last executing test programs:

3m35.347673476s ago: executing program 3 (id=3643):
socket(0x10, 0x2, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r1)
ioctl$auto_KVM_GET_MSRS(r0, 0x4188aea7, &(0x7f0000000040)={0x3})

3m35.048192749s ago: executing program 3 (id=3644):
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_LEAVE_IBSS(r1, &(0x7f00000003c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES16=r0, @ANYRES64], 0x1a8}, 0x1, 0x0, 0x0, 0x44880}, 0x800)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/pci0000:00/0000:00:03.0/resource1\x00', 0x0, 0x0)
mmap$auto(0x0, 0x3, 0x1000000000001, 0x1008000000008011, 0x3, 0xfffffffffffffffe)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r2 = socket(0x2b, 0x1, 0x0)
ioctl$auto(0x3, 0x8905, 0x38)
epoll_create$auto(0x4)
openat$auto_ftrace_formats_fops_trace_printk(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/printk_formats\x00', 0x109000, 0x0)
socket(0xa, 0x1, 0x84)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
io_uring_setup$auto(0x59, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000680)='/dev/v4l-subdev5\x00', 0x20281, 0x0)
ioctl$auto(r4, 0xc038563c, r3)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
keyctl$auto(0x1f, 0x0, 0x6, 0x3, 0x2)
madvise$auto(0x0, 0x240007, 0x19)
sendmsg$auto_NL80211_CMD_CONNECT(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x5c, 0x0, 0x800, 0x70bd25, 0x25dfdbfb, {}, [@NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0x4}, @NL80211_ATTR_S1G_CAPABILITY_MASK={0x37, 0x129, "a996815d0851d7554b5bcd2d99a8ff8385872709b3867a8d027eeffd5ce89e48b7a0c15ebb5e3fd21dd9f1850edf41cca4d20d"}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x81}, 0x4)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4)
madvise$auto(0x0, 0x2003f2, 0x15)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2b, 0x1, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
poll$auto(&(0x7f0000000040)={0x3, 0x0, 0xa}, 0x5, 0x108)
syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff)

3m31.226767558s ago: executing program 3 (id=3662):
mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000)
r0 = socket(0x2, 0x1, 0x106)
syz_genetlink_get_family_id$auto_tipcv2(0x0, r0)
socket$nl_generic(0x10, 0x3, 0x10)
setrlimit$auto(0x0, &(0x7f0000000000)={0x1, 0xfb3})
sigaltstack$auto(0x0, 0x0)
sigaltstack$auto(&(0x7f0000000080)={0x0, 0x2, 0x4}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
semctl$auto(0x2, 0x9, 0x939, 0x6)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
sendmsg$auto_NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, 0x0, 0x0)
io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3)
r1 = openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2)
syz_clone3(&(0x7f0000000400)={0x1045100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r2 = open(0x0, 0x22240, 0x154)
execveat$auto(r2, 0x0, 0x0, 0x0, 0x1000)
io_uring_setup$auto(0x1, &(0x7f00000001c0)={0x9, 0x0, 0xd41, 0x4cbd, 0x10, 0x4, r2, [0x2, 0x7, 0x5], {0x4, 0x2, 0x3, 0x20000000, 0x2, 0x4, 0xff, 0xfff, 0x6}, {0x7, 0xedea, 0x4f, 0xe7ab, 0x1ff, 0x6, 0x1, 0xd, 0xa1f}})
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x4d, 0x0)
fsopen$auto(0x0, 0x1)
fsconfig$auto(r1, 0x4, 0x0, 0x0, 0x0)
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/input/event1\x00', 0x34d802, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x109802, 0x0)
close_range$auto(0x2, 0x8, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0)

3m29.722319344s ago: executing program 3 (id=3669):
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/input/event1\x00', 0x34d802, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x109802, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x84040, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
mmap$auto(0x3, 0x2020006, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0)
ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$auto(0x3, 0x400caed0, r3)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r1)
ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000500)={0x7, 0x0, [{0xd90, 0x2, 0x6}]})

3m29.109261694s ago: executing program 3 (id=3673):
ioctl$auto_XFS_IOC_SWAPEXT(0xffffffffffffffff, 0xc0c0586d, &(0x7f0000000000)={0xc, @raw=0x7, @raw=0x397, 0x3, 0x9, '\x00', {0x8, 0xa005, 0x8000, <r0=>0x0, 0xee01, 0x0, 0x1, 0x100, {0x9, 0x7}, {0x4, 0x401}, {0x8}, 0xfffffffffffffff8, 0x3, 0x27, 0x7, 0x2, 0xc, 0x3, 0x3, 0x7, 0x2, '\x00', 0x1, 0x6, 0x8, 0x4}})
shmctl$auto_SHM_STAT(0x4, 0xd, &(0x7f0000000200)={{0x5, 0x0, <r1=>0xffffffffffffffff, 0xf08c, 0x3, 0x2, 0x6}, 0x2e, 0xffffffff00000000, 0x1, 0x80000000, @raw=0xffff, @inferred=0xffffffffffffffff, 0x9, 0x0, &(0x7f00000000c0)="359b40fd3568e6666fe92aa1c65a61931a54b31353ce006aa9bfc3eed38cca7ffbf4fffa58a2f66112cb957f0f34407aa6af71", &(0x7f0000000100)="e6956be8ed93ece624983ccf2aeea09da7a68285ca6ae0a433a53e88235c75c7f07bf9a1cbdf65635dad55b5a3c3ae8c77ba24951fa3024db667e2e5fd49b79f25975e0abb57e7f311aeeb360a4a0d7588930718f893013a965b4982b4ac4ff18ae37ee578c86eb7e593a626523823d80e485bd1b3dd046ae515b8dacfee841a4408ed4057c34c3aac5dd81b71277f3b28ef3d2154e856d812773f0fa2b88e06ba84e91a892a08492237d223f4ed69867bf04861924a21d8c340c3a3e1eacc7fd0b5cdd1ed5c923621cb7d379b58e77d"})
ioctl$auto_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000300)={"ab23935f685eadc80d39c8627c5974e3324c09a3c60285f1217c19124aa77592", 0x3, 0x5, 0x0, 0x2, 0x3, <r2=>0x0})
msgctl$auto(0x3, 0xc265, &(0x7f0000000380)={{0x7b, <r3=>r0, <r4=>r1, 0x0, 0xd6e, 0xc, 0x2}, &(0x7f0000000280)=0x4, &(0x7f00000002c0)=0x39, 0x7f, 0x3, 0xf, 0x2, 0x80000001, 0x4, 0xf4, 0xf67, @inferred=<r5=>r2, @raw=0x14000000})
unshare$auto(0xfffffffffffffcb6)
unshare$auto(0x10000)
msgctl$auto_IPC_STAT(0xa745, 0x2, &(0x7f0000000480)={{0x0, <r6=>r3, r4, 0x3, 0xfffffffe, 0x8, 0xa62}, &(0x7f0000000400)=0x10, &(0x7f0000000440)=0xd, 0xffffffffffffd4ce, 0x14f1, 0x5d, 0x6, 0xfffffffffffffffc, 0x5, 0x7f, 0x9, @raw=0x3, @inferred=<r7=>r5})
r8 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
fcntl$auto_F_SETFL(r8, 0x4, 0x1000)
r9 = openat$auto_tracing_total_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000540)='/sys/kernel/tracing/buffer_total_size_kb\x00', 0x101401, 0x0)
read$auto_tracing_total_entries_fops_trace(r9, &(0x7f0000000580)=""/31, 0x1f)
r10 = ioctl$auto_TUNSETSNDBUF2(0xffffffffffffffff, 0x400454d4, &(0x7f00000005c0)=0x3)
r11 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$auto_NL802154_CMD_NEW_SEC_DEV(r10, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x24, r11, 0x701, 0x70bd2a, 0x25dfdbfd, {}, [@NL802154_ATTR_MAX_BE={0x5, 0x10, 0x6}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0x3ff}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004040}, 0x20000800)
sendmsg$auto_NL802154_CMD_SET_PAN_ID(r10, &(0x7f0000001900)={&(0x7f0000000740), 0xc, &(0x7f00000018c0)={&(0x7f0000000780)={0x1108, r11, 0x8, 0x70bd2d, 0x25dfdbfd, {}, [@NL802154_ATTR_SCAN_CHANNELS={0x8}, @NL802154_ATTR_SUPPORTED_COMMANDS={0x10ec, 0x19, 0x0, 0x1, [@typed={0x1004, 0x7a, 0x0, 0x0, @binary="c3db5548d17c15b19ec5c5218b83b163ef86302b6be9c9ed6aa6d15c7aef461125b7e64f262a8f4eba0a47a9f2e26dda8e4bf5917d5b136e9a8bdd8300203442b1184942b1da060d5504edd274d46f63e883ee8735b3669f83ad44aa447c40e384710219e7a99d802d0eb64d33b073b26419864fa85f3f7d22ad1d4bc7b28df90af4fedb6984056c333b5911c6abf7280d13414573c953dd16103c81e8872bb41d262df700d2b724d566ea23d4725b07c0f3c9bd18bd95c9c4803ff96b0b2479d0c03b89db426d87e9a3c5987b0979db7165aa83e53d3db3c247aed4521f9b5e737d7dd26c9be4be1070fa6b68d275ace5afda7344412e5e360d0c91ce22630817cff773ef2b33d0fe88d1e2e72a049f6d032d3894901c07ec2f6129b4b815b9f092bd9ff46ed501bfc7fd5b6272a37cb0ee7059f7d0d081158a9d386aa7b61686d3b477e94ac00d7cc11f33a6b537b1bfde789fd72850dc95553b882dffb17f53044c1ec21c638887c69e09e80b7ec0f8b0a33f3fafe8b67e756e4e99357b7ee352b4f7979729158ed3c0e2edd342d9c5150a7ffaf8e869916acb6b6064cba6daeafc1351acd2069114d9611ccde2b43f9f8f405537bae68c9ebd72f3fc0e4b4d9963a1ef601fdb862719fbb068346b04f2dc7daa8d1f681daa46ed4ef96dd9e8ec9ca08cf5bcf4b4d2eba1d1dc4e74cdbf5abb2b29119de0270ba464f339f492717c8e64470329ac0efcfea2fc4caeb1f0cc2ccd76be1c5a74725d214f5d027dd6798b66edc5448d2ed9f6204a1f3d1bc8b9aabb0c614b1d1109ccaed7223c46f5de7c06c15285bb382be30730c76fd5eaf2ece8c7316a0e78290a4c15a5fb8c15264a1cedd9efa25b76c70bdf62a0058330b8078b09cd2f582319f92f1da378de00c96acffda3c0c51e6130070f09c9d9e33153ab05c3a16b56c1032116f4f20f57bc5901053e6e7f3c4040d0c7b32ac87231c6b74b55b4d5be1edd5db1672542b976eaf3b7e8f542ebf12367ae7364d4e80b002ede4189a473e0ae3d613e6002cd4601affa53a377bc0c9846227aec2a320f6adfd3d205f054d329fd906b9afab65b8ee34de603cb4ae017c0fbf9e85c2e954cf911c7a9ec086709c7751c6fed7aa76e3afea7c0200ded679a2bcf6727595fc8a4a0878b3c032c15bca893bb989b2545a0ca71bb187c719e248308ec206922be35208893c8c9f9066b38de3ecc5ee1181b9730f3e05b113551b412ffba4dbbdb38f4c61f04842b7f21985333c3232427dd8dc9942cb4868c9caccd92e938f7993b50122d5efe8909e71e96dc7d51cc7c14b88285c09efd773ad2d5d36bae2fe4aadd9b93aa086a3ff14f1bb877e7344d2940d31b52dfa7295c1da917c981f826d2a9355e649185269fe592c619cc80a329446c154a8660b3f11726536b82c73eea198bbd6fe21c7163ecfc64e83d84bb3ce564e6df5271a10bb1d00b293b0c9249c9da85c13e3edc250b48934bfd1ef56cd597efc2e7b9cf3d33790f4c6a24348ea21c52060d5be7d47313bc03c8e5548599545a77ddd408633076521554c64f563dab98c7bde064d818167968afcd69c25ecd978fc66cf65219eacf0bf92b57d638f2a4653e7c61935332e87845b4a8a07c82f5f8faa5759e5eb41cec6dde308828abda9df8635daed9f2c370663eb9ecc00c4b584206b9d056f480cf6a3993ad7fc7fbafcbeb131c365eebf9b6ca1cbe9980f60a711449a292549fe930efc056f76f2b3e6cd8d646ff96871792ecc823756afb7dc5c18d36a9ae6ba94b202ba9ede5d76c0b8981cae60a35ab28dcc84428870bfaaf23ec381717c5d619033c07919939a4fd30ce5272d712c4a025ff4931be1d71b262a58a99701d7b57fd4dd3ad5e3b62a296f7317c937cdd926cd42fe146930e13a6a1094e603def1332c527579f45ae4b06d299cfca710871e3a99d3d4177e3a7d4a05fd20072a7fefbc77b8a07b9a0f7d0336c6f89d849b26865567ef812b253a5178d62bb5942d70e59482807bef82410611e32194db712b27efbfae4c4560e9787e1b6c6132c922473d97453d514524871f2ae95c1deb083552bdd72a756c0013cc82e351939b491031085b8847a36f035e2f6c617c20d57cc4d1f8b9ce0c4f8758314917fc00e2c271936a3c8f906cfa8accd852cbd76c734e32c72a6766a82c454a0b975e4da0c86a6dfbc321365ee143b54d08fac0b672d7cdaadec184c278cebfc8aa194bdc6f7a97f9022aef6d9018b1c5f89e9fbfb26913fc3a8c2c356870e57d0fefea4d157eeba9fb5762b840a8e06b3497a73cf6fab8c3d7e981fec12846adaf4ac14032c7378c202b52283faaca8654c70c5f3679c1279caa159c70d66e67fd6436ee7f60872d0ff200d3b798aa01fbf22282c93f39d837f9ccd2d749194842fa17d6209bca793ab8136736fa0f72f2fc2fafce6d1a70ce29b81499b8bdd7ea0ba0908598e1d82d8e5d3219490fa17ae5eee5d327f937ab17f1fab8f939712b285a13ee0f5f9fa29944321a64f75d802e5fec818e72581fb0a00c09fffa04d5597f70a74b4aa272171627d9efbb28bb32baff6cb2026d5c7a327ae91a790f3b9bf9ccbbd24ec06eb59f1226d8c8284a2338185ea6d137a0de8708410aa398809d40927a41477172fb44c44206e198d7b26db6d158076c59a649917bd22a6cb8a637eafd60145c5e27cc8ee3f855c7c9f95d1144c5e319533b518c70d931cc6e0a46d13c615fb4edc6d3750f889f9635c68af4216d84f05df13c6af45c7ebde0ed255ed54ea92e331caa29fc7445c068da08527ff46fd1e765255d7d341a16ad72dbdc17770d961add96cb4b50a14b5c752236f5ed78730342c8beaaef74c5459866c47a55b875272d68f81cac1ade4cac5371f3adad9bd50382bcb025d158904940972a18d3afb964e5371b34e94612c051a4c355227517ee2729e45cd30cbc468bdb20751d9aa50fd945c91876da8b5c7176819ddaf88e6b05166a6821e0144b160a89e2010dc7414b71930dd3066457f9b3e0ad0871d8d9a371098c0278e7155336214f43ca8d9ff53ae5311f3357895caac2cb0ae31de2ea355da3c0ffd115c5cc9bdccee5444298f19532af3a5b0dc9f94a405d8a4119fc3bf5f4f5af86200390730d178047b0a98d13e4b7b345982a1c499e027117c51b6b423311e51b2a2a4b19a770800d498d64f837ca6eddb9d20245e8aeaa40206a0791b9c8aebf8353a1978d0a88650416704754f160b7682b3003b43de06ee3f0404125f46dd86472741dce16d853f87ab9b6bfa8c444bfe91f043499a1d961797eefc90cc351c360d74db53d4ff375204072f40e4df2ab2c5f0329bcb8b2970a924f0289a202d5606f75e13d7d91d2ad2f8b61b5a20e642797890c4a20ce774d55718d02b85fd3c8910f3b4f8a98fef17d50c4b4bdaba204cff823aca034b00aee555e304adf5146187d018b69a8bcf5111e25cc0b23092e24737d046fc3db5ae9fc38cb2fc79ba0444a81b1d08585de4e42d78dcd51f3d6e4f87a6961269142155f3e4170597d83278c6dea60a8d443ff63a7faebee684b6f110cc0d3bb6ec60e3e39f42879248b0e63a59d8c6113a57990315ffe653a87850f2c7d6879a17f1adcc602e25decc7007eacd2710d191dfcb486e65d47e0b6f2687daffe4d8955e7fdd0c65637109c008611daa47f702cc4df9114594873fa66c4c6283082cc33cb3fe7c953d6597fa6a4bbaed3e61b9f173e59e0c64e5657640d138d1281148f5d555cba55fb4f0b41b06cabf395b3ae688a6ac32588a1889bf621a06778b028e5da23c17104278d354505ce51a01e05d406dc28bba740c7d7a6580a19d4adc36f793005d0463913b806848adbb10f5cede7df4f3f77c15f90e142f39aaa28f6e7da455074e2b529f8244c44e7012bdc27467e619909a61845e2874108438309a1932497cc01a434d74bdfe2151654505b30dd745f26431dc54ec12fee966d5f9b7e85d0d61e78dafa9216acc529132e92ff9479587a7809109e812dea361884603fd67bf187722bd099e8fdad37daee4e2fc84fa4000912e1e924cc1ac4d987ce7ea83fc3ecac2591e3df4e9d44a94c8b10314870cbf189735ae2ac0dc7e65bd03d22c7b93ac0da652213fbd10afbde460cfe210f15d46e1f864a0e85651f329e31973e14e8e988d6412361a3ec98f09be9d871b42c2076805ef1ce70f8baa044d6807e2b8107b03dc8d3d59bec71cd5ed13ee204347dc09cb450b549430e64ce6aea879f1330525ecc30dd9c89aba657ac9f02fc16f775221bd0ec79a71c0a218586b930ea5fbe95477df0e9b5489427c75f3fbad52fc8a854504fa5e0613e4c940c0d3bfad687585700a1b56474bb9272fc5332c9e55dd3750b87d3667b387dc14104c2d60daf857e78f1d6ce8a17e8083ac25a69c2d13cdd5abcb90c0de92c8823f0b8c89b17868786b13d3e7a53180fce96950e642124ce6137c83ec3c419412313966d82f208202d53a926d5e3105723801f99e1b342d2c202396a50e3cc16c354681fa1e4e43160fe7df591e4022f45f07698e3504d9c7963e46010543073a33c481d9bc72b4bfdc5b48c97c1deaec756cc81e86bbd5145e656a07bcf12ab8b84dd534fcf70f960444afce166ef293e001040abdc58706ca8464ca291708b7e000723a42cca27ea229c87ace0110dae425081b23764ed4187d59788b81d67cd2f85f3e8e7df2cdf2bf0b53d4f261be34b74fd4a6778ab5a9b5bee6b5c85e7d36145e7f3ed821fb9f288ff32a28eec32da1e78fe43921cbf714559d82bab1ca006c3fe9eaa1d0ccf6fd31d5c692a09fc73270be6605657b765579a8e15c1ade0a4b51de96eb33b6b3650eb5d56b3bdca8b9e1e669390995e1789c1ab3612f6c3150781b5b24d2bd07f4a1458af1394567764713283de18fd8bc3578d6062ba6f19dd12be75441ceb06b89dbcab7461cc23f849a71f120df80b8d9ae8680f016680818d5c4d9dc15d26f1527eb1dc10dc8a9ab1b15f55caf7e5b96a3f7f98766742f909d9721d8bd21094ef4d4e8b58fd323c279a348bbbf65b2b5727e1c6917bd9d36831fff038c2ed644754d7894c49d16403c4859c2fd2186f0f19fbba00a3725eb55fa923a988e714f784b30914eacf883d6d1609530c2399a509642805a563c46e27938b001da9369dfdfff30a4c6aebf3c746fe6d4c7550345ba90d2607387dfd934eb757096cd9cc462088cdf1137eaa6bbcd3cec34e9ccc13db27f4c29d519bcdfc02098b24e603d9934e4db91d7eca52e29fa7d8998b47fd753737851f3fff88c90b54ca2aba3daa95603150f4284143e333a554a3458c51c5fca77562817b4baf3f4f619122637e08cf3281761a7340af206fd3968142364ad8af7534aa4c96a590c6b975eb4b4e41aeee66ddebdc5a270e96ffc680b5437db22e85454fc7fec5708981aae7b32906909df8486bbbd3ef51362f198dd016778314d11724b3c3458efc742d1550760924e810b3c2fa91b8199051df33c798f54e7724e1f32c6a274de375a8bb46851a61d64805f576958c80dc97e330bf461b57b039c25ed4db9663cd994d2a8d8371c4e0718c35b8550bfa01f2554b3528dc086c2f470b6287eddc8db15c4dcf6e92c75aded1165fdf5008c18ac08ebe3f84afee447d1c1d647fff5f17aba6d7a1177f33baac2b266fef20c2ca21c548437c4340d6060201b0072eaedbb59ea2e31573b7330380f80edc389d66fb62dd9990ff92479907d0259dcaf0df2daad9f159df2f16d9a5e"}, @generic="ccd68aba0fc0e0843f0aa519e43f99db8643d50c7ef7e527d8ee6e700d378851f45d02b3817f71", @nested={0xc, 0x80, 0x0, 0x1, [@typed={0x8, 0x28, 0x0, 0x0, @pid=r5}]}, @generic="9cd9c6cbf33fba0e6be7106145e3ba961199d50e5e3444ea0ffe3385bbbedb01b6e277685c543ba0c2a8586df579191adc6135a67c645e5f84c44893d827862d041955178b572f9074cdff831e0e33bb77468888140e8b14af1473396a86cce933f3de36a60166ab15e8cbe229efc493060d35462ed4bc467eff280ae4d866c28a9ce6517462a2f93fe0b78dc3a446444b07dce83c5e1ed7871a27e0b1a365484af4ee410e5c3b24d0f3c60e7eea8bfc65"]}]}, 0x1108}, 0x1, 0x0, 0x0, 0x40010}, 0x20004848)
fcntl$auto_F_GETLEASE(0xffffffffffffffff, 0x401, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000001940)='/dev/dri/renderD128\x00', 0x208002, 0x0)
faccessat2$auto(r10, &(0x7f0000001980)='./file0\x00', 0xffffffff, 0x19e6f283)
setrlimit$auto(0x7f, &(0x7f00000019c0)={0xffffffff, 0x9})
unshare$auto(0x800)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
openat2$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file0\x00', &(0x7f0000001a40)={0x204880, 0x100}, 0x18)
r13 = openat$dir(0xffffffffffffff9c, &(0x7f0000001a80)='./file0/file0\x00', 0x200600, 0x80)
fadvise64$auto_POSIX_FADV_WILLNEED(r13, 0x9f2, 0x4, 0x3)
r14 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001b00), r10)
sendmsg$auto_NL80211_CMD_REMOVE_LINK(r10, &(0x7f0000002000)={&(0x7f0000001ac0), 0xc, &(0x7f0000001fc0)={&(0x7f0000001b40)={0x44c, r14, 0x4, 0x70bd2d, 0x25dfdbfd, {}, [@NL80211_ATTR_TX_RATES={0x3e4, 0x5a, 0x0, 0x1, [@nested={0x4, 0x9a}, @generic="69e83aa7e54fde4415cb8531432354bac341f4e3b8627db7704926851dc07b6ceb3b7306c851c54d88cb232750912a4221ab0b1dfc863fc1699a8e72a3678d43a223246ba461476828d053a6ac137a60764d3ec165eecc9ee46a5511fd010192649f48434f67f5101cff82e0bd3c0a3c7661914c9447e33956993a4819c64c269604657fa4028c0dd4a50bcf9c237828166c9ee10add50a23825276eebc34d4731ab367816fd9d22d731d0bd0db806a9fa7f0f43420f773efa7746684bb5fa4300e067ed5437eb0e6bdf18f543742778fd2124fcc4ac158d86464110fd", @typed={0x8, 0xa5, 0x0, 0x0, @fd=r9}, @nested={0x1d1, 0x6f, 0x0, 0x1, [@generic="386af482ac80de8b54f33b2c4ed54c874aa37d25043f0ce179889cdca1e95b10d038200c9019e1187cfde0432e5bd592717a0b018ac9276043fa8f5f433713c7885dfdbe7e9d5a51b2768179c8d6ad7ffc058dc549db2db3ef122441058cf8f25cfaf5ecce99001c720dc522a3943278949ea6636696b53bc06f8df69bbab4d211b123ada855bab07876b8bd8c592eded5cf12808b2235d13c0cfd6a7cdd3b487930185b2d8b528fb8a12acad4cf7034bafe71f1643e809e9bbaa6992bbd1a928d312e2582693f548d0752e016828603ac82e1439087a7101d797912cd689ea175a3784bd8097244f1ea2101801ee3992f4ee68064e7", @typed={0x8, 0x120, 0x0, 0x0, @u32}, @generic="755bf4428cbb768b329005b4e86d7bab2a80853ac776a55a90231797c7038f0bf614f02781110b44", @nested={0x4}, @typed={0x8, 0xb7, 0x0, 0x0, @uid=r6}, @generic="d4e17e5e8d97b416d0956b2e3216d4983ef06957d0112936804eb0af0f8ee3d4d48a7d92ecbbb795541a134fa20abc031235da7e66dddc23a3dc66cf5360d7acffb6792626e7a1813d5c5522ae46a1759d5465924c31e1f48daa78d27bc914f5a66ec8ae3e", @generic="bc0003550387c3ed03afb6b62b3ffa50ca3c6b9be4fa8ce8d4ea8b37afbccf1c72ce07da94ed26b51f0587e673736d3e991c", @nested={0x4, 0xf4}]}, @generic="2eb10f1da96bf3d780183f0e9f5b4368612d410fb30f9aa0b4566c89f5062b857691e61cd6c2b29638eb6553bcb91a81082039bbc4c73c20839a3668910e8f415aa3fcd5afbcf3b3700fbcd4b1b7cd36f4eb0385ef984a8efca03d9ca1db7a488829bd4fc640a0003053aa14e15794f59aab3b138f5d351b9152b2e1e262578ddfc991280ae1b417b8d8687f2c32a156a4dd77024db69372791291", @typed={0x8, 0x121, 0x0, 0x0, @pid=r5}, @typed={0x8, 0x41, 0x0, 0x0, @ipv4=@empty}, @typed={0x8, 0x138, 0x0, 0x0, @uid=r3}, @generic="6afe51ac7478e4c055947302a19276e5668d919e2ff2592a0f662933b38a826521bbed9d56f5492cb4d460f579990f93a9da0051f5e4ff6d32aeb963128d033d33d29cd18a68ebca6d969dbb627bb636dc6f3577e86f16fd38f7394f3cc464a18907c86032665a12937eadaee93da0a2"]}, @NL80211_ATTR_CONTROL_PORT_NO_PREAUTH={0x4}, @NL80211_ATTR_FILS_CACHE_ID={0x1f, 0xfd, "34c1aef20a5f136f00f8f45bd010180da6823e2df8122d0d0b4e3d"}, @NL80211_ATTR_FRAME_MATCH={0x25, 0x5b, "866a1a21ba3be8b70d31723ea29a53490bb9d4c3ec2622324b875656f506e3e9b1"}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}]}, 0x44c}, 0x1, 0x0, 0x0, 0x2000c840}, 0xe3bc21b462a619ee)
sendmsg$auto_SMC_PNETID_GET(r8, &(0x7f0000002140)={&(0x7f0000002040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000002100)={&(0x7f0000002080)={0x58, 0x0, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@SMC_PNETID_IBNAME={0x2d, 0x3, '/sys/kernel/tracing/buffer_total_size_kb\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x8}, @SMC_PNETID_ETHNAME={0xa, 0x2, ')*.{\\\x00'}]}, 0x58}}, 0x4000040)
ioctl$auto_BTRFS_IOC_RM_DEV_V2(r10, 0x5000943a, &(0x7f0000002240)={@raw=0x7ff, 0x8, 0xffffffff, @btrfs_ioctl_vol_args_v2_3_0={0x6, &(0x7f0000002180)={0x2, 0x4, 0x1, 0xfff, {0x9, 0xf68, 0xb, 0x3, 0x5328}, [0x2, 0x3ff, 0x3, 0xc, 0x3148, 0x8, 0xfffffffffffffffb, 0x66]}}, @devid=0x2})
ioctl$auto_SNDRV_TIMER_IOCTL_PAUSE(r10, 0x54a3, 0x0)
sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r12, &(0x7f0000003480)={&(0x7f0000003240)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000003440)={&(0x7f00000032c0)={0x154, 0x0, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x200}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0xe}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x3}, @ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5}, @ETHTOOL_A_LINKMODES_OURS={0x58, 0x3, 0x0, 0x1, [@generic="1f21e9214a6e7c92f46419e0cf4cc4d981d35963f00a679a9bd1a2ca42266ef8d95efd99e8aec981d52b93382a426d4596f286380d3a18026bc59ae5ef1c5c78", @typed={0xc, 0xc6, 0x0, 0x0, @u64=0x6}, @typed={0x8, 0xc5, 0x0, 0x0, @pid=r7}]}, @ETHTOOL_A_LINKMODES_LANES={0x8, 0x9, 0x52}, @ETHTOOL_A_LINKMODES_OURS={0x86, 0x3, 0x0, 0x1, [@typed={0x8, 0xff, 0x0, 0x0, @fd=r12}, @generic="3e2861898b3579c97f371c09aa03e50a93e1970e990153e7e71aac1ac2455315ff65eb98027afe89651c087adb0d0f5b8332083520498251c74296bc2c73b4c0518185d34cc2390c8596926e2d0d88f54ec56371262bd687a5abb63bbdb9a02003534540aea88b09ecda1b7900a5c0d0447fdd6c1f8cf5463d21"]}]}, 0x154}, 0x1, 0x0, 0x0, 0x8800}, 0x10)

3m28.908951814s ago: executing program 3 (id=3675):
socket(0xa, 0x801, 0x84)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
setsockopt$auto(0x3, 0x10000000084, 0xb, 0x0, 0xc)
mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x3f, 0x800, 0x4, 0x8, 0x1000007)
io_uring_setup$auto(0x5, 0x0)
mknod$auto(&(0x7f0000000580)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x01\x00\x00\x00\x00\x00\x00\x00\xaeR\x81\r_\x0e\x19\b\x85\bvv(e\xdax)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbH\xd3^aD\x87\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x1c\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e\x00\x00\x00\x00\x00\x00\x00\xf1p\xeb\xe9(%\x89\xef\x85\xdfr\xce\x00\x00\x00\x00\xff\x00\xa2M\'d\x12\x1c\x12\xca\xa5_\x8d\xdf\xc5\x8d\x19?\xfc~\xb3X\x14\xa7\xa9M\x87\xfcTW\x1bR\xbci\x8d\x8aNEO\xb3~~\xa8\xa6\x894\x80;s\xb7\xa3V\x1b\x14|\x9e\xd4\x05\x85\x0f!\xab-E\'\x97Y\xb7\xe8fMv_\xf8\xa0S\xef\xb7\b\xe7!T.g\x92\x87\t$\x06\xa4\xfb\x83\x8c\x17^\x82\xe7\xd3\xf6q\x1a\xa0\xf82[W\x90\xdd\xe3\xde\xa9\xde\x94`-\x9a\x1e}\xebO*\xb85,v.\xfc5\xba?vlt\xda%\x06a\x15I\x1f\xe3\x05+\x810T2\xf9\x9b\xc7\xd1<w\xd3:\x835\xac\r\x06\xc9\xc1HG\x1c\xd4J\x8aZ%+\xe6/~\xd6\xe1[+Z\xb1\x8d\xc5\x9b\xcfhb\'\x80\xeb7%>\t\x03\xf2\x8d\x8a\x90\xb54\bH<9\xf1\x91 D\x85g,\xaa\xca\xcd\xd5\xcb\x9a\xb1j\xf2F\xce\x14\x92\xf9\xd7\xec\xc5\x1e\x8aq2\xce\x881f\xd7\xd4\x9e\xf6\xb6P\x01\xe8T\xb5X\xb9d-I\xd6\x91\xc3\xe2\x88S\x82l=\x02t$p\t\x8cY\x06\r\x83\xb0\x86\xc6\x84\x1c\xce\xb6\xf0\xdfC\x9fj<\xfe\xa4\x1f\x82L\xe4\x13+H\x00\x00\x00\x00\x00\x00\x00\x01M\x16\xa0\xbeB6\xfb\xa2-\x17\x93Q\x9fKusl5\xa2$M\xb4\x18\x1db\xf3\xce\x8c\xe5Rna\xd5\xbbQ\xc7\xa7+\vH\xc1l\x1bIv\xe8_', 0x1081, 0x9)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0xf, 0x940, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0x2, 0x7, 0xb0, 0x6, 0x5, 0x3, 0x5, 0x7, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc]}, 0x1fe, 0x81)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0xffffffffffffff52, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r0 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
r1 = socket(0x2, 0x1, 0x106)
bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a)
syz_clone3(&(0x7f00000004c0)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58)
readv$auto(r0, &(0x7f0000000040)={0x0, 0x36a}, 0x3)
bind$auto(0x3, &(0x7f0000000040)=@can, 0x6a)
acct$auto(&(0x7f00000002c0)='u[,&*}\x00\a\x00\x00\x00\xbf\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-\t\x009(\xb4O\xa0t4h\x9f-gn\x1f\x0f\x18\xc5\x82-s\x83\xe6\xaeR\x81\r_\x0e\x19\x12\x85\bvf(e\xday)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0\t\x00\x00\x00\x00\x00\x00\x00\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbHL9aD\xb4\x80\xed\xba>\"\xb6\x7f\xa3f\x1d\a\xa1\x87\x84uA\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x01\x93h\xe9`B@W\xc2B\x82\xf4\x90\xaf\x15\xb2\"i\a\au\xa1\x05\xdb\xe9N4\x8fX\xa1\x9b\xd2\xd6N\xf6\xa4\xa6\xb0K\x04;\xd8\xb8\xa3\x065G\xfb\x9fV0\xa4\xca\xf9\xb4\xf6kW\x97f\xa1\x19\xb6\x85\xc2\xc0\xffg\x00\xfd\xba\x8b\xa3\xc8\n\\\x13\xe5>\x84yb,p\x05\xb1\xb6X5\xac\x9fj\x825\'\xd7\xb7?c\'M\x8e\xff\xc6\xdd\xe3\vN\xc8|\x96\xa2\xeb9\xa4\x98*(\x12\xc8\xa8\x19\xab\xe8GD\xd0\xcf\x8ek\x98\xe0}&r\x04\x8b\nB\xee\x1e\x86\xb2a\xbfB\xb4\x9a\xed\xaf;RW\xd1\x9a\x98w\xb5\xab\xdf\v\xd7 \x81F\x05\xa1\x81\xa4k\xf1+\xd8\\\xd4\"(\x00\x00\x00\x00\x00\x00\x00\x00\xf5\x897\xce.y\x16\x1e\x10\xb0\x9b\xc0\xd2g\x1b\x01\xd3G\'\xc7CU39A\x02x\x8eA\x1f\xbb>\x00'/430)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000)
set_mempolicy$auto(0x3, &(0x7f0000000000)=0x7, 0x9)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x40000008000)
sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800)
kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4)
mmap$auto(0x4, 0x7, 0x200000000000003, 0x1d, 0xffffffffffffffff, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyr5\x00', 0x0, 0x0)
ioctl$auto_TIOCSWINSZ2(r2, 0x5414, 0x0)

3m13.809442574s ago: executing program 32 (id=3675):
socket(0xa, 0x801, 0x84)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
setsockopt$auto(0x3, 0x10000000084, 0xb, 0x0, 0xc)
mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x3f, 0x800, 0x4, 0x8, 0x1000007)
io_uring_setup$auto(0x5, 0x0)
mknod$auto(&(0x7f0000000580)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x01\x00\x00\x00\x00\x00\x00\x00\xaeR\x81\r_\x0e\x19\b\x85\bvv(e\xdax)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbH\xd3^aD\x87\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x1c\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e\x00\x00\x00\x00\x00\x00\x00\xf1p\xeb\xe9(%\x89\xef\x85\xdfr\xce\x00\x00\x00\x00\xff\x00\xa2M\'d\x12\x1c\x12\xca\xa5_\x8d\xdf\xc5\x8d\x19?\xfc~\xb3X\x14\xa7\xa9M\x87\xfcTW\x1bR\xbci\x8d\x8aNEO\xb3~~\xa8\xa6\x894\x80;s\xb7\xa3V\x1b\x14|\x9e\xd4\x05\x85\x0f!\xab-E\'\x97Y\xb7\xe8fMv_\xf8\xa0S\xef\xb7\b\xe7!T.g\x92\x87\t$\x06\xa4\xfb\x83\x8c\x17^\x82\xe7\xd3\xf6q\x1a\xa0\xf82[W\x90\xdd\xe3\xde\xa9\xde\x94`-\x9a\x1e}\xebO*\xb85,v.\xfc5\xba?vlt\xda%\x06a\x15I\x1f\xe3\x05+\x810T2\xf9\x9b\xc7\xd1<w\xd3:\x835\xac\r\x06\xc9\xc1HG\x1c\xd4J\x8aZ%+\xe6/~\xd6\xe1[+Z\xb1\x8d\xc5\x9b\xcfhb\'\x80\xeb7%>\t\x03\xf2\x8d\x8a\x90\xb54\bH<9\xf1\x91 D\x85g,\xaa\xca\xcd\xd5\xcb\x9a\xb1j\xf2F\xce\x14\x92\xf9\xd7\xec\xc5\x1e\x8aq2\xce\x881f\xd7\xd4\x9e\xf6\xb6P\x01\xe8T\xb5X\xb9d-I\xd6\x91\xc3\xe2\x88S\x82l=\x02t$p\t\x8cY\x06\r\x83\xb0\x86\xc6\x84\x1c\xce\xb6\xf0\xdfC\x9fj<\xfe\xa4\x1f\x82L\xe4\x13+H\x00\x00\x00\x00\x00\x00\x00\x01M\x16\xa0\xbeB6\xfb\xa2-\x17\x93Q\x9fKusl5\xa2$M\xb4\x18\x1db\xf3\xce\x8c\xe5Rna\xd5\xbbQ\xc7\xa7+\vH\xc1l\x1bIv\xe8_', 0x1081, 0x9)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0xf, 0x940, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0x2, 0x7, 0xb0, 0x6, 0x5, 0x3, 0x5, 0x7, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc]}, 0x1fe, 0x81)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0xffffffffffffff52, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r0 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
r1 = socket(0x2, 0x1, 0x106)
bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a)
syz_clone3(&(0x7f00000004c0)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58)
readv$auto(r0, &(0x7f0000000040)={0x0, 0x36a}, 0x3)
bind$auto(0x3, &(0x7f0000000040)=@can, 0x6a)
acct$auto(&(0x7f00000002c0)='u[,&*}\x00\a\x00\x00\x00\xbf\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-\t\x009(\xb4O\xa0t4h\x9f-gn\x1f\x0f\x18\xc5\x82-s\x83\xe6\xaeR\x81\r_\x0e\x19\x12\x85\bvf(e\xday)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0\t\x00\x00\x00\x00\x00\x00\x00\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbHL9aD\xb4\x80\xed\xba>\"\xb6\x7f\xa3f\x1d\a\xa1\x87\x84uA\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x01\x93h\xe9`B@W\xc2B\x82\xf4\x90\xaf\x15\xb2\"i\a\au\xa1\x05\xdb\xe9N4\x8fX\xa1\x9b\xd2\xd6N\xf6\xa4\xa6\xb0K\x04;\xd8\xb8\xa3\x065G\xfb\x9fV0\xa4\xca\xf9\xb4\xf6kW\x97f\xa1\x19\xb6\x85\xc2\xc0\xffg\x00\xfd\xba\x8b\xa3\xc8\n\\\x13\xe5>\x84yb,p\x05\xb1\xb6X5\xac\x9fj\x825\'\xd7\xb7?c\'M\x8e\xff\xc6\xdd\xe3\vN\xc8|\x96\xa2\xeb9\xa4\x98*(\x12\xc8\xa8\x19\xab\xe8GD\xd0\xcf\x8ek\x98\xe0}&r\x04\x8b\nB\xee\x1e\x86\xb2a\xbfB\xb4\x9a\xed\xaf;RW\xd1\x9a\x98w\xb5\xab\xdf\v\xd7 \x81F\x05\xa1\x81\xa4k\xf1+\xd8\\\xd4\"(\x00\x00\x00\x00\x00\x00\x00\x00\xf5\x897\xce.y\x16\x1e\x10\xb0\x9b\xc0\xd2g\x1b\x01\xd3G\'\xc7CU39A\x02x\x8eA\x1f\xbb>\x00'/430)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000)
set_mempolicy$auto(0x3, &(0x7f0000000000)=0x7, 0x9)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x40000008000)
sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800)
kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4)
mmap$auto(0x4, 0x7, 0x200000000000003, 0x1d, 0xffffffffffffffff, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyr5\x00', 0x0, 0x0)
ioctl$auto_TIOCSWINSZ2(r2, 0x5414, 0x0)

38.011649587s ago: executing program 0 (id=4551):
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0)
socket(0x1d, 0x3, 0x101) (async)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000)
connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55)
r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x103400, 0x0)
ioctl$auto_BLKSECTGET2(r0, 0x1267, 0x0) (async)
rt_sigqueueinfo$auto(0x0, 0x4, &(0x7f0000000000)={@siginfo_0_0={0x1ff, 0x15, 0x7e73, @_timer={0x0, 0x80000001, @sival_int=0x2, 0x2}}}) (async, rerun: 64)
r1 = socket(0x11, 0x3, 0x9) (rerun: 64)
sendmmsg$auto(r1, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000440), 0x12}, 0x5, &(0x7f0000000180), 0x5, 0xe}, 0x5}, 0x2, 0x100) (async)
setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) (async, rerun: 32)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (rerun: 32)

37.3166982s ago: executing program 0 (id=4559):
socket(0x2d, 0x2, 0x0)
sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x20048840}, 0x4000804)
r0 = timerfd_create$auto_CLOCK_BOOTTIME_ALARM(0x9, 0xffff8de3)
mmap$auto(0x1, 0x402000c, 0x1006, 0xeb1, r0, 0x8000)
r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x57e)
fcntl$auto_F_ADD_SEALS(r1, 0x410, 0x0)
creat$auto(&(0x7f00000002c0)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x01\x00\x00\x00\x00\x00\x00\x00\xaeR\x81\r_\x0e\x19\b\x85\bvv(e\xdax)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbH\xd3^aD\x87\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x1c\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e\x00\x00\x00\x00\x00\x00\x00\xf1p\xeb\xe9(%\x89\xef\x85\xdfr\xce\x00\x00\x00\x00\xff\x00\xa2M\'d\x12\x1c\x12\xca\xa5_\x8d\xdf\xc5\x8d\x19?\xfc~\xb3X\x14\xa7\xa9M\x87\xfcTW\x1bR\xbci\x8d\x8aNEO\xb3~~\xa8\xa6\x894\x80;s\xb7\xa3V\x1b\x14|\x9e\xd4\x05\x85\x0f!\xab-E\'\x97Y\xb7\xe8fMv_\xf8\xa0S\xef\xb7\b\xe7!T.g\x92\x87\t$\x06\xa4\xfb\x83\x8c\x17^\x82\xe7\xd3\xf6q\x1a\xa0\xf82[W\x90\xdd\xe3\xde\xa9\xde\x94`-\x9a\x1e}\xebO*\xb85,v.\xfc5\xba?vlt\xda%\x06a\x15I\x1f\xe3\x05+\x810T2\xf9\x9b\xc7\xd1<w\xd3:\x835\xac\r\x06\xc9\xc1HG\x1c\xd4J\x8aZ%+\xe6/~\xd6\xe1[+Z\xb1\x8d\xc5\x9b\xcfhb\'\x80\xeb7%>\t\x03\xf2\x8d\x8a\x90\xb54\bH<9\xf1\x91 D\x85g,\xaa\xca\xcd\xd5\xcb\x9a\xb1j\xf2F\xce\x14\x92\xf9\xd7\xec\xc5\x1e\x8aq2\xce\x881f\xd7\xd4\x9e\xf6\xb6P\x01\xe8T\xb5X\xb9d-I\xd6\x91\xc3\xe2\x88S\x82l=\x02t$p\t\x8cY\x06\r\x83\xb0\x86\xc6\x84\x1c\xce\xb6\xf0\xdfC\x9fj<\xfe\xa4\x1f\x82L\xe4\x13+H\x00\x00\x00\x00\x00\x00\x00\x01M\x16\xa0\xbeB6\xfb\xa2-\x17\x93Q\x9fKusl5\xa2$M\xb4\x18\x1db\xf3\xce\x8c\xe5Rna\xd5\xbbQ\xc7\xa7+\vH\xc1l\x1bIv\xe8_\x00', 0x7)
r2 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/dri/vkms/state\x00', 0x200, 0x0)
read$auto_drm_debugfs_entry_fops_drm_debugfs(r2, &(0x7f0000000080)=""/4096, 0x1000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/dynamic_debug/control\x00', 0x482, 0x0)
process_vm_readv$auto(0x0, 0x0, 0xfffffffffffffffb, &(0x7f0000000280)={0x0, 0x7}, 0x4, 0x9)
writev$auto(r3, &(0x7f0000000200)={&(0x7f0000000200), 0x1}, 0xb)
r4 = bpf$auto(0x16, 0xffffffffffffffff, 0x0)
r5 = syz_genetlink_get_family_id$auto_netdev(&(0x7f00000010c0), r4)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000840)={'wlan1\x00', <r8=>0x0})
sendmsg$auto_NL80211_CMD_DEL_PMK(r6, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="01002cbd7000fbdbdf259700000008000300", @ANYRES32=r8], 0x1c}, 0x1, 0x0, 0x0, 0x48880}, 0x80)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000001180)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0xa9ea19c5dd350174}, 0xc, &(0x7f0000001140)={&(0x7f0000001100)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="00032abd7000fcdbdf250100000008000100", @ANYRES32=r8, @ANYBLOB="88000100", @ANYRES32=0x0, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x840}, 0x20004011)
mmap$auto(0x0, 0x9, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r9 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC2\x00', 0x8100, 0x0)
ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r9, 0xc0045516, &(0x7f0000000040)=0x5)
io_uring_setup$auto(0xa, 0x0)
readv$auto(r3, &(0x7f0000000a80)={0x0, 0x7}, 0x1)
close_range$auto(0x2, 0xa, 0x0)
open(0x0, 0xa240, 0x15e)
open(0x0, 0x161342, 0x100)
close_range$auto(0x2, 0x8, 0x0)
lstat$auto(0x0, &(0x7f0000000180)={0x7, 0x48, 0x7fffffffffffffff, 0xfbc, 0x0, 0x0, 0x0, 0x6, 0x26, 0x8, 0x40005, 0x7fffffff, 0x0, 0x3, 0x5b71, 0x3, 0x1})

37.183759438s ago: executing program 0 (id=4561):
ioperm$auto(0xaf, 0xe, 0x991b) (async)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/irq.pressure\x00', 0x101102, 0x0) (async, rerun: 32)
mknodat$auto(0xffffffffffffff9c, 0x0, 0x40, 0x6) (rerun: 32)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async)
sysfs$auto(0x2, 0x5, 0x0) (async, rerun: 64)
close_range$auto(0x2, 0x8, 0x0) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10)
timerfd_create$auto(0x9, 0x0)
poll$auto(&(0x7f0000000d40)={0x3, 0x1, 0xa}, 0x5, 0x400) (async)
ioctl$auto(0x3, 0x40085400, 0x5) (async)
memfd_create$auto(0x0, 0x7) (async, rerun: 64)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async, rerun: 64)
mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) (async)
close_range$auto(0x2, 0xa, 0x0)
socket(0x10, 0x2, 0x6) (async)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) (async, rerun: 64)
read$auto(0x3, 0x0, 0x8080) (async, rerun: 64)
write$auto(0x3, 0x0, 0xffd8)
mount$auto(0x0, &(0x7f0000000080)='}[,&*}\x00', 0x0, 0x7ffffffe, 0x0) (async, rerun: 32)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async, rerun: 32)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
setresgid$auto(0xffffffffffffffff, 0x0, 0x7fffffffffffffff) (async)
ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, 0x0)
futex_wake$auto(&(0x7f0000000140), 0x8, 0x6, 0x6)

36.965115506s ago: executing program 0 (id=4563):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async)
mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async)
madvise$auto(0x0, 0xffffffffffff0005, 0x17) (async)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async)
r0 = openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, &(0x7f0000000080), 0x20540, 0x0)
ioctl$auto(r0, 0x40046103, 0x81) (async)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
setpgid$auto(0x0, 0x0)
r1 = io_uring_setup$auto(0x1, 0x0)
ioctl$auto_EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000000)={0x101, r1, 0xfff, 0xb551, 0x1, 0x7fff})
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64)
socket(0xa, 0x5, 0x0) (async)
getsockopt$auto(0x6, 0x40000000029, 0x1a, 0xfffffffffffffffe, 0x0)
r2 = socket(0xa, 0x801, 0x84)
getsockopt$auto(r2, 0x84, 0x0, 0x0, &(0x7f0000000280)=0x22a)

35.718680645s ago: executing program 0 (id=4569):
ioctl$auto_VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000000)={0x8, <r0=>0xffffffffffffffff})
r1 = ioctl$auto_TUNGETDEVNETNS(r0, 0x54e3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000080), r1)
sendmsg$auto_BATADV_CMD_GET_MESH(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x70, r3, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x6}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xfffffc01}, @BATADV_ATTR_BANDWIDTH_UP={0x8, 0x1b, 0x8001}, @BATADV_ATTR_FLAG_BEST={0x4}, @BATADV_ATTR_DAT_CACHE_HWADDRESS={0xa, 0x24, @remote}, @BATADV_ATTR_DAT_CACHE_VID={0x6, 0x25, 0x2}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x10001}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_MESH_IFNAME={0x14, 0x4, 'syzkaller1\x00'}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0xf}]}, 0x70}, 0x1, 0x0, 0x0, 0x8800}, 0x40041)
r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000200), r0)
sendmsg$auto_NL80211_CMD_LEAVE_IBSS(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x24, r4, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_VIF_RADIO_MASK={0x8, 0x14d, 0xfffffffb}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000400}, 0x20004010)
r5 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000340), r1)
sendmsg$auto_OVS_VPORT_CMD_DEL(r1, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x48, r5, 0x300, 0x70bd29, 0x25dfdbfb, {}, [@OVS_VPORT_ATTR_UPCALL_STATS={0x34, 0xa, 0x0, 0x1, [@typed={0x14, 0xfc, 0x0, 0x0, @ipv6=@private0={0xfc, 0x0, '\x00', 0x1}}, @nested={0x10, 0x31, 0x0, 0x1, [@typed={0x8, 0x19, 0x0, 0x0, @ipv4=@rand_addr=0x64010100}, @nested={0x4, 0x7e}]}, @typed={0xc, 0x115, 0x0, 0x0, @u64=0x7}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_GET_REG(r6, &(0x7f00000005c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000580)={&(0x7f00000004c0)={0xa8, r4, 0x2, 0x70bd2b, 0x25dfdbfb, {}, [@NL80211_ATTR_STA_SUPPORTED_CHANNELS={0x68, 0xbd, "855da8c1ef27e20ef83e2e2518b733072d960d7cb46692f129c99b8c6bb404f25b05bcefda8d3b4cec686f595b685cb547ce5f311424a7d8768db67522d13abfba3ff07ac59d7e53c9f393239e2c6d9410840acb5f2dbedcb02d1a417ace85ecc8f0be17"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "6a8d571ff341611a83367a7b89115ff8c12c5968d464755c"}, @NL80211_ATTR_VHT_CAPABILITY_MASK={0x10, 0xb0, "55fbcd5664d664eb1ff3bc77"}]}, 0xa8}, 0x1, 0x0, 0x0, 0x44010}, 0x8000)
mlockall$auto(0x7)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_SET_MPATH(r7, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x2c, 0x0, 0x1, 0x70bd28, 0x25dfdbff, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x7}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}, @NL80211_ATTR_WIPHY_FRAG_THRESHOLD={0x8, 0x3f, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x4)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_SET_FILS_AAD(r8, &(0x7f00000007c0)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x88010000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x24, r4, 0x100, 0x70bd2d, 0x25dfdbfd, {}, [@NL80211_ATTR_KEY_SEQ={0x4}, @NL80211_ATTR_DISABLE_HE={0x4}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x40004)
r9 = getpgrp(0x0)
prctl$auto(0xf91, 0xffffffffffffffff, r9, 0x40, 0x7fffffffffffffff)
clock_nanosleep$auto(0x9, 0x1, &(0x7f0000000800)={0x1, 0x500000000000}, &(0x7f0000000840)={0x1, 0x2})
r10 = openat$auto_transactions_fops_(0xffffffffffffff9c, &(0x7f0000000880), 0x400000, 0x0)
bpf$auto_BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f00000008c0)=@prog_bind_map={r10, r8}, 0x3ff)
r11 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/schedstat\x00', 0x2000, 0x0)
getsockopt$auto_SO_ERROR(r11, 0x7, 0x4, &(0x7f00000009c0)='\x00', &(0x7f0000000a00)=0x5)
ioctl$auto_SNDRV_PCM_IOCTL_READN_FRAMES(r1, 0x80184153, &(0x7f0000000ac0)={0x3, &(0x7f0000000a80)=&(0x7f0000000a40)="90904e752fe09a68f77f8347ad5253fa8270289f255c50be813bf441e5515261473ad2cffecd", 0xd48})
r12 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000b40), r1)
sendmsg$auto_CTRL_CMD_GETFAMILY(r0, &(0x7f0000000c40)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000c00)={&(0x7f0000000b80)={0x58, r12, 0x8, 0x70bd28, 0x25dfdbfb, {}, [@CTRL_ATTR_FAMILY_NAME={0x7, 0x2, '\'&\x00'}, @CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0x10}, @CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0x9}, @CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0xc}, @CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0x1}, @CTRL_ATTR_FAMILY_NAME={0xb, 0x2, 'batadv\x00'}, @CTRL_ATTR_FAMILY_NAME={0x7, 0x2, '@.\x00'}, @CTRL_ATTR_FAMILY_NAME={0x7, 0x2, '@$\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x40800}, 0x40000)
r13 = syz_genetlink_get_family_id$auto_vdpa(&(0x7f0000000cc0), r2)
sendmsg$auto_VDPA_CMD_DEV_NEW(r8, &(0x7f0000000dc0)={&(0x7f0000000c80)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000d80)={&(0x7f0000000d00)={0x74, r13, 0x200, 0x70bd29, 0x25dfdbff, {}, [@VDPA_ATTR_DEV_QUEUE_INDEX={0x8, 0x11, 0x8}, @VDPA_ATTR_DEV_NET_CFG_MAX_VQP={0x6, 0xc, 0x7}, @VDPA_ATTR_DEV_NET_CFG_MAX_VQP={0x6, 0xc, 0x81}, @VDPA_ATTR_DEV_NAME={0x14, 0x4, 'veth1_to_team\x00'}, @VDPA_ATTR_MGMTDEV_BUS_NAME={0x6, 0x1, '[\x00'}, @VDPA_ATTR_DEV_NET_CFG_MTU={0x6}, @VDPA_ATTR_DEV_NET_CFG_MAX_VQP={0x6, 0xc, 0x7fff}, @VDPA_ATTR_MGMTDEV_BUS_NAME={0x9, 0x1, '[+(}\x00'}, @VDPA_ATTR_DEV_QUEUE_INDEX={0x8, 0x11, 0x4}, @VDPA_ATTR_DEV_NET_CFG_MAX_VQP={0x6, 0xc, 0xffff}]}, 0x74}, 0x1, 0x0, 0x0, 0x4000004}, 0x48041)
socket(0x25, 0x2, 0x2)
io_uring_register$auto_IORING_REGISTER_FILES_UPDATE2(0xffffffffffffffff, 0xe, &(0x7f0000000e40)="9f0d28a0bf94da984bb766404ae77eef2a1e2752d69b01d13d4eecbce9b1e82ac9275718a6d905ff65ede4707c79a243fb734671d2583e42cc125c96a13dd51aa81979cbac", 0xb)

35.410462636s ago: executing program 0 (id=4573):
r0 = bpf$auto(0x1000, 0x0, 0x5)
r1 = openat$auto_generic(0xffffffffffffff9c, 0x0, 0x341100, 0x0)
close_range$auto(0x2, 0x8, 0x0)
unshare$auto(0x40000080)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
unshare$auto(0x1)
openat$auto_mon_fops_stat_usb_mon(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/usb/usbmon/38s\x00', 0x42003, 0x0)
close_range$auto(0x2, 0x8, 0x0)
write$auto(r2, 0x0, 0x100000a3d9)
socket(0x2b, 0x5, 0xfffffffd)
mmap$auto(0xfffffffffffffffe, 0x400008, 0xdf, 0x11, 0x2, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/input/event0\x00', 0x400, 0x0)
fcntl$auto_F_NOTIFY(r0, 0x402, 0x9000)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x121000, 0x0)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/mtd/mtd0/name\x00', 0x400, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r4, 0x0, 0x0)
ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0)
mremap$auto(0xfffffffffffffe01, 0x40000000100005, 0x843, 0x3, 0x2)
fsopen$auto(0x0, 0x1007)
madvise$auto(0x807, 0x5, 0x15)
ptrace$auto_PTRACE_PEEKSIGINFO(0x4209, 0x0, 0x8, 0x6)
setpriority$auto_PRIO_PGRP(0x1, 0x0, 0x1)
syz_genetlink_get_family_id$auto_ethtool(0x0, r1)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x182b02, 0x0)
unshare$auto(0x80)
mmap$auto(0x800, 0x80000000, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@ax25={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x4}, 0x8)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54)

20.238054776s ago: executing program 33 (id=4573):
r0 = bpf$auto(0x1000, 0x0, 0x5)
r1 = openat$auto_generic(0xffffffffffffff9c, 0x0, 0x341100, 0x0)
close_range$auto(0x2, 0x8, 0x0)
unshare$auto(0x40000080)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
unshare$auto(0x1)
openat$auto_mon_fops_stat_usb_mon(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/usb/usbmon/38s\x00', 0x42003, 0x0)
close_range$auto(0x2, 0x8, 0x0)
write$auto(r2, 0x0, 0x100000a3d9)
socket(0x2b, 0x5, 0xfffffffd)
mmap$auto(0xfffffffffffffffe, 0x400008, 0xdf, 0x11, 0x2, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/input/event0\x00', 0x400, 0x0)
fcntl$auto_F_NOTIFY(r0, 0x402, 0x9000)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x121000, 0x0)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/mtd/mtd0/name\x00', 0x400, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r4, 0x0, 0x0)
ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0)
mremap$auto(0xfffffffffffffe01, 0x40000000100005, 0x843, 0x3, 0x2)
fsopen$auto(0x0, 0x1007)
madvise$auto(0x807, 0x5, 0x15)
ptrace$auto_PTRACE_PEEKSIGINFO(0x4209, 0x0, 0x8, 0x6)
setpriority$auto_PRIO_PGRP(0x1, 0x0, 0x1)
syz_genetlink_get_family_id$auto_ethtool(0x0, r1)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x182b02, 0x0)
unshare$auto(0x80)
mmap$auto(0x800, 0x80000000, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@ax25={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x4}, 0x8)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54)

9.992667473s ago: executing program 5 (id=4668):
syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000002740), 0xffffffffffffffff)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x2003f2, 0x15)
ioctl$auto_BLKALIGNOFF(0xffffffffffffffff, 0x127a, 0x0)
madvise$auto(0x0, 0x1010001, 0x100000003)
madvise$auto(0x1000, 0x400050, 0x9)
openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/error_log\x00', 0xb01, 0x0)
r0 = clone$auto(0x6d8, 0xffe, 0x0, 0x0, 0x4000000a)
io_uring_setup$auto(0x1, 0x0)
futex$auto(&(0x7f0000000080)=0x1, 0xb, 0x1, 0x0, 0x0, 0xfffffffa)
futex$auto(&(0x7f0000000080)=0xfffffffa, 0xc, 0x1, 0x0, 0x0, 0xfffffffa)
futex$auto(0x0, 0x3, 0x8, 0x0, 0x0, 0x7ffffffe)
migrate_pages$auto(r0, 0x4, 0x0, 0x0)
socket(0xa, 0x1, 0x0)
recvfrom$auto(0x3, 0x0, 0x800000000e, 0xfffff4a4, 0x0, 0xfffffffffffffffd)
r1 = prctl$auto_SECCOMP_MODE_STRICT(0x9fb7, 0x1, r0, 0x8, 0x8000)
open_tree$auto(r1, &(0x7f0000000140)='./file0\x00', 0xfff)
shmctl$auto_IPC_INFO(0xfffffff8, 0x3, &(0x7f0000000400)={{0x3, 0xee00, 0xffffffffffffffff, 0x400, 0x101, 0x1, 0x8001}, 0x9, 0x9, 0x9, 0x5, @raw=0x2, @inferred=r0, 0x4, 0x0, &(0x7f0000000280)="2d37153d73b3a92a8713de1b1211c9a8219231a3693a0ad633a5d1e46384ef061a7e14453625bafdeb1a8e47304bf692ed948d1c8762d3ba048e5758ce110b0a72a1c3227c84dba91d0386fe6ccd0bf52bf83f0a722351e2f9191bfc3f64b04f11185752de2b48ed52", &(0x7f0000000340)="1085c0e3c37d126d17d1ed0f50890b4e70aa27d491ed7eb251a57af490a1333331b74d11b7a6056b2c874f24de6f504714f30271f798acbc650f20ed6766bb0b66302b415866f2880c8d76a99da91330e6a012b70889bcb896af00f66e32e02721b02191535eaef40c64480da9508c83d2f87b52906bde82073ddeef5d716a340f6cfad3c1413efa851446fd3228fcf245f1669d1649cae7f4cd9cfda3db2ddf"})
getpid()
sendmsg$auto_NL80211_CMD_SET_SAR_SPECS(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000980)={0x0, 0x7ba4}, 0x1, 0x0, 0x0, 0x20000080}, 0x20000000)
write$auto(0x1, 0x0, 0x80000000)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0xfff, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8000, 0x0)
io_uring_setup$auto(0x5, 0x0)
io_uring_register$auto(0x2, 0x1e, &(0x7f0000000180), 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)

9.264577965s ago: executing program 1 (id=4672):
mmap$auto(0x0, 0x20012, 0xdd, 0x20eb1, 0xffffffffffffffff, 0x8000)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sg1\x00', 0x141000, 0x0)
r0 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x109002, 0x0)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
write$auto(r1, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
writev$auto(r1, 0x0, 0x101)
r2 = openat$auto_fault_around_bytes_fops_(0xffffffffffffff9c, &(0x7f0000000240), 0x54de82, 0x0)
r3 = socket(0xa, 0x3, 0x5)
r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/kernel/perf_event_max_stack\x00', 0x143402, 0x0)
write$auto(r4, &(0x7f0000000000)='[-%\x00', 0x200000000000003)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000)
getpid()
bpf$auto_BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x800)
rename$auto(0x0, 0x0)
r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r5, 0x4b49, 0x9)
madvise$auto(0x2000, 0x20499d, 0x9)
sendmmsg$auto(r3, &(0x7f0000000180)={{&(0x7f0000000040), 0xb5, 0x0, 0x0, 0x0, 0x8, 0x80000000}, 0x5}, 0x1, 0x2)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
madvise$auto_MADV_GUARD_INSTALL(0x0, 0x100000000, 0x66)
prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0)
prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0)
sendfile$auto(r2, r2, 0x0, 0x7ffc)
r6 = openat$auto_cpu_latency_qos_fops_qos(0xffffffffffffff9c, &(0x7f0000006640), 0x2, 0x0)
r7 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000140), 0x40200, 0x0)
ioctl$auto_VHOST_SET_VRING_CALL(r7, 0x4008af21, &(0x7f0000000100)={0x8, r0})
pwrite64$auto(r6, 0x0, 0x0, 0x3)

8.768242084s ago: executing program 1 (id=4675):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_IPVS_CMD_SET_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="240000009d0dcb4bb756f7ed2d68310e4fb5fd15dc9a9d34dec012832a3c5b2aa0f21bdd551bf2b20df4958960de8949eb6c86fcad92c6df113e2aebdd3943f89dc8c7bff1736bff57d79c3927762dcce7b2d5ef064b35168e41a8d240b2f9c1902a3d66291a183313b793f8dc63ebdd89e9eea25eca29f9ca4d5bfc0baf407b11e524db702fee50cfa726518c8404553b6494a1602e80c5005efa6cb461372c298d44879f59cb1cbfafb7bc0b9be6d03008ae8c7da04806d97d3a0df2dbb7417247db650e9787ab8e2ca7e914", @ANYRES16=r1, @ANYBLOB="01002abd7000fbdbdf250c000000080005009be300000800040000000000"], 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
wait4$auto(0x0, 0x0, 0xf, &(0x7f0000000140)={{0x2599}, {0xffffffffffffffff, 0x1000000009}, 0x2, 0x800080000001, 0x1, 0x1000, 0x5, 0x7, 0x5, 0x5, 0xb11c, 0x8, 0xfffffffffffffffd, 0xfffffffffffffeff, 0xffff, 0x801c0000003})
r2 = socket(0x15, 0x5, 0x0)
getsockopt$auto(r2, 0x114, 0x271c, 0xfffffffffffffffc, 0x0)
sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES32=r0, @ANYBLOB="000826bd7000fedbdf250300000008000400b70a0000060007000080000008000200", @ANYRES32, @ANYRESOCT=r2], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket(0x10, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000003b40)={'veth0_to_hsr\x00', <r5=>0x0})
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYRES16=r5], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40001)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000)
sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
r6 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x49402, 0x0)
openat$auto_mgts_fops_(0xffffffffffffff9c, &(0x7f0000000100), 0x10080, 0x0)
read$auto(r6, 0x0, 0x9a28)
openat$auto_rfcomm_dlc_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x101201, 0x0)
close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
finit_module$auto(0x3, 0xfffffffffffffffe, 0x400000000004)
r7 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
r8 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages_mempolicy\x00', 0xa001, 0x0)
write$auto(r8, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
preadv$auto(0xffffffffffffffff, 0x0, 0x8, 0x6, 0x9f4b)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptye4\x00', 0x763100, 0x0)
writev$auto(r7, &(0x7f0000000200)={0x0, 0x7}, 0x3)
memfd_secret$auto(0x4)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty16\x00', 0x0, 0x0)

8.537181218s ago: executing program 1 (id=4676):
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0)
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0xd97f760c479e8c8e, 0x0)
pread64$auto(r0, 0x0, 0x3, 0x1000007ffe)
read$auto_lsm_ops_inode(r0, &(0x7f0000001a80)=""/4096, 0x1000)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/rose3/statistics/tx_packets\x00', 0x0, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000001100)=""/192, 0xc0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x109802, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r3 = socketcall$auto(0x4, 0x0)
r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r3)
ioctl$auto_KVM_GET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)={0x7, 0x0, [{0x40000108, 0x2, 0x6}]})

8.321506286s ago: executing program 1 (id=4677):
openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x40400, 0x48)
socketpair$auto(0x1, 0x8, 0x7, 0x0)
syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/input/event0\x00', 0x3496c2, 0x0)
socket(0xa, 0x5, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r1)
ioctl$auto_KVM_GET_MSRS(r0, 0x4140aecd, 0x0)

8.24954505s ago: executing program 5 (id=4679):
openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000009000), 0x101181, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f0000000240), r1) (async)
r2 = syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f0000000240), r1)
sendmsg$auto_NLBL_CIPSOV4_C_LIST(r1, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x9714bc159c570cc}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x24, r2, 0x8, 0x70bd28, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1000}]}, 0x24}, 0x1, 0x0, 0x0, 0x8180}, 0x48040)
sendmsg$auto_NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=ANY=[@ANYRES16=0x0, @ANYBLOB="20062abd7000fddbdf2502"], 0x9c}, 0x1, 0x0, 0x0, 0x1}, 0x80)
open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0)
ppoll$auto(0x0, 0x4007f, 0x0, &(0x7f00000001c0)={0x6}, 0x8) (async)
ppoll$auto(0x0, 0x4007f, 0x0, &(0x7f00000001c0)={0x6}, 0x8)
mount$auto(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='nfs\x00', 0x1, &(0x7f00000001c0))
statx$auto(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0xf13, 0x2, &(0x7f0000000080)={0x4, 0x7, 0x401, 0x7, 0xee00, 0xee00, 0x6, 0x5, 0xffffffff, 0x7, 0x7, 0x7fffffff, {0x3, 0x7fffffff}, {0x3, 0x7}, {0x87bd, 0x102}, {0x800, 0x6}, 0xfffffffa, 0x9, 0x2, 0x6, 0x401, 0x7, 0x800, 0x7, 0x3, 0x9, 0xd, 0x2, [0x7ec, 0x9, 0x7, 0xb, 0x461, 0x10, 0x8000, 0xfffffffffffffffa, 0x1000]}) (async)
statx$auto(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0xf13, 0x2, &(0x7f0000000080)={0x4, 0x7, 0x401, 0x7, <r3=>0xee00, 0xee00, 0x6, 0x5, 0xffffffff, 0x7, 0x7, 0x7fffffff, {0x3, 0x7fffffff}, {0x3, 0x7}, {0x87bd, 0x102}, {0x800, 0x6}, 0xfffffffa, 0x9, 0x2, 0x6, 0x401, 0x7, 0x800, 0x7, 0x3, 0x9, 0xd, 0x2, [0x7ec, 0x9, 0x7, 0xb, 0x461, 0x10, 0x8000, 0xfffffffffffffffa, 0x1000]})
sendmsg$auto_NLBL_CIPSOV4_C_REMOVE(r0, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x15c, r2, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MLSCAT={0x148, 0xb, 0x0, 0x1, [@nested={0x58, 0xfb, 0x0, 0x1, [@generic="04185f04130475e23fe64e65b409ed02", @typed={0x4, 0xdd}, @generic="ed2674bab844fd6141b67ac316ccf7176c8377e509453eba710fd3ed", @typed={0xf, 0x95, 0x0, 0x0, @str='/dev/nvram\x00'}, @typed={0xc, 0x3, 0x0, 0x0, @u64}, @typed={0x8, 0x10e, 0x0, 0x0, @uid=r3}]}, @generic="455d9149630134b10b3baf17144cd8735ea7e89425122c03e91b26bf741f8c6ce9eb487bd1e1bdf5f92e3cff156cd96152fc930e0f7d8f6b4724efbbb3f0b02a7f3ab9ed6909502d397a68575b7df6c1bffdaae3a07a709822b5ce2dc7cd4409a5afc9c0d1261957a9b5ba77bc54ac48633b5361d850a97688414c705fc7d755c320a0221caba0687a3e8cd40e6c02f53a318bc10b4170d6cf8124b226976005dd4ff86c7adf6ddafd50ddc8c2addfde1cea091b97d523071030c763d1dd", @generic="10a1cfae8de608ae2c749a16f096d5ec3cb8e9d71a93a26d9b2929908856ea5cc3ad", @typed={0xc, 0xda, 0x0, 0x0, @u64=0x4}]}]}, 0x15c}, 0x1, 0x0, 0x0, 0x40890}, 0x8000)

8.114477008s ago: executing program 1 (id=4680):
socket(0x2, 0x3, 0xa)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @loopback}, 0x54)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x62, 0x0)
mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x6ab82, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
kexec_load$auto(0x200000000007, 0x1, &(0x7f0000000040)={@kbuf=0x0, 0x2aaa, 0x6c0000c000, 0xc000}, 0x4)
openat$auto_tracing_saved_tgids_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/tracing/saved_tgids\x00', 0x109100, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x201, 0x0)
memfd_secret$auto(0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyz7\x00', 0x48f41, 0x0)
write$auto(0x3, 0x0, 0xfffffdef)
io_uring_setup$auto(0x6, 0x0)
ioperm$auto(0xfffffffffffffffe, 0x7fc, 0x9)
ioperm$auto(0x80, 0x1180, 0x0)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x3, 0x77)
socket(0xa, 0x1, 0x84)
socket(0x2, 0x5, 0x0)
bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x6a)
mmap$auto(0x0, 0x4020009, 0xdf, 0x400000000e31, 0xffffffffffffffff, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/transparent_hugepage/shmem_enabled\x00', 0xc8002, 0x0)

5.310224847s ago: executing program 1 (id=4693):
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
socket(0xa, 0x3, 0x3b) (async)
semctl$auto_SEM_STAT(0x0, 0x80000000, 0x12, 0x0) (async)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) (async)
r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async)
ioctl$auto_BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000500)={0x40a, 0x3, 0x3ac, 0x8, {0x1, 0x4, 0xb, 0x3, 0x9, 0x4, 0x9, 0x2, 0xe, 0xa5, 0x1, 0x4, 0x0, 0xf, 0xff}})
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async)
r1 = socket(0x2, 0x1, 0x0)
bpf$auto_BPF_OBJ_GET_INFO_BY_FD(0xf, &(0x7f00000002c0)=@test={<r2=>r1, 0x0, 0x856, 0x189, 0x8, 0x7fff, 0x7fff, 0x10000, 0xc91a, 0x7, 0x5, 0x3, 0x3, 0x3, 0x6}, 0x1) (async)
mmap$auto(0x0, 0xa00006, 0x400002, 0x40ebe, 0xffffffffffffffff, 0x300000000000)
io_uring_setup$auto(0x6, 0x0) (async)
close_range$auto(0x2, 0xa, 0x0) (async)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) (async)
sendmsg$auto_ETHTOOL_MSG_PSE_SET(0xffffffffffffffff, 0x0, 0x0) (async)
r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0)
write$auto(r3, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x38, r5, 0x1b, 0x70bd26, 0x25dfdbfe, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x8, 0x3, 0x0, 0x1, [@nested={0x4, 0x15}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f1779048590822ad9"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004040}, 0x4800)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) (async)
write$auto_proc_mem_operations_base(0xffffffffffffffff, &(0x7f0000001680)="a7", 0x80000) (async)
mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000040)=""/105, 0x69) (async)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0xa40, 0x0) (async)
mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async)
open(&(0x7f0000000100)='.\x00', 0x595082, 0x0)

4.914717172s ago: executing program 5 (id=4696):
mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) (async)
mmap$auto(0x1, 0x20009, 0xdf, 0xebf, 0x40000000000a5, 0x8000)
write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) (async)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) (async)
r0 = socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async)
io_uring_setup$auto(0x0, &(0x7f0000000180)={0x6, 0x18, 0xd64, 0x0, 0x6, 0x7, r0, [0x1, 0x401, 0x1000], {0x7, 0xd4, 0x1, 0x1007, 0x95, 0xf6c, 0x7fff, 0x5, 0x65f29f6d}, {0x3, 0x8, 0x10000, 0x0, 0x5, 0xfffeffff, 0x1000, 0x54f, 0x5}}) (async)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async)
close_range$auto(0x2, 0xa, 0x0) (async)
socket(0xa, 0x2, 0x0) (async)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0) (async)
socket(0x2, 0x80002, 0x73) (async)
socket(0xa, 0x1, 0x84) (async)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) (async)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) (async)
sendmsg$auto_ILA_CMD_GET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000900)=ANY=[@ANYBLOB="020000", @ANYBLOB="29f7"], 0x14}}, 0x24004814) (async)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async)
socket(0xa, 0x3, 0xff) (async)
write$auto_proc_mem_operations_base(0xffffffffffffffff, 0x0, 0x0)
syz_clone3(0x0, 0x0) (async)
madvise$auto(0x1ffff000, 0x7, 0x100000000) (async)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b71, 0x2, 0x8000)
syz_clone(0x308e000, 0x0, 0xfffffffffffffec1, 0x0, 0x0, 0x0)

4.364755342s ago: executing program 4 (id=4698):
mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x2, 0x1)
connect$auto(r0, &(0x7f00000000c0)=@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2f}}, 0x55)
r1 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/ksm_merging_pages\x00', 0x4800, 0x0)
read$auto_proc_single_file_operations_base(r1, &(0x7f0000000100)=""/199, 0xc7)
connect$auto(r0, &(0x7f0000000000)=@l2tp={0x2, 0x0, @multicast2, 0x1}, 0x7f)
r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xafefa9ff3f0e9676, 0x0)
ioctl$auto_SNDCTL_SEQ_THRESHOLD(r2, 0x4004510d, &(0x7f0000000240)="8c4f")
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nbd10/queue/max_segments\x00', 0x80980, 0x0)
sendfile$auto(0x1, r3, 0x0, 0x400007ffff000)
prctl$auto(0xcf9, 0x1, 0x4, 0x5, 0x800000000007)
fchmodat2$auto(0xffffffffffffff9c, 0x0, 0x9, 0x1000)
getresuid$auto(0x0, 0x0, 0x0)

4.036762106s ago: executing program 4 (id=4699):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x7, 0x800008000)
r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0)
mmap$auto(0x2000, 0x80009, 0xb, 0x8000000008011, r0, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x40009, 0x1ff, 0x9b72, 0x7, 0x28000)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty43\x00', 0x101401, 0x0)
ioctl$auto(r1, 0x540a, 0x0)
r2 = semctl$auto(0x201, 0xfffffffffffffffa, 0x3, 0x0)
r3 = syz_clone(0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs$namespace(r3, 0x0)
ioctl$auto_XFS_IOC_COMMIT_RANGE(0xffffffffffffffff, 0x40585883, &(0x7f00000000c0)={<r4=>r1, 0x0, 0xfffffffffffffffd, 0x3ff, 0xfffffffffffff352, 0x7, [0x2, 0x3, 0x9, 0x7fffffffffffffff, 0x7, 0xf]})
r5 = syz_open_procfs$namespace(r2, &(0x7f0000000180)='ns/net\x00')
r6 = setfsuid$auto(0xee00)
setresuid$auto(r6, 0x0, r6)
sendmsg$auto_NL80211_CMD_SET_SAR_SPECS(r4, &(0x7f0000001340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001300)={&(0x7f00000001c0)={0x1134, 0x0, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@NL80211_ATTR_HW_TIMESTAMP_ENABLED={0x4}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x1}, @NL80211_ATTR_NETNS_FD={0x8, 0xdb, r5}, @NL80211_ATTR_SCAN_FREQ_KHZ={0x1104, 0x124, 0x0, 0x1, [@nested={0x10ff, 0x67, 0x0, 0x1, [@typed={0x45, 0xd1, 0x0, 0x0, @binary="d2e19c7b80508cd3f87e6446faa32d48db61998aca939a294a0ea5189ac25660191ae575e727ff89c54bab89e89fa008457d7542645baf38ee633c89f304d0fcef"}, @generic="bbdac16d45be6d6d55d06a0a1034f818ef49412202c94b81f8feeb55aebb4d0f19aaf004842bb8f2ed6b05ff6cb0b6d8305e6ed8f6386743d153d75db7a31da3fb30207f1466f427185f8f8a666dc904dbf25d97b0366fe090dc9f51be9ed7478031377648789e40b8514c165ca20b44cf437625166876cd9a65d5a271a71c3b37ba30aab15ad7d75ad41c25da6c444924a2ab78aa04f89f1b1cfa4d9b498031e690139257e7189c9da38b", @generic="44e2298bf308cbab0fd4df276bcdaeba9036f45800d93d92eaee0259f5270f24ae77e50a7e88b4d4556c5c5f0d483a163dd8c1c77e61d6a4b2cc5dab2bf4d302c3149299da740e5d6b63a93a43075e559896cca2ecfb95f95e45827fd0185d1456e92aaf70c8f757ba86a8b633343fca9456f97fb487682e87944291b7aa9d4eb83eeb92cf9770d7242f942823af0351fd95985a32893f18ca4d4de41698524e3297ff29d57dcb41c6fc367d0005cb69b0af4a5f1b6d9c9765c3a91066c9e081c3d807f8c61d2052e0509f7daeb749c151c0266bd219a09b62072aed7f8ad4eace026a9349aeaea3d7fde7c87fda0a359c9419689e37e1051eac54f6803370b327a7285bb24a7e803554c7893679218cb3b15bc4ff4aacff30d4f50b531df32642e41bf3f2842a4a85ed9b8f2feee51e08b9275a926f56dd95e70f656b282db3037922dcfc0c2902211f32293a970a4d5566f0102bc632fc40c889d4f89050680810e5014ce6a5aeaf9f17631b4c99ada12ae2a913b6c39b8402610a50bdffd264bea00725cc212a84e7ad5c772d92c54e4103363d587f0f782d75129d66145e003583fb97bb7d43e9c63c5174b7aabdfaee71c0961a3b38ae1bcca0881039c4829ff98c821e36e7195ec2956615852e90dc82f7fc4a48d844cdbba57d1a67ff9a811e9444c85107de335b024a362df28dca328a125e15a3cbef5c7752e547d339778776ff4e6e51e6ae88f4473ed147fba7d860d2fbc21cc1eda6149f931c2cd083f4d1ea16b322cdca39cbaec5c50f617a9e4b9ea3df0221dfc2b7b4095b2a682c5cd3d33d744e7cb0030ab30772ade4ea0a356f53f3429fbec3bdd20ea34e2f7ff1e418f77142d01feff5a1a74be19ffd69e6da8979909db1f90d8b2b70472486346031c88b1907e0626e528bd43caa25861e69fb71d4f6e292d8514b2f56dae1dbdeaa4bb6eb732267b81afcbbacf4cdd870f72db4db896b450d69d1cb01a6249de2898e71f5be57d2ffd5c7dace1a7c1fae13ea4cbe7b5bef793f04633d6c7c6e528e6c226d08d9f5de54806c649433dc501d83e11c552b18719a9d8560898df30707dd9fdb9f016d5d7c1d4ff88283d7a2e39ce6d4158fbfefbd28bf941f02a09e7df24da26c606b54cbe9556decf6efc6eb8ab2152af8b8b95582af9411cc0de8fa4c47b6ff08a74191be3ff8bf8194fa0bb44292fbd1a7833e23ba99540d45bc80edd328966648f937f39b57ff8b43f12ec4f6a217c52b431394ce8ec5baf05b6a05d4fe7d394028fb704a79014ce1c7cf87a620001746ce967f3ed8b6cd02822a92fe92f4290bcc6f5c9885bccaf107a4dd47f6b3fcf65f496b64c4bcdace25579cdc647ba0cf6159027f6c2b88ceb1994d29f5f8206223bdd49a3f8dba84447a3515d1a529b867a7d2c9b17f70b2abaa0e7c9b9a7dec934569df6d9a182f740c9ac7cae3917d8c28455a7f4efb4d892242164ef66ba2f56eb6e1d1987c105ac01a84ff32d724250542575070a2fa9ce9c5cb92702706e96f33e9efef0b8a338e3c92914986fa03f083753d5e44561f460fef12a65c80fa27d992787046f894487906284184c5eec10f6bb6412d6d17b8430a94163c7be88d53206bdaf45c2d08e2e7c46d5091d908d8a4300864068eff4907f5dd3ff0f532579bb3a65d20b40443d623d10322fad5082d22c2c00371d51ed49d50b7e6dddb13abc804aeae0afe16201816a3f19707944c03c126c0a9aed02c791674ad5a8dca4aa4f360e9ff79246631d65a8eb4ae9111446513d9ed3fec090cb3370109b2d628a4925b4e5df760f9efbd0236068f0115d43b728827a1c0765036289fe65df34701a4ebddd7179338d5a6c96b77bc4985fb4db72a23450dd8005a225164296880c3ccdff489090c33d36c65065b6adc987d23cb5ca8b66f59e7bc61f794a075e3ffca514c5efde6eb8f1313b9fd1776d215fc48e9dc312e4d1bb80074831781a48bb8e1ccea0a06e676f5829047d1e2c00d61caba47b8baf712bc250ae75cb86cb5fc164c01db460007fe858182b471505a353b572b6947d6d2f47887601d90a2812f087d835ea9466b0399b11ed1766aab5348a0ddcef5b837dd41e6042bd52312beb2822aae82ceaab3579ca9cbd7444bf1d428b887204566481d282533ec69c712679503803e7efd35bf0471654b5ce56e8462f33b3f57acecb3627f71f3c5d2ae0a97e0c37d25f1f1058af8e9dd60738a729d7724418930f508ec294b578812b6d1fca5595adf7e29128af837f31aff347f8b9e9786a8cd5058f94bc44a493396523f68427e3a3c7939ed1fdafbf532fb18db6ea11334e2fbb50827b3f9486a910ca2aaf6b52d80f3dc2679c66ed1152db37eb6b0d598569efb6b007bbbd2af18ecfd48844b4b4098b729fa6ad1f5cbfa53359211cb59a6637e7fa95c47eac0a12dcf9fa46f6f1756ba6649708846e3af9c1f35c7693e5ca87f813e71f1e2449fb076a8bfb6ba25876f1aefddd0052b76c4418174b678abeaa34ccf01668beaa811882cfc5e43166a6b17fe2e600f2c8715d86b2155dbcfb51c9de084111361931d8e61095b576d4fde4b6914bef787f86fb446b0f0f73b659f6018c3348153d37372179b8b72608a83bc9bbb5c9ced258fbe3c91626793b62a1c3ccf5f97ad5a82dd82ff907665d0865f884cd91f85a61f79e129b9cf716518204b1321fc991dd8eff202d9e8dbab662dc57038f59522bc30e7b7cfb588a3444150e247329ef4213c87c2e3a805bca556d5dc1438f57b7594b4b8dd3208a2904cca6f4ed1c01c47b13378fc5a6dba1c7b961f2e5ce7088a0901cef28b2718cb3e7dca1413ffc47b87293bade033de39c6532131fe430f59f82e63b7c9774b925676a74a860141c2c51cc874bd76306b26014051c1c026003cf173d230378ff1cb358ed0e23f340499371468c0df68673a6e57eebc67a933fb5d57c29235ae36e2773e37d0b5397a9962c97e9aaa9202492bf0077f7228fb2bf937e0f1bb7eb3a9f0872524ae54bb933f7a0f609d52ba9c82882b450631bd7518c2563d62193206d17c12abcd903eff3d5e4eaac077f0110a287494860cbb5014338c09dee39890781cf94bab661e618942974dde9b2d3d7844fd46661d7fc0d30e6bb1f85db5f01b202647cf48baded732f319ac428fb026c56480ccd8f7b65246adde5523c3442f906799eef4ab3400b6fc737e043f4405ec9c2941b2423137ffd4037e2f4a39420ef3e117300ca27c7aaef8622e748cc0489d1580547755d7e7211b20f4b01483482b1262edf69fe161e3ea87f2f63b3bbdd4b391dc543a60a052c5685eeaa5ac5f39335b171fdcbb1412e81aa4c825c0474363477a7afb0d19422a854edfd14a917bf22883b12827587af75c2695b1d7519751acc32c26b59455df16baef9a20939b8cd924c01f7f731ac38d40649b1a8f7499a33d4485af2e568a1060d708d43eaac768f97ed2eb9fa6ed9462a0334bd5b8e6703b255af2eca92a0409b76a0cd8dcaaa1e9fa02c06384d0817fbc3d3df43fabedeec19b079002647ec463dbc347c2fe9ea5c8eab82c2f898abc5089b56885fdbbaa2492eccf6b8416c34590274c1e3a1d63eecaf41aa7d9bf238620155647e95c8cc4c05a5aacb79af37b3ffb0f195d32c706aaced3428fd63d704634b2a5121becf7f76ed3ec0b025231740650d1d3780d637e750d8086a4a1253dc7dd5e7c42b40f4e3f72dd8933acfb3fcc0acd45a4094097c482d6b85bf075e0129b523b1828c0a39cfa89b2864ef2ca40a733d686b05d633b1e5534477df45ef10f4f03360d201d7741054f72c323dbd9526029d21ed6a74e2ec8011c12a902f8dcbe1df064257809cc91616b480b91bb70f9673a2ccf64d4024d467dbea53af2381de2dc5e5e12c417a1e6e9b4858dba4fa00d3c2ceefffa563ac2dc6ed56e0437dc480a59f5dc1e45350d6d224cc8a6aeb33164da0baed5831d49204400bed4249284589d23c2d85fcca0377514a1403b9d1631166b9bf34e7458f92aa3a104608fe536297d59f17cb297b299829fd79c4b9406c620f7ad6a476b0f42973660a2791386ba3e9a7d4a11ffb6eedb674cbabe75ad4e568cc8ee6b40b8a838bc876a204d991c5f177fe69ef7ad0b05f9293daeb5290fc8a10480e410a47c892e88145bc5b2daebbd048ee3bd933123a0bd2a42aa1a55e9db31892920f43ae9e4221db5a7a44d1ae4c091584d50fbe4f39473cfe6a1a18c4dd184c4ed8800f9e2e252c1a52b675384f92ae163006d59c6ce8ec4f6079c7ede86dfdb2e274e4f9f1d2ee9434a80b19d2d51e04a23b377aaacaeff4442892be17bc432ca6f0d55979e5f94236d8934fe9a7eae2153d8ae0d96b0ce336d539fe4265d304d1ff3b352967fe78b05f2b2722bf5b3f31d5c0566e9c65e2d8afe14368521053c53022337085c99073e2b590dc718ef5e2f55d2be837edd9776758533b52524d1233c0ef0bd94a31b02710fb1e675a5053334e734cba0c75215a0c72debc17574351e5239abcf50c9a120063675f18be763d6f08f7e5ae8d3d2165861cb8515875fb86fea7e1ba7855f2aa4284e0f135dccef79b6efef625ab1e4e5de679749b43ec5dcf68fe7afe80e614429475a364a3b7acb3a8a1629475688cb8ea24e5e29e0f5cb4bd51d91fa0327baf51f8c2e4df24b2a29f27d58bb62212700cbf553fd5dccb56f866bccefa8680235ad0c269d127b9e100798c6cf503cee0901e7c52ce0f812a145b493ab92cc6664fbc7431a01a4816da1368c23b7f3f1adc966b88f62f2cb0a9ec60f698680db337cbb2f725f9fcbc9e5bb8efde14ad92e91e5620fa22f14a7e21503353499375e9282c55b4638de4f2c5baad4326d0d03005bce9f30d6d5ec945a86fe7c93f9b9a99e59270eb7be29d6f763578fc218b3a0bc5d9b29fa0c5031f76d6f8e11b1d6abdc84cb753a1fbca53d9155d4b6b66d17b94fcc0505ab01200f3dfc7710fc64c4058ff7bf44bf06343d9cd8f7d60249a92c6adbc7c4a8544ee5dbdc224246cf1d860cf15b0496897618c8ab50ed03eb7f49ac2387db2f4c46a725fc097c06e8912443a3f941c04ae355516d9135b5d3b972faae9e0c5d8063c93ef137a3c0e833e24bc69a39bee02f0aaa9b4810aaec43d6f66b6851449e9c8a7ad7a469911effaab1db42d99c77b89e0a51f2b26157f8ae859e80b43769297adefb87164874ad3f07b5e7513dab57b1497189d37e5dbbc3cfe44ef98a74ce13e6b0c7e5e039f8b34eecfc353dbfb3f38811fd91ca7fdaafdaac2931efc6866ffea183e9cfe0cc901a8cf1fcb88fcf0f8ee3e4134467fbcfaea808842bdd50495893c6e4689de3bcbf8300ed3977a1e862539c3e3ee7263979c415117d6ad684073df9fd0d773a3413cdb1b85327af37b8aef27ba31154320d6caacbee15a51e9d28d6f51551fb93a6791301911e3ca802d6e1ee5a6d80dbd88269d6374f31923d60ced55efd2defbd35296946e8978c11957a02326336920c2bbc668594fec005aec30206ca787223e8b6927a361bf446dcf8cc695d1452a70fa8f84923e3848eb3baf5e80f641e4b97191ec53f02ef4a2f37761f495c736ce8aefaf3835feb5cdc3eef387925ffddd189d0672cab5b379ea4b992a99fb142b0dec740dc85c25c0f91d8c4463a0922394cf5fbd581146de0ec5d1860c52fa0bdbc05a39aa5d345c37d1b72d7e9c02bf4e0e6d35738fb1e8b01d3e768f8b15cef5ad6d9ced128e6dfe696f8e8857f60887cd43b546239dc96ff", @typed={0x8, 0x6, 0x0, 0x0, @uid=r6}]}]}, @NL80211_ATTR_CIPHER_SUITE_GROUP={0x8, 0x4a, 0x9}]}, 0x1134}, 0x1, 0x0, 0x0, 0x24000000}, 0xc4)
r7 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x4a083, 0x0)
ioctl$auto_BLKRRPART(r7, 0x125f, 0x0)
r8 = socket(0xa, 0x801, 0x84)
getsockopt$auto(r8, 0x84, 0x6f, 0x0, 0x0)
sysfs$auto(0x2, 0x44, 0x0)
add_key$auto_KEY_SPEC_USER_KEYRING(0x0, 0x0, 0x0, 0xfe, 0xfffffffffffffffc)
getpid()
unshare$auto(0x40000080)
r9 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/pci0000:00/0000:00:01.3/enable\x00', 0x20f01, 0x0)
write$auto(r9, &(0x7f0000000040)='0\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)

2.336247875s ago: executing program 5 (id=4702):
r0 = socket(0x10, 0x2, 0xc)
setresuid$auto(0x2, 0x7, 0x8080)
r1 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000000), r0)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/input/event1\x00', 0x34d802, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x109802, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r3)
ioctl$auto_KVM_GET_MSRS(r4, 0x4008ae89, &(0x7f00000000c0)={0xdd, 0x0, [{0x40000104, 0x400, 0x4}]})
ioctl$auto_KVM_GET_MSRS(r2, 0xc008ae88, &(0x7f0000000500)={0x7, 0x0, [{0x40000010, 0x2, 0x6}]})
sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x14, r1, 0x10, 0x70bd2c, 0x25dfdbfb, {0xa, 0x0, 0xa00}}, 0x14}}, 0x80)

2.285247981s ago: executing program 2 (id=4703):
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
r0 = socket(0x10, 0x2, 0x0)
syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff)
readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="19"], 0x1ac}, 0x1, 0x0, 0x0, 0xa00}, 0x40000)

2.018526783s ago: executing program 5 (id=4704):
mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = socket(0x29, 0x2, 0x0)
r1 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x1, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0)
ioctl$auto(r0, 0x891d, 0x24)
r2 = socket(0x29, 0x2, 0x0)
ioctl$auto(r2, 0x89f0, 0x24)

1.880778196s ago: executing program 2 (id=4705):
r0 = gettid()
r1 = getpid()
rt_tgsigqueueinfo$auto(r1, r0, 0xb, &(0x7f0000000400)={@siginfo_0_0={0x3, 0x3, 0x3, @_sigchld={0x0, 0x0, 0xceb, 0x8, 0x4}}})
mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = prctl$auto(0x3e, 0x1, 0x0, 0x80000001, 0xfffffffffffffef8)
syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder1\x00', 0x1, 0x0)
openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder1\x00', 0x1, 0x0)
r3 = socket(0x10, 0x2, 0x6)
socketpair$auto(0x5, 0x4, 0x6, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r4 = syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000100), r3)
sendmsg$auto_NFC_CMD_START_POLL(r2, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000340)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4eeb000a", @ANYRES16=r4, @ANYBLOB="080025bd7000fedbdf2506000000060011000300000043001900b308c7cf7971dbaf0b8f9ae8cbe40c2eafe418ed5bfcae4cfd3713b236d65d3452bc947ee12b43eacea7bc79b80f8242711177235bb2b89aad24ea85c75a2900e0001f008d6c3a900ea2f7603a6e99587e0bf33f9c42f799b2e229a04dde5c4d7338fdd1e77b094422b3e4fc3ea67ceeb084e8c5ad0f9ecc6db3411cb8b96f77ebdd4c1a7fa7c06f25bf8874758809846cbbd64b5c1b4b7048e461efc98001c4fcc94db091cc259e60b13dc29704b16644e82ebc1d3f53b76c274474e0ea65a2206c77b3fdff54f672a1f30cd8406592b83ddc0f84de1b3b2faf57447ec6a673dd8e666cc2126ef6bf74f92eee916a6903961c191f5cc3f77ca5b1e6580f9bdd5dc1c10aeba0f67d451f238bda5d30b105ab5e99913886af0a19c5a9663681da0800010009000000"], 0x148}, 0x1, 0x0, 0x0, 0x5005}, 0x43)
r5 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/ieee80211/phy1/aql_txq_limit\x00', 0x822, 0x0)
write$auto(r5, 0x0, 0x5)

1.30074307s ago: executing program 4 (id=4706):
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC1\x00', 0x42000, 0x0) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_TCP_METRICS_CMD_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYRESDEC=r0], 0x24}, 0x1, 0x0, 0x0, 0x14}, 0x0)
r1 = socket(0x1d, 0x2, 0x6)
setsockopt$auto(r1, 0x6a, 0x1, 0x0, 0xe) (async, rerun: 64)
r2 = socket(0x11, 0xa, 0x9) (rerun: 64)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snd/controlC0\x00', 0x880, 0x0) (async)
r3 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x8800, 0x0)
socket(0xa, 0x2, 0x0) (async, rerun: 32)
r4 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000001280)='/dev/sequencer2\x00', 0x0, 0x0) (async, rerun: 32)
close_range$auto(0x2, 0x8, 0x0) (async, rerun: 64)
r5 = socket(0x10, 0x2, 0x4) (rerun: 64)
close_range$auto(0x2, 0x8, 0x0) (async)
socket(0x10, 0x2, 0xc) (async)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[@ANYRES32=0x0, @ANYRES8=r2, @ANYRES8=r4, @ANYRES64=r3, @ANYRES32=r5, @ANYRESHEX=r0], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082)
write$auto(r5, &(0x7f0000000000)='-\x00', 0xfdef)
openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x101200, 0x0)
socket(0x11, 0xa, 0x9) (async)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
r6 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sg1\x00', 0x410400, 0x0)
close_range$auto(0x2, r6, 0x0)
r7 = socket(0x2, 0x3, 0x6)
lsm_list_modules$auto(0x0, 0x0, 0x0)
openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cec17\x00', 0x408001, 0x0) (async, rerun: 32)
close_range$auto(0x2, 0x8, 0x0) (rerun: 32)
open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) (async)
ioctl$sock_SIOCGIFINDEX(r7, 0x401c5820, 0x0)
link$auto(&(0x7f0000003240)='./file0\x00', 0x0)

1.165237074s ago: executing program 2 (id=4707):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0)
write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r1)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r3=>0x0})
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="2f212cbd7010ca705d845526cc0008000380", @ANYRES32=r3], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x8810)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/dummy_hcd.0/usb1/power/autosuspend_delay_ms\x00', 0x20461, 0x0)
write$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000000)='-7', 0xfffffc49) (async)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) (async)
r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/block/ram6/queue/minimum_io_size\x00', 0x0, 0x0)
read$auto(r5, 0x0, 0x20) (async)
write$auto(0x3, 0x0, 0xfdef) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
io_uring_setup$auto(0x59, 0x0) (async)
socket(0xa, 0x3, 0xff) (async)
socketpair$auto(0x3d, 0x5, 0xfffffffd, 0x0) (async)
r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0)
ioctl$auto_TIOCSTI2(r6, 0x5412, 0x0) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x8810)
syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000001140), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001b80), r8) (async)
r10 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/zswap/parameters/enabled\x00', 0x62, 0x0)
write$auto(r10, &(0x7f0000000440)='ON\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf0F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\xed\'\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0xb8c5) (async)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r8, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=r9, @ANYBLOB="0000000000000000df25040000001d6e59253a430b033ca5b607654bd2b3797487399b78c0109a6e6e3442926122eb1e07798e876958e68914b4dd236a35816ff0169fced9fa8a0f274dbd554cbad71cac03ed9a9a69856501e4039ab07ce7a4ddb4dd6b3b683577263743dc13f2317e7dfa"], 0x4b}, 0x1, 0x0, 0x0, 0x220000c1}, 0xc0) (async)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async)
madvise$auto(0x0, 0xfffffffffffeffff, 0x15) (async)
clone$auto(0x1, 0x8, 0x0, 0x0, 0x20000000009)

764.765285ms ago: executing program 2 (id=4708):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0xa, 0x0) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/ram1/queue/write_cache\x00', 0x82d42, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_fastopen_blackhole_timeout_sec\x00', 0x189302, 0x0) (async)
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_fastopen_blackhole_timeout_sec\x00', 0x189302, 0x0)
sendfile$auto(r0, r0, 0x0, 0x3)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0)
close_range$auto(0x2, 0xffffffffffffffff, 0x200)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0x10000000000402)
ioctl$auto(0x3, 0xae41, r1)
openat$auto_dfs_global_fops_debug(0xffffffffffffff9c, &(0x7f0000000380)='/sys/kernel/debug/ubifs/chk_fs\x00', 0x101000, 0x0) (async)
r3 = openat$auto_dfs_global_fops_debug(0xffffffffffffff9c, &(0x7f0000000380)='/sys/kernel/debug/ubifs/chk_fs\x00', 0x101000, 0x0)
read$auto_dfs_global_fops_debug(r3, 0x0, 0x0)
ioctl$auto_KVM_CREATE_VM(r1, 0x4138ae84, 0x0) (async)
ioctl$auto_KVM_CREATE_VM(r1, 0x4138ae84, 0x0)
close_range$auto(0x2, 0xa, 0x0)

680.583697ms ago: executing program 5 (id=4709):
close_range$auto(0x2, 0x8, 0x0) (async)
socket(0x10, 0x2, 0xc)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000f40)={'batadv0\x00', <r4=>0x0})
sendmsg$auto_BATADV_CMD_SET_MESH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x24, r2, 0x1, 0x70bd28, 0x25dfdbb9, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x44415}, 0x20000000)
ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) (async)
ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, 0x0)
mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) (async)
r5 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x100, 0x0)
ioctl$auto_dvb_demux_fops_dmxdev(r5, 0x800a6f2f, 0x0) (async)
vmsplice$auto(0xffffffffffffffff, 0x0, 0x2, 0x2) (async)
ioctl$auto_IOCTL_VM_SOCKETS_GET_LOCAL_CID(0xffffffffffffffff, 0x7b9, 0x0)
futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) (async)
r6 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0)
clock_gettime$auto(0x1, &(0x7f0000000000)={0x7f, 0x9}) (async)
r7 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x2, 0x0)
write$auto(r7, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) (async)
ioctl$auto_BLKPG2(r6, 0x1269, 0x0)

534.062026ms ago: executing program 4 (id=4710):
mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r0, 0x0, 0x20)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f00000001c0)={0x0, 0x7}, 0x3)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x48002, 0x0)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_GET_COALESCE(0xffffffffffffffff, 0x0, 0x44860)
openat$auto_msr_fops_msr(0xffffffffffffff9c, 0x0, 0x181f82, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2)

362.974023ms ago: executing program 2 (id=4711):
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010)
syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/net/vlan/config\x00', 0x0, 0x0)
readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="19"], 0x1ac}, 0x1, 0x0, 0x0, 0xa00}, 0x40000)

240.781763ms ago: executing program 4 (id=4712):
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio1\x00', 0x20342, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x410, 0x2, 0x8000)
write$auto(0x3, 0x0, 0x8007fffffff)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0)

622.756µs ago: executing program 2 (id=4713):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x1, 0x0)
mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x101)
r0 = io_uring_setup$auto(0x5, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
syz_genetlink_get_family_id$auto_ila(&(0x7f0000000580), r0)
socket(0x11, 0x80003, 0x300)
sendto$auto(0x3, 0x0, 0xfdef, 0x7, &(0x7f0000000440)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x4}}, 0x20)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket(0x1e, 0x1, 0x0) (async)
mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x101) (async)
io_uring_setup$auto(0x5, 0x0) (async)
madvise$auto(0x0, 0xffffffffffff0005, 0x17) (async)
madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async)
madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async)
syz_genetlink_get_family_id$auto_ila(&(0x7f0000000580), r0) (async)
socket(0x11, 0x80003, 0x300) (async)
sendto$auto(0x3, 0x0, 0xfdef, 0x7, &(0x7f0000000440)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x4}}, 0x20) (async)

0s ago: executing program 4 (id=4714):
mmap$auto(0x0, 0x400005, 0xe2, 0x9b72, 0x2, 0x8000)
mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000)
io_uring_register$auto_IORING_REGISTER_MEM_REGION(0xffffffffffffffff, 0x22, &(0x7f0000000000)="43039a12d7132eba0846eef84c7618c061b9981f809eaac4134fcc8537d637d2271af76eebf80820b0219cb30b25c7ca3d85c425147a602c3b148b82939d3a10182ca2e3dcbb6557806a0f18191f3c462d64c7dbd621f11cb81f80b8e61cb2e6ce4637fd1946352e6bda740fce5acf42c79935faa8641e03799f020a29c2c355da318dc6e7a44047a5260450807f0664f0a277f11900a077c45b3f10ab4aadf9b808f18a7d11ec58e09ad61273c63845139c1bece795c75a9feea685e7f239f21ad78576fa78cfbf35af68f1037d11b43406398bd88046", 0x1980)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2)

kernel console output (not intermixed with test programs):

ce_dirty_pages_ratelimited_flags+0x91/0x1170
[  794.771164][T19915]  ? lockdep_hardirqs_on+0x78/0x100
[  794.771186][T19915]  generic_perform_write+0x292/0xa40
[  794.771223][T19915]  ? __pfx_generic_perform_write+0x10/0x10
[  794.771256][T19915]  ? file_update_time_flags+0x373/0x500
[  794.771284][T19915]  ? __pfx_shmem_file_write_iter+0x10/0x10
[  794.771306][T19915]  shmem_file_write_iter+0x10e/0x140
[  794.771330][T19915]  __kernel_write_iter+0x2ac/0x920
[  794.771351][T19915]  ? __pfx___kernel_write_iter+0x10/0x10
[  794.771370][T19915]  ? __up_read+0x2c5/0x700
[  794.771401][T19915]  ? dump_user_range+0x73b/0xb50
[  794.771428][T19915]  dump_user_range+0x3f9/0xb50
[  794.771456][T19915]  ? __pfx_dump_user_range+0x10/0x10
[  794.771486][T19915]  ? __pfx_writenote+0x10/0x10
[  794.771516][T19915]  elf_core_dump+0x2d5f/0x3d10
[  794.771554][T19915]  ? __pfx_elf_core_dump+0x10/0x10
[  794.771577][T19915]  ? finish_task_switch.isra.0+0x200/0xb80
[  794.771602][T19915]  ? finish_task_switch.isra.0+0x205/0xb80
[  794.771625][T19915]  ? finish_task_switch.isra.0+0x205/0xb80
[  794.771648][T19915]  ? 0xffffffffff600000
[  794.771665][T19915]  ? __schedule+0x1000/0x6120
[  794.771680][T19915]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  794.771711][T19915]  ? lockdep_hardirqs_on+0x78/0x100
[  794.771764][T19915]  ? vfs_coredump+0x27bc/0x5570
[  794.771789][T19915]  vfs_coredump+0x27bc/0x5570
[  794.771822][T19915]  ? __pfx_vfs_coredump+0x10/0x10
[  794.771846][T19915]  ? __lock_acquire+0x4a5/0x2630
[  794.771880][T19915]  ? lock_acquire+0x1cf/0x380
[  794.771915][T19915]  ? is_bpf_text_address+0x8a/0x1a0
[  794.771946][T19915]  ? bpf_ksym_find+0x124/0x1c0
[  794.771975][T19915]  ? __kernel_text_address+0xd/0x30
[  794.772004][T19915]  ? unwind_get_return_address+0x59/0xa0
[  794.772026][T19915]  ? arch_stack_walk+0xa6/0xf0
[  794.772052][T19915]  ? __sigqueue_free+0xbe/0x2a0
[  794.772078][T19915]  ? stack_trace_save+0x8e/0xc0
[  794.772098][T19915]  ? __pfx_stack_trace_save+0x10/0x10
[  794.772125][T19915]  ? stack_depot_save_flags+0x27/0x9d0
[  794.772153][T19915]  ? __lock_acquire+0x4a5/0x2630
[  794.772215][T19915]  ? proc_coredump_connector+0x2d3/0x4f0
[  794.772246][T19915]  ? __pfx_proc_coredump_connector+0x10/0x10
[  794.772281][T19915]  ? rcu_is_watching+0x12/0xc0
[  794.772315][T19915]  get_signal+0x1f2a/0x21e0
[  794.772346][T19915]  ? __pfx_get_signal+0x10/0x10
[  794.772365][T19915]  ? __pfx_force_sig_fault+0x10/0x10
[  794.772392][T19915]  arch_do_signal_or_restart+0x91/0x770
[  794.772419][T19915]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  794.772451][T19915]  ? do_user_addr_fault+0x8d6/0x12f0
[  794.772475][T19915]  irqentry_exit+0x1f8/0x670
[  794.772497][T19915]  asm_exc_page_fault+0x26/0x30
[  794.772516][T19915] RIP: 0033:0x400fff
[  794.772537][T19915] Code: Unable to access opcode bytes at 0x400fd5.
[  794.772546][T19915] RSP: 002b:000000000000000a EFLAGS: 00010246
[  794.772562][T19915] RAX: 0000000000000000 RBX: 00007f473921c280 RCX: 00007f4738f9c819
[  794.772574][T19915] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46
[  794.772585][T19915] RBP: 00007f4739032c91 R08: 0000000000000002 R09: 0000000000000000
[  794.772596][T19915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  794.772607][T19915] R13: 00007f4739216218 R14: 00007f4739216180 R15: 00007ffdbfd11238
[  794.772631][T19915]  </TASK>
[  794.772640][T19915] memory: usage 307200kB, limit 307200kB, failcnt 26090
[  795.297485][T20092] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3211'.
[  795.392125][T19915] memory+swap: usage 432196kB, limit 9007199254740988kB, failcnt 0
[  795.416691][T19915] kmem: usage 4808kB, limit 9007199254740988kB, failcnt 0
[  795.452122][T19915] Memory cgroup stats for /syz2:
[  795.452374][T19915] cache 305864704
[  795.484816][T19915] rss 3784704
[  795.499345][T19915] rss_huge 0
[  795.508760][T19915] shmem 305864704
[  795.523544][T19915] mapped_file 0
[  795.545735][T19915] dirty 0
[  795.558903][T19915] writeback 0
[  795.565953][T19915] workingset_refault_anon 13896
[  795.590982][T20098] bridge0: port 4(gretap0) entered blocking state
[  795.597507][T19915] workingset_refault_file 6819
[  795.610931][T19915] swap 127995904
[  795.614508][T19915] swapcached 273104896
[  795.618571][T19915] pgpgin 822029
[  795.626402][T20098] bridge0: port 4(gretap0) entered disabled state
[  795.639709][T20098] gretap0: entered allmulticast mode
[  795.665864][T19915] pgpgout 762513
[  795.669448][T19915] pgfault 616090
[  795.695804][T20098] gretap0: entered promiscuous mode
[  795.710738][T19915] pgmajfault 945
[  795.714314][T19915] inactive_anon 166694912
[  795.718638][T19915] active_anon 142954496
[  795.725085][T20098] bridge0: port 4(gretap0) entered blocking state
[  795.731576][T20098] FAULT_INJECTION: forcing a failure.
[  795.731576][T20098] name failslab, interval 0, probability 0, space 0, times 0
[  795.744220][T20098] CPU: 0 UID: 0 PID: 20098 Comm: syz.3.3211 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  795.744250][T20098] Tainted: [L]=SOFTLOCKUP
[  795.744257][T20098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  795.744268][T20098] Call Trace:
[  795.744276][T20098]  <TASK>
[  795.744284][T20098]  dump_stack_lvl+0x100/0x190
[  795.744317][T20098]  should_fail_ex.cold+0x5/0xa
[  795.744346][T20098]  ? switchdev_deferred_enqueue+0x3e/0x2d0
[  795.744377][T20098]  should_failslab+0xc2/0x120
[  795.744399][T20098]  __kmalloc_noprof+0xe0/0x850
[  795.744434][T20098]  ? __pfx_switchdev_port_attr_set_deferred+0x10/0x10
[  795.744454][T20098]  switchdev_deferred_enqueue+0x3e/0x2d0
[  795.744486][T20098]  switchdev_port_attr_set+0xb5/0x100
[  795.744507][T20098]  __set_ageing_time+0xc2/0x140
[  795.744527][T20098]  ? __pfx___set_ageing_time+0x10/0x10
[  795.744551][T20098]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  795.744583][T20098]  br_init_port+0x18a/0x210
[  795.744604][T20098]  br_stp_enable_port+0x15/0x50
[  795.744624][T20098]  br_add_if+0x1781/0x1b40
[  795.744652][T20098]  ? veth_get_iflink+0x1e3/0x2c0
[  795.744687][T20098]  add_del_if+0x114/0x160
[  795.744705][T20098]  br_dev_siocdevprivate+0x8ac/0x1650
[  795.744724][T20098]  ? __lock_acquire+0x4a5/0x2630
[  795.744748][T20098]  ? __pfx_br_dev_siocdevprivate+0x10/0x10
[  795.744773][T20098]  ? do_raw_spin_lock+0x128/0x260
[  795.744805][T20098]  ? mark_held_locks+0x40/0x70
[  795.744832][T20098]  ? netdev_name_node_lookup+0x107/0x150
[  795.744859][T20098]  ? __mutex_lock+0x26a/0x1b90
[  795.744882][T20098]  dev_ifsioc+0xc1e/0x1e90
[  795.744912][T20098]  ? __pfx_dev_ifsioc+0x10/0x10
[  795.744938][T20098]  ? __pfx___mutex_lock+0x10/0x10
[  795.744966][T20098]  ? dev_load+0x8e/0x240
[  795.744991][T20098]  ? dev_load+0x8e/0x240
[  795.745025][T20098]  dev_ioctl+0x70e/0x1070
[  795.745056][T20098]  sock_ioctl+0x494/0x6b0
[  795.745083][T20098]  ? __pfx_sock_ioctl+0x10/0x10
[  795.745106][T20098]  ? hook_file_ioctl_common+0x146/0x410
[  795.745134][T20098]  ? __fget_files+0x21f/0x3d0
[  795.745157][T20098]  ? __pfx_sock_ioctl+0x10/0x10
[  795.745182][T20098]  __x64_sys_ioctl+0x18e/0x210
[  795.745212][T20098]  do_syscall_64+0x106/0xf80
[  795.745231][T20098]  ? clear_bhb_loop+0x40/0x90
[  795.745254][T20098]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  795.745273][T20098] RIP: 0033:0x7fa63e39c819
[  795.745290][T20098] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  795.745307][T20098] RSP: 002b:00007fa63f2a4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  795.745325][T20098] RAX: ffffffffffffffda RBX: 00007fa63e616090 RCX: 00007fa63e39c819
[  795.745337][T20098] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 000000000000000c
[  795.745355][T20098] RBP: 00007fa63e432c91 R08: 0000000000000000 R09: 0000000000000000
[  795.745366][T20098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  795.745377][T20098] R13: 00007fa63e616128 R14: 00007fa63e616090 R15: 00007ffed9dd4588
[  795.745400][T20098]  </TASK>
[  795.745410][T20098] gretap0: failed to offload ageing time
[  796.047795][T20098] bridge0: port 4(gretap0) entered forwarding state
[  796.064212][T19915] inactive_file 0
[  796.067881][T19915] active_file 0
[  796.071443][T19915] unevictable 0
[  796.075793][T19915] hierarchical_memory_limit 314572800
[  796.081259][T19915] hierarchical_memsw_limit 9223372036854771712
[  796.087460][T19915] total_cache 305864704
[  796.091712][T19915] total_rss 3784704
[  796.095525][T19915] total_rss_huge 0
[  796.099257][T19915] total_shmem 305864704
[  796.103898][T19915] total_mapped_file 0
[  796.107983][T19915] total_dirty 0
[  796.114378][T19915] total_writeback 0
[  796.118218][T19915] total_workingset_refault_anon 13896
[  796.130346][T19915] total_workingset_refault_file 6819
[  796.135682][T19915] total_swap 127995904
[  796.139750][T19915] total_swapcached 273104896
[  796.152374][T19915] total_pgpgin 822029
[  796.157808][T19915] total_pgpgout 762513
[  796.162132][T19915] total_pgfault 616090
[  796.166199][T19915] total_pgmajfault 945
[  796.179037][T19915] total_inactive_anon 166694912
[  796.184617][T19915] total_active_anon 142954496
[  796.189305][T19915] total_inactive_file 0
[  796.194178][T19915] total_active_file 0
[  796.198181][T19915] total_unevictable 0
[  796.202583][T19915] anon_cost 0
[  796.206002][T19915] file_cost 0
[  796.209298][T19915] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.2324,pid=16272,uid=0
[  796.227188][T19915] Memory cgroup out of memory: Killed process 16272 (syz.2.2324) total-vm:104600kB, anon-rss:1236kB, file-rss:20800kB, shmem-rss:0kB, UID:0 pgtables:108kB oom_score_adj:1000
[  796.274882][T19919] syz.2.3160 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  796.295445][T19919] CPU: 0 UID: 0 PID: 19919 Comm: syz.2.3160 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  796.295478][T19919] Tainted: [L]=SOFTLOCKUP
[  796.295485][T19919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  796.295496][T19919] Call Trace:
[  796.295502][T19919]  <TASK>
[  796.295510][T19919]  dump_stack_lvl+0x100/0x190
[  796.295550][T19919]  dump_header+0xfb/0x606
[  796.295573][T19919]  oom_kill_process.cold+0xd/0x330
[  796.295596][T19919]  out_of_memory+0x340/0x14f0
[  796.295630][T19919]  ? __pfx_out_of_memory+0x10/0x10
[  796.295666][T19919]  mem_cgroup_out_of_memory+0xc6/0x130
[  796.295696][T19919]  ? __pfx_mem_cgroup_out_of_memory+0x10/0x10
[  796.295723][T19919]  ? find_held_lock+0x2b/0x80
[  796.295746][T19919]  ? do_raw_spin_unlock+0x145/0x1e0
[  796.295776][T19919]  ? _raw_spin_unlock+0x28/0x50
[  796.295809][T19919]  try_charge_memcg+0x652/0xc90
[  796.295835][T19919]  ? __pfx_try_charge_memcg+0x10/0x10
[  796.295856][T19919]  ? find_held_lock+0x2b/0x80
[  796.295874][T19919]  ? rcu_read_unlock+0x17/0x60
[  796.295896][T19919]  ? rcu_read_unlock+0x17/0x60
[  796.295926][T19919]  charge_memcg+0xa6/0x280
[  796.295947][T19919]  __mem_cgroup_charge+0x2b/0x1e0
[  796.295973][T19919]  shmem_alloc_and_add_folio+0x451/0xd40
[  796.296010][T19919]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  796.296050][T19919]  ? shmem_allowable_huge_orders+0x2bd/0x400
[  796.296087][T19919]  shmem_get_folio_gfp+0x6ab/0x1900
[  796.296123][T19919]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  796.296156][T19919]  ? timestamp_truncate+0x22e/0x2f0
[  796.296181][T19919]  shmem_write_begin+0x1a4/0x420
[  796.296215][T19919]  ? __pfx_shmem_write_begin+0x10/0x10
[  796.296244][T19919]  ? rcu_is_watching+0x12/0xc0
[  796.296276][T19919]  ? balance_dirty_pages_ratelimited_flags+0x91/0x1170
[  796.296305][T19919]  generic_perform_write+0x292/0xa40
[  796.296341][T19919]  ? __pfx_generic_perform_write+0x10/0x10
[  796.296369][T19919]  ? __mark_inode_dirty+0x55c/0x1790
[  796.296400][T19919]  ? mnt_put_write_access_file+0x4e/0x100
[  796.296421][T19919]  ? file_update_time_flags+0x373/0x500
[  796.296449][T19919]  ? __pfx_shmem_file_write_iter+0x10/0x10
[  796.296470][T19919]  shmem_file_write_iter+0x10e/0x140
[  796.296494][T19919]  __kernel_write_iter+0x2ac/0x920
[  796.296517][T19919]  ? __pfx___kernel_write_iter+0x10/0x10
[  796.296536][T19919]  ? __up_read+0x2c5/0x700
[  796.296567][T19919]  ? dump_user_range+0x73b/0xb50
[  796.296595][T19919]  dump_user_range+0x3f9/0xb50
[  796.296622][T19919]  ? __pfx_dump_user_range+0x10/0x10
[  796.296653][T19919]  ? __pfx_writenote+0x10/0x10
[  796.296683][T19919]  elf_core_dump+0x2d5f/0x3d10
[  796.296720][T19919]  ? __pfx_elf_core_dump+0x10/0x10
[  796.296746][T19919]  ? trace_ignore_this_task+0xc3/0x100
[  796.296777][T19919]  ? event_filter_pid_sched_wakeup_probe_post+0x128/0x270
[  796.296802][T19919]  ? find_held_lock+0x2b/0x80
[  796.296821][T19919]  ? 0xffffffffff600000
[  796.296838][T19919]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  796.296869][T19919]  ? lockdep_hardirqs_on+0x78/0x100
[  796.296922][T19919]  ? vfs_coredump+0x27bc/0x5570
[  796.296943][T19919]  vfs_coredump+0x27bc/0x5570
[  796.296975][T19919]  ? __pfx_vfs_coredump+0x10/0x10
[  796.296998][T19919]  ? __lock_acquire+0x4a5/0x2630
[  796.297033][T19919]  ? lock_acquire+0x1cf/0x380
[  796.297073][T19919]  ? is_bpf_text_address+0x8a/0x1a0
[  796.297104][T19919]  ? bpf_ksym_find+0x124/0x1c0
[  796.297134][T19919]  ? __kernel_text_address+0xd/0x30
[  796.297162][T19919]  ? unwind_get_return_address+0x59/0xa0
[  796.297184][T19919]  ? arch_stack_walk+0xa6/0xf0
[  796.297211][T19919]  ? __sigqueue_free+0xbe/0x2a0
[  796.297236][T19919]  ? stack_trace_save+0x8e/0xc0
[  796.297256][T19919]  ? __pfx_stack_trace_save+0x10/0x10
[  796.297276][T19919]  ? stack_depot_save_flags+0x27/0x9d0
[  796.297304][T19919]  ? __lock_acquire+0x4a5/0x2630
[  796.297367][T19919]  ? proc_coredump_connector+0x2d3/0x4f0
[  796.297398][T19919]  ? __pfx_proc_coredump_connector+0x10/0x10
[  796.297434][T19919]  ? rcu_is_watching+0x12/0xc0
[  796.297467][T19919]  get_signal+0x1f2a/0x21e0
[  796.297497][T19919]  ? __pfx_get_signal+0x10/0x10
[  796.297518][T19919]  ? force_sig_fault+0xc3/0x100
[  796.297538][T19919]  ? __pfx_force_sig_fault+0x10/0x10
[  796.297561][T19919]  arch_do_signal_or_restart+0x91/0x770
[  796.297586][T19919]  ? notify_die+0xc7/0x1a0
[  796.297612][T19919]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  796.297643][T19919]  ? rcu_is_watching+0x12/0xc0
[  796.297672][T19919]  ? do_error_trap+0x20f/0x230
[  796.297696][T19919]  ? trace_hardirqs_off+0x70/0x190
[  796.297722][T19919]  irqentry_exit+0x1f8/0x670
[  796.297742][T19919]  ? handle_invalid_op+0x34/0x40
[  796.297769][T19919]  asm_exc_invalid_op+0x1a/0x20
[  796.297788][T19919] RIP: 0033:0x14
[  796.297801][T19919] Code: Unable to access opcode bytes at 0xffffffffffffffea.
[  796.297810][T19919] RSP: 002b:000000000000000a EFLAGS: 00010246
[  796.297825][T19919] RAX: 0000000000000000 RBX: 00007f4739216180 RCX: 00007f4738f9c819
[  796.297837][T19919] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46
[  796.297848][T19919] RBP: 00007f4739032c91 R08: 0000000000000002 R09: 0000000000000000
[  796.297859][T19919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  796.297870][T19919] R13: 00007f4739216218 R14: 00007f4739216180 R15: 00007ffdbfd11238
[  796.297894][T19919]  </TASK>
[  796.806567][T19919] memory: usage 307200kB, limit 307200kB, failcnt 26125
[  796.820928][T19919] memory+swap: usage 432004kB, limit 9007199254740988kB, failcnt 0
[  796.828855][T19919] kmem: usage 4640kB, limit 9007199254740988kB, failcnt 0
[  796.847966][T19919] Memory cgroup stats for /syz2:
[  796.848208][T19919] cache 305922048
[  796.864318][T19919] rss 3784704
[  796.867635][T19919] rss_huge 0
[  796.880198][T19919] shmem 305922048
[  796.890796][T19919] mapped_file 0
[  796.897488][T19919] dirty 0
[  796.910506][T19919] writeback 0
[  796.913819][T19919] workingset_refault_anon 13896
[  796.918665][T19919] workingset_refault_file 6819
[  796.929659][T19919] swap 127799296
[  796.934001][T19919] swapcached 273104896
[  796.938166][T19919] pgpgin 822043
[  796.943242][T19919] pgpgout 762513
[  796.946803][T19919] pgfault 616091
[  796.951101][T19919] pgmajfault 945
[  796.957503][T19919] inactive_anon 166694912
[  796.962247][T19919] active_anon 143011840
[  796.966704][T19919] inactive_file 0
[  796.971042][T19919] active_file 0
[  796.974610][T19919] unevictable 0
[  796.978121][T19919] hierarchical_memory_limit 314572800
[  796.983846][T19919] hierarchical_memsw_limit 9223372036854771712
[  796.990101][T19919] total_cache 305922048
[  796.996449][T19919] total_rss 3784704
[  797.000562][T19919] total_rss_huge 0
[  797.004440][T19919] total_shmem 305922048
[  797.008650][T19919] total_mapped_file 0
[  797.012997][T19919] total_dirty 0
[  797.071341][T19919] total_writeback 0
[  797.075216][T19919] total_workingset_refault_anon 13896
[  797.099354][T19919] total_workingset_refault_file 6819
[  797.196098][T19919] total_swap 127799296
[  797.221428][T19919] total_swapcached 273104896
[  797.377795][T19919] total_pgpgin 822043
[  797.409568][T19919] total_pgpgout 762513
[  797.469610][T19919] total_pgfault 616091
[  797.503141][T19919] total_pgmajfault 945
[  797.538963][T19919] total_inactive_anon 166694912
[  797.620381][T19919] total_active_anon 143011840
[  797.640058][T19919] total_inactive_file 0
[  797.715325][T19919] total_active_file 0
[  797.740507][T19919] total_unevictable 0
[  797.744527][T19919] anon_cost 0
[  797.747863][T19919] file_cost 0
[  797.821894][T19919] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.2440,pid=16774,uid=0
[  797.900837][T19919] Memory cgroup out of memory: Killed process 16774 (syz.2.2440) total-vm:164324kB, anon-rss:1232kB, file-rss:20800kB, shmem-rss:0kB, UID:0 pgtables:108kB oom_score_adj:1000
[  798.122053][T20134] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3221'.
[  798.283657][T20109] FAULT_INJECTION: forcing a failure.
[  798.283657][T20109] name failslab, interval 0, probability 0, space 0, times 0
[  798.356448][T20109] CPU: 0 UID: 0 PID: 20109 Comm: syz.3.3216 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  798.356482][T20109] Tainted: [L]=SOFTLOCKUP
[  798.356488][T20109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  798.356500][T20109] Call Trace:
[  798.356508][T20109]  <TASK>
[  798.356516][T20109]  dump_stack_lvl+0x100/0x190
[  798.356549][T20109]  should_fail_ex.cold+0x5/0xa
[  798.356572][T20109]  should_failslab+0xc2/0x120
[  798.356595][T20109]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  798.356625][T20109]  ? security_inode_alloc+0x3b/0x2c0
[  798.356647][T20109]  ? lockdep_init_map_type+0x5c/0x250
[  798.356677][T20109]  security_inode_alloc+0x3b/0x2c0
[  798.356700][T20109]  inode_init_always_gfp+0xced/0x1040
[  798.356724][T20109]  alloc_inode+0x8e/0x250
[  798.356750][T20109]  new_inode+0x22/0x1c0
[  798.356779][T20109]  shmem_get_inode+0x212/0x1040
[  798.356808][T20109]  ? __pfx_shmem_get_inode+0x10/0x10
[  798.356833][T20109]  ? rcu_is_watching+0x12/0xc0
[  798.356861][T20109]  ? percpu_counter_add_batch+0xb9/0x230
[  798.356893][T20109]  __shmem_file_setup+0x3ac/0x490
[  798.356921][T20109]  ? __pfx___shmem_file_setup+0x10/0x10
[  798.356954][T20109]  ? vm_area_alloc+0x1f/0x160
[  798.356984][T20109]  shmem_zero_setup+0x96/0x1b0
[  798.357003][T20109]  __mmap_region+0x21f6/0x2a50
[  798.357035][T20109]  ? update_cfs_rq_load_avg+0x51/0x550
[  798.357059][T20109]  ? __pfx___mmap_region+0x10/0x10
[  798.357101][T20109]  ? set_next_entity+0x11e/0x9c0
[  798.357132][T20109]  ? __lock_acquire+0x4a5/0x2630
[  798.357165][T20109]  ? lock_acquire+0x1cf/0x380
[  798.357189][T20109]  ? find_held_lock+0x2b/0x80
[  798.357224][T20109]  ? trace_sched_exit_tp+0x13a/0x180
[  798.357278][T20109]  ? rcu_is_watching+0x12/0xc0
[  798.357307][T20109]  ? cap_capable+0x107/0x460
[  798.357331][T20109]  mmap_region+0x180/0x3e0
[  798.357365][T20109]  do_mmap+0xc63/0x12f0
[  798.357392][T20109]  ? __pfx_do_mmap+0x10/0x10
[  798.357413][T20109]  ? __pfx_down_write_killable+0x10/0x10
[  798.357442][T20109]  vm_mmap_pgoff+0x29e/0x470
[  798.357468][T20109]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  798.357492][T20109]  ? do_futex+0x192/0x350
[  798.357517][T20109]  ? __pfx_do_futex+0x10/0x10
[  798.357547][T20109]  ksys_mmap_pgoff+0xe1/0x650
[  798.357568][T20109]  ? __x64_sys_futex+0x34f/0x4d0
[  798.357592][T20109]  ? __x64_sys_futex+0x358/0x4d0
[  798.357617][T20109]  ? __pfx_ksys_mmap_pgoff+0x10/0x10
[  798.357639][T20109]  ? xfd_validate_state+0x129/0x190
[  798.357671][T20109]  __x64_sys_mmap+0x125/0x190
[  798.357702][T20109]  do_syscall_64+0x106/0xf80
[  798.357721][T20109]  ? clear_bhb_loop+0x40/0x90
[  798.357744][T20109]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  798.357764][T20109] RIP: 0033:0x7fa63e39c819
[  798.357780][T20109] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  798.357798][T20109] RSP: 002b:00007fa63f2c5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  798.357817][T20109] RAX: ffffffffffffffda RBX: 00007fa63e615fa0 RCX: 00007fa63e39c819
[  798.357829][T20109] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000
[  798.357840][T20109] RBP: 00007fa63e432c91 R08: fffffffffffffffa R09: 0000000000008000
[  798.357851][T20109] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000
[  798.357862][T20109] R13: 00007fa63e616038 R14: 00007fa63e615fa0 R15: 00007ffed9dd4588
[  798.357885][T20109]  </TASK>
[  799.040429][T19905] syz.2.3160 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  799.177600][T19905] CPU: 0 UID: 0 PID: 19905 Comm: syz.2.3160 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  799.177634][T19905] Tainted: [L]=SOFTLOCKUP
[  799.177641][T19905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  799.177652][T19905] Call Trace:
[  799.177659][T19905]  <TASK>
[  799.177667][T19905]  dump_stack_lvl+0x100/0x190
[  799.177702][T19905]  dump_header+0xfb/0x606
[  799.177723][T19905]  oom_kill_process.cold+0xd/0x330
[  799.177746][T19905]  out_of_memory+0x340/0x14f0
[  799.177781][T19905]  ? __pfx_out_of_memory+0x10/0x10
[  799.177817][T19905]  mem_cgroup_out_of_memory+0xc6/0x130
[  799.177846][T19905]  ? __pfx_mem_cgroup_out_of_memory+0x10/0x10
[  799.177873][T19905]  ? find_held_lock+0x2b/0x80
[  799.177897][T19905]  ? do_raw_spin_unlock+0x145/0x1e0
[  799.177927][T19905]  ? _raw_spin_unlock+0x28/0x50
[  799.177959][T19905]  try_charge_memcg+0x652/0xc90
[  799.177986][T19905]  ? __pfx_try_charge_memcg+0x10/0x10
[  799.178015][T19905]  ? find_held_lock+0x2b/0x80
[  799.178033][T19905]  ? rcu_read_unlock+0x17/0x60
[  799.178055][T19905]  ? rcu_read_unlock+0x17/0x60
[  799.178084][T19905]  charge_memcg+0xa6/0x280
[  799.178106][T19905]  __mem_cgroup_charge+0x2b/0x1e0
[  799.178132][T19905]  shmem_alloc_and_add_folio+0x451/0xd40
[  799.178168][T19905]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  799.178201][T19905]  ? shmem_allowable_huge_orders+0x2bd/0x400
[  799.178237][T19905]  shmem_get_folio_gfp+0x6ab/0x1900
[  799.178279][T19905]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  799.178317][T19905]  shmem_write_begin+0x1a4/0x420
[  799.178350][T19905]  ? __pfx_shmem_write_begin+0x10/0x10
[  799.178383][T19905]  ? balance_dirty_pages_ratelimited_flags+0x91/0x1170
[  799.178406][T19905]  ? lockdep_hardirqs_on+0x78/0x100
[  799.178429][T19905]  generic_perform_write+0x292/0xa40
[  799.178465][T19905]  ? __pfx_generic_perform_write+0x10/0x10
[  799.178498][T19905]  ? file_update_time_flags+0x373/0x500
[  799.178526][T19905]  ? __pfx_shmem_file_write_iter+0x10/0x10
[  799.178548][T19905]  shmem_file_write_iter+0x10e/0x140
[  799.178571][T19905]  __kernel_write_iter+0x2ac/0x920
[  799.178593][T19905]  ? __pfx___kernel_write_iter+0x10/0x10
[  799.178612][T19905]  ? __up_read+0x2c5/0x700
[  799.178642][T19905]  ? dump_user_range+0x73b/0xb50
[  799.178670][T19905]  dump_user_range+0x3f9/0xb50
[  799.178697][T19905]  ? __pfx_dump_user_range+0x10/0x10
[  799.178727][T19905]  ? __pfx_writenote+0x10/0x10
[  799.178756][T19905]  elf_core_dump+0x2d5f/0x3d10
[  799.178794][T19905]  ? __pfx_elf_core_dump+0x10/0x10
[  799.178819][T19905]  ? trace_ignore_this_task+0xc3/0x100
[  799.178850][T19905]  ? event_filter_pid_sched_wakeup_probe_post+0x128/0x270
[  799.178874][T19905]  ? find_held_lock+0x2b/0x80
[  799.178894][T19905]  ? 0xffffffffff600000
[  799.178911][T19905]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  799.178942][T19905]  ? lockdep_hardirqs_on+0x78/0x100
[  799.178993][T19905]  ? vfs_coredump+0x27bc/0x5570
[  799.179020][T19905]  vfs_coredump+0x27bc/0x5570
[  799.179051][T19905]  ? __pfx_vfs_coredump+0x10/0x10
[  799.179075][T19905]  ? __lock_acquire+0x4a5/0x2630
[  799.179109][T19905]  ? lock_acquire+0x1cf/0x380
[  799.179143][T19905]  ? is_bpf_text_address+0x8a/0x1a0
[  799.179174][T19905]  ? bpf_ksym_find+0x124/0x1c0
[  799.179203][T19905]  ? __kernel_text_address+0xd/0x30
[  799.179232][T19905]  ? unwind_get_return_address+0x59/0xa0
[  799.179254][T19905]  ? arch_stack_walk+0xa6/0xf0
[  799.179280][T19905]  ? __sigqueue_free+0xbe/0x2a0
[  799.179306][T19905]  ? stack_trace_save+0x8e/0xc0
[  799.179326][T19905]  ? __pfx_stack_trace_save+0x10/0x10
[  799.179346][T19905]  ? stack_depot_save_flags+0x27/0x9d0
[  799.179374][T19905]  ? __lock_acquire+0x4a5/0x2630
[  799.179435][T19905]  ? proc_coredump_connector+0x2d3/0x4f0
[  799.179467][T19905]  ? __pfx_proc_coredump_connector+0x10/0x10
[  799.179502][T19905]  ? rcu_is_watching+0x12/0xc0
[  799.179536][T19905]  get_signal+0x1f2a/0x21e0
[  799.179567][T19905]  ? __pfx_get_signal+0x10/0x10
[  799.179586][T19905]  ? __pfx_force_sig_fault+0x10/0x10
[  799.179612][T19905]  arch_do_signal_or_restart+0x91/0x770
[  799.179639][T19905]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  799.179670][T19905]  ? do_user_addr_fault+0x8d6/0x12f0
[  799.179694][T19905]  irqentry_exit+0x1f8/0x670
[  799.179716][T19905]  asm_exc_page_fault+0x26/0x30
[  799.179735][T19905] RIP: 0033:0x400fff
[  799.179754][T19905] Code: Unable to access opcode bytes at 0x400fd5.
[  799.179762][T19905] RSP: 002b:000000000000000a EFLAGS: 00010246
[  799.179778][T19905] RAX: 0000000000000000 RBX: 00007f4739216180 RCX: 00007f4738f9c819
[  799.179790][T19905] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46
[  799.179801][T19905] RBP: 00007f4739032c91 R08: 0000000000000002 R09: 0000000000000000
[  799.179812][T19905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  799.179823][T19905] R13: 00007f4739216218 R14: 00007f4739216180 R15: 00007ffdbfd11238
[  799.179846][T19905]  </TASK>
[  799.179854][T19905] memory: usage 307044kB, limit 307200kB, failcnt 26346
[  800.089154][T20140] FAULT_INJECTION: forcing a failure.
[  800.089154][T20140] name failslab, interval 0, probability 0, space 0, times 0
[  800.139266][T20140] CPU: 0 UID: 0 PID: 20140 Comm: syz.3.3224 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  800.139304][T20140] Tainted: [L]=SOFTLOCKUP
[  800.139311][T20140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  800.139323][T20140] Call Trace:
[  800.139330][T20140]  <TASK>
[  800.139338][T20140]  dump_stack_lvl+0x100/0x190
[  800.139373][T20140]  should_fail_ex.cold+0x5/0xa
[  800.139397][T20140]  should_failslab+0xc2/0x120
[  800.139419][T20140]  __kmalloc_cache_noprof+0x7a/0x6f0
[  800.139447][T20140]  ? trace_pid_list_alloc+0x232/0x480
[  800.139482][T20140]  trace_pid_list_alloc+0x232/0x480
[  800.139515][T20140]  trace_pid_write+0x110/0x460
[  800.139547][T20140]  ? __pfx_trace_pid_write+0x10/0x10
[  800.139591][T20140]  event_pid_write.isra.0+0x1e4/0x800
[  800.139613][T20140]  ? __pfx_event_pid_write.isra.0+0x10/0x10
[  800.139640][T20140]  vfs_write+0x2aa/0x1070
[  800.139659][T20140]  ? __pfx_ftrace_event_npid_write+0x10/0x10
[  800.139681][T20140]  ? __pfx_vfs_write+0x10/0x10
[  800.139699][T20140]  ? __fget_files+0x215/0x3d0
[  800.139730][T20140]  ? __fget_files+0x21f/0x3d0
[  800.139755][T20140]  ksys_write+0x12a/0x250
[  800.139773][T20140]  ? __pfx_ksys_write+0x10/0x10
[  800.139799][T20140]  do_syscall_64+0x106/0xf80
[  800.139818][T20140]  ? clear_bhb_loop+0x40/0x90
[  800.139842][T20140]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  800.139862][T20140] RIP: 0033:0x7fa63e39c819
[  800.139877][T20140] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  800.139895][T20140] RSP: 002b:00007fa63f2c5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  800.139914][T20140] RAX: ffffffffffffffda RBX: 00007fa63e615fa0 RCX: 00007fa63e39c819
[  800.139926][T20140] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003
[  800.139937][T20140] RBP: 00007fa63e432c91 R08: 0000000000000000 R09: 0000000000000000
[  800.139948][T20140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  800.139958][T20140] R13: 00007fa63e616038 R14: 00007fa63e615fa0 R15: 00007ffed9dd4588
[  800.139982][T20140]  </TASK>
[  801.278640][T19905] memory+swap: usage 432000kB, limit 9007199254740988kB, failcnt 0
[  801.313971][T19905] kmem: usage 4380kB, limit 9007199254740988kB, failcnt 0
[  801.346597][T19905] Memory cgroup stats for /syz2:
[  801.346724][T19905] cache 308252672
[  801.386256][T19905] rss 1757184
[  801.399634][T19905] rss_huge 0
[  801.414310][T19905] shmem 308252672
[  801.433620][T19905] mapped_file 8192
[  801.454169][T19905] dirty 0
[  801.457150][T19905] writeback 0
[  801.491883][T19905] workingset_refault_anon 13919
[  801.520519][T19905] workingset_refault_file 6830
[  801.535745][T19905] swap 127795200
[  801.539327][T19905] swapcached 273399808
[  801.575144][T19905] pgpgin 822805
[  801.578657][T19905] pgpgout 763183
[  801.599666][T19905] pgfault 616447
[  801.630202][T19905] pgmajfault 952
[  801.649626][T19905] inactive_anon 145547264
[  801.656016][T19905] active_anon 164536320
[  801.674349][T19905] inactive_file 0
[  801.689733][T19905] active_file 0
[  801.716829][T19905] unevictable 0
[  801.725076][T19905] hierarchical_memory_limit 314572800
[  801.760437][T19905] hierarchical_memsw_limit 9223372036854771712
[  801.787768][T19905] total_cache 308252672
[  801.814844][T19905] total_rss 1757184
[  801.818684][T19905] total_rss_huge 0
[  801.867144][T19905] total_shmem 308252672
[  801.877473][T19905] total_mapped_file 8192
[  801.909149][T19905] total_dirty 0
[  801.926971][T19905] total_writeback 0
[  801.993742][T19905] total_workingset_refault_anon 13919
[  801.999189][T19905] total_workingset_refault_file 6830
[  802.061360][T19905] total_swap 127795200
[  802.065598][T19905] total_swapcached 273399808
[  802.070192][T19905] total_pgpgin 822805
[  802.131497][T19905] total_pgpgout 763183
[  802.135616][T19905] total_pgfault 616447
[  802.163099][T19905] total_pgmajfault 952
[  802.167244][T19905] total_inactive_anon 145547264
[  802.200135][T19905] total_active_anon 164536320
[  802.215464][T19905] total_inactive_file 0
[  802.234137][T19905] total_active_file 0
[  802.238187][T19905] total_unevictable 0
[  802.258212][T19905] anon_cost 0
[  802.268335][T19905] file_cost 0
[  802.279422][T19905] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.2537,pid=17313,uid=0
[  802.342825][T19905] Memory cgroup out of memory: Killed process 17313 (syz.2.2537) total-vm:164056kB, anon-rss:1228kB, file-rss:20480kB, shmem-rss:0kB, UID:0 pgtables:108kB oom_score_adj:1000
[  802.371846][T20179] FAULT_INJECTION: forcing a failure.
[  802.371846][T20179] name failslab, interval 0, probability 0, space 0, times 0
[  802.470700][T20179] CPU: 0 UID: 0 PID: 20179 Comm: syz.3.3229 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  802.470733][T20179] Tainted: [L]=SOFTLOCKUP
[  802.470740][T20179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  802.470751][T20179] Call Trace:
[  802.470757][T20179]  <TASK>
[  802.470765][T20179]  dump_stack_lvl+0x100/0x190
[  802.470798][T20179]  should_fail_ex.cold+0x5/0xa
[  802.470821][T20179]  should_failslab+0xc2/0x120
[  802.470844][T20179]  __kmalloc_cache_noprof+0x7a/0x6f0
[  802.470870][T20179]  ? trace_pid_list_alloc+0x2fe/0x480
[  802.470904][T20179]  trace_pid_list_alloc+0x2fe/0x480
[  802.470937][T20179]  trace_pid_write+0x110/0x460
[  802.470968][T20179]  ? __pfx_trace_pid_write+0x10/0x10
[  802.471018][T20179]  event_pid_write.isra.0+0x1e4/0x800
[  802.471040][T20179]  ? __pfx_event_pid_write.isra.0+0x10/0x10
[  802.471067][T20179]  vfs_write+0x2aa/0x1070
[  802.471088][T20179]  ? __pfx_ftrace_event_npid_write+0x10/0x10
[  802.471111][T20179]  ? __pfx_vfs_write+0x10/0x10
[  802.471129][T20179]  ? __fget_files+0x215/0x3d0
[  802.471154][T20179]  ? __fget_files+0x21f/0x3d0
[  802.471180][T20179]  ksys_write+0x12a/0x250
[  802.471198][T20179]  ? __pfx_ksys_write+0x10/0x10
[  802.471225][T20179]  do_syscall_64+0x106/0xf80
[  802.471244][T20179]  ? clear_bhb_loop+0x40/0x90
[  802.471266][T20179]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  802.471286][T20179] RIP: 0033:0x7fa63e39c819
[  802.471301][T20179] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  802.471318][T20179] RSP: 002b:00007fa63f2c5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  802.471337][T20179] RAX: ffffffffffffffda RBX: 00007fa63e615fa0 RCX: 00007fa63e39c819
[  802.471349][T20179] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003
[  802.471360][T20179] RBP: 00007fa63e432c91 R08: 0000000000000000 R09: 0000000000000000
[  802.471371][T20179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  802.471382][T20179] R13: 00007fa63e616038 R14: 00007fa63e615fa0 R15: 00007ffed9dd4588
[  802.471405][T20179]  </TASK>
[  803.565889][T19904] syz.2.3160 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  803.610182][T19904] CPU: 0 UID: 0 PID: 19904 Comm: syz.2.3160 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  803.610214][T19904] Tainted: [L]=SOFTLOCKUP
[  803.610221][T19904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  803.610232][T19904] Call Trace:
[  803.610245][T19904]  <TASK>
[  803.610252][T19904]  dump_stack_lvl+0x100/0x190
[  803.610287][T19904]  dump_header+0xfb/0x606
[  803.610316][T19904]  oom_kill_process.cold+0xd/0x330
[  803.610339][T19904]  out_of_memory+0x340/0x14f0
[  803.610373][T19904]  ? __pfx_out_of_memory+0x10/0x10
[  803.610409][T19904]  mem_cgroup_out_of_memory+0xc6/0x130
[  803.610438][T19904]  ? __pfx_mem_cgroup_out_of_memory+0x10/0x10
[  803.610465][T19904]  ? find_held_lock+0x2b/0x80
[  803.610489][T19904]  ? do_raw_spin_unlock+0x145/0x1e0
[  803.610519][T19904]  ? _raw_spin_unlock+0x28/0x50
[  803.610551][T19904]  try_charge_memcg+0x652/0xc90
[  803.610578][T19904]  ? __pfx_try_charge_memcg+0x10/0x10
[  803.610599][T19904]  ? find_held_lock+0x2b/0x80
[  803.610617][T19904]  ? rcu_read_unlock+0x17/0x60
[  803.610639][T19904]  ? rcu_read_unlock+0x17/0x60
[  803.610668][T19904]  charge_memcg+0xa6/0x280
[  803.610690][T19904]  __mem_cgroup_charge+0x2b/0x1e0
[  803.610716][T19904]  shmem_alloc_and_add_folio+0x451/0xd40
[  803.610753][T19904]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  803.610786][T19904]  ? shmem_allowable_huge_orders+0x2bd/0x400
[  803.610823][T19904]  shmem_get_folio_gfp+0x6ab/0x1900
[  803.610858][T19904]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  803.610896][T19904]  shmem_write_begin+0x1a4/0x420
[  803.610929][T19904]  ? __pfx_shmem_write_begin+0x10/0x10
[  803.610961][T19904]  ? balance_dirty_pages_ratelimited_flags+0x91/0x1170
[  803.610985][T19904]  ? lockdep_hardirqs_on+0x78/0x100
[  803.611008][T19904]  generic_perform_write+0x292/0xa40
[  803.611044][T19904]  ? __pfx_generic_perform_write+0x10/0x10
[  803.611077][T19904]  ? file_update_time_flags+0x373/0x500
[  803.611105][T19904]  ? __pfx_shmem_file_write_iter+0x10/0x10
[  803.611127][T19904]  shmem_file_write_iter+0x10e/0x140
[  803.611151][T19904]  __kernel_write_iter+0x2ac/0x920
[  803.611172][T19904]  ? __pfx___kernel_write_iter+0x10/0x10
[  803.611192][T19904]  ? __up_read+0x2c5/0x700
[  803.611223][T19904]  ? dump_user_range+0x73b/0xb50
[  803.611245][T19904]  ? copy_mc_enhanced_fast_string+0x6/0xf
[  803.611276][T19904]  dump_user_range+0x3f9/0xb50
[  803.611310][T19904]  ? __pfx_dump_user_range+0x10/0x10
[  803.611340][T19904]  ? __pfx_writenote+0x10/0x10
[  803.611370][T19904]  elf_core_dump+0x2d5f/0x3d10
[  803.611408][T19904]  ? __pfx_elf_core_dump+0x10/0x10
[  803.611434][T19904]  ? trace_ignore_this_task+0xc3/0x100
[  803.611464][T19904]  ? event_filter_pid_sched_wakeup_probe_post+0x128/0x270
[  803.611489][T19904]  ? find_held_lock+0x2b/0x80
[  803.611508][T19904]  ? 0xffffffffff600000
[  803.611525][T19904]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  803.611556][T19904]  ? lockdep_hardirqs_on+0x78/0x100
[  803.611609][T19904]  ? vfs_coredump+0x27bc/0x5570
[  803.611629][T19904]  vfs_coredump+0x27bc/0x5570
[  803.611661][T19904]  ? __pfx_vfs_coredump+0x10/0x10
[  803.611685][T19904]  ? __lock_acquire+0x4a5/0x2630
[  803.611719][T19904]  ? lock_acquire+0x1cf/0x380
[  803.611754][T19904]  ? is_bpf_text_address+0x8a/0x1a0
[  803.611784][T19904]  ? bpf_ksym_find+0x124/0x1c0
[  803.611814][T19904]  ? __kernel_text_address+0xd/0x30
[  803.611843][T19904]  ? unwind_get_return_address+0x59/0xa0
[  803.611864][T19904]  ? arch_stack_walk+0xa6/0xf0
[  803.611891][T19904]  ? __sigqueue_free+0xbe/0x2a0
[  803.611916][T19904]  ? stack_trace_save+0x8e/0xc0
[  803.611936][T19904]  ? __pfx_stack_trace_save+0x10/0x10
[  803.611956][T19904]  ? stack_depot_save_flags+0x27/0x9d0
[  803.611984][T19904]  ? __lock_acquire+0x4a5/0x2630
[  803.612046][T19904]  ? proc_coredump_connector+0x2d3/0x4f0
[  803.612077][T19904]  ? __pfx_proc_coredump_connector+0x10/0x10
[  803.612113][T19904]  ? rcu_is_watching+0x12/0xc0
[  803.612146][T19904]  get_signal+0x1f2a/0x21e0
[  803.612176][T19904]  ? __pfx_get_signal+0x10/0x10
[  803.612195][T19904]  ? __pfx_force_sig_fault+0x10/0x10
[  803.612222][T19904]  arch_do_signal_or_restart+0x91/0x770
[  803.612248][T19904]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  803.612279][T19904]  ? do_user_addr_fault+0x8d6/0x12f0
[  803.612309][T19904]  irqentry_exit+0x1f8/0x670
[  803.612332][T19904]  asm_exc_page_fault+0x26/0x30
[  803.612351][T19904] RIP: 0033:0x400fff
[  803.612369][T19904] Code: Unable to access opcode bytes at 0x400fd5.
[  803.612377][T19904] RSP: 002b:000000000000000a EFLAGS: 00010246
[  803.612392][T19904] RAX: 0000000000000000 RBX: 00007f4739216180 RCX: 00007f4738f9c819
[  803.612405][T19904] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46
[  803.612415][T19904] RBP: 00007f4739032c91 R08: 0000000000000002 R09: 0000000000000000
[  803.612427][T19904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  803.612437][T19904] R13: 00007f4739216218 R14: 00007f4739216180 R15: 00007ffdbfd11238
[  803.612462][T19904]  </TASK>
[  806.226922][T19904] memory: usage 307200kB, limit 307200kB, failcnt 26645
[  806.269558][T19904] memory+swap: usage 431752kB, limit 9007199254740988kB, failcnt 0
[  806.311869][T19904] kmem: usage 4128kB, limit 9007199254740988kB, failcnt 0
[  806.348552][T19904] Memory cgroup stats for /syz2:
[  806.348681][T19904] cache 308461568
[  806.393853][T19904] rss 1662976
[  806.416184][T19904] rss_huge 0
[  806.419435][T19904] shmem 308461568
[  806.443048][T19904] mapped_file 0
[  806.459477][T19904] dirty 0
[  806.472164][T19904] writeback 0
[  806.485641][T19904] workingset_refault_anon 13952
[  806.502313][T19904] workingset_refault_file 6830
[  806.519762][T19904] swap 127541248
[  806.532463][T19904] swapcached 273526784
[  806.546148][T19904] pgpgin 822903
[  806.558458][T19904] pgpgout 763221
[  806.569913][T19904] pgfault 616494
[  806.587601][T19904] pgmajfault 952
[  806.598299][T19904] inactive_anon 145657856
[  806.613712][T19904] active_anon 164667392
[  806.628336][T19904] inactive_file 0
[  806.642635][T19904] active_file 0
[  806.658548][T19904] unevictable 0
[  806.672365][T19904] hierarchical_memory_limit 314572800
[  806.692860][T19904] hierarchical_memsw_limit 9223372036854771712
[  806.728789][T19904] total_cache 308461568
[  806.752721][T19904] total_rss 1662976
[  806.756579][T19904] total_rss_huge 0
[  806.794923][T19904] total_shmem 308461568
[  806.799132][T19904] total_mapped_file 0
[  806.826205][T19904] total_dirty 0
[  806.847387][T19904] total_writeback 0
[  806.863206][T19904] total_workingset_refault_anon 13952
[  806.868706][T19904] total_workingset_refault_file 6830
[  806.913865][T19904] total_swap 127541248
[  806.932269][T19904] total_swapcached 273526784
[  806.950891][T19904] total_pgpgin 822903
[  806.970822][T19904] total_pgpgout 763221
[  806.992062][T19904] total_pgfault 616494
[  807.006582][T19904] total_pgmajfault 952
[  807.021159][T20235] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3242'.
[  807.050524][T19904] total_inactive_anon 145657856
[  807.055413][T19904] total_active_anon 164667392
[  807.060094][T19904] total_inactive_file 0
[  807.079988][T20235] HfR: entered promiscuous mode
[  807.094682][T19904] total_active_file 0
[  807.098706][T19904] total_unevictable 0
[  807.128345][T19904] anon_cost 0
[  807.148600][T19904] file_cost 0
[  807.167953][T19904] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.3160,pid=19922,uid=0
[  807.255471][T19904] Memory cgroup out of memory: Killed process 19922 (syz.2.3160) total-vm:103412kB, anon-rss:2752kB, file-rss:54860kB, shmem-rss:0kB, UID:0 pgtables:212kB oom_score_adj:0
[  808.114551][T20255] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3251'.
[  809.189493][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  809.199746][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  809.920876][   T32] oom_reaper: reaped process 19922 (syz.2.3160), now anon-rss:0kB, file-rss:16476kB, shmem-rss:0kB
[  811.034105][T19905] syz.2.3160 (19905) used greatest stack depth: 19672 bytes left
[  811.226191][T20297] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3263'.
[  811.260862][T20299] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3263'.
[  811.840389][T20297] mac80211_hwsim hwsim30 wlan1: entered promiscuous mode
[  811.889331][T20297] mac80211_hwsim hwsim30 wlan1: entered allmulticast mode
[  811.906769][T19906] syz.2.3160 (19906) used greatest stack depth: 19336 bytes left
[  812.490421][T19908] syz.2.3160 (19908) used greatest stack depth: 18920 bytes left
[  813.662853][T18382] Bluetooth: hci4: unexpected event 0x3e length: 726 > 260
[  813.662882][T18382] Bluetooth: hci4: unexpected subevent 0x06 length: 725 > 10
[  813.893723][T20324] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3271'.
[  815.228121][T20335] syz.3.3274(20335): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[  815.750168][T18382] Bluetooth: hci4: command 0x0406 tx timeout
[  818.602469][T20415] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3293'.
[  819.728285][T20438] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3301'.
[  820.484875][T20448] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3303'.
[  821.750584][T20465] FAULT_INJECTION: forcing a failure.
[  821.750584][T20465] name failslab, interval 0, probability 0, space 0, times 0
[  821.806636][T20465] CPU: 0 UID: 0 PID: 20465 Comm: syz.3.3308 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  821.806667][T20465] Tainted: [L]=SOFTLOCKUP
[  821.806674][T20465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  821.806686][T20465] Call Trace:
[  821.806692][T20465]  <TASK>
[  821.806700][T20465]  dump_stack_lvl+0x100/0x190
[  821.806734][T20465]  should_fail_ex.cold+0x5/0xa
[  821.806758][T20465]  should_failslab+0xc2/0x120
[  821.806780][T20465]  __kmalloc_cache_noprof+0x7a/0x6f0
[  821.806807][T20465]  ? trace_pid_list_alloc+0x2fe/0x480
[  821.806863][T20465]  trace_pid_list_alloc+0x2fe/0x480
[  821.806897][T20465]  trace_pid_write+0x110/0x460
[  821.806928][T20465]  ? __pfx_trace_pid_write+0x10/0x10
[  821.806978][T20465]  event_pid_write.isra.0+0x1e4/0x800
[  821.806999][T20465]  ? __pfx_event_pid_write.isra.0+0x10/0x10
[  821.807026][T20465]  vfs_write+0x2aa/0x1070
[  821.807046][T20465]  ? __pfx_ftrace_event_npid_write+0x10/0x10
[  821.807068][T20465]  ? __pfx_vfs_write+0x10/0x10
[  821.807086][T20465]  ? __fget_files+0x215/0x3d0
[  821.807110][T20465]  ? __fget_files+0x21f/0x3d0
[  821.807134][T20465]  ksys_write+0x12a/0x250
[  821.807153][T20465]  ? __pfx_ksys_write+0x10/0x10
[  821.807178][T20465]  do_syscall_64+0x106/0xf80
[  821.807197][T20465]  ? clear_bhb_loop+0x40/0x90
[  821.807219][T20465]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  821.807239][T20465] RIP: 0033:0x7fa63e39c819
[  821.807254][T20465] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  821.807271][T20465] RSP: 002b:00007fa63f2c5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  821.807290][T20465] RAX: ffffffffffffffda RBX: 00007fa63e615fa0 RCX: 00007fa63e39c819
[  821.807302][T20465] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003
[  821.807313][T20465] RBP: 00007fa63e432c91 R08: 0000000000000000 R09: 0000000000000000
[  821.807323][T20465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  821.807334][T20465] R13: 00007fa63e616038 R14: 00007fa63e615fa0 R15: 00007ffed9dd4588
[  821.807357][T20465]  </TASK>
[  823.938714][T20518] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  824.236381][T20524] NFSD: Failed to start, no listeners configured.
[  826.342490][T20556] : renamed from bond0 (while UP)
[  826.860097][T20570] FAULT_INJECTION: forcing a failure.
[  826.860097][T20570] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  826.990482][T20570] CPU: 0 UID: 0 PID: 20570 Comm: syz.3.3336 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  826.990514][T20570] Tainted: [L]=SOFTLOCKUP
[  826.990521][T20570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  826.990533][T20570] Call Trace:
[  826.990542][T20570]  <TASK>
[  826.990551][T20570]  dump_stack_lvl+0x100/0x190
[  826.990585][T20570]  should_fail_ex.cold+0x5/0xa
[  826.990605][T20570]  ? prepare_alloc_pages+0x16d/0x5f0
[  826.990630][T20570]  should_fail_alloc_page+0xeb/0x140
[  826.990654][T20570]  prepare_alloc_pages+0x1f0/0x5f0
[  826.990680][T20570]  __alloc_frozen_pages_noprof+0x19a/0x2ba0
[  826.990712][T20570]  ? stack_trace_save+0x8e/0xc0
[  826.990732][T20570]  ? __pfx_stack_trace_save+0x10/0x10
[  826.990752][T20570]  ? stack_depot_save_flags+0x27/0x9d0
[  826.990782][T20570]  ? kasan_save_stack+0x3f/0x50
[  826.990798][T20570]  ? kasan_save_stack+0x30/0x50
[  826.990814][T20570]  ? kasan_save_track+0x14/0x30
[  826.990831][T20570]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  826.990860][T20570]  ? __handle_mm_fault+0xa9e/0x2b60
[  826.990885][T20570]  ? handle_mm_fault+0x36d/0xa20
[  826.990917][T20570]  ? do_user_addr_fault+0x74c/0x12f0
[  826.990936][T20570]  ? asm_exc_page_fault+0x26/0x30
[  826.990954][T20570]  ? iovec_from_user+0xc1/0x140
[  826.990978][T20570]  ? process_vm_rw+0x1e5/0x2d0
[  826.990993][T20570]  ? __x64_sys_process_vm_readv+0xe2/0x1c0
[  826.991011][T20570]  ? do_syscall_64+0x106/0xf80
[  826.991030][T20570]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  826.991065][T20570]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  826.991087][T20570]  ? policy_nodemask+0xed/0x4f0
[  826.991109][T20570]  alloc_pages_mpol+0x1fb/0x550
[  826.991132][T20570]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  826.991159][T20570]  alloc_pages_noprof+0x136/0x390
[  826.991181][T20570]  pte_alloc_one+0x1c/0x3d0
[  826.991204][T20570]  do_fault+0x88e/0x18e0
[  826.991226][T20570]  ? __pmd_alloc+0x3fb/0x950
[  826.991251][T20570]  __handle_mm_fault+0x1815/0x2b60
[  826.991282][T20570]  ? mt_find+0x45e/0x8e0
[  826.991304][T20570]  ? __pfx___handle_mm_fault+0x10/0x10
[  826.991330][T20570]  ? __pfx_mt_find+0x10/0x10
[  826.991363][T20570]  ? find_vma+0xbf/0x140
[  826.991382][T20570]  ? __pfx_find_vma+0x10/0x10
[  826.991403][T20570]  handle_mm_fault+0x36d/0xa20
[  826.991434][T20570]  do_user_addr_fault+0x74c/0x12f0
[  826.991459][T20570]  exc_page_fault+0x6f/0xd0
[  826.991479][T20570]  asm_exc_page_fault+0x26/0x30
[  826.991497][T20570] RIP: 0010:copy_iovec_from_user+0xcf/0x140
[  826.991522][T20570] Code: 0f 85 87 00 00 00 4c 89 6b 08 49 83 ec 01 31 ff 48 83 c5 10 4c 89 e6 48 83 c3 10 e8 4b f7 15 fd 4d 85 e4 74 57 e8 61 fc 15 fd <4c> 8b 6d 08 e8 58 fc 15 fd 4c 8b 7d 00 e8 4f fc 15 fd 31 ff 4c 89
[  826.991540][T20570] RSP: 0018:ffffc90003167be8 EFLAGS: 00050283
[  826.991555][T20570] RAX: 0000000000000031 RBX: ffff888023bf3e00 RCX: ffffc9000d051000
[  826.991567][T20570] RDX: 0000000000080000 RSI: ffffffff84f2471f RDI: ffff88802c6a0000
[  826.991579][T20570] RBP: 0000000000000000 R08: 0000000000000006 R09: 0000000000000000
[  826.991589][T20570] R10: 00000000000000a0 R11: 0000000000000000 R12: 000000000000000a
[  826.991600][T20570] R13: 00000000000000a0 R14: dffffc0000000000 R15: 0000000000000000
[  826.991618][T20570]  ? copy_iovec_from_user+0xcf/0x140
[  826.991644][T20570]  ? copy_iovec_from_user+0xcf/0x140
[  826.991669][T20570]  iovec_from_user+0xc1/0x140
[  826.991696][T20570]  process_vm_rw+0x1e5/0x2d0
[  826.991717][T20570]  ? __pfx_process_vm_rw+0x10/0x10
[  826.991733][T20570]  ? __pfx_futex_wake+0x10/0x10
[  826.991766][T20570]  ? ksys_write+0x190/0x250
[  826.991804][T20570]  ? xfd_validate_state+0x129/0x190
[  826.991836][T20570]  __x64_sys_process_vm_readv+0xe2/0x1c0
[  826.991855][T20570]  ? do_syscall_64+0x95/0xf80
[  826.991874][T20570]  ? lockdep_hardirqs_on+0x78/0x100
[  826.991899][T20570]  do_syscall_64+0x106/0xf80
[  826.991918][T20570]  ? clear_bhb_loop+0x40/0x90
[  826.991941][T20570]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  826.991959][T20570] RIP: 0033:0x7fa63e39c819
[  826.991975][T20570] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  826.991992][T20570] RSP: 002b:00007fa63f2a4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000136
[  826.992009][T20570] RAX: ffffffffffffffda RBX: 00007fa63e616090 RCX: 00007fa63e39c819
[  826.992020][T20570] RDX: 0000040000000001 RSI: 0000200000000080 RDI: 0000000000000156
[  826.992032][T20570] RBP: 00007fa63e432c91 R08: 000000000000000a R09: 0000000000000000
[  826.992043][T20570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  826.992055][T20570] R13: 00007fa63e616128 R14: 00007fa63e616090 R15: 00007ffed9dd4588
[  826.992080][T20570]  </TASK>
[  829.554422][T20607] netlink: zone id is out of range
[  829.584431][T20607] netlink: zone id is out of range
[  829.599689][T20607] netlink: zone id is out of range
[  829.672090][T20608] netlink: zone id is out of range
[  829.677256][T20608] netlink: zone id is out of range
[  829.723908][T20607] netlink: set zone limit has 8 unknown bytes
[  829.782323][T20608] netlink: zone id is out of range
[  829.811617][T20608] netlink: zone id is out of range
[  829.838309][T20608] netlink: zone id is out of range
[  829.854489][T20608] netlink: zone id is out of range
[  831.271096][T20649] netlink: 'syz.0.3354': attribute type 1 has an invalid length.
[  831.632747][T20664] block nbd0: Unsupported socket: should be TCP or UNIX.
[  836.504022][T20787] IPVS: length: 8 != 3752
[  836.654348][T20787] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3385'.
[  837.734244][T20799] FAULT_INJECTION: forcing a failure.
[  837.734244][T20799] name failslab, interval 0, probability 0, space 0, times 0
[  837.776392][T20799] CPU: 0 UID: 0 PID: 20799 Comm: syz.3.3390 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  837.776427][T20799] Tainted: [L]=SOFTLOCKUP
[  837.776433][T20799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  837.776444][T20799] Call Trace:
[  837.776451][T20799]  <TASK>
[  837.776459][T20799]  dump_stack_lvl+0x100/0x190
[  837.776493][T20799]  should_fail_ex.cold+0x5/0xa
[  837.776518][T20799]  should_failslab+0xc2/0x120
[  837.776544][T20799]  __kmalloc_cache_noprof+0x7a/0x6f0
[  837.776570][T20799]  ? trace_pid_list_alloc+0x2fe/0x480
[  837.776605][T20799]  trace_pid_list_alloc+0x2fe/0x480
[  837.776637][T20799]  trace_pid_write+0x110/0x460
[  837.776668][T20799]  ? __pfx_trace_pid_write+0x10/0x10
[  837.776713][T20799]  event_pid_write.isra.0+0x1e4/0x800
[  837.776735][T20799]  ? __pfx_event_pid_write.isra.0+0x10/0x10
[  837.776761][T20799]  vfs_write+0x2aa/0x1070
[  837.776781][T20799]  ? __pfx_ftrace_event_npid_write+0x10/0x10
[  837.776803][T20799]  ? __pfx_vfs_write+0x10/0x10
[  837.776821][T20799]  ? __fget_files+0x215/0x3d0
[  837.776845][T20799]  ? __fget_files+0x21f/0x3d0
[  837.776870][T20799]  ksys_write+0x12a/0x250
[  837.776888][T20799]  ? __pfx_ksys_write+0x10/0x10
[  837.776913][T20799]  do_syscall_64+0x106/0xf80
[  837.776932][T20799]  ? clear_bhb_loop+0x40/0x90
[  837.776955][T20799]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  837.776974][T20799] RIP: 0033:0x7fa63e39c819
[  837.776990][T20799] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  837.777007][T20799] RSP: 002b:00007fa63f2c5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  837.777026][T20799] RAX: ffffffffffffffda RBX: 00007fa63e615fa0 RCX: 00007fa63e39c819
[  837.777038][T20799] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003
[  837.777049][T20799] RBP: 00007fa63e432c91 R08: 0000000000000000 R09: 0000000000000000
[  837.777060][T20799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  837.777079][T20799] R13: 00007fa63e616038 R14: 00007fa63e615fa0 R15: 00007ffed9dd4588
[  837.777104][T20799]  </TASK>
[  838.135550][T20810] veth1_to_batadv: entered promiscuous mode
[  838.177537][T20810] veth1_to_batadv: left promiscuous mode
[  838.716339][T20821] sd 0:0:1:0: PR command failed: 1026
[  838.737803][T20821] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  838.775496][T20821] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  839.219981][T20841] ubi0: attaching mtd0
[  839.273063][T20841] ubi0: scanning is finished
[  839.317546][T20841] ubi0 error: ubi_read_volume_table: the layout volume was not found
[  839.431178][T20841] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22
[  839.914276][T20861] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3404'.
[  841.345548][T20856] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[  841.660045][T20904] block nbd2: not configured, cannot reconfigure
[  841.732473][T20899] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3413'.
[  847.102457][T17835] Bluetooth: hci2: command 0x0406 tx timeout
[  847.920516][T21077] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74
[  848.051483][T21077] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74
[  848.120706][T21077] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74
[  848.170855][T21077] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74
[  848.214760][T21077] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74
[  848.280512][T21077] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  849.833855][T21095] nbd: nbd4129 already in use
[  849.969845][T21095] nbd: nbd4129 already in use
[  850.121386][T21095] nbd: nbd4129 already in use
[  850.236515][T21095] nbd: nbd4129 already in use
[  851.789574][T21116] kexec: Could not allocate control_code_buffer
[  859.212115][T20948] EXT4-fs (sda1): Delayed block allocation failed for inode 2030 at logical offset 5 with max blocks 48 with error 117
[  859.291199][T20948] EXT4-fs (sda1): This should not happen!! Data will be lost
[  859.291199][T20948] 
[  859.349708][T20948] EXT4-fs (sda1): Delayed block allocation failed for inode 2028 at logical offset 8 with max blocks 1 with error 117
[  859.428798][T20948] EXT4-fs (sda1): This should not happen!! Data will be lost
[  859.428798][T20948] 
[  861.276029][T21286] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3501'.
[  862.285040][T18382] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260
[  862.285071][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.304821][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.316264][T18382] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260
[  862.316289][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.331820][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.342103][T18382] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260
[  862.342126][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.357319][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.366625][T18382] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260
[  862.366646][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.386409][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.395950][T18382] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260
[  862.395973][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.411412][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.421752][T18382] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260
[  862.421776][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.440815][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.450044][T18382] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260
[  862.450065][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.464791][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.473986][T18382] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260
[  862.474008][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.488848][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.498149][T18382] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260
[  862.498170][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.514135][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.523357][T18382] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260
[  862.523380][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.538696][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.550801][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.558209][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.567382][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.575446][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.584675][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.592092][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.601641][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.609453][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.619173][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.626752][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.636369][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.650331][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.659602][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.667545][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.680445][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.687883][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.697533][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.705406][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.715437][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.722913][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.734889][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.742807][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.752634][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.760029][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.769957][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.777473][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.786961][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.794833][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.804383][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.812667][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.825131][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.832604][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.844379][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.851844][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.861849][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.869248][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.880361][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.887805][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.898032][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.905718][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.915862][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.923924][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.933419][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.950392][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  862.959571][T18382] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15
[  862.967224][T18382] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  865.401779][T21357] futex_wake_op: syz.1.3523 tries to shift op by -2048; fix this program
[  868.654585][T21402] ubi0: attaching mtd0
[  868.703876][T21402] ubi0: scanning is finished
[  868.739238][T21402] ubi0 error: ubi_read_volume_table: the layout volume was not found
[  869.449798][T21402] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22
[  870.626000][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  870.634759][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  874.473280][   T30] audit: type=1800 audit(4294985791.680:31): pid=21526 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3565" name="sr0" dev="tmpfs" ino=1622 res=0 errno=0
[  875.078587][T21532] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  875.205192][T21532] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  875.415354][T21532] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  875.527713][T18382] Bluetooth: hci1: ACL packet for unknown connection handle 0
[  875.542289][T21532] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  875.602006][T21534] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3568'.
[  875.837197][T21532] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  875.890112][T21532] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  876.045728][T21532] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  876.066583][T21532] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  876.976478][T21571] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3578'.
[  877.028317][T21572] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3578'.
[  877.101511][T18382] Bluetooth: hci4: command 0x0406 tx timeout
[  877.420382][T18382] Bluetooth: hci1: command 0x0406 tx timeout
[  877.900629][T18382] Bluetooth: hci0: command 0x0406 tx timeout
[  878.060774][T18382] Bluetooth: hci2: command 0x0406 tx timeout
[  879.183513][T18382] Bluetooth: hci4: command 0x0406 tx timeout
[  879.502619][T18382] Bluetooth: hci1: command 0x0406 tx timeout
[  879.734592][T21626] netlink: 146 bytes leftover after parsing attributes in process `syz.3.3588'.
[  879.981114][T18382] Bluetooth: hci0: command 0x0406 tx timeout
[  880.141101][T18382] Bluetooth: hci2: command 0x0406 tx timeout
[  880.581063][T21650] FAULT_INJECTION: forcing a failure.
[  880.581063][T21650] name failslab, interval 0, probability 0, space 0, times 0
[  880.642656][T21650] CPU: 0 UID: 0 PID: 21650 Comm: syz.3.3591 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  880.642689][T21650] Tainted: [L]=SOFTLOCKUP
[  880.642696][T21650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  880.642708][T21650] Call Trace:
[  880.642714][T21650]  <TASK>
[  880.642722][T21650]  dump_stack_lvl+0x100/0x190
[  880.642756][T21650]  should_fail_ex.cold+0x5/0xa
[  880.642778][T21650]  ? tomoyo_realpath_from_path+0xb6/0x690
[  880.642806][T21650]  should_failslab+0xc2/0x120
[  880.642828][T21650]  __kmalloc_noprof+0xe0/0x850
[  880.642863][T21650]  tomoyo_realpath_from_path+0xb6/0x690
[  880.642896][T21650]  tomoyo_path_number_perm+0x23c/0x580
[  880.642919][T21650]  ? tomoyo_path_number_perm+0x22e/0x580
[  880.642944][T21650]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  880.642990][T21650]  ? find_held_lock+0x2b/0x80
[  880.643009][T21650]  ? __fget_files+0x215/0x3d0
[  880.643027][T21650]  ? hook_file_ioctl_common+0x146/0x410
[  880.643056][T21650]  ? __fget_files+0x21f/0x3d0
[  880.643078][T21650]  security_file_ioctl+0xd3/0x230
[  880.643104][T21650]  __x64_sys_ioctl+0xb7/0x210
[  880.643135][T21650]  do_syscall_64+0x106/0xf80
[  880.643155][T21650]  ? clear_bhb_loop+0x40/0x90
[  880.643178][T21650]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  880.643198][T21650] RIP: 0033:0x7fa63e39c819
[  880.643213][T21650] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  880.643231][T21650] RSP: 002b:00007fa63f2c5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  880.643250][T21650] RAX: ffffffffffffffda RBX: 00007fa63e615fa0 RCX: 00007fa63e39c819
[  880.643262][T21650] RDX: 0000200000000500 RSI: 00000000c008ae88 RDI: 0000000000000004
[  880.643273][T21650] RBP: 00007fa63f2c5090 R08: 0000000000000000 R09: 0000000000000000
[  880.643284][T21650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  880.643295][T21650] R13: 00007fa63e616038 R14: 00007fa63e615fa0 R15: 00007ffed9dd4588
[  880.643318][T21650]  </TASK>
[  880.643327][T21650] ERROR: Out of memory at tomoyo_realpath_from_path.
[  881.926631][T21678] net_ratelimit: 10 callbacks suppressed
[  881.926648][T21678] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  883.103692][T21698] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3604'.
[  883.584304][T21711] futex_wake_op: syz.3.3607 tries to shift op by -2048; fix this program
[  884.020560][   T30] audit: type=1326 audit(4294985801.220:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21714 comm="syz.0.3609" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff79e19c819 code=0x0
[  884.452245][T21720] sg_write: data in/out 131052/209 bytes for SCSI command 0x67-- guessing data in;
[  884.452245][T21720]    program syz.3.3611 not setting count and/or reply_len properly
[  885.721828][T21746] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3617'.
[  886.390895][T21763] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3620'.
[  887.721700][   T30] audit: type=1800 audit(4294985804.910:33): pid=21795 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3631" name="nullb0" dev="tmpfs" ino=485 res=0 errno=0
[  887.811959][T21791] futex_wake_op: syz.2.3627 tries to shift op by -2048; fix this program
[  887.853070][   T30] audit: type=1800 audit(4294985804.960:34): pid=21797 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3631" name="nullb0" dev="tmpfs" ino=485 res=0 errno=0
[  887.954906][T21791] futex_wake_op: syz.2.3627 tries to shift op by -2048; fix this program
[  891.463343][T21863] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74
[  891.589120][T21863] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74
[  891.686869][T21863] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74
[  891.759332][T21863] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74
[  891.863534][T21863] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74
[  891.967307][T21863] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  892.130629][T21872] Invalid ELF header magic: != ELF
[  895.425460][T21869] kexec: Could not allocate control_code_buffer
[  897.497903][T21974] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3671'.
[  898.192340][T21986] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3675'.
[  898.372249][T21986] bridge0: port 3(bond0) entered disabled state
[  898.493154][T21986] bond0 (unregistering): left allmulticast mode
[  898.499448][T21986] bond_slave_0: left allmulticast mode
[  898.660343][T21986] bond_slave_1: left allmulticast mode
[  898.750675][T21986] bond0 (unregistering): left promiscuous mode
[  898.756893][T21986] bond_slave_0: left promiscuous mode
[  898.951791][T21986] bond_slave_1: left promiscuous mode
[  899.030547][T21986] bridge0: port 3(bond0) entered disabled state
[  899.538038][T21986] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  899.851886][T21986] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  900.055350][T21986] bond0 (unregistering): Released all slaves
[  900.322265][T22013] futex_wake_op: syz.0.3680 tries to shift op by -2048; fix this program
[  900.370940][T21978] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74
[  900.460879][T21978] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74
[  900.562058][T21978] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74
[  900.665324][T21978] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74
[  900.741412][T21978] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74
[  900.827071][T21978] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  901.314457][T21173] syz.2.3469 (21173) used greatest stack depth: 17912 bytes left
[  901.840618][T22021] &#$@\]\-: entered promiscuous mode
[  904.638409][T22069] bridge_slave_1: left allmulticast mode
[  904.741668][T22069] bridge_slave_1: left promiscuous mode
[  904.747486][T22069] bridge0: port 2(bridge_slave_1) entered disabled state
[  913.582393][T17835] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  913.593819][T17820] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  913.602790][T17820] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  913.625566][T17820] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  913.636266][T17820] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  914.316711][T22175] sctp: [Deprecated]: syz.1.3719 (pid 22175) Use of struct sctp_assoc_value in delayed_ack socket option.
[  914.316711][T22175] Use struct sctp_sack_info instead
[  914.734730][T22178] chnl_net:caif_netlink_parms(): no params data found
[  915.462343][T22178] bridge0: port 1(bridge_slave_0) entered blocking state
[  915.477347][T22178] bridge0: port 1(bridge_slave_0) entered disabled state
[  915.521424][T22178] bridge_slave_0: entered allmulticast mode
[  915.553829][T22178] bridge_slave_0: entered promiscuous mode
[  915.657001][T22178] bridge0: port 2(bridge_slave_1) entered blocking state
[  915.700303][T22178] bridge0: port 2(bridge_slave_1) entered disabled state
[  915.739109][T22178] bridge_slave_1: entered allmulticast mode
[  915.745334][T17820] Bluetooth: hci3: command tx timeout
[  915.795127][T22178] bridge_slave_1: entered promiscuous mode
[  915.945923][T22178] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  916.013122][T22178] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  916.199435][T22178] team0: Port device team_slave_0 added
[  916.238832][T22178] team0: Port device team_slave_1 added
[  916.444420][T22178] batman_adv: batadv0: Adding interface: batadv_slave_0
[  916.484446][T22178] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  916.646735][T22178] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  916.721944][T22178] batman_adv: batadv0: Adding interface: batadv_slave_1
[  916.744985][T22178] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  916.852809][T22178] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  917.067798][T22178] hsr_slave_0: entered promiscuous mode
[  917.089431][T22178] hsr_slave_1: entered promiscuous mode
[  917.123704][T22178] debugfs: 'hsr0' already exists in 'hsr'
[  917.129483][T22178] Cannot create hsr debugfs directory
[  917.820470][T17820] Bluetooth: hci3: command tx timeout
[  918.237685][T22242] netlink: 338 bytes leftover after parsing attributes in process `syz.0.3733'.
[  918.312414][T22242] bridge0: port 3(bond0) entered disabled state
[  918.318992][T22242] bridge0: port 1(bridge_slave_0) entered disabled state
[  918.870081][T22178] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  918.935232][T22178] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  919.003769][T22178] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  919.051523][T22178] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  919.365058][T20960] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  919.631508][T20960] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  919.811416][T20960] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  919.900340][T17820] Bluetooth: hci3: command tx timeout
[  920.056851][T20960] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  920.198936][T22178] 8021q: adding VLAN 0 to HW filter on device bond0
[  920.282104][T22178] 8021q: adding VLAN 0 to HW filter on device team0
[  920.300906][T20973] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 917 with max blocks 16 with error 117
[  920.340722][T20959] bridge0: port 1(bridge_slave_0) entered blocking state
[  920.347942][T20959] bridge0: port 1(bridge_slave_0) entered forwarding state
[  920.368031][T20973] EXT4-fs (sda1): This should not happen!! Data will be lost
[  920.368031][T20973] 
[  920.444248][T20959] bridge0: port 2(bridge_slave_1) entered blocking state
[  920.451457][T20959] bridge0: port 2(bridge_slave_1) entered forwarding state
[  920.909431][T20960] gretap0: left allmulticast mode
[  920.933098][T20960] gretap0: left promiscuous mode
[  920.964420][T20960] bridge0: port 4(gretap0) entered disabled state
[  921.172488][T20960] bridge_slave_1: left allmulticast mode
[  921.220737][T20960] bridge_slave_1: left promiscuous mode
[  921.241576][T20960] bridge0: port 2(bridge_slave_1) entered disabled state
[  921.322977][T20960] bridge_slave_0: left allmulticast mode
[  921.351126][T20960] bridge_slave_0: left promiscuous mode
[  921.356859][T20960] bridge0: port 1(bridge_slave_0) entered disabled state
[  921.542438][T22320] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  921.981595][T17820] Bluetooth: hci3: command tx timeout
[  922.650764][T22178] 8021q: adding VLAN 0 to HW filter on device batadv0
[  923.542214][T20960] hsr_slave_0: left promiscuous mode
[  923.570844][T20960] hsr_slave_1: left promiscuous mode
[  923.598783][T20960] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  923.640388][T20960] batman_adv: batadv0: Removing interface: batadv_slave_0
[  923.690821][T20960] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  923.728981][T20960] batman_adv: batadv0: Removing interface: batadv_slave_1
[  923.804620][T20960] veth1_macvtap: left promiscuous mode
[  923.810140][T20960] veth0_macvtap: left promiscuous mode
[  923.858978][T20960] veth1_vlan: left promiscuous mode
[  923.886027][T20960] veth0_vlan: left promiscuous mode
[  924.503729][T20960] team0 (unregistering): Port device team_slave_1 removed
[  924.556006][T20960] team0 (unregistering): Port device team_slave_0 removed
[  925.492605][T22178] veth0_vlan: entered promiscuous mode
[  925.560548][T22178] veth1_vlan: entered promiscuous mode
[  925.932212][T22178] veth0_macvtap: entered promiscuous mode
[  926.149708][T22178] veth1_macvtap: entered promiscuous mode
[  926.327820][T22178] batman_adv: batadv0: Interface activated: batadv_slave_0
[  926.409966][T22178] batman_adv: batadv0: Interface activated: batadv_slave_1
[  926.597712][T20973] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  926.697244][T20973] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  926.739200][T20973] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  926.925953][T20973] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  927.007826][T22411] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3761'.
[  927.072567][T22411] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  927.079993][T22411] batman_adv: batadv0: Removing interface: batadv_slave_0
[  927.174242][T22411] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  927.210341][T22411] batman_adv: batadv0: Removing interface: batadv_slave_1
[  927.478575][T20963] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  927.548348][T20963] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  927.738970][T20963] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  927.777951][T20963] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  929.706766][T22460] No such timeout policy "
"
[  929.740297][T22460] netlink: Failed to associated timeout policy '
'
[  930.429352][T22485] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3777'.
[  930.504313][T22485] veth1_macvtap: left promiscuous mode
[  932.066031][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  932.072561][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  933.577307][T22561] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 74
[  933.636614][T22561] EXT4-fs (sda1): This should not happen!! Data will be lost
[  933.636614][T22561] 
[  934.769427][T22590] openvswitch: netlink: IPv4 tunnel dst address is zero
[  935.590577][T20963] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117
[  935.685642][T20963] EXT4-fs (sda1): This should not happen!! Data will be lost
[  935.685642][T20963] 
[  939.867273][T22675] i2c i2c-0: new_device: Missing parameters
[  939.971139][T22689] futex_wake_op: syz.0.3822 tries to shift op by -2048; fix this program
[  940.059552][T22689] futex_wake_op: syz.0.3822 tries to shift op by -2048; fix this program
[  941.735934][T22735] FAULT_INJECTION: forcing a failure.
[  941.735934][T22735] name failslab, interval 0, probability 0, space 0, times 0
[  941.834059][T22735] CPU: 0 UID: 0 PID: 22735 Comm: syz.4.3831 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  941.834092][T22735] Tainted: [L]=SOFTLOCKUP
[  941.834100][T22735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  941.834111][T22735] Call Trace:
[  941.834117][T22735]  <TASK>
[  941.834125][T22735]  dump_stack_lvl+0x100/0x190
[  941.834159][T22735]  should_fail_ex.cold+0x5/0xa
[  941.834181][T22735]  ? tomoyo_realpath_from_path+0xb6/0x690
[  941.834210][T22735]  should_failslab+0xc2/0x120
[  941.834232][T22735]  __kmalloc_noprof+0xe0/0x850
[  941.834265][T22735]  tomoyo_realpath_from_path+0xb6/0x690
[  941.834299][T22735]  tomoyo_check_open_permission+0x2af/0x3c0
[  941.834324][T22735]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  941.834370][T22735]  ? do_raw_spin_lock+0x128/0x260
[  941.834401][T22735]  ? path_get+0x61/0x80
[  941.834425][T22735]  tomoyo_file_open+0x6b/0x90
[  941.834444][T22735]  security_file_open+0xb5/0x1e0
[  941.834470][T22735]  do_dentry_open+0x5aa/0x1660
[  941.834492][T22735]  ? security_inode_permission+0xbf/0x250
[  941.834529][T22735]  vfs_open+0x82/0x3f0
[  941.834556][T22735]  path_openat+0x208c/0x31a0
[  941.834588][T22735]  ? __pfx_path_openat+0x10/0x10
[  941.834617][T22735]  do_file_open+0x20e/0x430
[  941.834641][T22735]  ? __pfx_do_file_open+0x10/0x10
[  941.834678][T22735]  ? alloc_fd+0x476/0x790
[  941.834699][T22735]  ? do_getname+0x191/0x390
[  941.834726][T22735]  do_sys_openat2+0x10d/0x1e0
[  941.834752][T22735]  ? __pfx_do_sys_openat2+0x10/0x10
[  941.834787][T22735]  __x64_sys_openat+0x12d/0x210
[  941.834814][T22735]  ? __pfx___x64_sys_openat+0x10/0x10
[  941.834848][T22735]  do_syscall_64+0x106/0xf80
[  941.834868][T22735]  ? clear_bhb_loop+0x40/0x90
[  941.834891][T22735]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  941.834910][T22735] RIP: 0033:0x7f4dc999c819
[  941.834927][T22735] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  941.834944][T22735] RSP: 002b:00007f4dca84d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  941.834963][T22735] RAX: ffffffffffffffda RBX: 00007f4dc9c15fa0 RCX: 00007f4dc999c819
[  941.834976][T22735] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  941.834987][T22735] RBP: 00007f4dc9a32c91 R08: 0000000000000000 R09: 0000000000000000
[  941.834998][T22735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  941.835010][T22735] R13: 00007f4dc9c16038 R14: 00007f4dc9c15fa0 R15: 00007ffd7ab439b8
[  941.835034][T22735]  </TASK>
[  941.835043][T22735] ERROR: Out of memory at tomoyo_realpath_from_path.
[  942.419969][T22743] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117
[  942.540270][T22743] EXT4-fs (sda1): This should not happen!! Data will be lost
[  942.540270][T22743] 
[  942.757807][T22753] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3834'.
[  943.189675][T22765] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  944.037719][T22791] netlink: 'syz.1.3840': attribute type 2 has an invalid length.
[  944.172380][T22793] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3841'.
[  945.309435][T22781] kexec: Could not allocate control_code_buffer
[  947.741059][T22878] netlink: 9 bytes leftover after parsing attributes in process `syz.4.3852'.
[  949.627217][T22920] netlink: NAT attribute type 0 has unexpected length (4 != 0)
[  950.878362][T18475] EXT4-fs (sda1): Delayed block allocation failed for inode 2026 at logical offset 5 with max blocks 2 with error 117
[  950.969812][T18475] EXT4-fs (sda1): This should not happen!! Data will be lost
[  950.969812][T18475] 
[  951.007162][T22940] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  951.036524][T22940] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  951.071121][T22940] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  951.094493][T22940] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  951.112451][T22962] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3872'.
[  951.140380][T22940] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  951.177855][T22940] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  951.204956][T22962] team0 (unregistering): Port device team_slave_0 removed
[  951.255035][T22962] team0 (unregistering): Port device team_slave_1 removed
[  952.017446][T22970] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3875'.
[  952.544216][T17820] Bluetooth: hci4: command 0x0406 tx timeout
[  953.102159][T18382] Bluetooth: hci3: command 0x0c1a tx timeout
[  953.108267][T18382] Bluetooth: hci0: command 0x0406 tx timeout
[  953.117271][T17820] Bluetooth: hci1: command 0x0406 tx timeout
[  953.234717][T22976] Process accounting resumed
[  955.010834][T23043] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3891'.
[  955.152065][T23043] IPv6: NLM_F_CREATE should be specified when creating new route
[  955.180412][T22994] Bluetooth: hci3: command 0x0c1a tx timeout
[  955.266389][T23043] IPv6: Can't replace route, no match found
[  955.296704][T23052] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[  956.610614][T23086] netlink: 'syz.2.3904': attribute type 1 has an invalid length.
[  956.618505][T23086] netlink: 314 bytes leftover after parsing attributes in process `syz.2.3904'.
[  956.895367][T23092] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117
[  956.970892][T23092] EXT4-fs (sda1): This should not happen!! Data will be lost
[  956.970892][T23092] 
[  957.260660][T22994] Bluetooth: hci3: command 0x0c1a tx timeout
[  959.413747][T23117] kexec: Could not allocate control_code_buffer
[  960.505557][T23160] FAULT_INJECTION: forcing a failure.
[  960.505557][T23160] name failslab, interval 0, probability 0, space 0, times 0
[  960.570062][T23160] CPU: 0 UID: 0 PID: 23160 Comm: syz.4.3924 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  960.570094][T23160] Tainted: [L]=SOFTLOCKUP
[  960.570101][T23160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  960.570111][T23160] Call Trace:
[  960.570119][T23160]  <TASK>
[  960.570127][T23160]  dump_stack_lvl+0x100/0x190
[  960.570174][T23160]  should_fail_ex.cold+0x5/0xa
[  960.570197][T23160]  should_failslab+0xc2/0x120
[  960.570219][T23160]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  960.570249][T23160]  ? __kernfs_new_node+0xd2/0x960
[  960.570284][T23160]  __kernfs_new_node+0xd2/0x960
[  960.570314][T23160]  ? kernfs_add_one+0x214/0x850
[  960.570332][T23160]  ? __pfx___kernfs_new_node+0x10/0x10
[  960.570366][T23160]  ? find_held_lock+0x2b/0x80
[  960.570384][T23160]  ? kernfs_root+0xee/0x2a0
[  960.570411][T23160]  ? kernfs_root+0xee/0x2a0
[  960.570445][T23160]  kernfs_new_node+0x11b/0x1a0
[  960.570468][T23160]  kernfs_create_link+0xcc/0x240
[  960.570494][T23160]  sysfs_do_create_link_sd+0x90/0x140
[  960.570524][T23160]  sysfs_create_link+0x61/0xc0
[  960.570551][T23160]  device_add+0x553/0x1950
[  960.570580][T23160]  ? __pfx_device_add+0x10/0x10
[  960.570614][T23160]  __add_disk+0x518/0xe40
[  960.570636][T23160]  ? find_held_lock+0x2b/0x80
[  960.570657][T23160]  add_disk_fwnode+0x3d4/0x5c0
[  960.570681][T23160]  zram_add+0x4d2/0x610
[  960.570709][T23160]  ? __pfx_zram_add+0x10/0x10
[  960.570752][T23160]  ? find_held_lock+0x2b/0x80
[  960.570770][T23160]  ? sysfs_file_kobj+0xe4/0x290
[  960.570797][T23160]  ? __pfx_hot_add_show+0x10/0x10
[  960.570825][T23160]  hot_add_show+0x21/0x80
[  960.570853][T23160]  class_attr_show+0x72/0xa0
[  960.570879][T23160]  ? __pfx_class_attr_show+0x10/0x10
[  960.570902][T23160]  sysfs_kf_seq_show+0x217/0x3a0
[  960.570932][T23160]  seq_read_iter+0x32f/0x1270
[  960.570960][T23160]  kernfs_fop_read_iter+0x46c/0x610
[  960.570983][T23160]  ? rw_verify_area+0xce/0x6d0
[  960.571010][T23160]  ? __pfx_kernfs_fop_read_iter+0x10/0x10
[  960.571034][T23160]  vfs_read+0x825/0xb30
[  960.571055][T23160]  ? __pfx_vfs_read+0x10/0x10
[  960.571089][T23160]  ksys_read+0x12a/0x250
[  960.571107][T23160]  ? __pfx_ksys_read+0x10/0x10
[  960.571133][T23160]  do_syscall_64+0x106/0xf80
[  960.571159][T23160]  ? clear_bhb_loop+0x40/0x90
[  960.571184][T23160]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  960.571203][T23160] RIP: 0033:0x7f4dc999c819
[  960.571220][T23160] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  960.571238][T23160] RSP: 002b:00007f4dca82c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  960.571257][T23160] RAX: ffffffffffffffda RBX: 00007f4dc9c16090 RCX: 00007f4dc999c819
[  960.571269][T23160] RDX: 0000000000001000 RSI: 0000200000000ec0 RDI: 0000000000000006
[  960.571282][T23160] RBP: 00007f4dc9a32c91 R08: 0000000000000000 R09: 0000000000000000
[  960.571293][T23160] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  960.571304][T23160] R13: 00007f4dc9c16128 R14: 00007f4dc9c16090 R15: 00007ffd7ab439b8
[  960.571329][T23160]  </TASK>
[  961.920322][T23174] futex_wake_op: syz.1.3926 tries to shift op by -2048; fix this program
[  962.045597][T23174] futex_wake_op: syz.1.3926 tries to shift op by -2048; fix this program
[  962.753517][T23192] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3933'.
[  963.601512][T23203] futex_wake_op: syz.2.3936 tries to shift op by -2048; fix this program
[  964.268223][T23207] usbip-vudc usbip-vudc.0: gadget not bound
[  965.107469][T23251] netlink: 'syz.0.3948': attribute type 1 has an invalid length.
[  965.896263][T23281] program syz.4.3953 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  971.542512][T23393] cgroup: fork rejected by pids controller in /syz4
[  973.382173][T23572] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3986'.
[  974.671172][T23592] netlink: 'syz.1.3993': attribute type 1 has an invalid length.
[  979.463074][T23655] netlink: 'syz.1.4009': attribute type 1 has an invalid length.
[  981.741076][T20973] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 926 with max blocks 7 with error 117
[  981.800265][T20973] EXT4-fs (sda1): This should not happen!! Data will be lost
[  981.800265][T20973] 
[  981.843649][T20973] EXT4-fs (sda1): Delayed block allocation failed for inode 2032 at logical offset 6 with max blocks 6 with error 117
[  981.895515][T20973] EXT4-fs (sda1): This should not happen!! Data will be lost
[  981.895515][T20973] 
[  981.937363][T20973] EXT4-fs (sda1): Delayed block allocation failed for inode 2026 at logical offset 5 with max blocks 1 with error 117
[  981.995738][T20973] EXT4-fs (sda1): This should not happen!! Data will be lost
[  981.995738][T20973] 
[  986.603985][T23766] delete_channel: no stack
[  989.210657][T22994] bt_warn_ratelimited: 23 callbacks suppressed
[  989.210678][T22994] Bluetooth: hci4: unexpected event 0x3e length: 508 > 260
[  989.216918][T22994] Bluetooth: hci4: unexpected subevent 0x02 length: 507 > 260
[  989.231749][T22994] Bluetooth: hci4: Dropping invalid advertising data
[  989.238912][T22994] Bluetooth: hci4: unknown advertising packet type: 0xe9
[  989.241549][T23854] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4043'.
[  990.437640][T23413] syz.4.3981 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  991.394709][T23413] CPU: 0 UID: 0 PID: 23413 Comm: syz.4.3981 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  991.394750][T23413] Tainted: [L]=SOFTLOCKUP
[  991.394756][T23413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  991.394767][T23413] Call Trace:
[  991.394774][T23413]  <TASK>
[  991.394782][T23413]  dump_stack_lvl+0x100/0x190
[  991.394816][T23413]  dump_header+0xfb/0x606
[  991.394837][T23413]  oom_kill_process.cold+0xd/0x330
[  991.394860][T23413]  out_of_memory+0x340/0x14f0
[  991.394900][T23413]  ? __pfx_out_of_memory+0x10/0x10
[  991.394937][T23413]  mem_cgroup_out_of_memory+0xc6/0x130
[  991.394965][T23413]  ? __pfx_mem_cgroup_out_of_memory+0x10/0x10
[  991.394992][T23413]  ? find_held_lock+0x2b/0x80
[  991.395016][T23413]  ? do_raw_spin_unlock+0x145/0x1e0
[  991.395046][T23413]  ? _raw_spin_unlock+0x28/0x50
[  991.395078][T23413]  try_charge_memcg+0x652/0xc90
[  991.395104][T23413]  ? __pfx_try_charge_memcg+0x10/0x10
[  991.395126][T23413]  ? find_held_lock+0x2b/0x80
[  991.395144][T23413]  ? rcu_read_unlock+0x17/0x60
[  991.395166][T23413]  ? rcu_read_unlock+0x17/0x60
[  991.395195][T23413]  charge_memcg+0xa6/0x280
[  991.395216][T23413]  __mem_cgroup_charge+0x2b/0x1e0
[  991.395243][T23413]  shmem_alloc_and_add_folio+0x451/0xd40
[  991.395280][T23413]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  991.395313][T23413]  ? shmem_allowable_huge_orders+0x2bd/0x400
[  991.395349][T23413]  shmem_get_folio_gfp+0x6ab/0x1900
[  991.395385][T23413]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  991.395422][T23413]  shmem_write_begin+0x1a4/0x420
[  991.395456][T23413]  ? __pfx_shmem_write_begin+0x10/0x10
[  991.395488][T23413]  ? balance_dirty_pages_ratelimited_flags+0x91/0x1170
[  991.395513][T23413]  ? lockdep_hardirqs_on+0x78/0x100
[  991.395535][T23413]  generic_perform_write+0x292/0xa40
[  991.395572][T23413]  ? __pfx_generic_perform_write+0x10/0x10
[  991.395605][T23413]  ? file_update_time_flags+0x373/0x500
[  991.395633][T23413]  ? __pfx_shmem_file_write_iter+0x10/0x10
[  991.395655][T23413]  shmem_file_write_iter+0x10e/0x140
[  991.395679][T23413]  __kernel_write_iter+0x2ac/0x920
[  991.395700][T23413]  ? __pfx___kernel_write_iter+0x10/0x10
[  991.395720][T23413]  ? __up_read+0x2c5/0x700
[  991.395750][T23413]  ? dump_user_range+0x73b/0xb50
[  991.395778][T23413]  dump_user_range+0x3f9/0xb50
[  991.395805][T23413]  ? __pfx_dump_user_range+0x10/0x10
[  991.395835][T23413]  ? __pfx_writenote+0x10/0x10
[  991.395865][T23413]  elf_core_dump+0x2d5f/0x3d10
[  991.395908][T23413]  ? __pfx_elf_core_dump+0x10/0x10
[  991.395934][T23413]  ? trace_ignore_this_task+0xc3/0x100
[  991.395964][T23413]  ? event_filter_pid_sched_wakeup_probe_post+0x128/0x270
[  991.395988][T23413]  ? find_held_lock+0x2b/0x80
[  991.396007][T23413]  ? 0xffffffffff600000
[  991.396024][T23413]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  991.396055][T23413]  ? lockdep_hardirqs_on+0x78/0x100
[  991.396112][T23413]  ? vfs_coredump+0x27bc/0x5570
[  991.396133][T23413]  vfs_coredump+0x27bc/0x5570
[  991.396165][T23413]  ? __pfx_vfs_coredump+0x10/0x10
[  991.396189][T23413]  ? __lock_acquire+0x4a5/0x2630
[  991.396223][T23413]  ? lock_acquire+0x1cf/0x380
[  991.396257][T23413]  ? is_bpf_text_address+0x8a/0x1a0
[  991.396288][T23413]  ? bpf_ksym_find+0x124/0x1c0
[  991.396318][T23413]  ? __kernel_text_address+0xd/0x30
[  991.396346][T23413]  ? unwind_get_return_address+0x59/0xa0
[  991.396368][T23413]  ? arch_stack_walk+0xa6/0xf0
[  991.396395][T23413]  ? __sigqueue_free+0xbe/0x2a0
[  991.396421][T23413]  ? stack_trace_save+0x8e/0xc0
[  991.396440][T23413]  ? __pfx_stack_trace_save+0x10/0x10
[  991.396466][T23413]  ? stack_depot_save_flags+0x27/0x9d0
[  991.396500][T23413]  ? __lock_acquire+0x4a5/0x2630
[  991.396568][T23413]  ? proc_coredump_connector+0x2d3/0x4f0
[  991.396606][T23413]  ? __pfx_proc_coredump_connector+0x10/0x10
[  991.396642][T23413]  ? rcu_is_watching+0x12/0xc0
[  991.396676][T23413]  get_signal+0x1f2a/0x21e0
[  991.396706][T23413]  ? __pfx_get_signal+0x10/0x10
[  991.396726][T23413]  ? find_held_lock+0x2b/0x80
[  991.396743][T23413]  ? bad_area_access_error+0xab/0x1d0
[  991.396762][T23413]  ? fixup_vdso_exception+0x2d1/0x370
[  991.396790][T23413]  arch_do_signal_or_restart+0x91/0x770
[  991.396816][T23413]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  991.396848][T23413]  ? do_user_addr_fault+0x8d6/0x12f0
[  991.396872][T23413]  irqentry_exit+0x1f8/0x670
[  991.396902][T23413]  asm_exc_page_fault+0x26/0x30
[  991.396921][T23413] RIP: 0033:0x0
[  991.396934][T23413] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[  991.396943][T23413] RSP: 002b:000000000000000a EFLAGS: 00010217
[  991.396958][T23413] RAX: 0000000000000000 RBX: 00007f4dc9c15fa0 RCX: 00007f4dc999c819
[  991.396970][T23413] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46
[  991.396981][T23413] RBP: 00007f4dc9a32c91 R08: 0000000000000002 R09: 0000000000000000
[  991.396992][T23413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  991.397003][T23413] R13: 00007f4dc9c16038 R14: 00007f4dc9c15fa0 R15: 00007ffd7ab439b8
[  991.397027][T23413]  </TASK>
[  991.397035][T23413] memory: usage 307200kB, limit 307200kB, failcnt 29472
[  993.504592][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  993.511009][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  993.567668][T23413] memory+swap: usage 430968kB, limit 9007199254740988kB, failcnt 0
[  993.597128][T23413] kmem: usage 3920kB, limit 9007199254740988kB, failcnt 0
[  993.860323][T23413] Memory cgroup stats for /syz4:
[  993.860453][T23413] cache 309993472
[  993.911805][T23413] rss 331776
[  993.915053][T23413] rss_huge 0
[  993.918253][T23413] shmem 309993472
[  993.955607][T23413] mapped_file 13508608
[  993.959730][T23413] dirty 0
[  993.997175][T23413] writeback 0
[  994.007234][T23413] workingset_refault_anon 160
[  994.029756][T23413] workingset_refault_file 0
[  994.049810][T23413] swap 127823872
[  994.059581][T23413] swapcached 134668288
[  994.074945][T23413] pgpgin 138993
[  994.092305][T23413] pgpgout 65326
[  994.095905][T23413] pgfault 45031
[  994.099373][T23413] pgmajfault 92
[  994.150957][T23413] inactive_anon 179769344
[  994.155329][T23413] active_anon 130727936
[  994.159482][T23413] inactive_file 0
[  994.217681][T23413] active_file 0
[  994.227806][T23413] unevictable 0
[  994.237922][T23413] hierarchical_memory_limit 314572800
[  994.265293][T23413] hierarchical_memsw_limit 9223372036854771712
[  994.284360][T23413] total_cache 309993472
[  994.311785][T23413] total_rss 331776
[  994.315546][T23413] total_rss_huge 0
[  994.344607][T23413] total_shmem 309993472
[  994.348846][T23413] total_mapped_file 13508608
[  994.389865][T23413] total_dirty 0
[  994.420378][T23413] total_writeback 0
[  994.428596][T23413] total_workingset_refault_anon 160
[  994.460356][T23413] total_workingset_refault_file 0
[  994.465430][T23413] total_swap 127823872
[  994.469600][T23413] total_swapcached 134668288
[  994.521008][T23413] total_pgpgin 138993
[  994.540553][T23413] total_pgpgout 65326
[  994.544584][T23413] total_pgfault 45031
[  994.548573][T23413] total_pgmajfault 92
[  994.620795][T23413] total_inactive_anon 179769344
[  994.625692][T23413] total_active_anon 130727936
[  994.651631][T23933] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4063'.
[  994.690072][T23413] total_inactive_file 0
[  994.695248][T23413] total_active_file 0
[  994.699330][T23413] total_unevictable 0
[  994.744344][T23413] anon_cost 0
[  994.747671][T23413] file_cost 0
[  994.780358][T23413] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.3981,pid=23429,uid=0
[  994.877580][T23413] Memory cgroup out of memory: Killed process 23429 (syz.4.3981) total-vm:132008kB, anon-rss:1360kB, file-rss:21580kB, shmem-rss:11968kB, UID:0 pgtables:164kB oom_score_adj:0
[  997.593244][T23953] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4069'.
[  998.946133][T23404] syz.4.3981 (23404) used greatest stack depth: 17272 bytes left
[  999.692951][T23978] netlink: 'syz.0.4076': attribute type 33 has an invalid length.
[  999.889082][T23984] netlink: 'syz.0.4076': attribute type 33 has an invalid length.
[ 1000.838732][T24009] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4082'.
[ 1001.910710][T24024] can: request_module (can-proto-0) failed.
[ 1003.229639][T24059] netlink: 'syz.0.4091': attribute type 1 has an invalid length.
[ 1003.278886][T24060] netlink: 'syz.0.4091': attribute type 1 has an invalid length.
[ 1006.494523][T24155] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4117'.
[ 1006.547615][T24156] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4117'.
[ 1006.608202][T24155] vlan1: entered promiscuous mode
[ 1006.653821][T24155] vlan1: entered allmulticast mode
[ 1006.682011][T24155] veth0_vlan: entered allmulticast mode
[ 1006.991116][T24177] netlink: NAT attribute has 18 unknown bytes
[ 1009.423202][T24242] bridge0: port 2(gretap0) entered blocking state
[ 1009.492027][T24242] bridge0: port 2(gretap0) entered disabled state
[ 1009.548440][T24242] gretap0: entered allmulticast mode
[ 1009.590025][T24242] gretap0: entered promiscuous mode
[ 1010.396952][T24262] futex_wake_op: syz.1.4141 tries to shift op by -2048; fix this program
[ 1010.556519][T24267] NFSD: Failed to start, no listeners configured.
[ 1010.796544][T24274] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4143'.
[ 1011.785301][T24306] netlink: 54 bytes leftover after parsing attributes in process `syz.2.4154'.
[ 1012.155116][T24320] futex_wake_op: syz.2.4157 tries to shift op by -2048; fix this program
[ 1012.199365][T24320] futex_wake_op: syz.2.4157 tries to shift op by -2048; fix this program
[ 1012.463976][T17840] EXT4-fs (sda1): Delayed block allocation failed for inode 2026 at logical offset 5 with max blocks 65 with error 117
[ 1012.549965][T17840] EXT4-fs (sda1): This should not happen!! Data will be lost
[ 1012.549965][T17840] 
[ 1013.948617][T24378] netlink: 'syz.4.4173': attribute type 2 has an invalid length.
[ 1013.966491][T24332] kexec: Could not allocate control_code_buffer
[ 1013.997579][T24377] netlink: 'syz.4.4173': attribute type 2 has an invalid length.
[ 1015.076742][T24410] vcan0: tx drop: invalid sa for name 0x00000000000000fd
[ 1015.256679][T24420] netlink: 'syz.2.4184': attribute type 2 has an invalid length.
[ 1016.305450][T24444] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4192'.
[ 1016.459967][T24447] netlink: 54 bytes leftover after parsing attributes in process `syz.2.4193'.
[ 1018.363112][T22994] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5
[ 1018.598287][T22994] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260
[ 1018.605452][T22994] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260
[ 1018.621378][T22994] Bluetooth: hci1: Unknown advertising packet type: 0x7f
[ 1018.621423][T22994] Bluetooth: hci1: Malformed LE Event: 0x0d
[ 1020.581671][T24589] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4234'.
[ 1021.254801][T24607] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4240'.
[ 1023.658277][T24695] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4259'.
[ 1023.734597][T24699] netlink: 146 bytes leftover after parsing attributes in process `syz.4.4257'.
[ 1024.681360][T24720] nbd: must specify a device to reconfigure
[ 1024.709326][T24721] nbd: must specify a device to reconfigure
[ 1025.984179][T24748] EXT4-fs (sda1): Delayed block allocation failed for inode 2028 at logical offset 8 with max blocks 26 with error 117
[ 1026.039385][T24748] EXT4-fs (sda1): This should not happen!! Data will be lost
[ 1026.039385][T24748] 
[ 1028.386090][T24809] netlink: 138 bytes leftover after parsing attributes in process `syz.4.4284'.
[ 1030.389236][T24883] netlink: 440 bytes leftover after parsing attributes in process `syz.0.4311'.
[ 1030.421628][T24883] netlink: 350 bytes leftover after parsing attributes in process `syz.0.4311'.
[ 1030.469458][T24884] netlink: 350 bytes leftover after parsing attributes in process `syz.0.4311'.
[ 1030.931479][T24901] futex_wake_op: syz.0.4315 tries to shift op by -2048; fix this program
[ 1030.989926][T24901] futex_wake_op: syz.0.4315 tries to shift op by -2048; fix this program
[ 1032.472883][T24954] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4331'.
[ 1037.985135][T25083] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4364'.
[ 1038.458379][T25093] Invalid ELF header magic: != ELF
[ 1042.765348][T25164] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4394'.
[ 1042.969296][T25180] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4385'.
[ 1043.034394][T25181] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4385'.
[ 1043.125540][T25180] veth1_vlan: entered allmulticast mode
[ 1048.532677][T25337] netlink: 350 bytes leftover after parsing attributes in process `syz.4.4427'.
[ 1048.564754][T25336] netlink: 350 bytes leftover after parsing attributes in process `syz.4.4427'.
[ 1049.548913][T22994] Bluetooth: hci1: unexpected subevent 0x03 length: 253 > 9
[ 1052.200522][T25456] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4457'.
[ 1052.794514][T25465] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4460'.
[ 1054.954989][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.961670][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1054.982321][   T30] audit: type=1804 audit(4294967298.559:35): pid=25507 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.4468" name="file0" dev="tmpfs" ino=808 res=1 errno=0
[ 1062.648301][T25661] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4516'.
[ 1064.340830][T25684] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4519'.
[ 1067.383700][T22994] Bluetooth: hci3: unexpected event 0x1c length: 725 > 5
[ 1067.479276][T25778] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4543'.
[ 1068.568456][T25805] futex_wake_op: syz.4.4549 tries to shift op by -2048; fix this program
[ 1068.599658][T25805] futex_wake_op: syz.4.4549 tries to shift op by -2048; fix this program
[ 1069.479493][T25828] netlink: 29 bytes leftover after parsing attributes in process `syz.4.4556'.
[ 1072.071008][T17835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1072.082486][T17835] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1072.092163][T17835] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1072.099968][T17835] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1072.110731][T17835] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1072.581808][T25903] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4576'.
[ 1073.176709][T25896] chnl_net:caif_netlink_parms(): no params data found
[ 1073.254664][T20966] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1073.437805][T25916] syz.4.4581 (25916): attempted to duplicate a private mapping with mremap.  This is not supported.
[ 1073.533425][T20966] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1073.795031][T20966] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1073.942319][T25896] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1073.971115][T25896] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1073.994235][T25896] bridge_slave_0: entered allmulticast mode
[ 1074.019913][T25896] bridge_slave_0: entered promiscuous mode
[ 1074.075624][T20966] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1074.154055][T17835] Bluetooth: hci2: command tx timeout
[ 1074.166372][T25896] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1074.191820][T25896] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1074.215150][T25896] bridge_slave_1: entered allmulticast mode
[ 1074.240605][T25896] bridge_slave_1: entered promiscuous mode
[ 1074.427004][T20966] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1074.631092][T25896] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1074.670161][T25896] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1074.882976][T25896] team0: Port device team_slave_0 added
[ 1074.997032][T25896] team0: Port device team_slave_1 added
[ 1075.175922][T25896] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1075.209635][T25896] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1075.332984][T25896] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1075.378019][T25896] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1075.398278][T25896] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1075.492455][T25896] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1075.774079][T20966] : left allmulticast mode
[ 1075.778666][T20966] bond_slave_0: left allmulticast mode
[ 1075.822628][T20966] bond_slave_1: left allmulticast mode
[ 1075.872818][T20966] : left promiscuous mode
[ 1075.877301][T20966] bond_slave_0: left promiscuous mode
[ 1075.906181][T20966] bond_slave_1: left promiscuous mode
[ 1075.954847][T20966] bridge0: port 3() entered disabled state
[ 1076.032966][T20966] bridge_slave_1: left allmulticast mode
[ 1076.038665][T20966] bridge_slave_1: left promiscuous mode
[ 1076.082905][T20966] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1076.205155][T20966] bridge_slave_0: left allmulticast mode
[ 1076.210867][T20966] bridge_slave_0: left promiscuous mode
[ 1076.235645][T17835] Bluetooth: hci2: command tx timeout
[ 1076.293030][T20966] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1076.735724][T20966]  (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1076.805329][T20966]  (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1076.844261][T20966]  (unregistering): Released all slaves
[ 1076.922569][T25896] hsr_slave_0: entered promiscuous mode
[ 1076.965602][T25896] hsr_slave_1: entered promiscuous mode
[ 1077.163941][T20966] &#$@\]\-: left promiscuous mode
[ 1078.314202][T17835] Bluetooth: hci2: command tx timeout
[ 1078.516773][T20966] hsr_slave_0: left promiscuous mode
[ 1078.605272][T20966] hsr_slave_1: left promiscuous mode
[ 1078.674351][T20966] veth1_vlan: left promiscuous mode
[ 1078.679787][T20966] veth0_vlan: left promiscuous mode
[ 1079.458290][T20966] team0 (unregistering): Port device team_slave_1 removed
[ 1079.531639][T20966] team0 (unregistering): Port device team_slave_0 removed
[ 1080.398798][T17835] Bluetooth: hci2: command tx timeout
[ 1080.878192][T25896] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1081.027840][T25896] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1081.080581][T25896] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1081.303833][T25896] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1081.950129][T25896] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1082.050326][T25896] 8021q: adding VLAN 0 to HW filter on device team0
[ 1082.127961][T19363] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1082.135105][T19363] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1082.220622][T19363] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1082.227979][T19363] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1082.374118][T25896] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1082.461095][T25896] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1083.233569][T25896] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1083.458820][T25896] veth0_vlan: entered promiscuous mode
[ 1083.523988][T25896] veth1_vlan: entered promiscuous mode
[ 1083.822659][T25896] veth0_macvtap: entered promiscuous mode
[ 1083.926452][T25896] veth1_macvtap: entered promiscuous mode
[ 1084.030455][T25896] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1084.057745][T26087] can: request_module (can-proto-0) failed.
[ 1084.096512][T25896] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1084.201650][T20954] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1084.228526][T20954] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1084.334410][T20954] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1084.387663][T20954] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1084.648565][T20952] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1084.657064][T20952] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1084.778723][T20971] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1084.823828][T20971] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1086.074025][T26146] netlink: 'syz.2.4616': attribute type 27 has an invalid length.
[ 1086.137506][T26146] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4616'.
[ 1086.860160][T26155] ksmbd: Unknown IPC event: 14, ignore.
[ 1086.960091][T26157] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4622'.
[ 1087.211938][T22994] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1087.243566][T22994] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1087.264996][T22994] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1087.299062][T22994] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1087.317893][T22994] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1087.696150][T26171] netlink: 138 bytes leftover after parsing attributes in process `syz.4.4627'.
[ 1087.972628][T26158] chnl_net:caif_netlink_parms(): no params data found
[ 1088.361564][T26158] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1088.419740][T26158] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1088.427118][T26158] bridge_slave_0: entered allmulticast mode
[ 1088.492531][T26158] bridge_slave_0: entered promiscuous mode
[ 1088.517684][T26176] Invalid ELF header magic: != ELF
[ 1088.534520][T26158] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1088.579952][T26158] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1088.629871][T26158] bridge_slave_1: entered allmulticast mode
[ 1088.663179][T26158] bridge_slave_1: entered promiscuous mode
[ 1088.788679][T26158] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1088.867326][T26158] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1089.048256][T26158] team0: Port device team_slave_0 added
[ 1089.108711][T26158] team0: Port device team_slave_1 added
[ 1089.244563][T26158] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1089.284395][T26158] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1089.424505][T26158] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1089.440261][T17835] Bluetooth: hci4: command tx timeout
[ 1089.503304][T26158] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1089.537342][T26158] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1089.700853][T26158] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1089.950426][T26158] hsr_slave_0: entered promiscuous mode
[ 1089.970744][T26158] hsr_slave_1: entered promiscuous mode
[ 1090.007367][T26158] debugfs: 'hsr0' already exists in 'hsr'
[ 1090.042060][T26158] Cannot create hsr debugfs directory
[ 1090.048284][T26205] netlink: 138 bytes leftover after parsing attributes in process `syz.1.4635'.
[ 1090.866006][T26158] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1090.963761][T26158] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1091.016906][T26158] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1091.082563][T26158] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1091.497472][T26158] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1091.521720][T17835] Bluetooth: hci4: command tx timeout
[ 1091.590068][T26158] 8021q: adding VLAN 0 to HW filter on device team0
[ 1091.703351][T19367] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1091.710515][T19367] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1092.046759][T17830] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1092.053953][T17830] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1093.085807][T26158] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1093.604528][T17835] Bluetooth: hci4: command tx timeout
[ 1094.072718][T26158] veth0_vlan: entered promiscuous mode
[ 1094.295591][T26158] veth1_vlan: entered promiscuous mode
[ 1094.374849][T26308] netlink: 'syz.1.4654': attribute type 27 has an invalid length.
[ 1094.403011][T26308] netlink: 'syz.1.4654': attribute type 28 has an invalid length.
[ 1094.473723][T26308] netlink: 'syz.1.4654': attribute type 29 has an invalid length.
[ 1094.517038][T26308] netlink: 'syz.1.4654': attribute type 30 has an invalid length.
[ 1094.553019][T26308] netlink: 'syz.1.4654': attribute type 31 has an invalid length.
[ 1094.583760][T26308] netlink: 'syz.1.4654': attribute type 32 has an invalid length.
[ 1094.629703][T26308] netlink: 'syz.1.4654': attribute type 33 has an invalid length.
[ 1094.686209][T26308] netlink: 'syz.1.4654': attribute type 35 has an invalid length.
[ 1094.701488][T26308] netlink: 'syz.1.4654': attribute type 37 has an invalid length.
[ 1094.738020][T26308] netlink: 18 bytes leftover after parsing attributes in process `syz.1.4654'.
[ 1094.994162][T26158] veth0_macvtap: entered promiscuous mode
[ 1095.050071][T26158] veth1_macvtap: entered promiscuous mode
[ 1095.182036][T26158] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1095.245449][T26158] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1095.295032][T19363] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1095.295113][T19363] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1095.295145][T19363] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1095.295176][T19363] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1095.517497][T17832] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1095.517519][T17832] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1095.609476][T19363] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1095.609499][T19363] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1095.684194][T17835] Bluetooth: hci4: command tx timeout
[ 1097.619747][T26383] netlink: 138 bytes leftover after parsing attributes in process `syz.2.4671'.
[ 1097.817203][T26369] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[ 1100.153457][T26439] ubi0: attaching mtd0
[ 1100.177580][T26439] ubi0: scanning is finished
[ 1100.224408][T26439] ubi0 error: ubi_read_volume_table: the layout volume was not found
[ 1100.447076][T26439] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22
[ 1100.877788][T26448] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[ 1101.628292][T26460] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4691'.
[ 1102.623432][T22994] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1102.636732][T22994] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1102.648874][T22994] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1102.657127][T22994] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1102.664785][T22994] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1103.566682][T26474] chnl_net:caif_netlink_parms(): no params data found
[ 1103.865470][T19367] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1104.224693][T19367] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1104.442426][T19367] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1104.683949][T19367] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1104.730268][T22994] Bluetooth: hci5: command tx timeout
[ 1104.779248][T26474] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1104.806869][T26474] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1104.838177][T26474] bridge_slave_0: entered allmulticast mode
[ 1104.875260][T26474] bridge_slave_0: entered promiscuous mode
[ 1105.049144][T26474] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1105.082029][T26474] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1105.109021][T26474] bridge_slave_1: entered allmulticast mode
[ 1105.129456][T26474] bridge_slave_1: entered promiscuous mode
[ 1105.383896][T26474] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1105.489650][T26474] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1105.817163][T26474] team0: Port device team_slave_0 added
[ 1105.864670][T26474] team0: Port device team_slave_1 added
[ 1105.926333][T26535] zswap: compressor  not available
[ 1106.110272][T26474] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1106.117367][T26474] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1106.346905][T26474] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1106.423829][T26474] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1106.434915][T26551] futex_wake_op: syz.5.4709 tries to shift op by -2048; fix this program
[ 1106.480816][T26474] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1106.570514][T26555] 0xffffffff00000001-0xffffffff00010000 : ""
[ 1106.576562][T26555] mtd: partition "" is out of reach -- disabled
[ 1106.642307][T26474] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1106.683481][T26555] FAULT_INJECTION: forcing a failure.
[ 1106.683481][T26555] name failslab, interval 0, probability 0, space 0, times 0
[ 1106.741691][T19367] bond0: left allmulticast mode
[ 1106.746588][T19367] bond_slave_0: left allmulticast mode
[ 1106.816118][T22994] Bluetooth: hci5: command tx timeout
[ 1106.822431][T19367] bond_slave_1: left allmulticast mode
[ 1106.827938][T19367] bond0: left promiscuous mode
[ 1106.880333][T26555] CPU: 0 UID: 0 PID: 26555 Comm: syz.5.4709 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1106.880365][T26555] Tainted: [L]=SOFTLOCKUP
[ 1106.880372][T26555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1106.880383][T26555] Call Trace:
[ 1106.880390][T26555]  <TASK>
[ 1106.880398][T26555]  dump_stack_lvl+0x100/0x190
[ 1106.880432][T26555]  should_fail_ex.cold+0x5/0xa
[ 1106.880455][T26555]  should_failslab+0xc2/0x120
[ 1106.880477][T26555]  __kmalloc_node_track_caller_noprof+0xe3/0x850
[ 1106.880497][T26555]  ? kstrdup_const+0x63/0x80
[ 1106.880520][T26555]  kstrdup+0x51/0xe0
[ 1106.880539][T26555]  kstrdup_const+0x63/0x80
[ 1106.880558][T26555]  __kernfs_new_node+0x9b/0x960
[ 1106.880598][T26555]  ? __pfx___kernfs_new_node+0x10/0x10
[ 1106.880632][T26555]  ? find_held_lock+0x2b/0x80
[ 1106.880651][T26555]  ? kernfs_root+0xee/0x2a0
[ 1106.880678][T26555]  ? kernfs_root+0xee/0x2a0
[ 1106.880711][T26555]  kernfs_new_node+0x11b/0x1a0
[ 1106.880733][T26555]  kernfs_create_link+0xcc/0x240
[ 1106.880760][T26555]  sysfs_do_create_link_sd+0x90/0x140
[ 1106.880796][T26555]  sysfs_create_link+0x61/0xc0
[ 1106.880824][T26555]  device_add+0x675/0x1950
[ 1106.880851][T26555]  ? lockdep_init_map_type+0x5c/0x250
[ 1106.880877][T26555]  ? __pfx_device_add+0x10/0x10
[ 1106.880902][T26555]  ? lockdep_init_map_type+0x5c/0x250
[ 1106.880928][T26555]  ? __init_waitqueue_head+0xca/0x150
[ 1106.880965][T26555]  add_mtd_device+0x928/0x17a0
[ 1106.880990][T26555]  ? __pfx_add_mtd_device+0x10/0x10
[ 1106.881015][T26555]  mtd_add_partition+0x30a/0x660
[ 1106.881039][T26555]  ? __pfx_mtd_add_partition+0x10/0x10
[ 1106.881060][T26555]  ? __might_fault+0xc5/0x140
[ 1106.881088][T26555]  ? __might_fault+0xc5/0x140
[ 1106.881125][T26555]  mtdchar_blkpg_ioctl+0x207/0x250
[ 1106.881149][T26555]  ? __pfx_mtdchar_blkpg_ioctl+0x10/0x10
[ 1106.881192][T26555]  mtdchar_ioctl+0x1670/0x1fd0
[ 1106.881220][T26555]  ? __pfx_mtdchar_ioctl+0x10/0x10
[ 1106.881244][T26555]  ? lock_acquire+0x1cf/0x380
[ 1106.881274][T26555]  ? trace_contention_end+0x140/0x180
[ 1106.881305][T26555]  ? mtdchar_unlocked_ioctl+0xa2/0xf0
[ 1106.881330][T26555]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1106.881361][T26555]  ? __pfx___mutex_lock+0x10/0x10
[ 1106.881387][T26555]  ? find_held_lock+0x2b/0x80
[ 1106.881417][T26555]  mtdchar_unlocked_ioctl+0xb0/0xf0
[ 1106.881440][T26555]  ? __pfx_mtdchar_unlocked_ioctl+0x10/0x10
[ 1106.881466][T26555]  __x64_sys_ioctl+0x18e/0x210
[ 1106.881497][T26555]  do_syscall_64+0x106/0xf80
[ 1106.881516][T26555]  ? clear_bhb_loop+0x40/0x90
[ 1106.881540][T26555]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1106.881559][T26555] RIP: 0033:0x7f9d66f9c819
[ 1106.881576][T26555] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1106.881599][T26555] RSP: 002b:00007f9d67da7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1106.881619][T26555] RAX: ffffffffffffffda RBX: 00007f9d67216180 RCX: 00007f9d66f9c819
[ 1106.881631][T26555] RDX: 0000000000000000 RSI: 0000000000001269 RDI: 0000000000000005
[ 1106.881643][T26555] RBP: 00007f9d67032c91 R08: 0000000000000000 R09: 0000000000000000
[ 1106.881654][T26555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1106.881665][T26555] R13: 00007f9d67216218 R14: 00007f9d67216180 R15: 00007ffd35e7c878
[ 1106.881689][T26555]  </TASK>
[ 1106.887077][T19367] bond_slave_0: left promiscuous mode
[ 1107.274920][T26555] ------------[ cut here ]------------
[ 1107.280703][T26555] !list_empty(&mtd->part.node)
[ 1107.280718][T26555] WARNING: drivers/mtd/mtdpart.c:37 at release_mtd_partition+0x71/0x90, CPU#0: syz.5.4709/26555
[ 1107.296665][T26555] Modules linked in:
[ 1107.301323][T26555] CPU: 0 UID: 0 PID: 26555 Comm: syz.5.4709 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1107.312421][T26555] Tainted: [L]=SOFTLOCKUP
[ 1107.316757][T26555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1107.327390][T26555] RIP: 0010:release_mtd_partition+0x71/0x90
[ 1107.334550][T26555] Code: 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 1e 48 8b 7b 38 e8 bf f7 db fb 48 89 df 5b 5d e9 b5 f7 db fb e8 b0 6c 7c fb 90 <0f> 0b 90 eb c2 e8 e5 08 e8 fb eb db 48 89 ef e8 db 08 e8 fb eb a5
[ 1107.354361][T26555] RSP: 0018:ffffc90003ab7818 EFLAGS: 00010293
[ 1107.360501][T26555] RAX: 0000000000000000 RBX: ffff888055f56000 RCX: ffffffff8b898f17
[ 1107.369082][T26555] RDX: ffff888027b79e80 RSI: ffffffff868bd6d0 RDI: ffff888055f56000
[ 1107.377481][T26555] RBP: ffff888055f56698 R08: 0000000000000001 R09: 0000000000000001
[ 1107.385795][T26555] R10: 0000000000000002 R11: ffffffff81000130 R12: 0000000000000000
[ 1107.393829][T26555] R13: dffffc0000000000 R14: ffff888035e66480 R15: 0000000000000000
[ 1107.402293][T26555] FS:  00007f9d67da76c0(0000) GS:ffff888124340000(0000) knlGS:0000000000000000
[ 1107.411623][T26555] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1107.418217][T26555] CR2: 00007f4dca74da08 CR3: 00000000299ea000 CR4: 00000000003526f0
[ 1107.426819][T26555] Call Trace:
[ 1107.430564][T26555]  <TASK>
[ 1107.433610][T26555]  mtd_release+0xa0/0xd0
[ 1107.437879][T26555]  ? __pfx_mtd_release+0x10/0x10
[ 1107.442919][T26555]  device_release+0xd2/0x270
[ 1107.447738][T26555]  kobject_put+0x1f7/0x640
[ 1107.453153][T26555]  put_device+0x1f/0x30
[ 1107.457360][T26555]  add_mtd_device+0xbd7/0x17a0
[ 1107.462654][T26555]  ? __pfx_add_mtd_device+0x10/0x10
[ 1107.468102][T26555]  mtd_add_partition+0x30a/0x660
[ 1107.473119][T26555]  ? __pfx_mtd_add_partition+0x10/0x10
[ 1107.478685][T26555]  ? __might_fault+0xc5/0x140
[ 1107.483511][T26555]  ? __might_fault+0xc5/0x140
[ 1107.488226][T26555]  mtdchar_blkpg_ioctl+0x207/0x250
[ 1107.493397][T26555]  ? __pfx_mtdchar_blkpg_ioctl+0x10/0x10
[ 1107.499075][T26555]  mtdchar_ioctl+0x1670/0x1fd0
[ 1107.504368][T26555]  ? __pfx_mtdchar_ioctl+0x10/0x10
[ 1107.509535][T26555]  ? lock_acquire+0x1cf/0x380
[ 1107.514683][T26555]  ? trace_contention_end+0x140/0x180
[ 1107.520114][T26555]  ? mtdchar_unlocked_ioctl+0xa2/0xf0
[ 1107.525502][T26555]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1107.531131][T26555]  ? __pfx___mutex_lock+0x10/0x10
[ 1107.536346][T26555]  ? find_held_lock+0x2b/0x80
[ 1107.541371][T26555]  mtdchar_unlocked_ioctl+0xb0/0xf0
[ 1107.546583][T26555]  ? __pfx_mtdchar_unlocked_ioctl+0x10/0x10
[ 1107.552529][T26555]  __x64_sys_ioctl+0x18e/0x210
[ 1107.557332][T26555]  do_syscall_64+0x106/0xf80
[ 1107.561953][T26555]  ? clear_bhb_loop+0x40/0x90
[ 1107.566641][T26555]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1107.572936][T26555] RIP: 0033:0x7f9d66f9c819
[ 1107.577371][T26555] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1107.597215][T26555] RSP: 002b:00007f9d67da7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1107.606224][T26555] RAX: ffffffffffffffda RBX: 00007f9d67216180 RCX: 00007f9d66f9c819
[ 1107.614600][T26555] RDX: 0000000000000000 RSI: 0000000000001269 RDI: 0000000000000005
[ 1107.622630][T26555] RBP: 00007f9d67032c91 R08: 0000000000000000 R09: 0000000000000000
[ 1107.630660][T26555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1107.639191][T26555] R13: 00007f9d67216218 R14: 00007f9d67216180 R15: 00007ffd35e7c878
[ 1107.647520][T26555]  </TASK>
[ 1107.650604][T26555] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1107.657905][T26555] CPU: 0 UID: 0 PID: 26555 Comm: syz.5.4709 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1107.668945][T26555] Tainted: [L]=SOFTLOCKUP
[ 1107.673267][T26555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1107.683334][T26555] Call Trace:
[ 1107.686628][T26555]  <TASK>
[ 1107.689559][T26555]  dump_stack_lvl+0x100/0x190
[ 1107.694254][T26555]  vpanic+0x552/0x970
[ 1107.698236][T26555]  ? __pfx_vpanic+0x10/0x10
[ 1107.702957][T26555]  panic+0xd1/0xe0
[ 1107.706719][T26555]  ? __pfx_panic+0x10/0x10
[ 1107.711171][T26555]  ? check_panic_on_warn+0x1f/0x90
[ 1107.716318][T26555]  check_panic_on_warn.cold+0x19/0x34
[ 1107.721714][T26555]  ? release_mtd_partition+0x71/0x90
[ 1107.727020][T26555]  __warn.cold+0x191/0x348
[ 1107.731468][T26555]  __report_bug+0x296/0x3d0
[ 1107.735974][T26555]  ? release_mtd_partition+0x71/0x90
[ 1107.741268][T26555]  ? __pfx___report_bug+0x10/0x10
[ 1107.746332][T26555]  ? delete_node+0x20a/0x8f0
[ 1107.750933][T26555]  ? release_mtd_partition+0x71/0x90
[ 1107.756226][T26555]  report_bug+0xb2/0x220
[ 1107.760493][T26555]  ? release_mtd_partition+0x71/0x90
[ 1107.765808][T26555]  handle_bug+0x16a/0x2a0
[ 1107.770148][T26555]  exc_invalid_op+0x17/0x50
[ 1107.774759][T26555]  asm_exc_invalid_op+0x1a/0x20
[ 1107.779643][T26555] RIP: 0010:release_mtd_partition+0x71/0x90
[ 1107.785569][T26555] Code: 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 1e 48 8b 7b 38 e8 bf f7 db fb 48 89 df 5b 5d e9 b5 f7 db fb e8 b0 6c 7c fb 90 <0f> 0b 90 eb c2 e8 e5 08 e8 fb eb db 48 89 ef e8 db 08 e8 fb eb a5
[ 1107.805298][T26555] RSP: 0018:ffffc90003ab7818 EFLAGS: 00010293
[ 1107.811389][T26555] RAX: 0000000000000000 RBX: ffff888055f56000 RCX: ffffffff8b898f17
[ 1107.819394][T26555] RDX: ffff888027b79e80 RSI: ffffffff868bd6d0 RDI: ffff888055f56000
[ 1107.827366][T26555] RBP: ffff888055f56698 R08: 0000000000000001 R09: 0000000000000001
[ 1107.835345][T26555] R10: 0000000000000002 R11: ffffffff81000130 R12: 0000000000000000
[ 1107.843403][T26555] R13: dffffc0000000000 R14: ffff888035e66480 R15: 0000000000000000
[ 1107.851470][T26555]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1107.857546][T26555]  ? delete_node+0x417/0x8f0
[ 1107.862159][T26555]  ? release_mtd_partition+0x70/0x90
[ 1107.867456][T26555]  ? release_mtd_partition+0x70/0x90
[ 1107.872751][T26555]  mtd_release+0xa0/0xd0
[ 1107.877056][T26555]  ? __pfx_mtd_release+0x10/0x10
[ 1107.882000][T26555]  device_release+0xd2/0x270
[ 1107.886607][T26555]  kobject_put+0x1f7/0x640
[ 1107.891030][T26555]  put_device+0x1f/0x30
[ 1107.895200][T26555]  add_mtd_device+0xbd7/0x17a0
[ 1107.899975][T26555]  ? __pfx_add_mtd_device+0x10/0x10
[ 1107.905222][T26555]  mtd_add_partition+0x30a/0x660
[ 1107.910191][T26555]  ? __pfx_mtd_add_partition+0x10/0x10
[ 1107.915657][T26555]  ? __might_fault+0xc5/0x140
[ 1107.920346][T26555]  ? __might_fault+0xc5/0x140
[ 1107.925044][T26555]  mtdchar_blkpg_ioctl+0x207/0x250
[ 1107.930173][T26555]  ? __pfx_mtdchar_blkpg_ioctl+0x10/0x10
[ 1107.935830][T26555]  mtdchar_ioctl+0x1670/0x1fd0
[ 1107.940618][T26555]  ? __pfx_mtdchar_ioctl+0x10/0x10
[ 1107.945741][T26555]  ? lock_acquire+0x1cf/0x380
[ 1107.950441][T26555]  ? trace_contention_end+0x140/0x180
[ 1107.955826][T26555]  ? mtdchar_unlocked_ioctl+0xa2/0xf0
[ 1107.961225][T26555]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1107.966512][T26555]  ? __pfx___mutex_lock+0x10/0x10
[ 1107.971595][T26555]  ? find_held_lock+0x2b/0x80
[ 1107.976307][T26555]  mtdchar_unlocked_ioctl+0xb0/0xf0
[ 1107.981759][T26555]  ? __pfx_mtdchar_unlocked_ioctl+0x10/0x10
[ 1107.987796][T26555]  __x64_sys_ioctl+0x18e/0x210
[ 1107.992599][T26555]  do_syscall_64+0x106/0xf80
[ 1107.997196][T26555]  ? clear_bhb_loop+0x40/0x90
[ 1108.001919][T26555]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1108.007819][T26555] RIP: 0033:0x7f9d66f9c819
[ 1108.012243][T26555] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1108.031950][T26555] RSP: 002b:00007f9d67da7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1108.040409][T26555] RAX: ffffffffffffffda RBX: 00007f9d67216180 RCX: 00007f9d66f9c819
[ 1108.048396][T26555] RDX: 0000000000000000 RSI: 0000000000001269 RDI: 0000000000000005
[ 1108.056489][T26555] RBP: 00007f9d67032c91 R08: 0000000000000000 R09: 0000000000000000
[ 1108.064543][T26555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1108.072548][T26555] R13: 00007f9d67216218 R14: 00007f9d67216180 R15: 00007ffd35e7c878
[ 1108.080548][T26555]  </TASK>
[ 1108.083628][T26555] Kernel Offset: disabled
[ 1108.087970][T26555] Rebooting in 86400 seconds..