
[  327.352270][ T8558]  ? __x64_sys_futex+0x1e0/0x4c0
[  327.352335][ T8558]  do_syscall_64+0xcd/0x490
[  327.352385][ T8558]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  327.352416][ T8558] RIP: 0033:0x7f227498e929
[  327.352441][ T8558] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  327.352467][ T8558] RSP: 002b:00007f22758d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  327.352497][ T8558] RAX: ffffffffffffffda RBX: 00007f2274bb5fa0 RCX: 00007f227498e929
[  327.352516][ T8558] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000003
[  327.352534][ T8558] RBP: 00007f2274a10b39 R08: 0000000000000000 R09: 0000000000000000
[  327.352550][ T8558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  327.352565][ T8558] R13: 0000000000000000 R14: 00007f2274bb5fa0 R15: 00007ffd1c8d2cf8
[  327.352604][ T8558]  </TASK>
[  328.507668][ T6992] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  328.550125][ T6992] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  328.706439][ T6992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  328.737101][ T6992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  332.091121][ T8619] netlink: 342 bytes leftover after parsing attributes in process `syz.6.679'.
[  332.257692][ T8623] netlink: 'syz.5.680': attribute type 1 has an invalid length.

syzkaller
syzkaller login: [  335.498584][ T8656] FAULT_INJECTION: forcing a failure.
[  335.498584][ T8656] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  335.555204][ T8656] CPU: 1 UID: 0 PID: 8656 Comm: syz.6.690 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  335.555246][ T8656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  335.555262][ T8656] Call Trace:
[  335.555272][ T8656]  <TASK>
[  335.555283][ T8656]  dump_stack_lvl+0x16c/0x1f0
[  335.555331][ T8656]  should_fail_ex+0x512/0x640
[  335.555376][ T8656]  _copy_to_user+0x32/0xd0
[  335.555432][ T8656]  simple_read_from_buffer+0xcb/0x170
[  335.555473][ T8656]  proc_fail_nth_read+0x197/0x270
[  335.555509][ T8656]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  335.555547][ T8656]  ? rw_verify_area+0xcf/0x680
[  335.555582][ T8656]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  335.555615][ T8656]  vfs_read+0x1e4/0xc60
[  335.555662][ T8656]  ? __pfx___mutex_lock+0x10/0x10
[  335.555702][ T8656]  ? __pfx_vfs_read+0x10/0x10
[  335.555763][ T8656]  ? __fget_files+0x20e/0x3c0
[  335.555816][ T8656]  ksys_read+0x12a/0x250
[  335.555854][ T8656]  ? __pfx_ksys_read+0x10/0x10
[  335.555907][ T8656]  do_syscall_64+0xcd/0x490
[  335.555955][ T8656]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.555983][ T8656] RIP: 0033:0x7fe27118d33c
[  335.556005][ T8656] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  335.556032][ T8656] RSP: 002b:00007fe2720de030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  335.556059][ T8656] RAX: ffffffffffffffda RBX: 00007fe2713b5fa0 RCX: 00007fe27118d33c
[  335.556077][ T8656] RDX: 000000000000000f RSI: 00007fe2720de0a0 RDI: 0000000000000005
[  335.556093][ T8656] RBP: 00007fe2720de090 R08: 0000000000000000 R09: 0000000000000000
[  335.556110][ T8656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  335.556126][ T8656] R13: 0000000000000000 R14: 00007fe2713b5fa0 R15: 00007ffe8af86cd8
[  335.556166][ T8656]  </TASK>

syzkaller
syzkaller login: [  339.034819][ T8693] debugfs: Directory '!PjEùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' with parent 'ieee80211' already present!
[  339.589349][ T8697] phram: parameter too long
[  339.664761][ T8697] sd 0:0:1:0: PR command failed: 1026
[  339.670703][ T8697] FAULT_INJECTION: forcing a failure.
[  339.670703][ T8697] name failslab, interval 1, probability 0, space 0, times 0
[  339.714324][ T8697] CPU: 0 UID: 0 PID: 8697 Comm: syz.7.703 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  339.714374][ T8697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  339.714392][ T8697] Call Trace:
[  339.714403][ T8697]  <TASK>
[  339.714412][ T8697]  dump_stack_lvl+0x16c/0x1f0
[  339.714468][ T8697]  should_fail_ex+0x512/0x640
[  339.714518][ T8697]  should_failslab+0xc2/0x120
[  339.714548][ T8697]  __kmalloc_cache_noprof+0x6a/0x3e0
[  339.714589][ T8697]  ? scsi_log_print_sense_hdr+0xa7/0x620
[  339.714638][ T8697]  scsi_log_print_sense_hdr+0xa7/0x620
[  339.714688][ T8697]  ? __pfx_scsi_log_print_sense_hdr+0x10/0x10
[  339.714730][ T8697]  ? kasan_save_stack+0x33/0x60
[  339.714771][ T8697]  ? kasan_save_track+0x14/0x30
[  339.714809][ T8697]  ? kasan_save_free_info+0x3b/0x60
[  339.714851][ T8697]  sd_pr_out_command.isra.0+0x38c/0x3d0
[  339.714888][ T8697]  ? __pfx_sd_pr_out_command.isra.0+0x10/0x10
[  339.714924][ T8697]  ? __lock_acquire+0xb8a/0x1c90
[  339.714982][ T8697]  ? find_held_lock+0x2b/0x80
[  339.715009][ T8697]  ? __might_fault+0xe3/0x190
[  339.715050][ T8697]  ? __might_fault+0x13b/0x190
[  339.715097][ T8697]  ? block_pr_type_to_scsi+0x62/0x80
[  339.715148][ T8697]  blkdev_pr_preempt+0x2a9/0x310
[  339.715184][ T8697]  ? __pfx_blkdev_pr_preempt+0x10/0x10
[  339.715233][ T8697]  blkdev_common_ioctl+0x8d1/0x2480
[  339.715266][ T8697]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  339.715300][ T8697]  ? futex_wake+0x1ad/0x530
[  339.715336][ T8697]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  339.715383][ T8697]  ? __pfx_blkdev_common_ioctl+0x10/0x10
[  339.715418][ T8697]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  339.715487][ T8697]  ? find_held_lock+0x2b/0x80
[  339.715523][ T8697]  blkdev_ioctl+0x1cb/0x6d0
[  339.715558][ T8697]  ? __pfx_blkdev_ioctl+0x10/0x10
[  339.715597][ T8697]  ? __pfx_blkdev_ioctl+0x10/0x10
[  339.715634][ T8697]  __x64_sys_ioctl+0x18b/0x210
[  339.715671][ T8697]  do_syscall_64+0xcd/0x490
[  339.715718][ T8697]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.715748][ T8697] RIP: 0033:0x7f30b018e929
[  339.715771][ T8697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  339.715800][ T8697] RSP: 002b:00007f30b0f79038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  339.715829][ T8697] RAX: ffffffffffffffda RBX: 00007f30b03b5fa0 RCX: 00007f30b018e929
[  339.715848][ T8697] RDX: 0000000000000009 RSI: 00000000401870cb RDI: 0000000000000009
[  339.715865][ T8697] RBP: 00007f30b0210b39 R08: 0000000000000000 R09: 0000000000000000
[  339.715883][ T8697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  339.715900][ T8697] R13: 0000000000000000 R14: 00007f30b03b5fa0 R15: 00007fff070e7d98
[  339.715936][ T8697]  </TASK>
[  340.498260][ T8700] FAULT_INJECTION: forcing a failure.
[  340.498260][ T8700] name failslab, interval 1, probability 0, space 0, times 0
[  340.523721][ T8700] CPU: 0 UID: 0 PID: 8700 Comm: syz.3.704 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  340.523764][ T8700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  340.523782][ T8700] Call Trace:
[  340.523792][ T8700]  <TASK>
[  340.523804][ T8700]  dump_stack_lvl+0x16c/0x1f0
[  340.523854][ T8700]  should_fail_ex+0x512/0x640
[  340.523902][ T8700]  should_failslab+0xc2/0x120
[  340.523930][ T8700]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  340.523971][ T8700]  ? __lock_acquire+0x622/0x1c90
[  340.524006][ T8700]  ? dst_alloc+0x99/0x1a0
[  340.524047][ T8700]  dst_alloc+0x99/0x1a0
[  340.524086][ T8700]  rt_dst_alloc+0x35/0x3a0
[  340.524124][ T8700]  ip_route_output_key_hash_rcu+0x87a/0x28f0
[  340.524182][ T8700]  ip_route_output_key_hash+0x137/0x2e0
[  340.524225][ T8700]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  340.524285][ T8700]  ? find_held_lock+0x2b/0x80
[  340.524320][ T8700]  ip_route_output_flow+0x27/0x150
[  340.524367][ T8700]  raw_sendmsg+0xd70/0x3820
[  340.524423][ T8700]  ? __pfx_raw_sendmsg+0x10/0x10
[  340.524460][ T8700]  ? __lock_acquire+0x622/0x1c90
[  340.524504][ T8700]  ? __lock_acquire+0x622/0x1c90
[  340.524559][ T8700]  ? __pfx___might_resched+0x10/0x10
[  340.524588][ T8700]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  340.524638][ T8700]  ? aa_sk_perm+0x2f4/0xb10
[  340.524678][ T8700]  ? __import_iovec+0x1dd/0x650
[  340.524729][ T8700]  ? __might_fault+0xe3/0x190
[  340.524767][ T8700]  ? __might_fault+0x13b/0x190
[  340.524808][ T8700]  ? __pfx_raw_sendmsg+0x10/0x10
[  340.524850][ T8700]  inet_sendmsg+0x119/0x140
[  340.524892][ T8700]  ____sys_sendmsg+0x973/0xc70
[  340.524927][ T8700]  ? copy_msghdr_from_user+0x10a/0x160
[  340.524970][ T8700]  ? __pfx_____sys_sendmsg+0x10/0x10
[  340.525010][ T8700]  ? kfree+0x24f/0x4d0
[  340.525041][ T8700]  ? __pfx__kstrtoull+0x10/0x10
[  340.525086][ T8700]  ___sys_sendmsg+0x134/0x1d0
[  340.525133][ T8700]  ? __pfx____sys_sendmsg+0x10/0x10
[  340.525225][ T8700]  ? __pfx___might_resched+0x10/0x10
[  340.525267][ T8700]  __sys_sendmmsg+0x200/0x420
[  340.525318][ T8700]  ? __pfx___sys_sendmmsg+0x10/0x10
[  340.525377][ T8700]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  340.525443][ T8700]  ? fput+0x70/0xf0
[  340.525469][ T8700]  ? ksys_write+0x1ac/0x250
[  340.525509][ T8700]  ? __pfx_ksys_write+0x10/0x10
[  340.525557][ T8700]  __x64_sys_sendmmsg+0x9c/0x100
[  340.525599][ T8700]  ? lockdep_hardirqs_on+0x7c/0x110
[  340.525641][ T8700]  do_syscall_64+0xcd/0x490
[  340.525688][ T8700]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  340.525728][ T8700] RIP: 0033:0x7f227498e929
[  340.525753][ T8700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  340.525780][ T8700] RSP: 002b:00007f22758d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  340.525807][ T8700] RAX: ffffffffffffffda RBX: 00007f2274bb5fa0 RCX: 00007f227498e929
[  340.525825][ T8700] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003
[  340.525842][ T8700] RBP: 00007f22758d5090 R08: 0000000000000000 R09: 0000000000000000
[  340.525858][ T8700] R10: 0000000007fffffe R11: 0000000000000246 R12: 0000000000000002
[  340.525875][ T8700] R13: 0000000000000000 R14: 00007f2274bb5fa0 R15: 00007ffd1c8d2cf8
[  340.525913][ T8700]  </TASK>

syzkaller
syzkaller login: 
syzkaller
syzkaller login: [  345.570187][ T8759] kexec: Could not allocate control_code_buffer
[  345.739748][ T8769] can0: slcan on ttyS2.
[  346.006110][ T8780] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9
[  346.143171][ T8769] can0 (unregistered): slcan off ttyS2.
[  348.513345][ T7003] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  348.524536][ T7003] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  348.532811][ T7003] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  348.559309][ T7003] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  348.568140][ T7003] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  350.087306][ T8800] chnl_net:caif_netlink_parms(): no params data found
[  350.632853][ T7003] Bluetooth: hci3: command tx timeout
[  350.809898][ T8800] bridge0: port 1(bridge_slave_0) entered blocking state
[  350.849724][ T8800] bridge0: port 1(bridge_slave_0) entered disabled state
[  350.857150][ T8800] bridge_slave_0: entered allmulticast mode
[  350.911982][ T8800] bridge_slave_0: entered promiscuous mode
[  350.953319][ T8800] bridge0: port 2(bridge_slave_1) entered blocking state
[  350.979724][ T8800] bridge0: port 2(bridge_slave_1) entered disabled state
[  350.987177][ T8800] bridge_slave_1: entered allmulticast mode
[  351.006086][ T8800] bridge_slave_1: entered promiscuous mode
[  351.435749][ T7015] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  351.445450][ T7015] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  351.453879][ T7015] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  351.467631][ T7015] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  351.499865][ T7015] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  351.692519][ T8837] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(12)
[  351.819122][ T8800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  352.037439][ T8800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  352.438595][ T8800] team0: Port device team_slave_0 added
[  352.478483][ T8800] team0: Port device team_slave_1 added
[  352.715639][ T7015] Bluetooth: hci3: command tx timeout
[  353.112165][ T8800] batman_adv: batadv0: Adding interface: batadv_slave_0
[  353.129877][ T8800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  353.190986][ T8800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  353.231974][ T8800] batman_adv: batadv0: Adding interface: batadv_slave_1
[  353.251344][ T8800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  353.339943][ T8800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  353.689680][ T7015] Bluetooth: hci6: command tx timeout
[  353.927629][ T8800] hsr_slave_0: entered promiscuous mode
[  353.961253][ T8800] hsr_slave_1: entered promiscuous mode
[  353.990940][ T8800] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  353.998567][ T8800] Cannot create hsr debugfs directory
[  354.716915][ T8829] chnl_net:caif_netlink_parms(): no params data found
[  354.790030][ T7015] Bluetooth: hci3: command tx timeout
[  355.288464][ T8829] bridge0: port 1(bridge_slave_0) entered blocking state
[  355.301664][ T8829] bridge0: port 1(bridge_slave_0) entered disabled state
[  355.308991][ T8829] bridge_slave_0: entered allmulticast mode
[  355.329091][ T8829] bridge_slave_0: entered promiscuous mode
[  355.347254][ T8800] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  355.418039][ T8829] bridge0: port 2(bridge_slave_1) entered blocking state
[  355.441580][ T8829] bridge0: port 2(bridge_slave_1) entered disabled state
[  355.464794][ T8829] bridge_slave_1: entered allmulticast mode
[  355.508065][ T8829] bridge_slave_1: entered promiscuous mode
[  355.590983][ T8800] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  355.749813][ T7015] Bluetooth: hci6: command tx timeout
[  355.772891][ T8829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  355.826660][ T8800] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  355.838231][   T31] INFO: task kworker/u10:2:6999 blocked for more than 143 seconds.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  355.920677][   T31]       Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0
[  355.959593][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  355.968356][   T31] task:kworker/u10:2   state:D stack:26952 pid:6999  tgid:6999  ppid:2      task_flags:0x4208060 flags:0x00004000
[  356.029635][   T31] Workqueue: netns cleanup_net
[  356.034507][   T31] Call Trace:
[  356.037822][   T31]  <TASK>
[  356.049665][   T31]  __schedule+0x116a/0x5de0
[  356.059626][   T31]  ? __lock_acquire+0x622/0x1c90
[  356.070289][   T31]  ? __pfx___schedule+0x10/0x10
[  356.079878][   T31]  ? find_held_lock+0x2b/0x80
[  356.107763][   T31]  ? schedule+0x2d7/0x3a0
[  356.124316][   T31]  schedule+0xe7/0x3a0
[  356.128835][   T31]  schedule_timeout+0x257/0x290
[  356.201739][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  356.207343][   T31]  ? mark_held_locks+0x49/0x80
[  356.270792][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  356.337259][   T31]  __wait_for_common+0x2ff/0x4e0
[  356.379610][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  356.385105][   T31]  ? __pfx___wait_for_common+0x10/0x10
[  356.449957][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  356.469592][   T31]  ? flush_workqueue_prep_pwqs+0x2e9/0x510
[  356.487945][   T31]  __flush_workqueue+0x3e2/0x1230
[  356.529653][   T31]  ? __pfx___flush_workqueue+0x10/0x10
[  356.535226][   T31]  ? reacquire_held_locks+0xcd/0x1f0
[  356.569615][   T31]  ? __pfx_sock_def_readable+0x10/0x10
[  356.575188][   T31]  ? __pfx_sock_def_readable+0x10/0x10
[  356.589703][   T31]  rds_tcp_listen_stop+0x104/0x150
[  356.609629][   T31]  ? __pfx_rds_tcp_exit_net+0x10/0x10
[  356.615124][   T31]  rds_tcp_exit_net+0xcb/0x810

syzkaller
syzkaller login: [  356.631638][   T31]  ? __pfx_rds_tcp_exit_net+0x10/0x10
[  356.637207][   T31]  ? __pfx___might_resched+0x10/0x10
[  356.659651][   T31]  ? __pfx_rds_tcp_exit_net+0x10/0x10
[  356.665250][   T31]  ops_undo_list+0x2ee/0xab0
[  356.679642][   T31]  ? __pfx_ops_undo_list+0x10/0x10
[  356.684867][   T31]  ? __local_bh_enable_ip+0xa4/0x120
[  356.700022][   T31]  cleanup_net+0x408/0x890
[  356.704638][   T31]  ? __pfx_cleanup_net+0x10/0x10
[  356.720046][   T31]  ? rcu_is_watching+0x12/0xc0
[  356.725095][   T31]  process_one_work+0x9cc/0x1b70
[  356.735719][   T31]  ? __pfx_process_one_work+0x10/0x10
[  356.742663][   T31]  ? assign_work+0x1a0/0x250
[  356.747428][   T31]  worker_thread+0x6c8/0xf10
[  356.762072][   T31]  ? __kthread_parkme+0x19e/0x250
[  356.767190][   T31]  ? __pfx_worker_thread+0x10/0x10
[  356.778546][   T31]  kthread+0x3c5/0x780
[  356.782917][   T31]  ? __pfx_kthread+0x10/0x10
[  356.787586][   T31]  ? rcu_is_watching+0x12/0xc0
[  356.807026][   T31]  ? __pfx_kthread+0x10/0x10
[  356.822143][   T31]  ret_from_fork+0x5d4/0x6f0
[  356.826833][   T31]  ? __pfx_kthread+0x10/0x10
[  356.840708][   T31]  ret_from_fork_asm+0x1a/0x30
[  356.845600][   T31]  </TASK>
[  356.885021][ T7015] Bluetooth: hci3: command tx timeout
[  356.943936][   T31] 
[  356.943936][   T31] Showing all locks held in the system:
[  357.011524][ T8829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  357.020945][   T31] 1 lock held by khungtaskd/31:
[  357.020977][   T31]  #0: ffffffff8e5c47c0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[  357.021114][   T31] 3 locks held by kworker/u10:1/6997:
[  357.021132][   T31]  #0: ffff88801b889148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  357.208391][   T31]  #1: ffffc9000bfb7d10 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  357.289052][   T31]  #2: ffffffff9034e5a8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0
[  357.309705][   T31] 3 locks held by kworker/u10:2/6999:
[  357.316359][   T31]  #0: ffff88801c6fe148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  357.409601][   T31]  #1: ffffc90018547d10 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  357.469654][   T31]  #2: ffffffff90338550 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x890
[  357.479123][   T31] 1 lock held by syz.1.355/7359:
[  357.528533][   T31]  #0: ffffffff90338550 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0
[  357.550266][   T31] 1 lock held by syz.0.520/7919:
[  357.555280][   T31]  #0: ffffffff90338550 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0
[  357.579577][   T31] 1 lock held by syz.4.565/8082:
[  357.584593][   T31]  #0: ffffffff90338550 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0
[  357.604486][   T31] 3 locks held by kworker/u10:8/8556:
[  357.610409][   T31]  #0: ffff88814bd69148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  357.623044][   T31]  #1: ffffc9000bfa7d10 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  357.649610][   T31]  #2: ffffffff9034e5a8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x120/0x14e0
[  357.659247][   T31] 1 lock held by syz.5.680/8621:
[  357.680901][   T31]  #0: ffffffff90338550 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0
[  357.690812][   T31] 1 lock held by syz-executor/8800:
[  357.696294][   T31]  #0: ffffffff8e5cfdb8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0
[  357.729612][   T31] 1 lock held by syz.7.746/8865:
[  357.734633][   T31] 1 lock held by syz.3.749/8869:
[  357.759557][   T31]  #0: ffffffff9034e5a8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230
[  357.768687][   T31] 2 locks held by getty/8873:
[  357.775401][   T31]  #0: ffff88814bfc90a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  357.785736][   T31]  #1: ffffc9000f27b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[  357.796463][   T31] 
[  357.798874][   T31] =============================================
[  357.798874][   T31] 
[  357.853563][   T31] NMI backtrace for cpu 1
[  357.853607][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  357.853642][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  357.853658][   T31] Call Trace:
[  357.853667][   T31]  <TASK>
[  357.853677][   T31]  dump_stack_lvl+0x116/0x1f0
[  357.853727][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  357.853758][   T31]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  357.853799][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  357.853836][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  357.853875][   T31]  watchdog+0xf70/0x12c0
[  357.853926][   T31]  ? __pfx_watchdog+0x10/0x10
[  357.853964][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  357.854008][   T31]  ? __kthread_parkme+0x19e/0x250
[  357.854044][   T31]  ? __pfx_watchdog+0x10/0x10
[  357.854084][   T31]  kthread+0x3c5/0x780
[  357.854123][   T31]  ? __pfx_kthread+0x10/0x10
[  357.854165][   T31]  ? rcu_is_watching+0x12/0xc0
[  357.854194][   T31]  ? __pfx_kthread+0x10/0x10
[  357.854235][   T31]  ret_from_fork+0x5d4/0x6f0
[  357.854270][   T31]  ? __pfx_kthread+0x10/0x10
[  357.854310][   T31]  ret_from_fork_asm+0x1a/0x30
[  357.854359][   T31]  </TASK>
[  357.854370][   T31] Sending NMI from CPU 1 to CPUs 0:
[  357.871140][ T7015] Bluetooth: hci6: command tx timeout
[  357.881149][    C0] NMI backtrace for cpu 0
[  357.881168][    C0] CPU: 0 UID: 0 PID: 7015 Comm: kworker/u11:2 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  357.881208][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  357.881232][    C0] Workqueue: hci6 hci_cmd_timeout
[  357.881289][    C0] RIP: 0010:unwind_next_frame+0x15c0/0x20a0
[  357.881359][    C0] Code: c2 40 0f 9e c6 84 d2 0f 95 c0 40 84 c6 0f 85 ea 09 00 00 48 0f bf 69 02 ba 08 00 00 00 4c 89 ef 4d 8d 7d 34 4c 01 f5 48 89 ee <e8> 2b e8 ff ff 84 c0 0f 84 b5 ed ff ff 48 89 ef e8 0b e0 ff ff 49
[  357.881394][    C0] RSP: 0018:ffffc900000077d0 EFLAGS: 00000083
[  357.881422][    C0] RAX: 0000000000000000 RBX: 0000000000000002 RCX: ffffffff9141e054
[  357.881446][    C0] RDX: 0000000000000008 RSI: ffffc90000007d20 RDI: ffffc90000007840
[  357.881461][    C0] RBP: ffffc90000007d20 R08: 0000000000000001 R09: 0000000000000001
[  357.881476][    C0] R10: 0000000000000000 R11: 000000000000a7e5 R12: ffffc90000007890
[  357.881500][    C0] R13: ffffc90000007840 R14: ffffc90000007d50 R15: ffffc90000007874
[  357.881525][    C0] FS:  0000000000000000(0000) GS:ffff88812475d000(0000) knlGS:0000000000000000
[  357.881574][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  357.881604][    C0] CR2: 0000200000313000 CR3: 000000000e382000 CR4: 00000000003526f0
[  357.881632][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  357.881656][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  357.881684][    C0] Call Trace:
[  357.881696][    C0]  <IRQ>
[  357.881710][    C0]  ? call_timer_fn+0x19a/0x620
[  357.881757][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  357.881803][    C0]  arch_stack_walk+0x94/0x100
[  357.881852][    C0]  ? __run_timers+0x569/0x960
[  357.881901][    C0]  stack_trace_save+0x8e/0xc0
[  357.881943][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  357.881991][    C0]  ? __lock_acquire+0xb8a/0x1c90
[  357.882037][    C0]  kasan_save_stack+0x33/0x60
[  357.882086][    C0]  ? kasan_save_stack+0x33/0x60
[  357.882125][    C0]  ? kasan_record_aux_stack+0xa7/0xc0
[  357.882150][    C0]  ? insert_work+0x36/0x230
[  357.882188][    C0]  ? __queue_work+0x3f8/0x10f0
[  357.882237][    C0]  ? call_timer_fn+0x19a/0x620
[  357.882315][    C0]  kasan_record_aux_stack+0xa7/0xc0
[  357.882365][    C0]  insert_work+0x36/0x230
[  357.882420][    C0]  __queue_work+0x3f8/0x10f0
[  357.882471][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  357.882532][    C0]  call_timer_fn+0x19a/0x620
[  357.882575][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  357.882624][    C0]  ? __run_timers+0x559/0x960
[  357.882669][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  357.882731][    C0]  __run_timers+0x569/0x960
[  357.882782][    C0]  ? __pfx___run_timers+0x10/0x10
[  357.882861][    C0]  run_timer_base+0x114/0x190
[  357.882906][    C0]  ? __pfx_run_timer_base+0x10/0x10
[  357.882954][    C0]  run_timer_softirq+0x1a/0x40
[  357.882998][    C0]  handle_softirqs+0x216/0x8e0
[  357.883045][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  357.883093][    C0]  __irq_exit_rcu+0x109/0x170
[  357.883121][    C0]  irq_exit_rcu+0x9/0x30
[  357.883148][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  357.883198][    C0]  </IRQ>
[  357.883210][    C0]  <TASK>
[  357.883223][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  357.883266][    C0] RIP: 0010:vprintk_emit+0x567/0x6d0
[  357.883308][    C0] Code: 00 4d 85 ed 0f 85 19 01 00 00 e8 74 81 20 00 9c 5d 81 e5 00 02 00 00 31 ff 48 89 ee e8 d2 7c 20 00 48 85 ed 0f 85 25 01 00 00 <e8> 54 81 20 00 45 31 c9 41 b8 01 00 00 00 31 c9 48 8d 05 00 00 00
[  357.883346][    C0] RSP: 0018:ffffc9000be679c8 EFLAGS: 00000293
[  357.883378][    C0] RAX: 0000000000000000 RBX: 0000000000000023 RCX: ffffffff819b0c8c
[  357.883402][    C0] RDX: ffff88802a9bbc00 RSI: ffffffff819b0c96 RDI: 0000000000000007
[  357.883425][    C0] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000
[  357.883449][    C0] R10: 0000000000000000 R11: 0000000000000001 R12: 1ffff920017ccf3b
[  357.883472][    C0] R13: 0000000000000200 R14: ffff88801eeb5a00 R15: ffffc9000be67a90
[  357.883512][    C0]  ? vprintk_emit+0x67c/0x6d0
[  357.883543][    C0]  ? vprintk_emit+0x686/0x6d0
[  357.883581][    C0]  ? vprintk_emit+0x686/0x6d0
[  357.883603][    C0]  ? __pfx_vprintk_emit+0x10/0x10
[  357.883625][    C0]  ? __lock_acquire+0xb8a/0x1c90
[  357.883656][    C0]  _printk+0xc7/0x100
[  357.883683][    C0]  ? __pfx__printk+0x10/0x10
[  357.883712][    C0]  ? register_lock_class+0x41/0x4c0
[  357.883740][    C0]  ? do_raw_spin_lock+0x12c/0x2b0
[  357.883776][    C0]  bt_err+0xe4/0x120
[  357.883804][    C0]  ? __pfx_bt_err+0x10/0x10
[  357.883833][    C0]  ? finish_task_switch.isra.0+0x221/0xc10
[  357.883861][    C0]  ? process_one_work+0x13d6/0x1b70
[  357.883895][    C0]  hci_cmd_timeout+0x1ff/0x260
[  357.883942][    C0]  process_one_work+0x9cc/0x1b70
[  357.884010][    C0]  ? __pfx_process_one_work+0x10/0x10
[  357.884075][    C0]  ? assign_work+0x1a0/0x250
[  357.884125][    C0]  worker_thread+0x6c8/0xf10
[  357.884191][    C0]  ? __kthread_parkme+0x19e/0x250
[  357.884238][    C0]  ? __pfx_worker_thread+0x10/0x10
[  357.884288][    C0]  kthread+0x3c5/0x780
[  357.884341][    C0]  ? __pfx_kthread+0x10/0x10
[  357.884390][    C0]  ? rcu_is_watching+0x12/0xc0
[  357.884427][    C0]  ? __pfx_kthread+0x10/0x10
[  357.884480][    C0]  ret_from_fork+0x5d4/0x6f0
[  357.884527][    C0]  ? __pfx_kthread+0x10/0x10
[  357.884575][    C0]  ret_from_fork_asm+0x1a/0x30
[  357.884633][    C0]  </TASK>
[  357.959967][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  357.959994][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  357.960028][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  357.960043][   T31] Call Trace:
[  357.960053][   T31]  <TASK>
[  357.960063][   T31]  dump_stack_lvl+0x3d/0x1f0
[  357.960109][   T31]  panic+0x71c/0x800
[  357.960142][   T31]  ? __pfx___irq_work_queue_local+0x10/0x10
[  357.960182][   T31]  ? __pfx_panic+0x10/0x10
[  357.960214][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  357.960252][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  357.960284][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  357.960316][   T31]  ? watchdog+0xdda/0x12c0
[  357.960350][   T31]  ? watchdog+0xdcd/0x12c0
[  357.960392][   T31]  watchdog+0xdeb/0x12c0
[  357.960435][   T31]  ? __pfx_watchdog+0x10/0x10
[  357.960468][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  357.960508][   T31]  ? __kthread_parkme+0x19e/0x250
[  357.960540][   T31]  ? __pfx_watchdog+0x10/0x10
[  357.960575][   T31]  kthread+0x3c5/0x780
[  357.960611][   T31]  ? __pfx_kthread+0x10/0x10
[  357.960655][   T31]  ? rcu_is_watching+0x12/0xc0
[  357.960682][   T31]  ? __pfx_kthread+0x10/0x10
[  357.960717][   T31]  ret_from_fork+0x5d4/0x6f0
[  357.960750][   T31]  ? __pfx_kthread+0x10/0x10
[  357.960785][   T31]  ret_from_fork_asm+0x1a/0x30
[  357.960831][   T31]  </TASK>
[  357.963666][   T31] Kernel Offset: disabled