last executing test programs:

2m57.697339825s ago: executing program 3 (id=4476):
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
writev$auto(0x8, 0x0, 0xabc)
io_uring_register$auto(0x2, 0x16, &(0x7f0000000040), 0x1)
ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0)
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x340, 0x0)
r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_seg6(&(0x7f00000001c0), r2)
r3 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000140), 0x49ea40, 0x0)
readv$auto(r3, &(0x7f00000000c0)={&(0x7f0000000040)="4db7d577e87088827bf09ff57139c8b606542916e95b84d03594c2a9ef00000000", 0x461e}, 0x71c)
readv$auto(r1, &(0x7f0000000680)={0x0, 0x40200}, 0x3)
ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, 0x0)
close_range$auto(0x2, 0xfffffffffffff000, 0x2)
open(0x0, 0x4242, 0xe1d2b27bdc14aab4)
openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0)
mmap$auto(0x4, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000)
openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x100, 0x0)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
socket(0x35, 0x2, 0x0)
r4 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2003, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto_BLKTRACESETUP2(0xffffffffffffffff, 0xc0481273, &(0x7f0000000240)={"57acb653f82b0a05463dd1f3159f3326c47874b4b901bfd55279ab9a61a4b621", 0xfffa, 0xb, 0x1000a, 0x8201, 0xd02, <r5=>0xffffffffffffffff})
prctl$auto_PR_SCHED_CORE_GET(0x200, 0x0, r5, 0x1ff, 0x401)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, 0x0, 0x2f6583, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x129a00, 0x0)
ioctl$auto(0x3, 0x541b, 0x10000000000402)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x2, 0x948b, 0x3, 0x15f4da0a, 0x1, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0)
write$auto(r4, &(0x7f0000000400)='\xab\xb8\x84\xbf', 0x7)

2m57.40388672s ago: executing program 3 (id=4478):
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080)
ioctl$auto_TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptya5\x00', 0x62c00, 0x0)
openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x101001, 0x0)
openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0)
openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000500)='/dev/tty34\x00', 0x2200, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x4, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
mincore$auto(0x1000, 0x8001, 0x0)
unshare$auto(0x20000080)
connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710}, 0x10)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
munmap$auto(0x20001000, 0x7fb3)
ptrace$auto(0x10, 0x10000000000001, 0xffffffffffffff56, 0x868f)
capset$auto(0x0, 0x0)
select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x5, 0x100000003, 0x9, 0x6, 0x1ff, 0x100000000, 0x3, 0x4, 0x401, 0x0, 0xe8, 0x6, 0x9a8c, 0x9, 0x10001]}, &(0x7f0000000200)={[0x8, 0x8000000000000000, 0x2, 0xb, 0x1, 0x9, 0x0, 0x7fff, 0xa, 0x18f, 0xfffffffffffffff9, 0x3, 0x5a4, 0x1000, 0x80000001, 0x1]}, 0x0, &(0x7f0000000280)={0x10006, 0xcc})

2m50.304498504s ago: executing program 0 (id=4504):
socket(0x11, 0x80003, 0x300)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000)
io_uring_setup$auto(0x6, 0x0)
socket(0x28, 0x2, 0x3a)
setsockopt$auto(0x400000000000003, 0x29, 0xca, 0x0, 0x4)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/orangefs/perf_history_size\x00', 0x1182, 0x0)
mmap$auto(0x0, 0x4, 0xc00000072, 0x8b72, 0x1000000002, 0x8000)
io_uring_setup$auto(0x86, 0x0)
socket(0x5, 0x5, 0xffffffc0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x0, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0xb, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x120e2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$auto_CTRL_CMD_GETPOLICY(r1, &(0x7f00000011c0)={0x0, 0xfff0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010325bd7040ffdbdf250a0000000c0002006e6c383032313100"], 0x28}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040810)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000540), 0xffffffffffffffff)
mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x80000000000000a, 0x2, 0x0)
r3 = socket(0xa, 0x801, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54)
getsockopt$auto(r3, 0x84, 0x6c, 0x0, &(0x7f0000000280)=0x1000c0)

2m49.255191222s ago: executing program 0 (id=4506):
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video53\x00', 0x1c1400, 0x0)
ioctl$auto(0x3, 0x4020565a, 0x38)
openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binderfs/binder0\x00', 0x800, 0x0)
socket(0xa, 0x1, 0x100)
socket(0x1e, 0x1, 0x0)
socket(0x21, 0x3, 0x9)
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=<r0=>0x0, @ANYBLOB="00022abd7000dddbdf25020001000800030000000000080015"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0)
sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18", @ANYRESDEC=r0, @ANYRES32=r0, @ANYRESOCT, @ANYBLOB="eba499f0b6d5133876e009c9fac21f9c38032675478c68a2407b5b45a75e35c2a3cfedfa4521c2d8d190730e1e57fe7c9505e942610827b51686a8f03d1ddb408288a7ea7e69555c0ac550b8c8004faeb63b610f7ff9260c34194a826bf58ba8e4b32d89165b24d5cb8d771851bddbb0d6333462c68f5bab07c33d483fefd88d2d1dbe4535610e", @ANYRES8=r0], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x100007}, 0x3, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3739aae3, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xd, 0x1, 0x948b, 0x1, 0x15f4da0a, 0x1, 0xffffffffd09d8d67, 0x62, 0x80000023, 0x7, 0x6d3e, 0x9, 0x2, 0x2]}, 0x0)
mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0xc0c00, 0x0)
r1 = openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, 0x0, 0xbc102, 0x0)
mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, r1, 0x8001)
io_uring_setup$auto(0x6, 0x0)
ioctl$auto_RTC_RD_TIME(0xffffffffffffffff, 0x80247009, 0x0)
read$auto(0xffffffffffffffff, 0x0, 0x20)
listmount$auto(&(0x7f0000000240)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x2}, 0x0, 0xf4240, 0x1)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x8000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0x8, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)

2m48.750784612s ago: executing program 0 (id=4507):
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x5, 0x14, 0x944, 0x1ffe0, 0x3, 0x6, 0x7, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0x2, 0x5, 0x3, 0x40, 0x7, 0x20, 0x309, 0x6, 0x0, 0x0, 0x200000, 0x0, 0x0, 0xffffffff, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10]}, 0x1fe, 0x81)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
r0 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x1f00, 0x0, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000)
socket(0xa, 0x1, 0x84)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000)
r1 = io_uring_setup$auto(0x1, 0x0)
io_uring_register$auto_IORING_REGISTER_FILE_ALLOC_RANGE(r1, 0x19, 0x0, 0x2)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
close_range$auto(0x0, 0xfffffffffffff001, 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001d40), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r4=>0x0})
sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r2, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="c79f25bd7000ffdbdf250700000008000300", @ANYRES32=r4, @ANYBLOB="601ad438fd9464853f9d6f2753ee4580e71eb3"], 0x1c}, 0x1, 0x0, 0x0, 0xc031}, 0x44)
memfd_secret$auto(0x8)
socket$nl_generic(0x10, 0x3, 0x10)
memfd_secret$auto(0x0)
mmap$auto(0x0, 0x810004, 0xf78, 0x8000000008011, 0x3, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
madvise$auto(0x0, 0x20499d, 0x9)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x15, 0x5, 0x0)
openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0)

2m47.963389455s ago: executing program 0 (id=4508):
unshare$auto(0x40000080)
mmap$auto(0x0, 0x20009, 0x4400000000df, 0xc157, 0x101000000000000, 0x7)
prctl$auto(0x3e, 0x8, 0x0, 0x0, 0xfffffffffffffffe)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x6)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x4, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
socket(0x1d, 0xa, 0x1)
epoll_create$auto(0x4)
mq_open$auto(0x0, 0x5, 0x3, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000840)='/proc/sys/vm/dirty_background_ratio\x00', 0x280202, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000000c0)={[0x1ff, 0xfff, 0x200000d, 0x4, 0x948b, 0x3, 0x15f4da0a, 0xa, 0x3, 0x3, 0x80000001, 0x7, 0x7, 0x9, 0xfffffffffffffffc, 0x8001]}, 0x0)
sched_get_priority_min$auto(0x40)
socket(0x2, 0xa, 0x0)
mmap$auto(0x0, 0x8, 0x3, 0x9b72, 0x2, 0x8000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), r0)
sendmsg$auto_TIPC_NL_MEDIA_GET(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=ANY=[@ANYBLOB="824976ea", @ANYRES16=r1, @ANYBLOB="010729bd7000fddbdf250b000000"], 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x10)

2m45.918778876s ago: executing program 0 (id=4511):
madvise$auto(0x0, 0xffffffffffff0009, 0x8)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nbd6/range\x00', 0x100, 0x0)
keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x8, 0x5, 0x8)
keyctl$auto(0x11, 0x0, 0x69c9, 0x0, 0xbc9)
socket(0x11, 0xa, 0xc)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000e40)='/sys/devices/pci0000:00/0000:00:01.3/config\x00', 0x2, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000003c0)=""/231, 0xe7)
unshare$auto(0x40000080)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
writev$auto(0x3, 0x0, 0x8)
mmap$auto(0xfffffffffffffffd, 0x8, 0x4000000000df, 0xa56, r0, 0x40000008000)
r2 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x28000, 0x0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x1c}}, 0x4044820)
ioctl$auto_XFS_IOC_ERROR_INJECTION(0xffffffffffffffff, 0x40085874, &(0x7f00000000c0)={0xffffffffffffffff, 0x1})
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x4, 0x0, 0x1, 0x0)
write$auto(r3, &(0x7f0000000400)='/d\xe5\xf0\xff\xff\xff\xff\xff\xff\xff\x00', 0x100000a3d9)
socket(0x1e, 0x1, 0x0)
setsockopt$auto(0x3, 0x5, 0x100000000, 0xfffffffffffffffc, 0xa)
getpid()
rt_sigprocmask$auto(0x26, &(0x7f0000000040)={0x80000000}, &(0x7f0000000080)={0x4000100000000009}, 0x8)
mmap$auto(0x6, 0x48000a, 0x500002bb, 0x12, r2, 0x1)
io_uring_setup$auto(0x6, 0x0)
unshare$auto(0x40000080)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x96141, 0x0)
socket(0x25, 0x3, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x2b0e82, 0x0)
ioctl$auto_TIOCSWINSZ2(0xffffffffffffffff, 0x5414, &(0x7f0000000040))

2m44.65945358s ago: executing program 1 (id=4513):
sendmsg$auto_SMC_NETLINK_REMOVE_UEID(0xffffffffffffffff, 0x0, 0x20000000)
socket(0x2, 0x3, 0xa)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x40, 0x0)
ioctl$auto_HDIO_GETGEO(r0, 0x301, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7001400)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb5, 0x401, 0x300000000000)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8001)
r2 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x20800, 0x0)
ioctl$auto(r2, 0xb21064d1, 0x20000a)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x7, 0x4a})
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[], 0x1ac}}, 0x40000)
r3 = openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f00000000c0), 0x10000, 0x0)
close_range$auto(r1, r3, 0x7)
sendmsg$auto_IEEE802154_LLSEC_ADD_KEY(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x8001)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000)
socket(0x29, 0x6, 0xe64)
sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x2404c800)
kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4)

2m42.765408655s ago: executing program 1 (id=4514):
socket(0x2, 0x3, 0xa)
r0 = socket(0x29, 0x2, 0x0)
setsockopt$auto(r0, 0x80000000, 0xac3, 0x0, 0x800008)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0)
bpf$auto_BPF_LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0)
unshare$auto(0x40000080)
mmap$auto(0x40000000007, 0x20009, 0x4400000000df, 0xc157, 0x101000000000000, 0x7)
mmap$auto(0x0, 0xe97f, 0xdf, 0xeb1, 0x401, 0x46)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
socket(0x11, 0x80003, 0xf)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a)
sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000)
recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
socket(0x1d, 0x2, 0x6)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0)
syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x40000)
setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9)
write$auto(0x3, 0x0, 0xfffffdef)

2m39.527753887s ago: executing program 0 (id=4518):
mmap$auto(0x0, 0x20009, 0x4000000000db, 0xeb1, 0x400, 0x8000)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="1b0026bd7000fddbdf25030000120800e8800400118012000100898771f1c19f17790485908288470000"], 0x30}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}}, 0x40000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)={0x30, r2, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_SCOPE={0x9, 0x4, 'nfsd\x00'}, @NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x85}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0x30}}, 0x4000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)

2m38.324251527s ago: executing program 1 (id=4520):
openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000e80)='/sys/kernel/tracing/trace_options\x00', 0x8002, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/dummy_hcd.0/usb1/bDeviceClass\x00', 0x101000, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000240)=""/214, 0xd6)
r1 = geteuid()
keyctl$auto(0x1f, r1, r1, 0x5, 0xffffffffffffffff)
openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0)
unshare$auto(0x40000080)
r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, 0x0)
unshare$auto(0x40000080)
socket(0x1e, 0x1, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3db)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/admmidi2\x00', 0x1, 0x0)
write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
setsockopt$auto(0x3, 0xffffff54, 0x100000000, 0xfffffffffffffffc, 0x9)
mmap$auto(0x1ffffffffffffff, 0x40000a, 0x2bb, 0x13, 0x2, 0x7)
r5 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/self/status\x00', 0x40000, 0x0)
read$auto_proc_single_file_operations_base(r5, 0x0, 0x0)
socket(0x11, 0x80003, 0x300)
sendmsg$auto_NLBL_MGMT_C_REMOVE(r3, 0x0, 0x4000)
io_uring_setup$auto(0x10000, 0x0)
socketpair$auto(0xfffffffc, 0x1, 0x2, 0x0)
socket(0x11, 0xa, 0x300)

2m35.762414692s ago: executing program 1 (id=4524):
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x5, 0x14, 0x944, 0x1ffe0, 0x3, 0x6, 0x7, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0x2, 0x5, 0x3, 0x40, 0x7, 0x20, 0x309, 0x6, 0x0, 0x0, 0x200000, 0x0, 0x0, 0xffffffff, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10]}, 0x1fe, 0x81)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
r0 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000040)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000)
socket(0xa, 0x1, 0x84)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000)
r1 = io_uring_setup$auto(0x1, 0x0)
io_uring_register$auto_IORING_REGISTER_FILE_ALLOC_RANGE(r1, 0x19, 0x0, 0x2)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
close_range$auto(0x0, 0xfffffffffffff001, 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r4=>0x0})
sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r2, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="c79f25bd7000ffdbdf250700000008000300", @ANYRES32=r4, @ANYBLOB="601ad438fd9464853f9d6f2753ee4580e71eb3"], 0x1c}, 0x1, 0x0, 0x0, 0xc031}, 0x44)
memfd_secret$auto(0x8)
socket$nl_generic(0x10, 0x3, 0x10)
memfd_secret$auto(0x0)
mmap$auto(0x0, 0x810004, 0xf78, 0x8000000008011, 0x3, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
madvise$auto(0x0, 0x20499d, 0x9)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x15, 0x5, 0x0)
openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0)

2m35.193638822s ago: executing program 1 (id=4525):
r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000000), 0x121000, 0x0)
ioctl$auto_VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000040)={0x7fffffff})
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x5, 0x8)
keyctl$auto(0x11, 0xdfffffffffffffff, 0x69c9, 0x0, 0xbcd)
ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x0)
mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001)
mount$auto(0x0, &(0x7f0000000100)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x10001, 0x0)
utimes$auto(&(0x7f0000000080)='}[,&*}\x00', 0x0)
r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0xa0100, 0x0)
ioctl$auto_SNDCTL_TMR_SELECT(r1, 0x40045408, 0x0)
mmap$auto(0xffffffffffffffff, 0x0, 0x4000000000df, 0xeb1, 0xd4, 0x8000)
r2 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000c40)='/proc/self/syscall\x00', 0x80, 0x0)
openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0)
ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0)
r3 = syz_genetlink_get_family_id$auto_ovs_flow(0x0, 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_OVS_FLOW_CMD_GET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x24, r3, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x18, 0x0, 0x0, @uid}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24000080}, 0x800)
read$auto_proc_single_file_operations_base(r2, &(0x7f00000001c0)=""/164, 0xa4)

2m34.9515553s ago: executing program 3 (id=4484):
unshare$auto(0x40000080)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000)
recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
socket(0x1d, 0x2, 0x6)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0)
syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
sendmsg$auto_NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x80)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'})
r2 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb1\x00', 0x420401, 0x0)
ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000080)=0x400)
ioctl$auto_FBIOPUT_VSCREENINFO(r2, 0x4601, &(0x7f0000000080))
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x40000)
write$auto(0x3, 0x0, 0xfffffdef)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
syz_genetlink_get_family_id$auto_tipcv2(&(0x7f00000000c0), 0xffffffffffffffff)
mmap$auto(0x0, 0x20009, 0xda, 0xeb1, 0x405, 0x0)
r3 = openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000040), 0x481, 0x0)
pwrite64$auto(r3, 0x0, 0x400000, 0xc)
ioctl$auto_BLKTRACESETUP32(0xffffffffffffffff, 0xc0401273, &(0x7f0000000180)={"c16f6303d5736a1b0feb8f6a0554277f3190781cfe525c42f1ebed0dc940e2fd", 0x3, 0xff, 0x3798, 0xd, 0x810})
fcntl$getown(r0, 0x9)
msgctl$auto_MSG_STAT_ANY(0x5, 0xd, &(0x7f0000000380)={{0x4468ebf0, 0xee01, 0x0, 0x7, 0x6, 0x7, 0x102}, &(0x7f0000000100)=0x5, &(0x7f0000000340)=0xa, 0xfffffffffffffff8, 0x0, 0x3, 0x81, 0x3, 0x4, 0xf25, 0x5, @inferred, @raw=0x5})
r4 = gettid()
process_vm_readv$auto(r4, &(0x7f0000000040)={0x0, 0x2}, 0x4, &(0x7f00000000c0)={0x0, 0x100000000000002}, 0x3, 0x0)

2m34.909361529s ago: executing program 1 (id=4527):
syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff)
syz_genetlink_get_family_id$auto_netdev(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_IOAM6_CMD_ADD_SCHEMA(r0, 0x0, 0x8010)
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x4000000)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, 0x0, 0x80)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000004c0)={0x30, r3, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@ETHTOOL_A_FEATURES_WANTED={0x4}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x24004840}, 0x4000000)

2m33.528643117s ago: executing program 3 (id=4534):
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
socketpair$auto(0x1, 0x0, 0x3, 0x0)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0xc7f16bff2a10ba01, 0x0)
r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$auto_MON_IOCX_GETX(r1, 0x4018920a, 0x0)
ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0)
r2 = socketpair$auto(0x20004, 0x1, 0x1, 0x0)
r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0)
ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0)
sendmsg$auto_NL802154_CMD_NEW_SEC_LEVEL(r2, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="90010000", @ANYRES16=0x0, @ANYBLOB="00012cbd7000fddbdf252000000008001600feffffff06000a000b00000008002c00020000003c002f803600db80040000800c000300000100000000000008001e00ac1414aaaf51804aa9f9bde7a20d784041e159f5a17b1f6b3e6d0f74309400000800050005000000050007007f00000017012f80533bc3f230b6ac607578d0a4d83e5f3da371020450fe8ebb75b22ba5896d25f65ca6805f717abd4332dd6d002c1ac406b18d32661b77815b114468b77216b04f26e4682b1610ba4eacceb4704a7c7ddcf76a91598a2125ce4a75f0e177ab8da75c1a16eeeea9ce204f67cd964b68c6d0fa23a85ffd0e9334d1297850bd3f9c6b17fd613ebd114c477fe3658b3e4166377b2d80b293d6fd1b4926832beffb70292569cdfec4a0d954f0366e280c1085c838e40f895a7a030000008618dadb569654122d3653a424f2bb2239498f04b9b0cd93e9aa635443a9f99a4e90a9046114a8d9ef490567639d1ec6a1ef7fdf2519849a00416d0c13f5220ca16e439177578c2ab498a60ff3ec73244ab898defbe58dca9600"], 0x190}, 0x1, 0x0, 0x0, 0x440c0}, 0x890)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
r4 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000003640), 0x0, 0x0)
ioctl$auto_RTC_PARAM_GET(r4, 0x40187013, &(0x7f0000003680)={0x7, @uvalue=0x2c, 0x4})
io_uring_setup$auto(0x6, 0x0)
statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r5 = openat$auto_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
pread64$auto(r5, &(0x7f0000002f00)='@[}\x00', 0x80002, 0x3)

2m32.942021522s ago: executing program 3 (id=4536):
r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000000), 0x121000, 0x0)
ioctl$auto_VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000040)={0x7fffffff})
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x5, 0x8)
keyctl$auto(0x11, 0xdfffffffffffffff, 0x69c9, 0x0, 0xbcd)
ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x0)
mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001)
mount$auto(0x0, &(0x7f0000000100)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x10001, 0x0)
utimes$auto(&(0x7f0000000080)='}[,&*}\x00', 0x0)
r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0xa0100, 0x0)
ioctl$auto_SNDCTL_TMR_SELECT(r1, 0x40045408, 0x0)
mmap$auto(0xffffffffffffffff, 0x0, 0x4000000000df, 0xeb1, 0xd4, 0x8000)
r2 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000c40)='/proc/self/syscall\x00', 0x80, 0x0)
openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0)
ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0)
r3 = syz_genetlink_get_family_id$auto_ovs_flow(0x0, 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_OVS_FLOW_CMD_GET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x24, r3, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x18, 0x0, 0x0, @uid}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24000080}, 0x800)
read$auto_proc_single_file_operations_base(r2, &(0x7f00000001c0)=""/164, 0xa4)

2m32.74890382s ago: executing program 3 (id=4538):
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x68a80, 0x0)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
openat$auto_proc_mem_operations_base(0xffffffffffffff9c, 0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x5, 0x0)
accept$auto(r0, 0x0, 0x0)
syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_TIPC_NL_LINK_GET(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000055}, 0x4)
personality$auto(0x40004010410ffc)
openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, 0x0, 0x800)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x705040, 0x0)
r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000400)='/proc/tty/driver/serial\x00', 0x43102, 0x0)
sendfile$auto(r0, r2, 0x0, 0x5) (fail_nth: 1)

2m32.318468851s ago: executing program 2 (id=4542):
unshare$auto(0x40000080)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000)
recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
socket(0x1d, 0x2, 0x6)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0)
syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$auto_NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x80)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'})
r2 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb1\x00', 0x420401, 0x0)
ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000080)=0x400)
ioctl$auto_FBIOPUT_VSCREENINFO(r2, 0x4601, &(0x7f0000000080))
write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x40000)
write$auto(0x3, 0x0, 0xfffffdef)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
syz_genetlink_get_family_id$auto_tipcv2(&(0x7f00000000c0), 0xffffffffffffffff)
mmap$auto(0x0, 0x20009, 0xda, 0xeb1, 0x405, 0x0)
r3 = openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000040), 0x481, 0x0)
pwrite64$auto(r3, 0x0, 0x400000, 0xc)
ioctl$auto_BLKTRACESETUP32(r1, 0xc0401273, &(0x7f0000000180)={"c16f6303d5736a1b0feb8f6a0554277f3190781cfe525c42f1ebed0dc940e2fd", 0x3, 0xff, 0x3798, 0xd, 0x810})
fcntl$getown(r0, 0x9)
msgctl$auto_MSG_STAT_ANY(0x5, 0xd, &(0x7f0000000380)={{0x4468ebf0, 0xee01, 0x0, 0x7, 0x6, 0x7, 0x102}, &(0x7f0000000100)=0x5, &(0x7f0000000340)=0xa, 0xfffffffffffffff8, 0x0, 0x3, 0x81, 0x3, 0x4, 0xf25, 0x5, @inferred, @raw=0x5})
r4 = gettid()
process_vm_readv$auto(r4, &(0x7f0000000040)={0x0, 0x2}, 0x4, &(0x7f00000000c0)={0x0, 0x100000000000002}, 0x3, 0x0)

2m32.010273705s ago: executing program 2 (id=4543):
madvise$auto(0x0, 0x3, 0x15) (async)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty53\x00', 0x200, 0x0) (async)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0) (async)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) (async)
select$auto(0x7, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x2, 0x3, 0x95f4da0a, 0xefffffffffffffff, 0x3, 0x62, 0x80000001, 0x10000000000004, 0x6d40, 0x1, 0x2, 0xfffffffffffffffe]}, 0x0) (async)
settimeofday$auto(0x0, &(0x7f00000003c0)={0x3, 0x80000001}) (async)
mmap$auto(0x11, 0x400008, 0x6, 0x411, 0x2, 0xba44) (async)
r3 = socket(0x10, 0x3, 0x6) (async)
r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff)
close_range$auto(r2, r0, 0x4) (async)
sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="01002baec31d0077000debe59aa60600000000000000008cc9a675a856939521ab8c72f0d53510000000"], 0x14}, 0x1, 0x0, 0x0, 0x20048810}, 0x4804)
r5 = socket(0x2b, 0x1, 0x1) (async)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) (async)
ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, &(0x7f0000000040)={0x6, 0x0}) (async)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(r5, 0x0, 0x1) (async)
close_range$auto(0x2, 0x8, 0x0)
r6 = socket(0x2, 0x80002, 0x73) (async)
socket(0x2, 0x1, 0x84) (async)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) (async)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
setsockopt$auto(r6, 0x3, 0x19, 0x0, 0xa)
openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000000), 0x20800, 0x0)
ioctl$auto(0x3, 0x541b, 0x38) (async)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)

2m31.84260785s ago: executing program 2 (id=4544):
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x5, 0x14, 0x944, 0x1ffe0, 0x3, 0x6, 0x7, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0x2, 0x5, 0x3, 0x40, 0x7, 0x20, 0x309, 0x6, 0x0, 0x0, 0x200000, 0x0, 0x0, 0xffffffff, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10]}, 0x1fe, 0x81)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
r0 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000040)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000)
socket(0xa, 0x1, 0x84)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000)
r1 = io_uring_setup$auto(0x1, 0x0)
io_uring_register$auto_IORING_REGISTER_FILE_ALLOC_RANGE(r1, 0x19, 0x0, 0x2)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
close_range$auto(0x0, 0xfffffffffffff001, 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001d40), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r2, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="c79f25bd7000ffdbdf250700000008000300", @ANYRES32, @ANYBLOB="601ad438fd9464853f9d6f2753ee4580e71eb3"], 0x1c}, 0x1, 0x0, 0x0, 0xc031}, 0x44)
memfd_secret$auto(0x8)
socket$nl_generic(0x10, 0x3, 0x10)
memfd_secret$auto(0x0)
mmap$auto(0x0, 0x810004, 0xf78, 0x8000000008011, 0x3, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
madvise$auto(0x0, 0x20499d, 0x9)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x15, 0x5, 0x0)
openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0)

2m31.71015438s ago: executing program 2 (id=4545):
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
socketpair$auto(0x1, 0x0, 0x3, 0x0)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0xc7f16bff2a10ba01, 0x0)
r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$auto_MON_IOCX_GETX(r1, 0x4018920a, 0x0)
ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0)
r2 = socketpair$auto(0x20004, 0x1, 0x1, 0x0)
r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0)
ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0)
sendmsg$auto_NL802154_CMD_NEW_SEC_LEVEL(r2, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="90010000", @ANYRES16=0x0, @ANYBLOB="00012cbd7000fddbdf252000000008001600feffffff06000a000b00000008002c00020000003c002f803600db80040000800c000300000100000000000008001e00ac1414aaaf51804aa9f9bde7a20d784041e159f5a17b1f6b3e6d0f74309400000800050005000000050007007f00000017012f80533bc3f230b6ac607578d0a4d83e5f3da371020450fe8ebb75b22ba5896d25f65ca6805f717abd4332dd6d002c1ac406b18d32661b77815b114468b77216b04f26e4682b1610ba4eacceb4704a7c7ddcf76a91598a2125ce4a75f0e177ab8da75c1a16eeeea9ce204f67cd964b68c6d0fa23a85ffd0e9334d1297850bd3f9c6b17fd613ebd114c477fe3658b3e4166377b2d80b293d6fd1b4926832beffb70292569cdfec4a0d954f0366e280c1085c838e40f895a7a030000008618dadb569654122d3653a424f2bb2239498f04b9b0cd93e9aa635443a9f99a4e90a9046114a8d9ef490567639d1ec6a1ef7fdf2519849a00416d0c13f5220ca16e439177578c2ab498a60ff3ec73244ab898defbe58dca9600"], 0x190}, 0x1, 0x0, 0x0, 0x440c0}, 0x890)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
r4 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000003640), 0x0, 0x0)
ioctl$auto_RTC_PARAM_GET(r4, 0x40187013, &(0x7f0000003680)={0x7, @uvalue=0x2c, 0x4})
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r5 = openat$auto_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
pread64$auto(r5, &(0x7f0000002f00)='@[}\x00', 0x80002, 0x3)

2m31.591115956s ago: executing program 2 (id=4546):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket(0x10, 0x2, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x15, 0x5, 0x0)
r3 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/input/mice\x00', 0x22002, 0x0)
r4 = socket(0x2, 0x801, 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$auto_BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f00000001c0)=@bpf_attr_3={0x8, 0x200000, 0x1, 0x5, 0x101, 0xfffffffe, 0x4, 0xffff, 0x2f, "0df731fbfbfe459de86802d139d5e98e", 0x0, 0x1ff, r0, 0x5, 0x6, 0x2, 0x3, 0x10000, 0x1, 0x7, @attach_btf_obj_fd=r1, 0xfffffffb, 0xfffffffffffffff6, 0x1, 0x7, 0xffe00000, 0xffffffffffffffff, r2}, 0x0)
socket(0xa, 0x80803, 0x100)
mmap$auto(0x1ff, 0x2000d, 0x0, 0x18, r5, 0x6)
setsockopt$auto(r4, 0x6, 0xa, 0x0, 0x9)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
write$auto_mousedev_fops_mousedev(r3, &(0x7f00000000c0)="13", 0x1)
socket(0x2, 0x2, 0x88)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/block/ram5/integrity/format\x00', 0x88282, 0x0)
mmap$auto(0x800000000, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x0)
socketpair$auto(0x1000002, 0x5, 0x9, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/platform/vhci_hcd.10/usb30/30-0:1.0/usb30-port8/usb3_lpm_permit\x00', 0x1211c2, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/net\x00')
socketpair$auto(0xc6, 0x3, 0xfff, &(0x7f0000000000)=0x1)
close_range$auto(0x2, 0x8, 0x0)
r6 = socket(0x11, 0x3, 0x9)
close_range$auto(0x2, r6, 0x0)
r7 = socket(0x23, 0xa, 0xa6)
setsockopt$auto(r7, 0x107, 0x14, 0x0, 0x4)
sendmmsg$auto(r6, &(0x7f0000000080)={{&(0x7f0000000100)="9f15c0e69e3869dcc7d015e6eca796e8dbbf5959bb63aa1311c11436001ea01551799e6889cec98ed3766ad038fce089cbb015e333", 0x2, 0x0, 0x2, 0x0, 0xffffffffffff7fff, 0x801000}, 0x8000006}, 0xffffffff, 0xff)

2m30.688796004s ago: executing program 2 (id=4547):
r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000000), 0x121000, 0x0)
ioctl$auto_VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000040)={0x7fffffff})
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x5, 0x8)
keyctl$auto(0x11, 0xdfffffffffffffff, 0x69c9, 0x0, 0xbcd)
ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x0)
mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001)
mount$auto(0x0, &(0x7f0000000100)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x10001, 0x0)
utimes$auto(&(0x7f0000000080)='}[,&*}\x00', 0x0)
r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0xa0100, 0x0)
ioctl$auto_SNDCTL_TMR_SELECT(r1, 0x40045408, 0x0)
mmap$auto(0xffffffffffffffff, 0x0, 0x4000000000df, 0xeb1, 0xd4, 0x8000)
r2 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000c40)='/proc/self/syscall\x00', 0x80, 0x0)
openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0)
ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0)
syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_OVS_FLOW_CMD_GET(r3, 0x0, 0x800)
read$auto_proc_single_file_operations_base(r2, &(0x7f00000001c0)=""/164, 0xa4)

2m24.064709822s ago: executing program 32 (id=4518):
mmap$auto(0x0, 0x20009, 0x4000000000db, 0xeb1, 0x400, 0x8000)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="1b0026bd7000fddbdf25030000120800e8800400118012000100898771f1c19f17790485908288470000"], 0x30}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}}, 0x40000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)={0x30, r2, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_SCOPE={0x9, 0x4, 'nfsd\x00'}, @NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x85}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0x30}}, 0x4000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)

2m19.699632362s ago: executing program 33 (id=4527):
syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff)
syz_genetlink_get_family_id$auto_netdev(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_IOAM6_CMD_ADD_SCHEMA(r0, 0x0, 0x8010)
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x4000000)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, 0x0, 0x80)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000004c0)={0x30, r3, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@ETHTOOL_A_FEATURES_WANTED={0x4}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x24004840}, 0x4000000)

2m16.896323009s ago: executing program 34 (id=4538):
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x68a80, 0x0)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
openat$auto_proc_mem_operations_base(0xffffffffffffff9c, 0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x5, 0x0)
accept$auto(r0, 0x0, 0x0)
syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_TIPC_NL_LINK_GET(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000055}, 0x4)
personality$auto(0x40004010410ffc)
openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, 0x0, 0x800)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x705040, 0x0)
r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000400)='/proc/tty/driver/serial\x00', 0x43102, 0x0)
sendfile$auto(r0, r2, 0x0, 0x5) (fail_nth: 1)

2m15.27295652s ago: executing program 35 (id=4547):
r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000000), 0x121000, 0x0)
ioctl$auto_VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000040)={0x7fffffff})
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x5, 0x8)
keyctl$auto(0x11, 0xdfffffffffffffff, 0x69c9, 0x0, 0xbcd)
ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x0)
mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001)
mount$auto(0x0, &(0x7f0000000100)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x10001, 0x0)
utimes$auto(&(0x7f0000000080)='}[,&*}\x00', 0x0)
r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0xa0100, 0x0)
ioctl$auto_SNDCTL_TMR_SELECT(r1, 0x40045408, 0x0)
mmap$auto(0xffffffffffffffff, 0x0, 0x4000000000df, 0xeb1, 0xd4, 0x8000)
r2 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000c40)='/proc/self/syscall\x00', 0x80, 0x0)
openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0)
ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0)
syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_OVS_FLOW_CMD_GET(r3, 0x0, 0x800)
read$auto_proc_single_file_operations_base(r2, &(0x7f00000001c0)=""/164, 0xa4)

2m5.315187431s ago: executing program 4 (id=4582):
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x8810}, 0x40)
ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0)
ioctl$auto_PPPIOCSPASS(0xffffffffffffffff, 0x40107447, 0x0)
io_uring_setup$auto(0x2, 0x0)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYRES16=0x0, @ANYBLOB="040026bd7000fcdbdf25", @ANYRES32, @ANYBLOB="1400bd00fc0000000000"], 0x119c}, 0x1, 0x0, 0x0, 0x90}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000)
recvmmsg$auto(r0, &(0x7f0000000000)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0)

2m4.148257773s ago: executing program 4 (id=4583):
socket(0x2, 0x3, 0x6)
move_mount$auto(0xffffffffffffffff, &(0x7f0000002cc0)='./file0\x00', 0xffffffffffffffff, &(0x7f0000002d00)='./file0\x00', 0x40)
socket(0x2, 0x1, 0x0)
setsockopt$auto(0x3, 0x1, 0x2a, 0x0, 0x3)

2m3.664349526s ago: executing program 4 (id=4585):
r0 = openat$auto_tomoyo_self_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000240), 0x8e41, 0x0)
write$auto_tomoyo_self_operations_securityfs_if(r0, 0x0, 0x0)

2m2.887200458s ago: executing program 4 (id=4593):
r0 = io_uring_setup$auto(0x1, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000e1, 0xffffffffffff75b0, r0, 0x8040) (async)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.3/usb4/4-0:1.0/authorized\x00', 0x10b142, 0x0) (async)
socketpair$auto(0x1a, 0x1000006, 0x3, 0x0)
r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000004c0), 0x22000, 0x0)
ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, 0x0) (async)
ioctl$auto_SNDRV_TIMER_IOCTL_START(r1, 0x54a0, 0x0) (async)
unshare$auto(0x40000080) (async)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x14480, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0) (async)
r3 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x40080, 0x0) (async)
mmap$auto(0x4, 0xdb3, 0x7ff, 0xeb1, 0x401, 0x7fff)
r4 = semctl$auto(0x2, 0x36d, 0x8, 0x493a)
r5 = prctl$auto(0x80005, 0x20000000007, r4, 0x8000080005, 0x3)
mmap$auto(0x0, 0x4, 0x14000000000df, 0x40eb2, r5, 0x300000000000) (async)
lseek$auto(r3, 0x7ff, 0x1) (async)
r6 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r7 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000000), 0x88600, 0x0)
ioctl$auto_UBI_IOCATT(r7, 0x40186f40, 0x0) (async)
r8 = socket(0x27, 0x1, 0x400001)
setsockopt$auto(r8, 0x0, 0x1, 0x0, 0x1e) (async)
write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
setsockopt$auto(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000880)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\xff\x1b\x01\x1e\xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\xf2Vw\xbe\x1c$\xddm\x8a\x9d\x91_\vBj\x0eQ\xce\x16\'C\x8c\x01\x80\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\x00\x00\x00\x00\xe4\xa5\xfe\xb5h\xae\xec%\xf9\x94>\xd6,\xf3\x98\'\xb0\t~~\xb4\x98\xbb3=A\x9c\x17\xaa\xce\fh-M\xdb-\x15VX\xfe\xca+\xb5\x95\xb3JL\x0fl\xe84\xbd\xa3nO\x9f\xfa\xb1\x06$\b$i3\x83\xd7\x06\xd6\x1e\xdbB\x9bb\x1cXC\x8c\x8b\xd9\xff\xf2Bf\x99!Z\x13\xff\xca\xf3e\x015\x9b\x86\xd6$\x1a\r3\x91\xb7\x942\xeb\xadVA\xfc\x1f\xbf1\xb7T\xc1\xbf\xc0\xc2\xfc\xe8w\xd33\xb2,\xb0\x9fA3\xc2\xa2\x1cM\x825\x94U\xbbNeb\xd2\xa9\x0f\xed\x8b\xea\xfa\x8a\x04.\xffMIw\x0f\xd6\xae^\xd2\xf1j\xcb\r\xa4\x1d0d\xca\x81\x9c\x80GL\x0e\xe6\x19\x8au\x1a7\xc5|\xf6\x1e\xe00\xc6\"\x83\x1c\xa2\x9e\a\x1c\xea\xa3\x9c\xe1BF\x05b\xf6\xdcf\x04\xd9B\xb9\x98\x9cq\xbd\xfb\xb5~\xf2\x8d\x9f`\xec\xd0\xafY\xcf\x84', 0x18000113) (async)
connect$auto(0x3, 0x0, 0x58) (async)
mmap$auto(0x0, 0x62, 0x108, 0x200000000ebd, r6, 0x9) (async)
semctl$auto_IPC_INFO(0x5, 0x20000007, 0x3, 0x0)

2m1.084274422s ago: executing program 4 (id=4591):
sendmsg$auto_SMC_NETLINK_REMOVE_UEID(0xffffffffffffffff, 0x0, 0x20000000)
socket(0x2, 0x3, 0xa)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x40, 0x0)
ioctl$auto_HDIO_GETGEO(r0, 0x301, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7001400)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb5, 0x401, 0x300000000000)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto_SNDCTL_DSP_GETODELAY(0xffffffffffffffff, 0x80045017, 0x0)
r1 = io_uring_setup$auto(0x6, 0x0)
r2 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x20800, 0x0)
ioctl$auto(r2, 0xb21064d1, 0x20000a)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x7, 0x4a})
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[], 0x1ac}}, 0x40000)
r3 = openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f00000000c0), 0x10000, 0x0)
close_range$auto(r1, r3, 0x7)
sendmsg$auto_IEEE802154_LLSEC_ADD_KEY(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x8001)
sendmmsg$auto(0xffffffffffffffff, 0x0, 0x2, 0x100)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000)
kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4)

1m58.933672578s ago: executing program 4 (id=4596):
mmap$auto(0x0, 0x20006, 0xdf, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0)
ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0)
ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6)
ioctl$auto_IOCTL_VMCI_DATAGRAM_RECEIVE(r0, 0x7ac, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r1 = io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3)
r2 = socket(0xa, 0x801, 0x100)
setsockopt$auto(r2, 0x6, 0x2, 0x0, 0xfb3)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, 0x0, 0x80)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x18, 0x101000000000000, 0x8000)
unshare$auto(0x40000080)
write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x01\x00\xb6', 0x7f)
mprotect$auto(0x1ffff000, 0x8000000000000004, 0xd)
r5 = socket(0x9, 0x0, 0x3a)
setsockopt$auto(r5, 0x29, 0x4c, 0x0, 0x4)
read$auto_proc_auxv_operations_base(r1, &(0x7f0000000100)=""/232, 0xe8)
r6 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000000), r4)
sendmsg$auto_NFSD_CMD_THREADS_SET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000000c0)={0x1c, r6, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x49}]}, 0x1c}}, 0x4000)
close_range$auto(0x2, 0x8000, 0x0)
openat$auto_userfaultfd_dev_fops_userfaultfd(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)

1m43.844545612s ago: executing program 36 (id=4596):
mmap$auto(0x0, 0x20006, 0xdf, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0)
ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0)
ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6)
ioctl$auto_IOCTL_VMCI_DATAGRAM_RECEIVE(r0, 0x7ac, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r1 = io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3)
r2 = socket(0xa, 0x801, 0x100)
setsockopt$auto(r2, 0x6, 0x2, 0x0, 0xfb3)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, 0x0, 0x80)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x18, 0x101000000000000, 0x8000)
unshare$auto(0x40000080)
write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x01\x00\xb6', 0x7f)
mprotect$auto(0x1ffff000, 0x8000000000000004, 0xd)
r5 = socket(0x9, 0x0, 0x3a)
setsockopt$auto(r5, 0x29, 0x4c, 0x0, 0x4)
read$auto_proc_auxv_operations_base(r1, &(0x7f0000000100)=""/232, 0xe8)
r6 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000000), r4)
sendmsg$auto_NFSD_CMD_THREADS_SET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000000c0)={0x1c, r6, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x49}]}, 0x1c}}, 0x4000)
close_range$auto(0x2, 0x8000, 0x0)
openat$auto_userfaultfd_dev_fops_userfaultfd(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)

1m29.121291411s ago: executing program 7 (id=4679):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = socket(0x1d, 0x2, 0x6)
r1 = socket(0x11, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r2=>0x0})
bind$auto(r0, &(0x7f0000000040)=@can={0x1d, r2, 0xfd}, 0x6a)
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x6c}, 0x1, 0x0, 0x0, 0x40084}, 0x40)
sendmsg$auto_L2TP_CMD_SESSION_GET(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x24000004)
syz_open_procfs$namespace(0x0, &(0x7f0000000040))
socket(0x15, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x20008000)
socket(0x11, 0x2, 0x73)
io_uring_setup$auto(0x7e1b, 0x0)
socket(0x2, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x11, 0x2, 0x14)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0)
r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0)
ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0)
ioctl$auto(0x3, 0x5411, 0x38)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6tnl0\x00', <r4=>0x0})
sendmsg$auto_OVS_VPORT_CMD_GET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000e7", @ANYRES16=0x0, @ANYBLOB="25052abd7000fddbdf2503000000080001000c00000008000800", @ANYRES32=r4, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x4000050}, 0x20000090)
statmount$auto(0x0, &(0x7f0000000180)={0x770, 0x1, 0x201, 0x1, 0x5, 0x3, 0x3ffde, 0x400, 0x3, 0x9, 0x6, 0x80004, 0x4, 0x11ffffffffffd, 0xb2, 0x2, 0x9, 0x10, 0x80, 0x80000002a0, 0x0, 0x1, 0x1, 0x1ff, 0x9, 0xbca7, 0x4, 0x0, 0x0, 0x0, 0x0, [0x0, 0xe, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x0, 0x0, 0x0, 0x7fffffff, 0xffffffffffffffff, 0x0, 0x3, 0x2000000, 0x0, 0xc0000000, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3, 0x0, 0x200, 0x0, 0x10000, 0x8, 0x9, 0x4, 0xe17, 0x0, 0x6]}, 0x1fe, 0x1)
r5 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0)
ioctl$auto__ctl_fops_dm_ioctl(r5, 0xfffffffffffffd03, &(0x7f00000001c0))
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x7ffb42, 0x0)

1m28.056163022s ago: executing program 7 (id=4686):
mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0)
write$auto(r0, 0x0, 0x7ef)
sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x50)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
mmap$auto(0xc, 0x20009, 0x5, 0x14, 0xffffffffffffffff, 0x0)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x1c, 0x0, 0x300, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_LOG_LEVEL={0x8, 0x36, 0x10001}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4c894}, 0x4c800)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8, 0x0)
r3 = socket(0x10, 0x2, 0x4)
close_range$auto(0x2, 0x8, 0x0)
r4 = socket(0x10, 0x2, 0xc)
sendmsg$auto_TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000003740)={&(0x7f0000000000)=ANY=[@ANYBLOB="b1000000", @ANYRES16, @ANYBLOB="01002dbd7000fddbdf25030000000c0001"], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x40080)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES8=0x0, @ANYBLOB="18000000", @ANYRES8=r2], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x40000f0)
write$auto(r3, &(0x7f0000000000)='-\x00', 0x2d)

1m26.839556305s ago: executing program 7 (id=4689):
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptya5\x00', 0x62c00, 0x0)
mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000)
madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$auto(0x3, 0x541b, 0x38)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0xffffffffffffffff, 0x8000)
preadv2$auto(r0, 0x0, 0x6, 0xffffffffffffffff, 0x4, 0x2e)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0)
socket(0x1e, 0x6, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccW\x1c\x94t\x98\xc6\xd7\x9dh\xdf\x91\xd9\x1ew\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5,\xcc\xfa`\xfa\x90\xf0C\xdc\xbebBW\x8a\x95\xf4\x14\xc7\x90V\xe7a\xfb*\xcc6\xba\x9ef\x19R\xff\xd2\xd8\x98\xa8\x17\xcb\x84\xe8\xfb\x00`\xc2\xce~U\xca\\\xc1\xb7\xf1\n\xb9\xbfk\x1e\xdb\xed\x81{\x1f\x18j\x16\rk\x0eO\xe3\xa78&Z\x9e\xbf\x84\xd6\x1f\xe8\x88\x1f\xbc\x1eT\xa6{9hb\xbc\x1a\\\xb3\x846&\x1a\xbb\x9c:e\x9c\x18\x11\xf0\x8eQ\xd8\x8a3^?\x13\x00\xcbx\xb2\x18e\x95$\x9d\x804', 0x100000a3d9)
setsockopt$auto(0xffffffffffffffff, 0x9, 0x69ce, &(0x7f0000000040)='(%}[\x00', 0x3)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000)
r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/security/tomoyo/profile\x00', 0x48802, 0x0)
read$auto(r2, 0x0, 0xb4d1)
write$auto(0x3, 0x0, 0x70)
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2)
mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000)
adjtimex$auto(0x0)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
munmap$auto(0x20001000, 0x7fb3)

1m22.533853923s ago: executing program 7 (id=4699):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/irq/9/smp_affinity_list\x00', 0x20000, 0x0)
read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000200)=""/296, 0x128)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0)
ioctl$auto_KVM_CHECK_EXTENSION(r1, 0xae03, 0xb9)
r2 = socket(0x200000000000011, 0x2, 0x0)
setsockopt$auto(r2, 0x107, 0x17, 0x0, 0x4)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/irq/9/smp_affinity_list\x00', 0x20000, 0x0) (async)
read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000200)=""/296, 0x128) (async)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0) (async)
ioctl$auto_KVM_CHECK_EXTENSION(r1, 0xae03, 0xb9) (async)
socket(0x200000000000011, 0x2, 0x0) (async)
setsockopt$auto(r2, 0x107, 0x17, 0x0, 0x4) (async)

1m21.518727459s ago: executing program 7 (id=4702):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup/cgroup.type\x00', 0x103042, 0x0)
move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
syz_clone3(&(0x7f0000000300)={0x28020000, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0}, 0x58)
madvise$auto(0xf5, 0x200007, 0x8)

1m14.129820203s ago: executing program 7 (id=4720):
mmap$auto(0x0, 0x20006, 0xdf, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0)
ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0)
ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6)
ioctl$auto_IOCTL_VMCI_DATAGRAM_RECEIVE(r0, 0x7ac, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
mprotect$auto(0x1ffff000, 0x8000000000000004, 0xd)
r3 = socket(0xa, 0x2, 0x3a)
setsockopt$auto(r3, 0x29, 0x4c, 0x0, 0x4)
r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000000), r2)
sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000000c0)={0x1c, r4, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x4a}]}, 0x1c}}, 0x4000)
close_range$auto(0x2, 0x8000, 0x0)
openat$auto_userfaultfd_dev_fops_userfaultfd(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)

58.849022226s ago: executing program 37 (id=4720):
mmap$auto(0x0, 0x20006, 0xdf, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0)
ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0)
ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6)
ioctl$auto_IOCTL_VMCI_DATAGRAM_RECEIVE(r0, 0x7ac, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
mprotect$auto(0x1ffff000, 0x8000000000000004, 0xd)
r3 = socket(0xa, 0x2, 0x3a)
setsockopt$auto(r3, 0x29, 0x4c, 0x0, 0x4)
r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000000), r2)
sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000000c0)={0x1c, r4, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x4a}]}, 0x1c}}, 0x4000)
close_range$auto(0x2, 0x8000, 0x0)
openat$auto_userfaultfd_dev_fops_userfaultfd(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)

9.771680954s ago: executing program 5 (id=4920):
close_range$auto(0x2, 0x8, 0x0)
tgkill$auto(0x1, 0x1, 0x5)
r0 = socket(0xa, 0x1, 0x0)
socket(0x2, 0xa, 0x4)
accept$auto(0x3, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000001c00), r1)
sendmsg$auto_IOAM6_CMD_ADD_NAMESPACE(r1, &(0x7f0000001d00)={0x0, 0x0, &(0x7f0000001cc0)={&(0x7f0000000000)={0x28, r2, 0xa2d601c1e7b11e31, 0x70bd27, 0x25dfdbfd, {}, [@IOAM6_ATTR_NS_ID={0x6, 0x1, 0x300}, @IOAM6_ATTR_NS_DATA_WIDE={0xc, 0x3, 0x72c}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$auto_IOAM6_CMD_ADD_SCHEMA(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x24, r2, 0x200, 0x70bd2c, 0x25dfdbff, {}, [@IOAM6_ATTR_SC_ID={0x8, 0x4, 0x6}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0xfffffff6}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x41d77364fdef96e5)
openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000100), 0x48000, 0x0)

9.405903987s ago: executing program 5 (id=4922):
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x8810}, 0x40)
ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0)
ioctl$auto_PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000080)={0x9, &(0x7f0000000000)={0xc, 0xf1, 0xb0, @raw=0x43}})
io_uring_setup$auto(0x2, 0x0)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYRES16=0x0, @ANYBLOB="040026bd7000fcdbdf25", @ANYRES32, @ANYBLOB="1400bd00fc00000000"], 0x119c}, 0x1, 0x0, 0x0, 0x90}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000)
recvmmsg$auto(r0, &(0x7f0000000000)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0)

8.350542762s ago: executing program 5 (id=4925):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4c894}, 0x20008800)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
r0 = pipe2$auto(0x0, 0x80)
r1 = clone3$auto(&(0x7f0000000380)={0x1000, 0x1ff, 0x7, 0x5, 0x5de2, 0xf0, 0x32, 0x10, 0x7, 0x10, 0x9}, 0x2)
r2 = getpgid(0x0)
r3 = getpid()
r4 = gettid()
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, 0x0, 0x101, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
setsockopt$auto(0x3, 0x114, 0x7, 0x0, 0x4)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
rt_tgsigqueueinfo$auto(r3, r4, 0x21, &(0x7f0000000400)={@siginfo_0_0={0x3, 0x1c51, 0x5, @_sigsys={0x0, 0x2, 0xffffffff}}})
r5 = gettid()
prctl$auto(0x1000000003b, 0x1, r5, 0x5, 0x7)
r6 = getpid()
process_vm_readv$auto(r6, 0x0, 0x800000001, &(0x7f0000000280)={0x0, 0x1ffffffff}, 0x6, 0x0)
r7 = wait4$auto(0xffffffffffffffff, &(0x7f0000000400)=0x4, 0x8, &(0x7f0000000440)={{0x401, 0x7fff}, {0x6, 0x93f9}, 0x6, 0x5, 0x4, 0x9, 0x9, 0x6, 0xc, 0x2, 0x10000, 0x8, 0x3eee, 0x5e, 0x7, 0x7f})
syz_clone3(&(0x7f0000000540)={0x80, &(0x7f0000000040), &(0x7f0000000100), &(0x7f0000000180), {0x3}, &(0x7f0000000200)=""/210, 0xd2, &(0x7f0000000300)=""/128, &(0x7f0000000500)=[r1, r2, r4, 0xffffffffffffffff, r5, r6, r7], 0x7, {r0}}, 0x58)
socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket(0x28, 0x5, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0xffffffff, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
bind$auto(r8, &(0x7f0000000080)=@in={0x28, 0x0, @rand_addr=0xffffffff}, 0x68)
listen$auto(0x3, 0x81)
ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, &(0x7f00000001c0)={0x3}, 0x8)
prctl$auto(0x1000000003b, 0x7fffffffffffffff, 0x4, 0x5, 0x10004)

7.436056785s ago: executing program 9 (id=4928):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r0, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)

7.291887242s ago: executing program 9 (id=4929):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0)
write$auto(r0, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
write$auto(r0, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r0, 0x8000)
syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/ip_vs_conn_sync\x00', 0x70f00, 0x0)
close_range$auto(0x2, 0xa, 0x0)
socket(0x18, 0xa, 0x1)
socket(0xa, 0x2, 0x0)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r5=>0x0})
sendmsg$auto_NL80211_CMD_GET_INTERFACE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010027bddf00000000000000000000000000762193fe54c621095ee4097d6deca64c95a11998f66fdd33a0c3c41d4f9b818f440ebf06c7e04dd209953239627e0a54d27efd297feac5ef99add5f11330bdf7d41e79764a389a4cfa2ff929d52d9650e6806a7b5a9017b3b71dfad6b129e1c5a4286cf4a1ff24a4b502e633db3c6b54", @ANYRES32=r5, @ANYRESHEX=r1], 0x1c}, 0x1, 0x0, 0x0, 0x4000801}, 0x4000084)
setsockopt$auto(0x400000000000003, 0x29, 0x37, 0xffffffffffffffff, 0x0)
socket(0xa, 0x2, 0x0)
r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
ioctl$auto_KVM_GET_MSRS(r6, 0xc008ae88, &(0x7f0000000040)={0xfffffffe, 0x0, [{0x48d, 0x400, 0xfffffffffffffc00}]})
openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000180), 0x80080, 0x0)
r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r7, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)

6.526808391s ago: executing program 9 (id=4930):
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x2020008, 0x7, 0xb9, 0xfffffffffffffffa, 0x9)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
fcntl$auto(0x3, 0x4, 0xa553)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
setgroups$auto(0xe32, 0x0)
madvise$auto(0x0, 0x200007, 0x19)
mmap$auto(0x8, 0x400008, 0x2, 0x111, 0x2, 0x8004)
poll$auto(0x0, 0x5, 0x108)
close_range$auto(0x2, 0x8, 0x0)
syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x2, 0x0)
socket(0x2, 0x2, 0x88)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)

5.454948845s ago: executing program 8 (id=4934):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x2, 0x1, 0x106)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55)
mmap$auto(0x0, 0x400009, 0x2, 0x9a72, 0x8000000000000003, 0x8000)
setsockopt$auto(r0, 0x6, 0xc, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
ustat$auto(0x801, 0x0)
close_range$auto(0x2, 0x8000, 0x0)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xfffffeff, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x2, 0x83, 0x101, 0x17f, 0x2}, {0xff, 0x1, 0x52, 0x5, 0x1, 0x40, 0x4, 0x8, 0x100000004}})
io_uring_register$auto(0x2, 0xd, 0x0, 0x20)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
r1 = socket(0x4, 0x2, 0x0)
sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000040)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)

4.670227644s ago: executing program 8 (id=4935):
syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f00000000c0), 0xffffffffffffffff)
mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000)
r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/v4l-subdev6\x00', 0x169000, 0x0)
ioctl$auto(r0, 0xc0845658, r0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
select$auto(0x9, &(0x7f0000000100)={[0xffffffff00000001, 0x8, 0x4, 0x8, 0x3, 0x0, 0xb479, 0x7ff, 0xfffffffffffffff2, 0x3ff, 0x6ef6, 0x9, 0x3, 0xc6de, 0x8, 0x8]}, &(0x7f0000000240)={[0xfb0, 0x2, 0x7fffffffffffffff, 0xaa0, 0xffffffffffffffff, 0x1, 0xf7, 0x8fb3, 0x8000, 0x7, 0x3, 0x4, 0x6, 0x101, 0x9, 0x400]}, &(0x7f00000002c0)={[0x7, 0x8ee, 0xff, 0x10001, 0x1, 0x9, 0x6, 0x7, 0x1, 0x7, 0x7, 0x3, 0x8, 0x16c, 0x1, 0x8]}, &(0x7f0000000000)={0x3, 0x1})
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
setsockopt$auto(0xffffffffffffffff, 0x104000000000010e, 0xb, 0x0, 0x400)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff)

4.404312211s ago: executing program 9 (id=4936):
unshare$auto(0x40000080)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, 0x0, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000)
recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
socket(0x1d, 0x2, 0x6)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0)
syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$auto_NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x80)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'})
r3 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb1\x00', 0x420401, 0x0)
ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000080)=0x400)
ioctl$auto_FBIOPUT_VSCREENINFO(r3, 0x4601, &(0x7f0000000080))
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x40000)
write$auto(0x3, 0x0, 0xfffffdef)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
syz_genetlink_get_family_id$auto_tipcv2(&(0x7f00000000c0), 0xffffffffffffffff)
mmap$auto(0x0, 0x20009, 0xda, 0xeb1, 0x405, 0x0)
r4 = openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000040), 0x481, 0x0)
pwrite64$auto(r4, 0x0, 0x400000, 0xc)
ioctl$auto_BLKTRACESETUP32(r2, 0xc0401273, &(0x7f0000000180)={"c16f6303d5736a1b0feb8f6a0554277f3190781cfe525c42f1ebed0dc940e2fd", 0x3, 0xff, 0x3798, 0xd, 0x810})
fcntl$getown(r0, 0x9)
msgctl$auto_MSG_STAT_ANY(0x5, 0xd, &(0x7f0000000380)={{0x4468ebf0, 0xee01, 0x0, 0x7, 0x6, 0x7, 0x102}, &(0x7f0000000100)=0x5, &(0x7f0000000340)=0xa, 0xfffffffffffffff8, 0x0, 0x3, 0x81, 0x3, 0x4, 0xf25, 0x5, @inferred, @raw=0x5})
r5 = gettid()
process_vm_readv$auto(r5, &(0x7f0000000040)={0x0, 0x2}, 0x4, &(0x7f00000000c0)={0x0, 0x100000000000002}, 0x3, 0x0)

4.352329257s ago: executing program 6 (id=4937):
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video53\x00', 0x1c1400, 0x0)
ioctl$auto(0x3, 0x4020565a, 0x38)
openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binderfs/binder0\x00', 0x800, 0x0)
socket(0xa, 0x1, 0x100)
socket(0x1e, 0x1, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x101, 0x0)
socket(0x21, 0x3, 0x9)
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=<r1=>0x0, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0)
sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18", @ANYRESDEC=r1, @ANYRES32=r1, @ANYRESOCT, @ANYBLOB="eba499f0b6d5133876e009c9fac21f9c38032675478c68a2407b5b45a75e35c2a3cfedfa4521c2d8d190730e1e57fe7c9505e942610827b51686a8f03d1ddb408288a7ea7e69555c0ac550b8c8004faeb63b610f7ff9260c34194a826bf58ba8e4b32d89165b24d5cb8d771851bddbb0d6333462c68f5bab07c33d483fefd88d2d1dbe4535610e", @ANYRES8=r1], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x100007}, 0x3, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3739aae3, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xd, 0x1, 0x948b, 0x1, 0x15f4da0a, 0x1, 0xffffffffd09d8d67, 0x62, 0x80000023, 0x7, 0x6d3e, 0x9, 0x2, 0x2]}, 0x0)
mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0xc0c00, 0x0)
r2 = openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, 0x0, 0xbc102, 0x0)
mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, r2, 0x8001)
io_uring_setup$auto(0x6, 0x0)
ioctl$auto_RTC_RD_TIME(0xffffffffffffffff, 0x80247009, 0x0)
read$auto(0xffffffffffffffff, 0x0, 0x20)
listmount$auto(&(0x7f0000000240)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x2}, 0x0, 0xf4240, 0x1)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x8000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0x8, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)

4.242007032s ago: executing program 8 (id=4938):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r0, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)

4.122545227s ago: executing program 5 (id=4939):
close_range$auto(0x2, 0x8, 0x0)
socket(0x15, 0x5, 0x0)
r0 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/input/mice\x00', 0x22002, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r1 = ioctl$auto_TUNGETIFF2(0xffffffffffffffff, 0x800454d2, &(0x7f0000000000)=0x5)
readv$auto(r1, &(0x7f0000000a80)={0x0, 0xfffc}, 0x7ff)
write$auto_mousedev_fops_mousedev(r0, &(0x7f00000000c0)="13", 0x1)

4.071078111s ago: executing program 8 (id=4940):
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x5, 0x14, 0x944, 0x1ffe0, 0x3, 0x6, 0x7, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0x2, 0x5, 0x3, 0x40, 0x7, 0x20, 0x309, 0x6, 0x0, 0x0, 0x200000, 0x0, 0x0, 0xffffffff, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10]}, 0x1fe, 0x81)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
r0 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000040)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000)
socket(0xa, 0x1, 0x84)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000)
r1 = io_uring_setup$auto(0x1, 0x0)
io_uring_register$auto_IORING_REGISTER_FILE_ALLOC_RANGE(r1, 0x19, 0x0, 0x2)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
close_range$auto(0x0, 0xfffffffffffff001, 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001d40), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r4=>0x0})
sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r2, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB, @ANYRES32=r4, @ANYBLOB="601ad438fd9464853f9d6f2753ee4580e71eb3"], 0x1c}, 0x1, 0x0, 0x0, 0xc031}, 0x44)
memfd_secret$auto(0x8)
socket$nl_generic(0x10, 0x3, 0x10)
memfd_secret$auto(0x0)
mmap$auto(0x0, 0x810004, 0xf78, 0x8000000008011, 0x3, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
madvise$auto(0x0, 0x20499d, 0x9)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x15, 0x5, 0x0)
openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0)

3.304638298s ago: executing program 6 (id=4941):
socket(0x11, 0x80003, 0x300)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0)
socket(0x28, 0x2, 0x3a)
setsockopt$auto(0x400000000000003, 0x29, 0xca, 0x0, 0x4)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/orangefs/perf_history_size\x00', 0x1182, 0x0)
mmap$auto(0x0, 0x4, 0xc00000072, 0x8b72, 0x1000000002, 0x8000)
io_uring_setup$auto(0x86, 0x0)
socket(0x5, 0x5, 0xffffffc0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x0, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0xb, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x120e2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$auto_CTRL_CMD_GETPOLICY(r1, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010325bd7040ffdbdf250a0000000c0002006e6c383032313100"], 0x28}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040810)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000540), 0xffffffffffffffff)
mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r3 = open(0x0, 0xd02, 0xc3)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000)
mbind$auto(0x0, 0x800605, 0x8003, &(0x7f0000000100)=0xffff, 0x3, 0x3)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
socket(0x2, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_START_AP(r3, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48010}, 0x20000800)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket(0xa, 0x5, 0x0)

3.277453628s ago: executing program 5 (id=4942):
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x8810}, 0x40)
ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0)
ioctl$auto_PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000080)={0x9, &(0x7f0000000000)={0xc, 0xf1, 0xb0, @raw=0x43}})
io_uring_setup$auto(0x2, 0x0)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYRES16=0x0, @ANYBLOB="040026bd7000fcdbdf25", @ANYBLOB], 0x119c}, 0x1, 0x0, 0x0, 0x90}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000)
recvmmsg$auto(r0, &(0x7f0000000000)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0)

3.120913926s ago: executing program 8 (id=4943):
mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0)
write$auto(r1, 0x0, 0x7ef)
sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x50)
mbind$auto(0x0, 0xfa9d, 0x8001, &(0x7f0000000300)=0xc9e, 0x400, 0x1)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0x4000007, 0x0, 0x0, 0x0, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
ioctl$auto(r0, 0x400454cb, 0x5)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = open(&(0x7f00000000c0)='./cgroup\x00', 0x0, 0xb5d1af1605322df2)
syz_clone3(&(0x7f00000003c0)={0x383201180, 0x0, 0x0, 0x0, {0x1a}, 0x0, 0x0, 0x0, 0x0, 0x0, {r3}}, 0x58)
signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0)
openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0xc7f16bff2a10ba01, 0x0)
socket(0x27, 0x80002, 0x8)
socket(0x2, 0x1, 0x84)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000400)='/dev/bus/usb/019/001\x00', 0x80, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D3\x00', 0x1, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/cpu/cpu1/topology/thread_siblings\x00', 0x400, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x5, 0x406, 0xfffe, 0x10001, 0x2, 0x6d3e, 0x3, 0x2, 0x4]}, 0x0)
ioctl$auto_TIOCSETD2(r4, 0x5423, 0x0)
ioctl$auto_TIOCVHANGUP2(r4, 0x5437, 0x0)
r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/vm/overcommit_kbytes\x00', 0x202, 0x0)
sendfile$auto(r5, r5, 0x0, 0x7fffe000)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)

2.703670382s ago: executing program 9 (id=4944):
mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0)
write$auto(r1, 0x0, 0x7ef)
sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x50)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
mmap$auto(0xc, 0x20009, 0x5, 0x14, 0xffffffffffffffff, 0x0)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYRESHEX=r1, @ANYRES64=r2, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x4c894}, 0x4c800)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram0\x00', 0x14f602, 0x0)
r4 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
write$auto_console_fops_tty_io(r4, &(0x7f0000000440)="671d2647dd69b6440843b6e6688a2b5ad9df2669e6f9cd236532b20ed763ac8caf4bde4c30b530ac6ebbff950e1a647d6a08a1b55dde5a409b5b", 0x3a)
mmap$auto(0x0, 0x810004, 0xfff, 0x8000000008012, 0x3, 0x8000)
write$auto(0x3, 0x0, 0xfffffdef)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0xdb3, 0xdf, 0xeb1, 0x401, 0x8000)
r5 = io_uring_setup$auto(0x3ff, 0x0)
mmap$auto(0x0, 0x8004008, 0x2000000329, 0x2000000010011, r5, 0x8000)
syz_clone(0x68015811, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone3(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, {0x1d}, 0x0, 0x0, 0x0, 0x0}, 0x58)
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0x4)
close_range$auto(0x2, 0x8, 0x0)
r6 = socket(0x10, 0x2, 0xc)
sendmsg$auto_TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000003740)={&(0x7f0000000480)=ANY=[@ANYBLOB="ceed011828c6020640cf12c1ff301717c5194f08c237eaf87f35b4296f9caed233f3021c034f9251b6d5a63abb5f9d0e49c4f923b1fe25d2937143b853e6f0e10d4dd681e2d48a6bde6a2f57814e8b656fd7544c6ebf4374cdb0e26d3a611e3020b6cf", @ANYRES16, @ANYRESDEC=r0], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x0)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=ANY=[@ANYRES32=r3, @ANYRES32, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x40000f0)

2.358776059s ago: executing program 5 (id=4945):
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x2020008, 0x7, 0xb9, 0xfffffffffffffffa, 0x9)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
fcntl$auto(0x3, 0x4, 0xa553)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
setgroups$auto(0xe32, 0x0)
madvise$auto(0x0, 0x200007, 0x19)
mmap$auto(0x8, 0x400008, 0x2, 0x111, 0x2, 0x8004)
poll$auto(0x0, 0x5, 0x108)
close_range$auto(0x2, 0x8, 0x0)
syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x2, 0x0)
socket(0x2, 0x2, 0x88)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)

1.682650302s ago: executing program 6 (id=4946):
syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f00000000c0), 0xffffffffffffffff)
mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000)
r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/v4l-subdev6\x00', 0x169000, 0x0)
ioctl$auto(r0, 0xc0845658, r0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
select$auto(0x9, &(0x7f0000000100)={[0xffffffff00000001, 0x8, 0x4, 0x8, 0x3, 0x0, 0xb479, 0x7ff, 0xfffffffffffffff2, 0x3ff, 0x6ef6, 0x9, 0x3, 0xc6de, 0x8, 0x8]}, &(0x7f0000000240)={[0xfb0, 0x2, 0x7fffffffffffffff, 0xaa0, 0xffffffffffffffff, 0x1, 0xf7, 0x8fb3, 0x8000, 0x7, 0x3, 0x4, 0x6, 0x101, 0x9, 0x400]}, &(0x7f00000002c0)={[0x7, 0x8ee, 0xff, 0x10001, 0x1, 0x9, 0x6, 0x7, 0x1, 0x7, 0x7, 0x3, 0x8, 0x16c, 0x1, 0x8]}, &(0x7f0000000000)={0x3, 0x1})
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
setsockopt$auto(0xffffffffffffffff, 0x104000000000010e, 0xb, 0x0, 0x400)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff)

1.389335149s ago: executing program 9 (id=4947):
unshare$auto(0x40000080)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a)
sendmmsg$auto(r0, 0x0, 0x7, 0x20020000)
recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
socket(0x1d, 0x2, 0x6)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0)
syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$auto_NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x80)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'})
r3 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb1\x00', 0x420401, 0x0)
ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000080)=0x400)
ioctl$auto_FBIOPUT_VSCREENINFO(r3, 0x4601, &(0x7f0000000080))
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x40000)
write$auto(0x3, 0x0, 0xfffffdef)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
syz_genetlink_get_family_id$auto_tipcv2(&(0x7f00000000c0), 0xffffffffffffffff)
mmap$auto(0x0, 0x20009, 0xda, 0xeb1, 0x405, 0x0)
r4 = openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000040), 0x481, 0x0)
pwrite64$auto(r4, 0x0, 0x400000, 0xc)
ioctl$auto_BLKTRACESETUP32(r2, 0xc0401273, &(0x7f0000000180)={"c16f6303d5736a1b0feb8f6a0554277f3190781cfe525c42f1ebed0dc940e2fd", 0x3, 0xff, 0x3798, 0xd, 0x810})
fcntl$getown(r0, 0x9)
msgctl$auto_MSG_STAT_ANY(0x5, 0xd, &(0x7f0000000380)={{0x4468ebf0, 0xee01, 0x0, 0x7, 0x6, 0x7, 0x102}, &(0x7f0000000100)=0x5, &(0x7f0000000340)=0xa, 0xfffffffffffffff8, 0x0, 0x3, 0x81, 0x3, 0x4, 0xf25, 0x5, @inferred, @raw=0x5})
r5 = gettid()
process_vm_readv$auto(r5, &(0x7f0000000040)={0x0, 0x2}, 0x4, &(0x7f00000000c0)={0x0, 0x100000000000002}, 0x3, 0x0)

1.304501219s ago: executing program 6 (id=4948):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r0, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)

1.053144242s ago: executing program 6 (id=4949):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
socket(0x11, 0x4, 0x1)
bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0x8, 0x1, 0x2, 0x4, 0x15f4da0e, 0x3, 0xd08, 0xc, 0x8, 0x4, 0x6d3f, 0x9, 0x2, 0x4000000000000d]}, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
socket(0x2c, 0x1, 0x3)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
ioctl$auto(0x3, 0x80045438, 0x10000000000402)
memfd_create$auto(0x0, 0xfeff)

190.833956ms ago: executing program 8 (id=4950):
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video53\x00', 0x1c1400, 0x0)
ioctl$auto(0x3, 0x4020565a, 0x38)
openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binderfs/binder0\x00', 0x800, 0x0)
socket(0xa, 0x1, 0x100)
socket(0x1e, 0x1, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x101, 0x0)
socket(0x21, 0x3, 0x9)
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=<r1=>0x0, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0)
sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18", @ANYRESDEC=r1, @ANYRES32=r1, @ANYRESOCT, @ANYBLOB="eba499f0b6d5133876e009c9fac21f9c38032675478c68a2407b5b45a75e35c2a3cfedfa4521c2d8d190730e1e57fe7c9505e942610827b51686a8f03d1ddb408288a7ea7e69555c0ac550b8c8004faeb63b610f7ff9260c34194a826bf58ba8e4b32d89165b24d5cb8d771851bddbb0d6333462c68f5bab07c33d483fefd88d2d1dbe4535610e", @ANYRES8=r1], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x100007}, 0x3, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3739aae3, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xd, 0x1, 0x948b, 0x1, 0x15f4da0a, 0x1, 0xffffffffd09d8d67, 0x62, 0x80000023, 0x7, 0x6d3e, 0x9, 0x2, 0x2]}, 0x0)
mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0xc0c00, 0x0)
r2 = openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, 0x0, 0xbc102, 0x0)
mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, r2, 0x8001)
io_uring_setup$auto(0x6, 0x0)
ioctl$auto_RTC_RD_TIME(0xffffffffffffffff, 0x80247009, 0x0)
read$auto(0xffffffffffffffff, 0x0, 0x20)
listmount$auto(&(0x7f0000000240)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x2}, 0x0, 0xf4240, 0x1)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x8000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0x8, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)

0s ago: executing program 6 (id=4951):
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x5, 0x14, 0x944, 0x1ffe0, 0x3, 0x6, 0x7, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0x2, 0x5, 0x3, 0x40, 0x7, 0x20, 0x309, 0x6, 0x0, 0x0, 0x200000, 0x0, 0x0, 0xffffffff, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10]}, 0x1fe, 0x81)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
r0 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000040)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000)
socket(0xa, 0x1, 0x84)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000)
r1 = io_uring_setup$auto(0x1, 0x0)
io_uring_register$auto_IORING_REGISTER_FILE_ALLOC_RANGE(r1, 0x19, 0x0, 0x2)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
close_range$auto(0x0, 0xfffffffffffff001, 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001d40), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r4=>0x0})
sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r2, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="c79f25bd7000ffdbdf", @ANYRES32=r4, @ANYBLOB="601ad438fd9464853f9d6f2753ee4580e71eb3"], 0x1c}, 0x1, 0x0, 0x0, 0xc031}, 0x44)
memfd_secret$auto(0x8)
socket$nl_generic(0x10, 0x3, 0x10)
memfd_secret$auto(0x0)
mmap$auto(0x0, 0x810004, 0xf78, 0x8000000008011, 0x3, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
madvise$auto(0x0, 0x20499d, 0x9)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x15, 0x5, 0x0)
openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0)

kernel console output (not intermixed with test programs):








	
	
	
	
	
	
	
	

	

	
				
	
		


	
	

	
		
			
		

	
		

	


		

		
	
		
	
	



			








	








		

	

		

	
	






	




	







		







	
	

	

	
				
	
		


	
	

	
		
	
	

	

	
				
	
		


	
			
		
	
	

	
	
	
			
	
		


	
		


	
				
	
		


	
		
		


	
		

	


	
	

		
	
		
	
	



			








	





	




		

		

			

	











	
	

	










	
	






	




	





		








	

	
			
		
	
	

	

	
				
	
		


	



			
		
	

	
		
	
	

	

	
				
	
		


	






	
	

	

	
				
	
		


	






			
		
	

	
		










		
	















	

	
		
			
		
	

	
		
			
		

	
		

	


	
	

		
	
		
	
	



			








	





	








		




		
		
		
		
		
		

		


		


















	










	




	




		







	

	




	
				
	
		
	
	
		






	

	
		
	

		

	

	

	


	
				
	
		
	
	
		

	
		

	


		

		
	
		
	
	



			








	


		








	


	


	








	




	





		







			


	
		

	


	
	

		
	
		
	
	



			








	




	





	

	

	

	





	


	




	






	




	




		








			
	

	
		
	

	
		
	

	
	

	
		

	
		

	


	
	

		
	
		
	
	



			








	

	
	



	



















	
		
	
			
	






	




	




		











	

	
		
		

	
	

	

	
				
	
		


	
	

	
		
	
	

	

	
				
	
		


	
			
		
	
	
			
	
		


	
		



	
	
	
	

	

	
				
	
		


	
			
		
		

	
	

	

	
	

	

[ 1362.418118][T25905] HSR: entered promiscuous mode
[ 1367.858507][T25994] HSR: entered promiscuous mode
[ 1370.980975][T26048] ptrace attach of "./syz-executor exec"[16640] was attempted by "./syz-executor exec"[26048]
[ 1371.068344][T26048] vhci_hcd: invalid port number 16
[ 1371.111285][T26048] vhci_hcd: invalid port number 16
[ 1372.055468][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1372.062028][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1372.523679][T26075] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4372'.
[ 1372.789824][T26066] kexec: Could not allocate control_code_buffer
[ 1373.184529][T26086] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1375.067341][T26124] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4384'.
[ 1376.261399][T26100] random: crng reseeded on system resumption
[ 1379.101289][ T5861] Bluetooth: hci4: unexpected event 0x03 length: 725 > 11
[ 1379.616431][T26193] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4401'.
[ 1380.827678][T26211] FAULT_INJECTION: forcing a failure.
[ 1380.827678][T26211] name failslab, interval 1, probability 0, space 0, times 0
[ 1380.886271][T26211] CPU: 0 UID: 0 PID: 26211 Comm: syz.0.4405 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[ 1380.886306][T26211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1380.886321][T26211] Call Trace:
[ 1380.886329][T26211]  <TASK>
[ 1380.886344][T26211]  dump_stack_lvl+0x16c/0x1f0
[ 1380.886384][T26211]  should_fail_ex+0x512/0x640
[ 1380.886418][T26211]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1380.886456][T26211]  should_failslab+0xc2/0x120
[ 1380.886480][T26211]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1380.886516][T26211]  ? __alloc_skb+0x2b2/0x380
[ 1380.886554][T26211]  __alloc_skb+0x2b2/0x380
[ 1380.886586][T26211]  ? __pfx___alloc_skb+0x10/0x10
[ 1380.886624][T26211]  ? __lock_acquire+0xb8a/0x1c90
[ 1380.886660][T26211]  netlink_alloc_large_skb+0x69/0x130
[ 1380.886687][T26211]  netlink_sendmsg+0x6a1/0xdd0
[ 1380.886716][T26211]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1380.886752][T26211]  ____sys_sendmsg+0xa98/0xc70
[ 1380.886778][T26211]  ? copy_msghdr_from_user+0x10a/0x160
[ 1380.886814][T26211]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1380.886853][T26211]  ___sys_sendmsg+0x134/0x1d0
[ 1380.886890][T26211]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1380.886922][T26211]  ? __lock_acquire+0x622/0x1c90
[ 1380.886988][T26211]  __sys_sendmsg+0x16d/0x220
[ 1380.887023][T26211]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1380.887077][T26211]  do_syscall_64+0xcd/0x490
[ 1380.887114][T26211]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1380.887139][T26211] RIP: 0033:0x7f9ae938e929
[ 1380.887158][T26211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1380.887182][T26211] RSP: 002b:00007f9ae71d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1380.887205][T26211] RAX: ffffffffffffffda RBX: 00007f9ae95b6080 RCX: 00007f9ae938e929
[ 1380.887222][T26211] RDX: 0000000000000000 RSI: 0000200000001f40 RDI: 0000000000000003
[ 1380.887237][T26211] RBP: 00007f9ae71d5090 R08: 0000000000000000 R09: 0000000000000000
[ 1380.887252][T26211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1380.887266][T26211] R13: 0000000000000000 R14: 00007f9ae95b6080 R15: 00007ffc93618dd8
[ 1380.887300][T26211]  </TASK>
[ 1381.544133][T26215] FAULT_INJECTION: forcing a failure.
[ 1381.544133][T26215] name failslab, interval 1, probability 0, space 0, times 0
[ 1381.631551][T26215] CPU: 0 UID: 0 PID: 26215 Comm: syz.0.4407 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[ 1381.631588][T26215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1381.631603][T26215] Call Trace:
[ 1381.631611][T26215]  <TASK>
[ 1381.631620][T26215]  dump_stack_lvl+0x16c/0x1f0
[ 1381.631662][T26215]  should_fail_ex+0x512/0x640
[ 1381.631696][T26215]  ? fs_reclaim_acquire+0xae/0x150
[ 1381.631727][T26215]  should_failslab+0xc2/0x120
[ 1381.631750][T26215]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1381.631786][T26215]  ? security_inode_alloc+0x3b/0x2b0
[ 1381.631816][T26215]  security_inode_alloc+0x3b/0x2b0
[ 1381.631842][T26215]  inode_init_always_gfp+0xce4/0x1030
[ 1381.631880][T26215]  alloc_inode+0x86/0x240
[ 1381.631905][T26215]  sock_alloc+0x40/0x280
[ 1381.631929][T26215]  __sock_create+0xc1/0x8d0
[ 1381.631955][T26215]  ? proc_create_reg+0xe3/0x180
[ 1381.631980][T26215]  inet_ctl_sock_create+0x94/0x230
[ 1381.632011][T26215]  ? __pfx_inet_ctl_sock_create+0x10/0x10
[ 1381.632041][T26215]  ? lockdep_init_map_type+0x5c/0x280
[ 1381.632076][T26215]  ? lockdep_init_map_type+0x5c/0x280
[ 1381.632110][T26215]  ? __pfx_igmp_net_init+0x10/0x10
[ 1381.632143][T26215]  igmp_net_init+0xd0/0x1a0
[ 1381.632176][T26215]  ops_init+0x1df/0x5f0
[ 1381.632215][T26215]  setup_net+0x1ff/0x510
[ 1381.632256][T26215]  ? lockdep_init_map_type+0x5c/0x280
[ 1381.632291][T26215]  ? __pfx_setup_net+0x10/0x10
[ 1381.632330][T26215]  ? debug_mutex_init+0x37/0x70
[ 1381.632358][T26215]  copy_net_ns+0x2a6/0x5f0
[ 1381.632385][T26215]  create_new_namespaces+0x3ea/0xa90
[ 1381.632419][T26215]  unshare_nsproxy_namespaces+0xc0/0x1f0
[ 1381.632450][T26215]  ksys_unshare+0x45b/0xa40
[ 1381.632483][T26215]  ? __pfx_ksys_unshare+0x10/0x10
[ 1381.632520][T26215]  ? xfd_validate_state+0x61/0x180
[ 1381.632561][T26215]  __x64_sys_unshare+0x31/0x40
[ 1381.632594][T26215]  do_syscall_64+0xcd/0x490
[ 1381.632632][T26215]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1381.632656][T26215] RIP: 0033:0x7f9ae938e929
[ 1381.632676][T26215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1381.632699][T26215] RSP: 002b:00007f9ae71f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[ 1381.632722][T26215] RAX: ffffffffffffffda RBX: 00007f9ae95b5fa0 RCX: 00007f9ae938e929
[ 1381.632738][T26215] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[ 1381.632752][T26215] RBP: 00007f9ae9410b39 R08: 0000000000000000 R09: 0000000000000000
[ 1381.632767][T26215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1381.632781][T26215] R13: 0000000000000000 R14: 00007f9ae95b5fa0 R15: 00007ffc93618dd8
[ 1381.632811][T26215]  </TASK>
[ 1381.632845][T26215] socket: no more sockets
[ 1382.628987][T26215] Failed to initialize the IGMP autojoin socket (err -23)
[ 1384.068101][T26237] kexec: Could not allocate control_code_buffer
[ 1384.422713][   T30] audit: type=1107 audit(6047013310.901:48): pid=26251 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=''
[ 1384.509234][   T30] audit: type=1107 audit(6047013310.941:49): pid=26251 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=''
[ 1385.674462][T26286] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4423'.
[ 1386.308553][T26302] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4425'.
[ 1387.926360][T26319] kexec: Could not allocate control_code_buffer
[ 1390.302590][T26377] Unable to find swap-space signature
[ 1390.362723][T26377] FAULT_INJECTION: forcing a failure.
[ 1390.362723][T26377] name failslab, interval 1, probability 0, space 0, times 0
[ 1390.440583][T26377] CPU: 0 UID: 0 PID: 26377 Comm: syz.0.4445 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[ 1390.440619][T26377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1390.440634][T26377] Call Trace:
[ 1390.440643][T26377]  <TASK>
[ 1390.440652][T26377]  dump_stack_lvl+0x16c/0x1f0
[ 1390.440695][T26377]  should_fail_ex+0x512/0x640
[ 1390.440731][T26377]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 1390.440771][T26377]  should_failslab+0xc2/0x120
[ 1390.440794][T26377]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1390.440831][T26377]  ? copy_pid_ns+0x2bf/0xce0
[ 1390.440859][T26377]  copy_pid_ns+0x2bf/0xce0
[ 1390.440886][T26377]  ? __pfx_copy_pid_ns+0x10/0x10
[ 1390.440913][T26377]  ? copy_mnt_ns+0xac/0xac0
[ 1390.440949][T26377]  ? trace_kmem_cache_alloc+0x28/0xc0
[ 1390.440985][T26377]  ? trace_cap_capable+0x18d/0x200
[ 1390.441014][T26377]  ? copy_ipcs+0xb6/0x610
[ 1390.441043][T26377]  create_new_namespaces+0x2aa/0xa90
[ 1390.441079][T26377]  unshare_nsproxy_namespaces+0xc0/0x1f0
[ 1390.441110][T26377]  ksys_unshare+0x45b/0xa40
[ 1390.441145][T26377]  ? __pfx_ksys_unshare+0x10/0x10
[ 1390.441179][T26377]  ? xfd_validate_state+0x61/0x180
[ 1390.441222][T26377]  __x64_sys_unshare+0x31/0x40
[ 1390.441255][T26377]  do_syscall_64+0xcd/0x490
[ 1390.441302][T26377]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1390.441339][T26377] RIP: 0033:0x7f9ae938e929
[ 1390.441360][T26377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1390.441387][T26377] RSP: 002b:00007f9ae71f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[ 1390.441412][T26377] RAX: ffffffffffffffda RBX: 00007f9ae95b5fa0 RCX: 00007f9ae938e929
[ 1390.441430][T26377] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080
[ 1390.441450][T26377] RBP: 00007f9ae9410b39 R08: 0000000000000000 R09: 0000000000000000
[ 1390.441466][T26377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1390.441482][T26377] R13: 0000000000000000 R14: 00007f9ae95b5fa0 R15: 00007ffc93618dd8
[ 1390.441513][T26377]  </TASK>
[ 1391.343204][T26382] kexec: Could not allocate control_code_buffer
[ 1391.490826][T26392] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1391.733142][T26395] can: request_module (can-proto-0) failed.
[ 1393.419244][T26445] netlink: 306 bytes leftover after parsing attributes in process `syz.0.4462'.
[ 1393.516781][T26451] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4462'.
[ 1393.855469][T26446] kexec: Could not allocate control_code_buffer
[ 1394.941309][T26481] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4470'.
[ 1395.187750][T26491] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4472'.
[ 1397.182219][T26523] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4479'.
[ 1397.537266][T26534] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4482'.
[ 1397.594839][T26515] ptrace attach of "./syz-executor exec"[16039] was attempted by "./syz-executor exec"[26515]
[ 1398.566752][T26552] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1399.375210][T26568] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1399.387909][T26568] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1399.396258][T26568] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1399.404493][T26568] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1399.424036][T26568] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1399.554588][T26564] ima: policy update failed
[ 1399.559828][   T30] audit: type=1802 audit(6047013326.041:50): pid=26564 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.4491" res=0 errno=0
[ 1400.668023][T26567] chnl_net:caif_netlink_parms(): no params data found
[ 1401.091355][T18686] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1401.256189][T26592] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4494'.
[ 1401.397159][T26573] kexec: Could not allocate control_code_buffer
[ 1401.465496][T18686] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1401.494191][T26568] Bluetooth: hci3: command tx timeout
[ 1401.717494][T18686] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1402.113201][T18686] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1402.199416][T26567] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1402.236207][T26567] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1402.280596][T26567] bridge_slave_0: entered allmulticast mode
[ 1402.325974][T26567] bridge_slave_0: entered promiscuous mode
[ 1402.385527][T26567] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1402.428947][T26567] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1402.468961][T26567] bridge_slave_1: entered allmulticast mode
[ 1402.522569][T26567] bridge_slave_1: entered promiscuous mode
[ 1402.775151][T26567] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1402.854571][T26567] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1403.094269][T26567] team0: Port device team_slave_0 added
[ 1403.276709][T26567] team0: Port device team_slave_1 added
[ 1403.554744][T26567] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1403.572280][ T5861] Bluetooth: hci3: command tx timeout
[ 1403.608759][T26567] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1403.745951][T26567] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1403.917413][T26567] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1403.958009][T26567] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1404.080332][T26567] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1404.762462][T26567] hsr_slave_0: entered promiscuous mode
[ 1404.800270][T26567] hsr_slave_1: entered promiscuous mode
[ 1404.999445][T18686] vlan1: left allmulticast mode
[ 1405.015365][T18686] veth0_vlan: left allmulticast mode
[ 1405.020753][T18686] vlan1: left promiscuous mode
[ 1405.083542][T18686] bridge0: port 3(vlan1) entered disabled state
[ 1405.177415][T18686] bridge_slave_1: left allmulticast mode
[ 1405.222472][T18686] bridge_slave_1: left promiscuous mode
[ 1405.259766][T18686] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1405.387389][T18686] bridge_slave_0: left allmulticast mode
[ 1405.434013][T18686] bridge_slave_0: left promiscuous mode
[ 1405.475036][T26646] kexec: Could not allocate control_code_buffer
[ 1405.484916][T18686] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1405.652516][ T5861] Bluetooth: hci3: command tx timeout
[ 1406.666843][T18686] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1406.699284][T18686] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1406.721537][T18686] bond0 (unregistering): Released all slaves
[ 1406.942438][T18686] HSR: left promiscuous mode
[ 1407.703943][T18686] hsr_slave_1: left promiscuous mode
[ 1407.731531][ T5861] Bluetooth: hci3: command tx timeout
[ 1407.826357][T18686] veth1_macvtap: left promiscuous mode
[ 1407.843834][T18686] veth0_macvtap: left promiscuous mode
[ 1407.874126][T18686] veth1_vlan: left promiscuous mode
[ 1407.895683][T18686] veth0_vlan: left promiscuous mode
[ 1409.282433][T18686] team0 (unregistering): Port device team_slave_1 removed
[ 1409.458624][T18686] team0 (unregistering): Port device team_slave_0 removed
[ 1410.587304][T26705] kexec: Could not allocate control_code_buffer
[ 1411.963650][T26721] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1412.184031][T26726] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4516'.
[ 1413.948782][T26567] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1414.035641][T26567] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1414.115552][T26567] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1414.427984][T26567] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1414.492094][T26745] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4518'.
[ 1414.876464][T26567] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1414.965772][T26567] 8021q: adding VLAN 0 to HW filter on device team0
[ 1415.023461][T18693] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1415.030690][T18693] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1415.134906][T18693] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1415.142155][T18693] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1415.318016][T26567] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1416.265949][T26567] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1416.839382][T26567] veth0_vlan: entered promiscuous mode
[ 1417.117456][T26567] veth1_vlan: entered promiscuous mode
[ 1417.325040][T26567] veth0_macvtap: entered promiscuous mode
[ 1417.386532][T26567] veth1_macvtap: entered promiscuous mode
[ 1417.533178][T26567] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1417.588369][T26567] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1417.647041][T26567] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1417.683158][T26567] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1417.712676][T26567] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1417.742475][T26567] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1418.012736][T26804] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4524'.
[ 1418.168708][T18693] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1418.199848][T18693] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1418.338756][T17966] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1418.393289][T17966] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1419.400057][T26841] netlink: 'syz.2.4531': attribute type 29 has an invalid length.
[ 1419.445206][T26841] netlink: 'syz.2.4531': attribute type 30 has an invalid length.
[ 1419.473200][T26841] netlink: 'syz.2.4531': attribute type 31 has an invalid length.
[ 1419.518841][T26841] netlink: 'syz.2.4531': attribute type 32 has an invalid length.
[ 1419.549588][T26841] netlink: 'syz.2.4531': attribute type 33 has an invalid length.
[ 1419.591849][T26841] netlink: 'syz.2.4531': attribute type 35 has an invalid length.
[ 1419.621218][T26841] netlink: 'syz.2.4531': attribute type 37 has an invalid length.
[ 1419.657867][T26841] netlink: 18 bytes leftover after parsing attributes in process `syz.2.4531'.
[ 1420.113543][T26853] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4533'.
[ 1421.769660][T26896] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4544'.
[ 1429.808818][T26568] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1429.823225][T26568] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1429.831985][T26568] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1429.840197][T26568] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1429.850602][T26568] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1430.059838][T26912] chnl_net:caif_netlink_parms(): no params data found
[ 1430.147485][T26912] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1430.157105][T26912] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1430.164934][T26912] bridge_slave_0: entered allmulticast mode
[ 1430.174915][T26912] bridge_slave_0: entered promiscuous mode
[ 1430.184975][T26912] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1430.193468][T26912] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1430.200688][T26912] bridge_slave_1: entered allmulticast mode
[ 1430.209912][T26912] bridge_slave_1: entered promiscuous mode
[ 1430.248410][T26912] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1430.263570][T26912] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1430.309107][T26912] team0: Port device team_slave_0 added
[ 1430.320445][T26912] team0: Port device team_slave_1 added
[ 1430.356592][T26912] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1430.364144][T26912] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1430.392967][T26912] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1430.405639][T26912] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1430.414021][T26912] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1430.444823][T26912] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1430.496342][T26912] hsr_slave_0: entered promiscuous mode
[ 1430.505135][T26912] hsr_slave_1: entered promiscuous mode
[ 1430.512269][T26912] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1430.519851][T26912] Cannot create hsr debugfs directory
[ 1430.706992][T26912] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1430.718262][T26912] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1430.732952][T26912] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1430.745036][T26912] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1430.792981][T26912] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1430.800153][T26912] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1430.807658][T26912] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1430.814822][T26912] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1430.889476][T26912] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1430.910390][T18686] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1430.919677][T18686] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1430.946642][T26912] 8021q: adding VLAN 0 to HW filter on device team0
[ 1430.964214][T18686] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1430.971405][T18686] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1430.998132][T18686] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1431.005358][T18686] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1431.250318][T26912] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1431.546034][T26912] veth0_vlan: entered promiscuous mode
[ 1431.557818][T26912] veth1_vlan: entered promiscuous mode
[ 1431.595789][T26912] veth0_macvtap: entered promiscuous mode
[ 1431.607978][T26912] veth1_macvtap: entered promiscuous mode
[ 1431.630327][T26912] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1431.649884][T26912] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1431.666486][T26912] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1431.676858][T26912] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1431.688321][T26912] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1431.698801][T26912] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1431.799245][ T7405] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1431.830845][ T7405] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1431.863343][T17966] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1431.875682][T17966] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1431.891927][T26568] Bluetooth: hci4: command tx timeout
[ 1433.495957][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1433.504722][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1433.963492][T26958] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4553'.
[ 1433.974110][T26568] Bluetooth: hci4: command tx timeout
[ 1434.007679][T26958] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1434.017778][T26958] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1434.040535][T26958] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1434.072980][T26958] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1434.415162][ T5861] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1434.424533][ T5861] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1434.433349][ T5861] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1434.442341][ T5861] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1434.450543][ T5861] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1434.858994][T26972] sysfs_service_op_show: Client not running :-5:
[ 1434.887177][T26963] chnl_net:caif_netlink_parms(): no params data found
[ 1435.060282][T26963] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1435.068932][T26963] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1435.077693][T26963] bridge_slave_0: entered allmulticast mode
[ 1435.087319][T26963] bridge_slave_0: entered promiscuous mode
[ 1435.098204][T26963] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1435.105712][T26963] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1435.114421][T26963] bridge_slave_1: entered allmulticast mode
[ 1435.127199][T26963] bridge_slave_1: entered promiscuous mode
[ 1435.170174][T26963] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1435.184189][T26963] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1435.235800][T26963] team0: Port device team_slave_0 added
[ 1435.246182][T26963] team0: Port device team_slave_1 added
[ 1435.284520][T26963] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1435.293454][T26963] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1435.322586][T26963] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1435.336403][T26963] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1435.348407][T26963] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1435.377141][T26963] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1435.438884][T26963] hsr_slave_0: entered promiscuous mode
[ 1435.445900][T26963] hsr_slave_1: entered promiscuous mode
[ 1435.457066][T26963] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1435.465366][T26963] Cannot create hsr debugfs directory
[ 1435.909712][T26963] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1435.933525][T26963] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1435.955996][T26963] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1435.985740][T26963] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1436.051734][ T5861] Bluetooth: hci4: command tx timeout
[ 1436.162261][T26963] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1436.186808][T26963] 8021q: adding VLAN 0 to HW filter on device team0
[ 1436.204966][T18693] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1436.212181][T18693] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1436.244535][T18693] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1436.251752][T18693] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1436.524313][T26963] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1436.532696][ T5861] Bluetooth: hci5: command tx timeout
[ 1437.373571][T26963] veth0_vlan: entered promiscuous mode
[ 1437.414344][T26963] veth1_vlan: entered promiscuous mode
[ 1437.556893][T26963] veth0_macvtap: entered promiscuous mode
[ 1437.580206][T26568] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1437.593749][T26568] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1437.602252][T26568] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1437.616505][T26568] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1437.625966][T26568] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1437.664472][T26963] veth1_macvtap: entered promiscuous mode
[ 1437.746759][T26963] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1437.802467][T26963] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1437.847955][T26963] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1437.868896][T26963] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1437.895376][T26963] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1437.914565][T26963] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1438.120108][T18693] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1438.132791][T26568] Bluetooth: hci4: command tx timeout
[ 1438.154667][T18693] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1438.456718][T22427] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1438.502010][T22427] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1438.611859][T26568] Bluetooth: hci5: command tx timeout
[ 1438.830337][T27008] chnl_net:caif_netlink_parms(): no params data found
[ 1439.144769][T27008] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1439.170808][T27008] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1439.199919][T27008] bridge_slave_0: entered allmulticast mode
[ 1439.254274][T27008] bridge_slave_0: entered promiscuous mode
[ 1439.277651][T27008] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1439.335214][T27008] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1439.382028][T27008] bridge_slave_1: entered allmulticast mode
[ 1439.416010][ T5861] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 1439.427980][ T5861] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 1439.436878][ T5861] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 1439.451926][ T5861] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 1439.459503][ T5861] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 1439.495143][T27008] bridge_slave_1: entered promiscuous mode
[ 1439.649491][T27008] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1439.659103][ T5861] Bluetooth: hci6: command tx timeout
[ 1439.710324][T27008] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1439.907722][T27008] team0: Port device team_slave_0 added
[ 1440.013306][T27008] team0: Port device team_slave_1 added
[ 1440.190959][T27008] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1440.200763][T27008] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1440.287050][T27008] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1440.354635][T27008] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1440.372149][T27008] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1440.426883][T27041] random: crng reseeded on system resumption
[ 1440.436709][T27008] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1440.620779][T27008] hsr_slave_0: entered promiscuous mode
[ 1440.637278][T27008] hsr_slave_1: entered promiscuous mode
[ 1440.653533][T27008] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1440.673096][T27008] Cannot create hsr debugfs directory
[ 1440.691538][ T5861] Bluetooth: hci5: command tx timeout
[ 1441.269884][T27028] chnl_net:caif_netlink_parms(): no params data found
[ 1441.442737][T27052] FAULT_INJECTION: forcing a failure.
[ 1441.442737][T27052] name failslab, interval 1, probability 0, space 0, times 0
[ 1441.492161][ T5861] Bluetooth: hci7: command tx timeout
[ 1441.524293][T27052] CPU: 0 UID: 0 PID: 27052 Comm: syz.4.4566 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[ 1441.524329][T27052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1441.524345][T27052] Call Trace:
[ 1441.524354][T27052]  <TASK>
[ 1441.524369][T27052]  dump_stack_lvl+0x16c/0x1f0
[ 1441.524411][T27052]  should_fail_ex+0x512/0x640
[ 1441.524447][T27052]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1441.524490][T27052]  should_failslab+0xc2/0x120
[ 1441.524514][T27052]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1441.524548][T27052]  ? __do_sys_memfd_create+0x17b/0x8a0
[ 1441.524582][T27052]  __do_sys_memfd_create+0x17b/0x8a0
[ 1441.524614][T27052]  do_syscall_64+0xcd/0x490
[ 1441.524653][T27052]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1441.524680][T27052] RIP: 0033:0x7f33d558e929
[ 1441.524700][T27052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1441.524726][T27052] RSP: 002b:00007f33d640f038 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[ 1441.524750][T27052] RAX: ffffffffffffffda RBX: 00007f33d57b6160 RCX: 00007f33d558e929
[ 1441.524766][T27052] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1441.524781][T27052] RBP: 00007f33d5610b39 R08: 0000000000000000 R09: 0000000000000000
[ 1441.524796][T27052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1441.524810][T27052] R13: 0000000000000000 R14: 00007f33d57b6160 R15: 00007ffc0caf3408
[ 1441.524840][T27052]  </TASK>
[ 1441.732920][ T5861] Bluetooth: hci6: command tx timeout
[ 1441.768382][T27008] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1441.784919][T27008] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1441.796681][T27008] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1441.809101][T27008] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1441.999616][T27028] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1442.020771][T27028] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1442.049336][T27028] bridge_slave_0: entered allmulticast mode
[ 1442.078342][T27028] bridge_slave_0: entered promiscuous mode
[ 1442.162539][T27028] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1442.169691][T27028] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1442.255310][T27028] bridge_slave_1: entered allmulticast mode
[ 1442.285911][T27028] bridge_slave_1: entered promiscuous mode
[ 1442.499071][T27028] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1442.568835][T27028] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1442.733314][T27028] team0: Port device team_slave_0 added
[ 1442.756291][T27028] team0: Port device team_slave_1 added
[ 1442.772047][ T5861] Bluetooth: hci5: command tx timeout
[ 1442.885340][T27028] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1442.903224][T27028] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1442.980779][T27028] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1443.021242][T27028] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1443.038134][T27028] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1443.108995][T27028] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1443.143367][T27008] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1443.299335][T27028] hsr_slave_0: entered promiscuous mode
[ 1443.318239][T27028] hsr_slave_1: entered promiscuous mode
[ 1443.334848][T27028] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1443.353366][T27028] Cannot create hsr debugfs directory
[ 1443.438215][T27008] 8021q: adding VLAN 0 to HW filter on device team0
[ 1443.535224][T27065] kexec: Could not allocate control_code_buffer
[ 1443.573372][ T5861] Bluetooth: hci7: command tx timeout
[ 1443.584409][T18693] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1443.591663][T18693] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1443.633548][T18693] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1443.640737][T18693] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1443.811961][ T5861] Bluetooth: hci6: command tx timeout
[ 1444.016129][T27008] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1445.166002][T27008] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1445.206378][T27028] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1445.267031][T27028] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1445.583457][T27028] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1445.623236][T27028] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1445.658007][ T5861] Bluetooth: hci7: command tx timeout
[ 1445.893457][ T5861] Bluetooth: hci6: command tx timeout
[ 1446.246039][T27113] CIFS mount error: No usable UNC path provided in device string!
[ 1446.246039][T27113] 
[ 1446.311606][T27113] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1446.484666][T27028] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1446.618880][T27028] 8021q: adding VLAN 0 to HW filter on device team0
[ 1446.711491][T17971] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1446.718647][T17971] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1446.913154][T17971] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1446.920348][T17971] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1447.119000][T27008] veth0_vlan: entered promiscuous mode
[ 1447.346803][T27008] veth1_vlan: entered promiscuous mode
[ 1447.588672][T27136] can0: slcan on ttyS2.
[ 1447.595669][T27008] veth0_macvtap: entered promiscuous mode
[ 1447.672863][T27008] veth1_macvtap: entered promiscuous mode
[ 1447.731710][ T5861] Bluetooth: hci7: command tx timeout
[ 1447.827948][T27008] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1447.960586][T27008] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1447.993742][T27130] can0 (unregistered): slcan off ttyS2.
[ 1448.052141][T27008] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1448.060896][T27008] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1448.168958][T27008] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1448.253448][T27008] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1448.433789][T27149] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4581'.
[ 1448.697978][T27149] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1448.758121][T27149] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1448.828190][T27149] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1448.899478][T27149] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1449.463561][T27028] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1449.474954][T18686] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1449.586333][T18686] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1449.865465][T17966] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1449.971650][T17966] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1451.402488][T27202] netlink: 'syz.5.4588': attribute type 21 has an invalid length.
[ 1451.486921][T27202] netlink: 334 bytes leftover after parsing attributes in process `syz.5.4588'.
[ 1451.503539][T27028] veth0_vlan: entered promiscuous mode
[ 1451.669004][T27202] netlink: 'syz.5.4588': attribute type 21 has an invalid length.
[ 1451.722779][T27202] netlink: 334 bytes leftover after parsing attributes in process `syz.5.4588'.
[ 1451.748324][T27028] veth1_vlan: entered promiscuous mode
[ 1451.798695][T27202] netlink: 'syz.5.4588': attribute type 21 has an invalid length.
[ 1451.853794][T27202] netlink: 334 bytes leftover after parsing attributes in process `syz.5.4588'.
[ 1451.940315][T27202] netlink: 'syz.5.4588': attribute type 21 has an invalid length.
[ 1451.981108][T27202] netlink: 334 bytes leftover after parsing attributes in process `syz.5.4588'.
[ 1452.058289][T27202] netlink: 'syz.5.4588': attribute type 21 has an invalid length.
[ 1452.083478][T27028] veth0_macvtap: entered promiscuous mode
[ 1452.100809][T27202] netlink: 334 bytes leftover after parsing attributes in process `syz.5.4588'.
[ 1452.149652][T27028] veth1_macvtap: entered promiscuous mode
[ 1452.271730][T27028] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1452.390202][T27028] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1452.485228][T27028] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1452.557389][T27028] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1452.633859][T27028] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1452.699882][T27028] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1453.114943][T18693] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1453.172457][T18693] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1453.347394][T17963] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1453.404335][T17963] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1454.159376][T27228] kexec: Could not allocate control_code_buffer
[ 1455.597442][ T5861] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[ 1461.664964][T27301] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4607'.
[ 1462.919753][T27321] : Can't lookup blockdev
[ 1462.972059][T27325] sctp: Changing rto_alpha or rto_beta may lead to suboptimal rtt/srtt estimations!
[ 1465.806756][T27355] FAULT_INJECTION: forcing a failure.
[ 1465.806756][T27355] name failslab, interval 1, probability 0, space 0, times 0
[ 1465.856517][T27355] CPU: 0 UID: 0 PID: 27355 Comm: syz.6.4620 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[ 1465.856554][T27355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1465.856569][T27355] Call Trace:
[ 1465.856578][T27355]  <TASK>
[ 1465.856588][T27355]  dump_stack_lvl+0x16c/0x1f0
[ 1465.856630][T27355]  should_fail_ex+0x512/0x640
[ 1465.856666][T27355]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 1465.856706][T27355]  should_failslab+0xc2/0x120
[ 1465.856730][T27355]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1465.856768][T27355]  ? __kernfs_new_node+0xd2/0x8e0
[ 1465.856806][T27355]  __kernfs_new_node+0xd2/0x8e0
[ 1465.856844][T27355]  ? __pfx___kernfs_new_node+0x10/0x10
[ 1465.856885][T27355]  ? find_held_lock+0x2b/0x80
[ 1465.856911][T27355]  ? kernfs_root+0xee/0x2a0
[ 1465.856950][T27355]  kernfs_new_node+0x13c/0x1e0
[ 1465.856994][T27355]  __kernfs_create_file+0x53/0x350
[ 1465.857024][T27355]  sysfs_add_file_mode_ns+0x207/0x3c0
[ 1465.857064][T27355]  sysfs_merge_group+0x1aa/0x340
[ 1465.857100][T27355]  ? __pfx_sysfs_merge_group+0x10/0x10
[ 1465.857140][T27355]  ? __pfx_dev_add_physical_location+0x10/0x10
[ 1465.857165][T27355]  ? bus_to_subsys+0x131/0x160
[ 1465.857198][T27355]  dpm_sysfs_add+0x237/0x280
[ 1465.857224][T27355]  device_add+0x9a6/0x1a70
[ 1465.857253][T27355]  ? __pfx_device_add+0x10/0x10
[ 1465.857289][T27355]  nfc_register_device+0x41/0x3c0
[ 1465.857331][T27355]  nci_register_device+0x7f1/0xb80
[ 1465.857365][T27355]  ? __pfx_nci_register_device+0x10/0x10
[ 1465.857402][T27355]  ? lockdep_init_map_type+0x5c/0x280
[ 1465.857443][T27355]  virtual_ncidev_open+0x141/0x220
[ 1465.857474][T27355]  ? __pfx_virtual_ncidev_open+0x10/0x10
[ 1465.857510][T27355]  misc_open+0x35d/0x420
[ 1465.857545][T27355]  ? __pfx_misc_open+0x10/0x10
[ 1465.857575][T27355]  chrdev_open+0x234/0x6a0
[ 1465.857613][T27355]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1465.857645][T27355]  ? __pfx_chrdev_open+0x10/0x10
[ 1465.857686][T27355]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 1465.857724][T27355]  do_dentry_open+0x741/0x1c10
[ 1465.857762][T27355]  ? __pfx_chrdev_open+0x10/0x10
[ 1465.857806][T27355]  vfs_open+0x82/0x3f0
[ 1465.857836][T27355]  path_openat+0x1de4/0x2cb0
[ 1465.857881][T27355]  ? __pfx_path_openat+0x10/0x10
[ 1465.857918][T27355]  ? __lock_acquire+0xb8a/0x1c90
[ 1465.857955][T27355]  do_filp_open+0x20b/0x470
[ 1465.857992][T27355]  ? __pfx_do_filp_open+0x10/0x10
[ 1465.858048][T27355]  ? alloc_fd+0x471/0x7d0
[ 1465.858089][T27355]  do_sys_openat2+0x11b/0x1d0
[ 1465.858117][T27355]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1465.858155][T27355]  __x64_sys_openat+0x174/0x210
[ 1465.858184][T27355]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1465.858224][T27355]  do_syscall_64+0xcd/0x490
[ 1465.858263][T27355]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1465.858288][T27355] RIP: 0033:0x7fde24f8e929
[ 1465.858309][T27355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1465.858333][T27355] RSP: 002b:00007fde25d4f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1465.858356][T27355] RAX: ffffffffffffffda RBX: 00007fde251b5fa0 RCX: 00007fde24f8e929
[ 1465.858373][T27355] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c
[ 1465.858389][T27355] RBP: 00007fde25010b39 R08: 0000000000000000 R09: 0000000000000000
[ 1465.858404][T27355] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000000
[ 1465.858419][T27355] R13: 0000000000000000 R14: 00007fde251b5fa0 R15: 00007fff5ac90e18
[ 1465.858450][T27355]  </TASK>
[ 1466.415366][T27364] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4622'.
[ 1466.732344][T27364] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1466.739935][T27364] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1466.765452][T27364] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1466.810116][T27364] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1468.254775][T27389] zram: Removed device: zram0
[ 1468.343607][T27390] QAT: Stopping all acceleration devices.
[ 1468.865213][T27401] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4632'.
[ 1469.039440][T27394] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1470.905205][T27436] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4641'.
[ 1470.983572][T27436] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1471.034560][T27436] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1471.212363][T26568] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1471.221902][T26568] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1471.234768][T26568] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1471.248568][T26568] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1471.259989][T26568] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1471.283178][T27436] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1471.290638][T27436] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1471.592301][T27445] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4642'.
[ 1472.615918][T27441] chnl_net:caif_netlink_parms(): no params data found
[ 1473.094392][T27441] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1473.122743][T27441] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1473.161286][T27441] bridge_slave_0: entered allmulticast mode
[ 1473.206495][T27441] bridge_slave_0: entered promiscuous mode
[ 1473.252616][T27441] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1473.287229][T27441] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1473.325632][T27441] bridge_slave_1: entered allmulticast mode
[ 1473.335372][T26568] Bluetooth: hci4: command tx timeout
[ 1473.394031][T27441] bridge_slave_1: entered promiscuous mode
[ 1473.595585][T27441] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1473.658193][T27441] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1473.927898][T27441] team0: Port device team_slave_0 added
[ 1473.974609][T27441] team0: Port device team_slave_1 added
[ 1474.127141][T27482] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4651'.
[ 1474.189450][T27441] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1474.225363][T27441] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1474.327618][T27441] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1474.383388][T27441] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1474.420639][T27441] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1474.557468][T27441] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1474.785776][T27441] hsr_slave_0: entered promiscuous mode
[ 1474.816679][T27441] hsr_slave_1: entered promiscuous mode
[ 1474.839795][T27441] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1474.872741][T27441] Cannot create hsr debugfs directory
[ 1475.411403][T26568] Bluetooth: hci4: command tx timeout
[ 1476.953124][T27441] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1477.006564][T27441] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1477.085473][T27441] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1477.145018][T27441] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1477.491594][T26568] Bluetooth: hci4: command tx timeout
[ 1477.617207][T27441] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1477.676013][T27441] 8021q: adding VLAN 0 to HW filter on device team0
[ 1477.697338][ T7405] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1477.697460][ T7405] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1477.716648][T17966] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1477.716740][T17966] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1478.442503][T27550] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4664'.
[ 1479.009837][T27441] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1479.575931][T26568] Bluetooth: hci4: command tx timeout
[ 1480.566963][T27441] veth0_vlan: entered promiscuous mode
[ 1480.757451][T27441] veth1_vlan: entered promiscuous mode
[ 1481.055558][T27441] veth0_macvtap: entered promiscuous mode
[ 1481.154570][T27441] veth1_macvtap: entered promiscuous mode
[ 1481.274237][T27441] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1481.330692][T27441] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1481.393690][T27441] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1481.463233][T27441] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1481.521775][T27441] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1481.530531][T27441] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1481.705905][T27604] FAULT_INJECTION: forcing a failure.
[ 1481.705905][T27604] name failslab, interval 1, probability 0, space 0, times 0
[ 1481.797354][T27604] CPU: 0 UID: 0 PID: 27604 Comm: syz.7.4673 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[ 1481.797391][T27604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1481.797407][T27604] Call Trace:
[ 1481.797415][T27604]  <TASK>
[ 1481.797425][T27604]  dump_stack_lvl+0x16c/0x1f0
[ 1481.797468][T27604]  should_fail_ex+0x512/0x640
[ 1481.797502][T27604]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1481.797539][T27604]  should_failslab+0xc2/0x120
[ 1481.797562][T27604]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1481.797595][T27604]  ? __do_sys_memfd_create+0x17b/0x8a0
[ 1481.797629][T27604]  __do_sys_memfd_create+0x17b/0x8a0
[ 1481.797660][T27604]  do_syscall_64+0xcd/0x490
[ 1481.797698][T27604]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1481.797723][T27604] RIP: 0033:0x7f515038e929
[ 1481.797743][T27604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1481.797768][T27604] RSP: 002b:00007f514e1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[ 1481.797791][T27604] RAX: ffffffffffffffda RBX: 00007f51505b6160 RCX: 00007f515038e929
[ 1481.797807][T27604] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1481.797822][T27604] RBP: 00007f5150410b39 R08: 0000000000000000 R09: 0000000000000000
[ 1481.797837][T27604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1481.797851][T27604] R13: 0000000000000000 R14: 00007f51505b6160 R15: 00007ffca70fac48
[ 1481.797888][T27604]  </TASK>
[ 1482.845926][T22427] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1482.883356][T22427] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1483.007568][T18693] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1483.043034][T18693] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1483.354861][T27619] netlink: 13 bytes leftover after parsing attributes in process `syz.7.4674'.
[ 1484.203433][T27629] netlink: 'syz.8.4677': attribute type 1 has an invalid length.
[ 1485.021262][T27647] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4682'.
[ 1486.021632][T27665] netlink: 13 bytes leftover after parsing attributes in process `syz.7.4686'.
[ 1487.797387][T27692] input: jJǸ-���9�%v����l��Q�	J86�� as /devices/virtual/input/input43
[ 1488.923817][T27698] phram: not enough arguments
[ 1490.147953][T27718] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input44
[ 1491.364500][T27732] netlink: 28 bytes leftover after parsing attributes in process `syz.8.4700'.
[ 1491.643154][T27732] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1491.763442][T27732] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1491.870022][T27732] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1491.916849][T27732] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1493.157493][T27760] FAULT_INJECTION: forcing a failure.
[ 1493.157493][T27760] name failslab, interval 1, probability 0, space 0, times 0
[ 1493.247564][T27760] CPU: 0 UID: 0 PID: 27760 Comm: syz.5.4706 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[ 1493.247601][T27760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1493.247616][T27760] Call Trace:
[ 1493.247624][T27760]  <TASK>
[ 1493.247634][T27760]  dump_stack_lvl+0x16c/0x1f0
[ 1493.247675][T27760]  should_fail_ex+0x512/0x640
[ 1493.247709][T27760]  ? fs_reclaim_acquire+0xae/0x150
[ 1493.247739][T27760]  should_failslab+0xc2/0x120
[ 1493.247761][T27760]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1493.247797][T27760]  ? security_inode_alloc+0x3b/0x2b0
[ 1493.247827][T27760]  security_inode_alloc+0x3b/0x2b0
[ 1493.247852][T27760]  inode_init_always_gfp+0xce4/0x1030
[ 1493.247890][T27760]  alloc_inode+0x86/0x240
[ 1493.247915][T27760]  create_pipe_files+0x4c/0x930
[ 1493.247955][T27760]  do_pipe2+0xaf/0x1c0
[ 1493.247990][T27760]  ? __pfx_do_pipe2+0x10/0x10
[ 1493.248026][T27760]  ? __pfx_ksys_write+0x10/0x10
[ 1493.248067][T27760]  __x64_sys_pipe+0x33/0x50
[ 1493.248087][T27760]  do_syscall_64+0xcd/0x490
[ 1493.248123][T27760]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1493.248147][T27760] RIP: 0033:0x7f0db358e929
[ 1493.248166][T27760] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1493.248190][T27760] RSP: 002b:00007f0db446c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000016
[ 1493.248213][T27760] RAX: ffffffffffffffda RBX: 00007f0db37b5fa0 RCX: 00007f0db358e929
[ 1493.248229][T27760] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1493.248244][T27760] RBP: 00007f0db446c090 R08: 0000000000000000 R09: 0000000000000000
[ 1493.248258][T27760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1493.248273][T27760] R13: 0000000000000000 R14: 00007f0db37b5fa0 R15: 00007ffd162347b8
[ 1493.248303][T27760]  </TASK>
[ 1493.433052][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1494.500601][T26568] Bluetooth: hci5: unexpected event 0x3e length: 726 > 260
[ 1494.500636][T26568] Bluetooth: hci5: unexpected subevent 0x0d length: 725 > 260
[ 1494.517512][T26568] Bluetooth: hci5: Unknown advertising packet type: 0x7f
[ 1494.517558][T26568] Bluetooth: hci5: adv larger than maximum supported
[ 1494.525390][T26568] Bluetooth: hci5: adv larger than maximum supported
[ 1494.532996][T26568] Bluetooth: hci5: Malformed LE Event: 0x0d
[ 1494.947598][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1494.956455][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1495.315549][T27789] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4712'.
[ 1498.617845][T27826] size and base must be multiples of 4 kiB
[ 1498.681161][T27826] CPU: 0 UID: 0 PID: 27826 Comm: syz.8.4719 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[ 1498.681198][T27826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1498.681213][T27826] Call Trace:
[ 1498.681222][T27826]  <TASK>
[ 1498.681231][T27826]  dump_stack_lvl+0x16c/0x1f0
[ 1498.681274][T27826]  mtrr_del+0xd1/0x110
[ 1498.681321][T27826]  mtrr_ioctl+0x922/0xcf0
[ 1498.681354][T27826]  ? __pfx_mtrr_ioctl+0x10/0x10
[ 1498.681392][T27826]  ? find_held_lock+0x2b/0x80
[ 1498.681425][T27826]  ? __fget_files+0x20e/0x3c0
[ 1498.681460][T27826]  ? __pfx_mtrr_ioctl+0x10/0x10
[ 1498.681492][T27826]  proc_reg_unlocked_ioctl+0x226/0x320
[ 1498.681528][T27826]  ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10
[ 1498.681568][T27826]  __x64_sys_ioctl+0x18e/0x210
[ 1498.681599][T27826]  do_syscall_64+0xcd/0x490
[ 1498.681638][T27826]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1498.681662][T27826] RIP: 0033:0x7f2005b8e929
[ 1498.681682][T27826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1498.681706][T27826] RSP: 002b:00007f2006abb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1498.681729][T27826] RAX: ffffffffffffffda RBX: 00007f2005db5fa0 RCX: 00007f2005b8e929
[ 1498.681745][T27826] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003
[ 1498.681760][T27826] RBP: 00007f2005c10b39 R08: 0000000000000000 R09: 0000000000000000
[ 1498.681775][T27826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1498.681790][T27826] R13: 0000000000000000 R14: 00007f2005db5fa0 R15: 00007ffe1a7fa2e8
[ 1498.681820][T27826]  </TASK>
[ 1500.833249][T27847] FAULT_INJECTION: forcing a failure.
[ 1500.833249][T27847] name fail_futex, interval 1, probability 0, space 0, times 0
[ 1500.936876][T27847] CPU: 0 UID: 0 PID: 27847 Comm: syz.5.4724 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[ 1500.936912][T27847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1500.936927][T27847] Call Trace:
[ 1500.936936][T27847]  <TASK>
[ 1500.936946][T27847]  dump_stack_lvl+0x16c/0x1f0
[ 1500.936987][T27847]  should_fail_ex+0x512/0x640
[ 1500.937025][T27847]  get_futex_key+0x1d0/0x1540
[ 1500.937057][T27847]  ? __pfx_get_futex_key+0x10/0x10
[ 1500.937084][T27847]  ? find_held_lock+0x2b/0x80
[ 1500.937116][T27847]  futex_wake+0xe7/0x4e0
[ 1500.937151][T27847]  ? __pfx_futex_wake+0x10/0x10
[ 1500.937189][T27847]  ? find_held_lock+0x2b/0x80
[ 1500.937212][T27847]  ? __might_fault+0xe3/0x190
[ 1500.937250][T27847]  do_futex+0x1e3/0x350
[ 1500.937286][T27847]  ? __pfx_do_futex+0x10/0x10
[ 1500.937315][T27847]  ? snd_pcm_oss_ioctl+0x2c2/0x37a0
[ 1500.937348][T27847]  __x64_sys_futex+0x1e0/0x4c0
[ 1500.937379][T27847]  ? __fget_files+0x20e/0x3c0
[ 1500.937411][T27847]  ? __pfx___x64_sys_futex+0x10/0x10
[ 1500.937445][T27847]  ? fput+0x70/0xf0
[ 1500.937473][T27847]  do_syscall_64+0xcd/0x490
[ 1500.937511][T27847]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1500.937535][T27847] RIP: 0033:0x7f0db358e929
[ 1500.937555][T27847] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1500.937578][T27847] RSP: 002b:00007f0db444b0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1500.937601][T27847] RAX: ffffffffffffffda RBX: 00007f0db37b6088 RCX: 00007f0db358e929
[ 1500.937617][T27847] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0db37b608c
[ 1500.937632][T27847] RBP: 00007f0db37b6080 R08: 00007f0db446d000 R09: 0000000000000000
[ 1500.937648][T27847] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0db37b608c
[ 1500.937662][T27847] R13: 0000000000000000 R14: 00007ffd162346d0 R15: 00007ffd162347b8
[ 1500.937691][T27847]  </TASK>
[ 1502.449414][T27870] QAT: Stopping all acceleration devices.
[ 1502.633228][T27874] size and base must be multiples of 4 kiB
[ 1502.647773][T27874] CPU: 0 UID: 0 PID: 27874 Comm: syz.5.4730 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[ 1502.647810][T27874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1502.647825][T27874] Call Trace:
[ 1502.647834][T27874]  <TASK>
[ 1502.647843][T27874]  dump_stack_lvl+0x16c/0x1f0
[ 1502.647885][T27874]  mtrr_del+0xd1/0x110
[ 1502.647918][T27874]  mtrr_ioctl+0x922/0xcf0
[ 1502.647950][T27874]  ? __pfx_mtrr_ioctl+0x10/0x10
[ 1502.647987][T27874]  ? find_held_lock+0x2b/0x80
[ 1502.648022][T27874]  ? __fget_files+0x20e/0x3c0
[ 1502.648056][T27874]  ? __pfx_mtrr_ioctl+0x10/0x10
[ 1502.648088][T27874]  proc_reg_unlocked_ioctl+0x226/0x320
[ 1502.648125][T27874]  ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10
[ 1502.648164][T27874]  __x64_sys_ioctl+0x18e/0x210
[ 1502.648204][T27874]  do_syscall_64+0xcd/0x490
[ 1502.648243][T27874]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1502.648268][T27874] RIP: 0033:0x7f0db358e929
[ 1502.648289][T27874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1502.648314][T27874] RSP: 002b:00007f0db446c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1502.648337][T27874] RAX: ffffffffffffffda RBX: 00007f0db37b5fa0 RCX: 00007f0db358e929
[ 1502.648354][T27874] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003
[ 1502.648369][T27874] RBP: 00007f0db3610b39 R08: 0000000000000000 R09: 0000000000000000
[ 1502.648384][T27874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1502.648399][T27874] R13: 0000000000000000 R14: 00007f0db37b5fa0 R15: 00007ffd162347b8
[ 1502.648429][T27874]  </TASK>
[ 1505.102416][T27899] ptrace attach of "./syz-executor exec"[26963] was attempted by "./syz-executor exec"[27899]
[ 1505.990843][T27924] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4740'.
[ 1507.247338][T27951] Invalid ELF header magic: != ELF
[ 1507.383849][T27956] Invalid ELF header magic: != ELF
[ 1508.204289][T27960] kAFS: No cell specified
[ 1509.662202][T27985] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3)
[ 1509.819618][T27990] FAULT_INJECTION: forcing a failure.
[ 1509.819618][T27990] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1509.872243][T27990] CPU: 0 UID: 0 PID: 27990 Comm: syz.8.4753 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[ 1509.872279][T27990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1509.872294][T27990] Call Trace:
[ 1509.872302][T27990]  <TASK>
[ 1509.872311][T27990]  dump_stack_lvl+0x16c/0x1f0
[ 1509.872351][T27990]  should_fail_ex+0x512/0x640
[ 1509.872389][T27990]  _copy_from_user+0x2e/0xd0
[ 1509.872430][T27990]  copy_msghdr_from_user+0x98/0x160
[ 1509.872467][T27990]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1509.872517][T27990]  ___sys_sendmsg+0xfe/0x1d0
[ 1509.872552][T27990]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1509.872585][T27990]  ? __lock_acquire+0x622/0x1c90
[ 1509.872652][T27990]  __sys_sendmsg+0x16d/0x220
[ 1509.872688][T27990]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1509.872741][T27990]  do_syscall_64+0xcd/0x490
[ 1509.872778][T27990]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1509.872802][T27990] RIP: 0033:0x7f2005b8e929
[ 1509.872821][T27990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1509.872845][T27990] RSP: 002b:00007f2006abb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1509.872867][T27990] RAX: ffffffffffffffda RBX: 00007f2005db5fa0 RCX: 00007f2005b8e929
[ 1509.872884][T27990] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000003
[ 1509.872898][T27990] RBP: 00007f2006abb090 R08: 0000000000000000 R09: 0000000000000000
[ 1509.872913][T27990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1509.872927][T27990] R13: 0000000000000000 R14: 00007f2005db5fa0 R15: 00007ffe1a7fa2e8
[ 1509.872962][T27990]  </TASK>
[ 1511.949823][T28019] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4760'.
[ 1513.665578][T28045] ubi0: attaching mtd0
[ 1513.689958][T28045] ubi0: scanning is finished
[ 1513.701487][T28045] ubi0 error: ubi_read_volume_table: the layout volume was not found
[ 1513.837620][T28055] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4769'.
[ 1513.855892][T28047] ceph: Failed to parse sending metrics switch value 'P^'
[ 1513.914837][T28045] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22
[ 1514.347477][T28060] netlink: 338 bytes leftover after parsing attributes in process `syz.8.4770'.
[ 1516.239114][ T5861] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 1516.250416][ T5861] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 1516.266812][ T5861] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 1516.282343][ T5861] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 1516.292422][ T5861] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 1516.717426][T28103] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4779'.
[ 1517.425665][T28092] chnl_net:caif_netlink_parms(): no params data found
[ 1517.674652][T28113] FAULT_INJECTION: forcing a failure.
[ 1517.674652][T28113] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1517.746149][T28113] CPU: 0 UID: 0 PID: 28113 Comm: syz.6.4780 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[ 1517.746185][T28113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1517.746201][T28113] Call Trace:
[ 1517.746210][T28113]  <TASK>
[ 1517.746220][T28113]  dump_stack_lvl+0x16c/0x1f0
[ 1517.746262][T28113]  should_fail_ex+0x512/0x640
[ 1517.746302][T28113]  should_fail_alloc_page+0xe7/0x130
[ 1517.746329][T28113]  prepare_alloc_pages+0x3c2/0x610
[ 1517.746358][T28113]  ? rcu_is_watching+0x12/0xc0
[ 1517.746388][T28113]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[ 1517.746430][T28113]  ? rcu_is_watching+0x12/0xc0
[ 1517.746455][T28113]  ? trace_mm_page_alloc+0x11f/0x1a0
[ 1517.746484][T28113]  ? __alloc_frozen_pages_noprof+0x294/0x23f0
[ 1517.746523][T28113]  ? __pfx_stack_trace_save+0x10/0x10
[ 1517.746552][T28113]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1517.746599][T28113]  ? alloc_vmap_area+0x645/0x29c0
[ 1517.746625][T28113]  ? __vmalloc_node_range_noprof+0x271/0x14b0
[ 1517.746656][T28113]  ? __do_sys_listmount+0x1c2/0xec0
[ 1517.746686][T28113]  ? do_syscall_64+0xcd/0x490
[ 1517.746721][T28113]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1517.746768][T28113]  alloc_pages_bulk_noprof+0x71c/0x1410
[ 1517.746805][T28113]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1517.746844][T28113]  ? policy_nodemask+0xea/0x4e0
[ 1517.746871][T28113]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[ 1517.746911][T28113]  ? __pfx_alloc_pages_mpol+0x10/0x10
[ 1517.746947][T28113]  kasan_populate_vmalloc+0xf1/0x1f0
[ 1517.746987][T28113]  alloc_vmap_area+0x959/0x29c0
[ 1517.747025][T28113]  ? __pfx_alloc_vmap_area+0x10/0x10
[ 1517.747060][T28113]  __get_vm_area_node+0x1ca/0x330
[ 1517.747094][T28113]  __vmalloc_node_range_noprof+0x271/0x14b0
[ 1517.747127][T28113]  ? __do_sys_listmount+0x1c2/0xec0
[ 1517.747164][T28113]  ? __lock_acquire+0xb8a/0x1c90
[ 1517.747197][T28113]  ? __do_sys_listmount+0x1c2/0xec0
[ 1517.747234][T28113]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1517.747267][T28113]  ? __alloc_pages_noprof+0xb/0x1b0
[ 1517.747303][T28113]  ? ___kmalloc_large_node+0x84/0x1e0
[ 1517.747330][T28113]  ? find_held_lock+0x2b/0x80
[ 1517.747360][T28113]  __kvmalloc_node_noprof+0x30a/0x620
[ 1517.747395][T28113]  ? __do_sys_listmount+0x1c2/0xec0
[ 1517.747427][T28113]  ? __do_sys_listmount+0x1c2/0xec0
[ 1517.747463][T28113]  ? __do_sys_listmount+0x1c2/0xec0
[ 1517.747492][T28113]  __do_sys_listmount+0x1c2/0xec0
[ 1517.747528][T28113]  ? __x64_sys_futex+0x1e0/0x4c0
[ 1517.747556][T28113]  ? __x64_sys_futex+0x1e9/0x4c0
[ 1517.747587][T28113]  ? __pfx___do_sys_listmount+0x10/0x10
[ 1517.747632][T28113]  do_syscall_64+0xcd/0x490
[ 1517.747671][T28113]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1517.747695][T28113] RIP: 0033:0x7fde24f8e929
[ 1517.747716][T28113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1517.747746][T28113] RSP: 002b:00007fde25d4f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca
[ 1517.747769][T28113] RAX: ffffffffffffffda RBX: 00007fde251b5fa0 RCX: 00007fde24f8e929
[ 1517.747786][T28113] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100
[ 1517.747802][T28113] RBP: 00007fde25010b39 R08: 0000000000000000 R09: 0000000000000000
[ 1517.747817][T28113] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 1517.747832][T28113] R13: 0000000000000000 R14: 00007fde251b5fa0 R15: 00007fff5ac90e18
[ 1517.747862][T28113]  </TASK>
[ 1517.748861][T28113] syz.6.4780: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null)
[ 1518.372660][T28092] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1518.409988][ T5861] Bluetooth: hci7: command tx timeout
[ 1518.431596][T28092] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1518.440642][T28092] bridge_slave_0: entered allmulticast mode
[ 1518.462716][T28092] bridge_slave_0: entered promiscuous mode
[ 1518.502725][T28092] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1518.531905][T28092] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1518.555872][T28092] bridge_slave_1: entered allmulticast mode
[ 1518.581339][T28092] bridge_slave_1: entered promiscuous mode
[ 1518.740823][T28092] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1518.794571][T28092] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1518.929283][T28113] ,cpuset=/,mems_allowed=0-1
[ 1518.945734][T28113] CPU: 0 UID: 0 PID: 28113 Comm: syz.6.4780 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[ 1518.945778][T28113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1518.945797][T28113] Call Trace:
[ 1518.945808][T28113]  <TASK>
[ 1518.945824][T28113]  dump_stack_lvl+0x16c/0x1f0
[ 1518.945866][T28113]  warn_alloc+0x248/0x3a0
[ 1518.945905][T28113]  ? __pfx_warn_alloc+0x10/0x10
[ 1518.945946][T28113]  ? kfree+0x2b4/0x4d0
[ 1518.945982][T28113]  ? __get_vm_area_node+0x208/0x330
[ 1518.946017][T28113]  __vmalloc_node_range_noprof+0xb2d/0x14b0
[ 1518.946056][T28113]  ? __lock_acquire+0xb8a/0x1c90
[ 1518.946089][T28113]  ? __do_sys_listmount+0x1c2/0xec0
[ 1518.946128][T28113]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1518.946161][T28113]  ? __alloc_pages_noprof+0xb/0x1b0
[ 1518.946195][T28113]  ? ___kmalloc_large_node+0x84/0x1e0
[ 1518.946222][T28113]  ? find_held_lock+0x2b/0x80
[ 1518.946252][T28113]  __kvmalloc_node_noprof+0x30a/0x620
[ 1518.946287][T28113]  ? __do_sys_listmount+0x1c2/0xec0
[ 1518.946318][T28113]  ? __do_sys_listmount+0x1c2/0xec0
[ 1518.946353][T28113]  ? __do_sys_listmount+0x1c2/0xec0
[ 1518.946382][T28113]  __do_sys_listmount+0x1c2/0xec0
[ 1518.946417][T28113]  ? __x64_sys_futex+0x1e0/0x4c0
[ 1518.946446][T28113]  ? __x64_sys_futex+0x1e9/0x4c0
[ 1518.946476][T28113]  ? __pfx___do_sys_listmount+0x10/0x10
[ 1518.946521][T28113]  do_syscall_64+0xcd/0x490
[ 1518.946559][T28113]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1518.946583][T28113] RIP: 0033:0x7fde24f8e929
[ 1518.946603][T28113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1518.946626][T28113] RSP: 002b:00007fde25d4f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca
[ 1518.946654][T28113] RAX: ffffffffffffffda RBX: 00007fde251b5fa0 RCX: 00007fde24f8e929
[ 1518.946671][T28113] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100
[ 1518.946687][T28113] RBP: 00007fde25010b39 R08: 0000000000000000 R09: 0000000000000000
[ 1518.946702][T28113] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 1518.946717][T28113] R13: 0000000000000000 R14: 00007fde251b5fa0 R15: 00007fff5ac90e18
[ 1518.946747][T28113]  </TASK>
[ 1518.946756][T28113] Mem-Info:
[ 1519.374041][T28092] team0: Port device team_slave_0 added
[ 1519.384459][T28092] team0: Port device team_slave_1 added
[ 1519.430434][T28092] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1519.439272][T28092] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1519.582304][T28092] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1519.646185][T28092] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1519.672166][T28092] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1519.779649][T28113] active_anon:14869 inactive_anon:303 isolated_anon:0
[ 1519.779649][T28113]  active_file:16829 inactive_file:7177 isolated_file:0
[ 1519.779649][T28113]  unevictable:1965 dirty:475 writeback:0
[ 1519.779649][T28113]  slab_reclaimable:11938 slab_unreclaimable:112261
[ 1519.779649][T28113]  mapped:60641 shmem:1398 pagetables:1392
[ 1519.779649][T28113]  sec_pagetables:0 bounce:0
[ 1519.779649][T28113]  kernel_misc_reclaimable:0
[ 1519.779649][T28113]  free:1269235 free_pcp:10954 free_cma:0
[ 1519.857231][T28092] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1520.072097][T28113] Node 0 active_anon:59484kB inactive_anon:92kB active_file:67312kB inactive_file:28536kB unevictable:6344kB isolated(anon):0kB isolated(file):0kB mapped:242552kB dirty:1992kB writeback:0kB shmem:4004kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13456kB pagetables:5292kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1520.153506][T28092] hsr_slave_0: entered promiscuous mode
[ 1520.174129][T28092] hsr_slave_1: entered promiscuous mode
[ 1520.183402][T28092] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1520.239583][T28092] Cannot create hsr debugfs directory
[ 1520.274181][T28113] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:176kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1520.409068][T28113] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1520.456079][ T5861] Bluetooth: hci7: command tx timeout
[ 1520.526748][T28113] lowmem_reserve[]: 0 2480 2482 2482 2482
[ 1520.567734][T28113] Node 0 DMA32 free:1141812kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:59436kB inactive_anon:92kB active_file:67220kB inactive_file:27404kB unevictable:6368kB writepending:1984kB present:3129332kB managed:2540352kB mlocked:4828kB bounce:0kB free_pcp:43092kB local_pcp:43092kB free_cma:0kB
[ 1520.683403][T28113] lowmem_reserve[]: 0 0 1 1 1
[ 1520.705194][T28113] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:152kB inactive_anon:0kB active_file:92kB inactive_file:1080kB unevictable:28kB writepending:8kB present:1048580kB managed:1388kB mlocked:28kB bounce:0kB free_pcp:24kB local_pcp:24kB free_cma:0kB
[ 1520.829931][T28113] lowmem_reserve[]: 0 0 0 0 0
[ 1520.843236][T28113] Node 1 Normal free:3919764kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1520.958812][T28113] lowmem_reserve[]: 0 0 0 0 0
[ 1520.980029][T28113] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1521.046791][T28092] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 1521.056353][T28113] Node 0 DMA32: 5047*4kB (UME) 2937*8kB (M) 1781*16kB (ME) 1122*32kB (ME) 628*64kB (ME) 468*128kB (M) 281*256kB (UME) 251*512kB (UME) 122*1024kB (UME) 5*2048kB (UME) 146*4096kB (UM) = 1141812kB
[ 1521.121609][T28092] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 1521.164979][T28113] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[ 1521.206999][T28092] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 1521.231600][T28113] Node 1 Normal: 183*4kB (UME) 55*8kB (UME) 36*16kB (UME) 236*32kB (UME) 101*64kB (UME) 38*128kB (UME) 13*256kB (UM) 7*512kB (UME) 3*1024kB (UME) 3*2048kB (UE) 948*4096kB (UM) = 3919764kB
[ 1521.284354][T28092] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 1521.327157][T28113] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1521.359085][T28113] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[ 1521.413513][T28113] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1521.462746][T28113] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1521.509912][T28113] 28306 total pagecache pages
[ 1521.535737][T28113] 579 pages in swap cache
[ 1521.562813][T28113] Free swap  = 120820kB
[ 1521.581810][T28113] Total swap = 124996kB
[ 1521.615759][T28113] 2097051 pages RAM
[ 1521.636177][T28113] 0 pages HighMem/MovableOnly
[ 1521.671498][T28113] 429985 pages reserved
[ 1521.681329][T28113] 0 pages cma reserved
[ 1521.694579][T28092] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1521.797692][T28092] 8021q: adding VLAN 0 to HW filter on device team0
[ 1521.841682][T18689] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1521.848873][T18689] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1521.921476][T18689] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1521.928668][T18689] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1522.187526][T28092] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1522.536256][T26568] Bluetooth: hci7: command tx timeout
[ 1522.616538][T26568] Bluetooth: hci3: command 0x0406 tx timeout
[ 1523.268075][T28092] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1524.611483][T26568] Bluetooth: hci7: command tx timeout
[ 1524.933355][T28092] veth0_vlan: entered promiscuous mode
[ 1524.987271][T28092] veth1_vlan: entered promiscuous mode
[ 1525.096650][T28208] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4795'.
[ 1525.113946][T28092] veth0_macvtap: entered promiscuous mode
[ 1525.209938][T28092] veth1_macvtap: entered promiscuous mode
[ 1525.325491][T28092] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1525.386516][T28092] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1525.535672][T28092] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1525.580171][T28092] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1525.608423][T28216] Setting dangerous option i915.mitigations - tainting kernel
[ 1525.621044][T28092] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1525.663281][T28092] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1526.368644][T18689] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1526.418132][T18689] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1526.670057][T18689] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1526.714756][T18689] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1527.219456][T28231] netlink: 13 bytes leftover after parsing attributes in process `syz.8.4799'.
[ 1528.128092][T28252] FAULT_INJECTION: forcing a failure.
[ 1528.128092][T28252] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1528.221889][T28252] CPU: 0 UID: 0 PID: 28252 Comm: syz.8.4802 Tainted: G     U              6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[ 1528.221930][T28252] Tainted: [U]=USER
[ 1528.221939][T28252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1528.221954][T28252] Call Trace:
[ 1528.221962][T28252]  <TASK>
[ 1528.221971][T28252]  dump_stack_lvl+0x16c/0x1f0
[ 1528.222013][T28252]  should_fail_ex+0x512/0x640
[ 1528.222053][T28252]  _copy_from_user+0x2e/0xd0
[ 1528.222092][T28252]  do_fcntl+0xd52/0x15a0
[ 1528.222117][T28252]  ? __pfx_do_fcntl+0x10/0x10
[ 1528.222149][T28252]  ? tomoyo_file_fcntl+0x6c/0xc0
[ 1528.222192][T28252]  __x64_sys_fcntl+0x163/0x200
[ 1528.222220][T28252]  do_syscall_64+0xcd/0x490
[ 1528.222259][T28252]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1528.222284][T28252] RIP: 0033:0x7f2005b8e929
[ 1528.222305][T28252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1528.222331][T28252] RSP: 002b:00007f2006abb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
[ 1528.222355][T28252] RAX: ffffffffffffffda RBX: 00007f2005db5fa0 RCX: 00007f2005b8e929
[ 1528.222372][T28252] RDX: 0000000000000000 RSI: 000000000000000f RDI: 0000000000000003
[ 1528.222387][T28252] RBP: 00007f2006abb090 R08: 0000000000000000 R09: 0000000000000000
[ 1528.222403][T28252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1528.222418][T28252] R13: 0000000000000000 R14: 00007f2005db5fa0 R15: 00007ffe1a7fa2e8
[ 1528.222455][T28252]  </TASK>
[ 1529.023325][T28236] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1529.195877][T28236] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1529.230730][T28268] netlink: 28 bytes leftover after parsing attributes in process `syz.9.4805'.
[ 1529.503918][T28236] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1529.553179][T28268] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1529.580712][T26568] Bluetooth: hci2: command 0x0406 tx timeout
[ 1529.712647][T28268] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1529.866909][T28268] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1529.900508][T28268] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1529.952749][T28236] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1530.069129][T28236] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1530.143550][T28236] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1530.280024][T28236] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1530.322885][T28236] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1530.392890][T28236] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1530.457497][T28236] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1530.553574][T28236] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1530.588668][T28236] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 1530.700543][T28236] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 1530.757906][T28236] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1530.807982][T28236] Bluetooth: hci6: Opcode 0x0406 failed: -4
[ 1530.905888][T28236] Bluetooth: hci6: Opcode 0x0406 failed: -4
[ 1531.007147][T28236] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1531.037637][T28236] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1531.069537][T28236] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1531.175685][T28236] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[ 1531.203917][T28236] Bluetooth: hci7: Opcode 0x0406 failed: -4
[ 1531.244138][T28236] Bluetooth: hci7: Opcode 0x0406 failed: -4
[ 1531.651151][T26568] Bluetooth: hci2: command 0x0406 tx timeout
[ 1532.131116][T26568] Bluetooth: hci1: command 0x0406 tx timeout
[ 1532.291158][T26568] Bluetooth: hci0: command 0x0406 tx timeout
[ 1532.451980][T26568] Bluetooth: hci3: command 0x0406 tx timeout
[ 1532.561129][T28294] can: request_module (can-proto-0) failed.
[ 1532.615667][T26568] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1532.759513][T28303] FAULT_INJECTION: forcing a failure.
[ 1532.759513][T28303] name failslab, interval 1, probability 0, space 0, times 0
[ 1532.780070][T26568] Bluetooth: hci6: command 0x0c1a tx timeout
[ 1532.844181][T28304] input: jJǸ-���9�%v����l��Q�	J86�� as /devices/virtual/input/input46
[ 1532.901719][T28303] CPU: 0 UID: 0 PID: 28303 Comm: syz.9.4813 Tainted: G     U              6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[ 1532.901760][T28303] Tainted: [U]=USER
[ 1532.901768][T28303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1532.901783][T28303] Call Trace:
[ 1532.901790][T28303]  <TASK>
[ 1532.901800][T28303]  dump_stack_lvl+0x16c/0x1f0
[ 1532.901841][T28303]  should_fail_ex+0x512/0x640
[ 1532.901883][T28303]  ? fs_reclaim_acquire+0xae/0x150
[ 1532.901914][T28303]  should_failslab+0xc2/0x120
[ 1532.901937][T28303]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1532.901975][T28303]  ? security_inode_alloc+0x3b/0x2b0
[ 1532.902005][T28303]  security_inode_alloc+0x3b/0x2b0
[ 1532.902032][T28303]  inode_init_always_gfp+0xce4/0x1030
[ 1532.902071][T28303]  alloc_inode+0x86/0x240
[ 1532.902096][T28303]  create_pipe_files+0x4c/0x930
[ 1532.902138][T28303]  do_pipe2+0xaf/0x1c0
[ 1532.902173][T28303]  ? __pfx_do_pipe2+0x10/0x10
[ 1532.902211][T28303]  ? __pfx_ksys_write+0x10/0x10
[ 1532.902329][T28303]  __x64_sys_pipe+0x33/0x50
[ 1532.902355][T28303]  do_syscall_64+0xcd/0x490
[ 1532.902403][T28303]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1532.902432][T28303] RIP: 0033:0x7f771a58e929
[ 1532.902457][T28303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1532.902484][T28303] RSP: 002b:00007f771b34e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000016
[ 1532.902509][T28303] RAX: ffffffffffffffda RBX: 00007f771a7b5fa0 RCX: 00007f771a58e929
[ 1532.902527][T28303] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1532.902544][T28303] RBP: 00007f771b34e090 R08: 0000000000000000 R09: 0000000000000000
[ 1532.902560][T28303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1532.902577][T28303] R13: 0000000000000000 R14: 00007f771a7b5fa0 R15: 00007fff4df720a8
[ 1532.902610][T28303]  </TASK>
[ 1533.357728][T26568] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1533.364922][T26568] Bluetooth: hci7: command 0x0c1a tx timeout
[ 1533.768733][ T5861] Bluetooth: hci2: command 0x0406 tx timeout
[ 1534.016459][T28321] netlink: 28 bytes leftover after parsing attributes in process `syz.9.4817'.
[ 1534.211220][ T5861] Bluetooth: hci1: command 0x0406 tx timeout
[ 1534.371862][ T5861] Bluetooth: hci0: command 0x0406 tx timeout
[ 1534.534630][ T5861] Bluetooth: hci3: command 0x0406 tx timeout
[ 1534.691260][ T5861] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1534.813150][T28330] netlink: 146 bytes leftover after parsing attributes in process `syz.9.4819'.
[ 1534.857715][ T5861] Bluetooth: hci6: command 0x0c1a tx timeout
[ 1535.185556][T28340] Unable to find swap-space signature
[ 1535.411473][ T5861] Bluetooth: hci7: command 0x0c1a tx timeout
[ 1535.418263][T26568] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1535.528370][T28339] ima: policy update failed
[ 1535.601654][   T30] audit: type=1802 audit(6047013642.082:51): pid=28339 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.6.4821" res=0 errno=0
[ 1535.811806][ T5861] Bluetooth: hci2: command 0x0406 tx timeout
[ 1536.771597][ T5861] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1536.809362][T28366] netlink: 28 bytes leftover after parsing attributes in process `syz.9.4828'.
[ 1536.936885][ T5861] Bluetooth: hci6: command 0x0c1a tx timeout
[ 1537.491238][ T5861] Bluetooth: hci7: command 0x0c1a tx timeout
[ 1537.497314][ T5861] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1538.918814][T28389] FAULT_INJECTION: forcing a failure.
[ 1538.918814][T28389] name failslab, interval 1, probability 0, space 0, times 0
[ 1539.057279][T28389] CPU: 0 UID: 0 PID: 28389 Comm: syz.6.4831 Tainted: G     U              6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[ 1539.057321][T28389] Tainted: [U]=USER
[ 1539.057330][T28389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1539.057345][T28389] Call Trace:
[ 1539.057353][T28389]  <TASK>
[ 1539.057363][T28389]  dump_stack_lvl+0x16c/0x1f0
[ 1539.057404][T28389]  should_fail_ex+0x512/0x640
[ 1539.057440][T28389]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[ 1539.057485][T28389]  should_failslab+0xc2/0x120
[ 1539.057509][T28389]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[ 1539.057550][T28389]  ? kvasprintf_const+0x66/0x1a0
[ 1539.057578][T28389]  kvasprintf+0xbc/0x160
[ 1539.057600][T28389]  ? __pfx_kvasprintf+0x10/0x10
[ 1539.057625][T28389]  ? rcu_read_unlock+0x17/0x60
[ 1539.057649][T28389]  ? kernel_text_address+0x8d/0x100
[ 1539.057695][T28389]  kvasprintf_const+0x66/0x1a0
[ 1539.057719][T28389]  kobject_set_name_vargs+0x5a/0x140
[ 1539.057744][T28389]  dev_set_name+0xc7/0x100
[ 1539.057774][T28389]  ? __pfx_dev_set_name+0x10/0x10
[ 1539.057804][T28389]  ? rcu_is_watching+0x12/0xc0
[ 1539.057830][T28389]  ? trace_kmalloc+0x2b/0xd0
[ 1539.057854][T28389]  ? __kmalloc_noprof.cold+0x5c/0x61
[ 1539.057897][T28389]  wiphy_new_nm+0x811/0x2160
[ 1539.057923][T28389]  ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10
[ 1539.057951][T28389]  ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10
[ 1539.057978][T28389]  ieee80211_alloc_hw_nm+0x1b7a/0x2260
[ 1539.058004][T28389]  ? __local_bh_enable_ip+0xa4/0x120
[ 1539.058036][T28389]  mac80211_hwsim_new_radio+0x1d4/0x54d0
[ 1539.058095][T28389]  ? __asan_memset+0x23/0x50
[ 1539.058129][T28389]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[ 1539.058177][T28389]  hwsim_new_radio_nl+0xb51/0x12c0
[ 1539.058217][T28389]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1539.058264][T28389]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[ 1539.058302][T28389]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[ 1539.058342][T28389]  genl_family_rcv_msg_doit+0x209/0x2f0
[ 1539.058374][T28389]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1539.058405][T28389]  ? trace_cap_capable+0x18d/0x200
[ 1539.058436][T28389]  ? bpf_lsm_capable+0x9/0x10
[ 1539.058466][T28389]  ? security_capable+0x7e/0x260
[ 1539.058491][T28389]  ? ns_capable+0xd7/0x110
[ 1539.058519][T28389]  genl_rcv_msg+0x55c/0x800
[ 1539.058552][T28389]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1539.058582][T28389]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1539.058630][T28389]  netlink_rcv_skb+0x158/0x420
[ 1539.058656][T28389]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1539.058687][T28389]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1539.058725][T28389]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1539.058769][T28389]  genl_rcv+0x28/0x40
[ 1539.058794][T28389]  netlink_unicast+0x53a/0x7f0
[ 1539.058823][T28389]  ? __pfx_netlink_unicast+0x10/0x10
[ 1539.058857][T28389]  netlink_sendmsg+0x8d1/0xdd0
[ 1539.058887][T28389]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1539.058924][T28389]  ____sys_sendmsg+0xa98/0xc70
[ 1539.058953][T28389]  ? copy_msghdr_from_user+0x10a/0x160
[ 1539.058989][T28389]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1539.059023][T28389]  ? __pfx_futex_wake_mark+0x10/0x10
[ 1539.059068][T28389]  ___sys_sendmsg+0x134/0x1d0
[ 1539.059107][T28389]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1539.059141][T28389]  ? __lock_acquire+0x622/0x1c90
[ 1539.059211][T28389]  __sys_sendmsg+0x16d/0x220
[ 1539.059249][T28389]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1539.059285][T28389]  ? __x64_sys_futex+0x1e0/0x4c0
[ 1539.059333][T28389]  do_syscall_64+0xcd/0x490
[ 1539.059373][T28389]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1539.059398][T28389] RIP: 0033:0x7fde24f8e929
[ 1539.059418][T28389] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1539.059443][T28389] RSP: 002b:00007fde25d4f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1539.059465][T28389] RAX: ffffffffffffffda RBX: 00007fde251b5fa0 RCX: 00007fde24f8e929
[ 1539.059482][T28389] RDX: 0000000004048000 RSI: 0000200000004240 RDI: 0000000000000004
[ 1539.059498][T28389] RBP: 00007fde25010b39 R08: 0000000000000000 R09: 0000000000000000
[ 1539.059513][T28389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1539.059528][T28389] R13: 0000000000000000 R14: 00007fde251b5fa0 R15: 00007fff5ac90e18
[ 1539.059558][T28389]  </TASK>
[ 1542.335385][T28434] ptrace attach of "./syz-executor exec"[27008] was attempted by "./syz-executor exec"[28434]
[ 1544.680489][T28463] kexec: Could not allocate control_code_buffer
[ 1545.199954][T28449] ptrace attach of "./syz-executor exec"[28092] was attempted by "./syz-executor exec"[28449]
[ 1547.590374][T28507] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input47
[ 1548.048578][T28515] smpboot: Booting Node 0 Processor 1 APIC 0x1
[ 1548.209248][T28511] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4855'.
[ 1549.630860][T28541] FAULT_INJECTION: forcing a failure.
[ 1549.630860][T28541] name failslab, interval 1, probability 0, space 0, times 0
[ 1549.650270][T28541] CPU: 0 UID: 0 PID: 28541 Comm: syz.5.4864 Tainted: G     U              6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[ 1549.650333][T28541] Tainted: [U]=USER
[ 1549.650346][T28541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1549.650368][T28541] Call Trace:
[ 1549.650380][T28541]  <TASK>
[ 1549.650394][T28541]  dump_stack_lvl+0x16c/0x1f0
[ 1549.650453][T28541]  should_fail_ex+0x512/0x640
[ 1549.650504][T28541]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1549.650562][T28541]  should_failslab+0xc2/0x120
[ 1549.650598][T28541]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1549.650647][T28541]  ? kobject_uevent_env+0x265/0x1870
[ 1549.650692][T28541]  kobject_uevent_env+0x265/0x1870
[ 1549.650730][T28541]  ? __pfx_dev_uevent_name+0x10/0x10
[ 1549.650784][T28541]  ? bus_to_subsys+0x131/0x160
[ 1549.650832][T28541]  device_add+0x10dd/0x1a70
[ 1549.650874][T28541]  ? __pfx_device_add+0x10/0x10
[ 1549.650939][T28541]  nfc_register_device+0x41/0x3c0
[ 1549.650996][T28541]  nci_register_device+0x7f1/0xb80
[ 1549.651044][T28541]  ? __pfx_nci_register_device+0x10/0x10
[ 1549.651096][T28541]  ? lockdep_init_map_type+0x5c/0x280
[ 1549.651156][T28541]  virtual_ncidev_open+0x141/0x220
[ 1549.651202][T28541]  ? __pfx_virtual_ncidev_open+0x10/0x10
[ 1549.651245][T28541]  misc_open+0x35d/0x420
[ 1549.651288][T28541]  ? __pfx_misc_open+0x10/0x10
[ 1549.651331][T28541]  chrdev_open+0x234/0x6a0
[ 1549.651383][T28541]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1549.651434][T28541]  ? __pfx_chrdev_open+0x10/0x10
[ 1549.651489][T28541]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 1549.651537][T28541]  do_dentry_open+0x741/0x1c10
[ 1549.651583][T28541]  ? __pfx_chrdev_open+0x10/0x10
[ 1549.651637][T28541]  vfs_open+0x82/0x3f0
[ 1549.651674][T28541]  path_openat+0x1de4/0x2cb0
[ 1549.651731][T28541]  ? __pfx_path_openat+0x10/0x10
[ 1549.651776][T28541]  ? __lock_acquire+0xb8a/0x1c90
[ 1549.651821][T28541]  do_filp_open+0x20b/0x470
[ 1549.651866][T28541]  ? __pfx_do_filp_open+0x10/0x10
[ 1549.651946][T28541]  ? alloc_fd+0x471/0x7d0
[ 1549.651998][T28541]  do_sys_openat2+0x11b/0x1d0
[ 1549.652032][T28541]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1549.652082][T28541]  __x64_sys_openat+0x174/0x210
[ 1549.652118][T28541]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1549.652168][T28541]  do_syscall_64+0xcd/0x490
[ 1549.652216][T28541]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1549.652247][T28541] RIP: 0033:0x7f0db358e929
[ 1549.652273][T28541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1549.652303][T28541] RSP: 002b:00007f0db446c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1549.652333][T28541] RAX: ffffffffffffffda RBX: 00007f0db37b5fa0 RCX: 00007f0db358e929
[ 1549.652354][T28541] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c
[ 1549.652375][T28541] RBP: 00007f0db3610b39 R08: 0000000000000000 R09: 0000000000000000
[ 1549.652394][T28541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1549.652414][T28541] R13: 0000000000000000 R14: 00007f0db37b5fa0 R15: 00007ffd162347b8
[ 1549.652453][T28541]  </TASK>
[ 1550.067722][T28546] netlink: 330 bytes leftover after parsing attributes in process `syz.8.4865'.
[ 1551.680160][T28557] kAFS: No cell specified
[ 1551.702310][T28576] Invalid ELF header magic: != ELF
[ 1554.122424][T28606] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4878'.
[ 1554.683105][T28618] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input48
[ 1556.388674][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1556.395284][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1556.464452][T28651] netlink: 28 bytes leftover after parsing attributes in process `syz.9.4888'.
[ 1556.685824][T28656] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input49
[ 1560.072353][T28716] sg_write: data in/out 3292/1 bytes for SCSI command 0xa3-- guessing data in;
[ 1560.072353][T28716]    program syz.5.4905 not setting count and/or reply_len properly
[ 1562.616313][T28753] [U] 
[ 1562.619209][T28753] [U] 
[ 1562.621984][T28753] [U] 
[ 1562.624771][T28753] [U] 
[ 1562.628120][T28753] [U] 
[ 1562.630917][T28753] [U] 
[ 1562.633690][T28753] [U] 
[ 1562.636472][T28753] [U] 
[ 1562.654181][T28753] [U] 
[ 1562.657074][T28753] [U] 
[ 1562.659818][T28753] [U] 
[ 1562.662675][T28753] [U] 
[ 1562.694598][T28753] [U] 
[ 1562.697417][T28753] [U] 
[ 1562.700202][T28753] [U] 
[ 1562.702968][T28753] [U] 
[ 1562.720395][T28753] [U] 
[ 1562.723209][T28753] [U] 
[ 1562.725985][T28753] [U] 
[ 1562.728747][T28753] [U] 
[ 1562.733241][T28753] [U] 
[ 1562.736029][T28753] [U] 
[ 1562.738790][T28753] [U] 
[ 1562.741572][T28753] [U] 
[ 1562.745008][T28753] [U] 
[ 1562.747795][T28753] [U] 
[ 1562.750559][T28753] [U] 
[ 1562.753388][T28753] [U] 
[ 1562.757590][T28753] [U] 
[ 1562.760378][T28753] [U] 
[ 1562.763145][T28753] [U] 
[ 1562.765906][T28753] [U] 
[ 1562.769288][T28753] [U] 
[ 1562.772067][T28753] [U] 
[ 1562.774831][T28753] [U] 
[ 1562.777587][T28753] [U] 
[ 1562.788630][T28753] [U] 
[ 1562.791453][T28753] [U] 
[ 1562.794230][T28753] [U] 
[ 1562.797004][T28753] [U] 
[ 1562.807251][T28753] [U] 
[ 1562.810036][T28753] [U] 
[ 1562.812762][T28753] [U] 
[ 1562.815503][T28753] [U] 
[ 1562.819705][T28753] [U] 
[ 1562.822482][T28753] [U] 
[ 1562.825235][T28753] [U] 
[ 1562.827976][T28753] [U] 
[ 1562.843184][T28753] [U] 
[ 1562.846019][T28753] [U] 
[ 1562.848772][T28753] [U] 
[ 1562.851520][T28753] [U] 
[ 1562.871122][T28753] [U] 
[ 1562.873944][T28753] [U] 
[ 1562.876717][T28753] [U] 
[ 1562.879494][T28753] [U] 
[ 1562.884492][T28753] [U] 
[ 1562.887285][T28753] [U] 
[ 1562.890048][T28753] [U] 
[ 1562.892830][T28753] [U] 
[ 1562.897868][T28753] [U] 
[ 1562.900648][T28753] [U] 
[ 1562.903407][T28753] [U] 
[ 1562.906150][T28753] [U] 
[ 1562.909533][T28753] [U] 
[ 1562.912276][T28753] [U] 
[ 1562.915031][T28753] [U] 
[ 1562.917801][T28753] [U] 
[ 1562.921645][T28753] [U] 
[ 1562.924404][T28753] [U] 
[ 1562.927149][T28753] [U] 
[ 1562.929895][T28753] [U] 
[ 1562.963894][T28753] [U] 
[ 1562.966712][T28753] [U] 
[ 1562.969487][T28753] [U] 
[ 1562.972259][T28753] [U] 
[ 1562.978072][T28753] [U] 
[ 1562.980874][T28753] [U] 
[ 1562.983645][T28753] [U] 
[ 1562.986424][T28753] [U] 
[ 1562.995322][T28753] [U] 
[ 1562.998130][T28753] [U] 
[ 1563.000899][T28753] [U] 
[ 1563.003679][T28753] [U] 
[ 1563.009336][T28753] [U] 
[ 1563.012127][T28753] [U] 
[ 1563.014895][T28753] [U] 
[ 1563.017672][T28753] [U] 
[ 1563.026425][T28753] [U] 
[ 1563.029247][T28753] [U] 
[ 1563.032039][T28753] [U] 
[ 1563.034818][T28753] [U] 
[ 1563.043206][T28753] [U] 
[ 1563.046019][T28753] [U] 
[ 1563.048796][T28753] [U] 
[ 1563.051571][T28753] [U] 
[ 1563.057972][T28753] [U] 
[ 1563.060773][T28753] [U] 
[ 1563.063545][T28753] [U] 
[ 1563.066331][T28753] [U] 
[ 1563.074640][T28753] [U] 
[ 1563.077432][T28753] [U] 
[ 1563.080180][T28753] [U] 
[ 1563.082931][T28753] [U] 
[ 1563.101764][T28753] [U] 
[ 1563.104574][T28753] [U] 
[ 1563.107350][T28753] [U] 
[ 1563.110105][T28753] [U] 
[ 1563.134056][T28753] [U] 
[ 1563.136861][T28753] [U] 
[ 1563.139624][T28753] [U] 
[ 1563.142388][T28753] [U] 
[ 1563.146031][T28753] [U] 
[ 1563.148812][T28753] [U] 
[ 1563.151586][T28753] [U] 
[ 1563.154357][T28753] [U] 
[ 1563.207683][T28753] [U] 
[ 1563.210486][T28753] [U] 
[ 1563.213261][T28753] [U] 
[ 1563.216032][T28753] [U] 
[ 1563.235215][T28753] [U] 
[ 1563.419109][T28763] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4916'.
[ 1566.488503][T28809] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input50
[ 1567.233861][T28802] kexec: Could not allocate control_code_buffer
[ 1569.723320][T28853] netlink: 28 bytes leftover after parsing attributes in process `syz.8.4940'.
[ 1572.824745][T28903] FAULT_INJECTION: forcing a failure.
[ 1572.824745][T28903] name fail_futex, interval 1, probability 0, space 0, times 0
[ 1572.838618][T28903] CPU: 0 UID: 0 PID: 28903 Comm: syz.6.4949 Tainted: G     U              6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[ 1572.838674][T28903] Tainted: [U]=USER
[ 1572.838685][T28903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1572.838707][T28903] Call Trace:
[ 1572.838717][T28903]  <TASK>
[ 1572.838727][T28903]  dump_stack_lvl+0x16c/0x1f0
[ 1572.838768][T28903]  should_fail_ex+0x512/0x640
[ 1572.838808][T28903]  get_futex_key+0x1d0/0x1540
[ 1572.838841][T28903]  ? __pfx_get_futex_key+0x10/0x10
[ 1572.838870][T28903]  ? unix_ioctl+0xf0/0x5e0
[ 1572.838899][T28903]  ? __futex_hash.constprop.0+0x1e9/0x440
[ 1572.838939][T28903]  futex_wake+0xe7/0x4e0
[ 1572.838976][T28903]  ? __pfx_futex_wake+0x10/0x10
[ 1572.839024][T28903]  do_futex+0x1e3/0x350
[ 1572.839055][T28903]  ? __pfx_do_futex+0x10/0x10
[ 1572.839085][T28903]  ? sock_ioctl+0x3a9/0x6b0
[ 1572.839119][T28903]  __x64_sys_futex+0x1e0/0x4c0
[ 1572.839151][T28903]  ? __fget_files+0x20e/0x3c0
[ 1572.839187][T28903]  ? __pfx___x64_sys_futex+0x10/0x10
[ 1572.839218][T28903]  ? xfd_validate_state+0x61/0x180
[ 1572.839261][T28903]  do_syscall_64+0xcd/0x490
[ 1572.839300][T28903]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1572.839325][T28903] RIP: 0033:0x7fde24f8e929
[ 1572.839345][T28903] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1572.839370][T28903] RSP: 002b:00007fde22df60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1572.839392][T28903] RAX: ffffffffffffffda RBX: 00007fde251b6168 RCX: 00007fde24f8e929
[ 1572.839409][T28903] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fde251b616c
[ 1572.839425][T28903] RBP: 00007fde251b6160 R08: 00007fde25d50000 R09: 0000000000000000
[ 1572.839440][T28903] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007fde251b616c
[ 1572.839456][T28903] R13: 0000000000000000 R14: 00007fff5ac90d30 R15: 00007fff5ac90e18
[ 1572.839486][T28903]  </TASK>
[ 1573.652432][   T31] INFO: task syz-executor:16640 blocked for more than 143 seconds.
[ 1573.682455][   T31]       Tainted: G     U              6.16.0-rc5-syzkaller-00038-g733923397fd9 #0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1573.787552][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1573.797166][   T31] task:syz-executor    state:D stack:24328 pid:16640 tgid:16640 ppid:1      task_flags:0x400140 flags:0x00004004
[ 1573.809586][   T31] Call Trace:
[ 1573.813199][   T31]  <TASK>
[ 1573.816180][   T31]  __schedule+0x116a/0x5de0
[ 1573.823344][   T31]  ? __lock_acquire+0x622/0x1c90
[ 1573.856250][T28913] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4951'.
[ 1573.875747][   T31]  ? __pfx___schedule+0x10/0x10
[ 1573.880759][   T31]  ? find_held_lock+0x2b/0x80
[ 1574.011139][   T31]  ? schedule+0x2d7/0x3a0
[ 1574.015616][   T31]  schedule+0xe7/0x3a0
[ 1574.021525][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1574.027593][   T31]  __mutex_lock+0x6c7/0xb90
[ 1574.070443][   T31]  ? nfsd_shutdown_threads+0x5b/0xf0
[ 1574.127398][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1574.143322][   T31]  ? net_generic+0xea/0x2a0
[ 1574.148537][   T31]  ? nfsd_shutdown_threads+0x5b/0xf0
[ 1574.171497][   T31]  nfsd_shutdown_threads+0x5b/0xf0
[ 1574.176925][   T31]  nfsd_umount+0x48/0xe0
[ 1574.193622][   T31]  deactivate_locked_super+0xc1/0x1a0
[ 1574.217527][   T31]  deactivate_super+0xde/0x100
[ 1574.257681][   T31]  cleanup_mnt+0x225/0x450
[ 1574.271200][   T31]  task_work_run+0x150/0x240
[ 1574.276338][   T31]  ? __pfx_task_work_run+0x10/0x10
[ 1574.282106][   T31]  ? __pfx___x64_sys_umount+0x10/0x10
[ 1574.289008][   T31]  exit_to_user_mode_loop+0xeb/0x110
[ 1574.411839][   T31]  do_syscall_64+0x3f6/0x490
[ 1574.458644][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1574.478902][   T31] RIP: 0033:0x7f9dfbf8fc57
[ 1574.501084][   T31] RSP: 002b:00007ffcab4e21a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 1574.516771][   T31] RAX: 0000000000000000 RBX: 00007f9dfc010925 RCX: 00007f9dfbf8fc57
[ 1574.531406][   T31] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcab4e2260
[ 1574.562893][   T31] RBP: 00007ffcab4e2260 R08: 0000000000000000 R09: 0000000000000000
[ 1574.574381][   T31] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcab4e32f0
[ 1574.592008][   T31] R13: 00007f9dfc010925 R14: 000000000015a584 R15: 00007ffcab4e3330
[ 1574.602432][   T31]  </TASK>
[ 1574.605552][   T31] INFO: task syz-executor:26567 blocked for more than 144 seconds.
[ 1574.618200][   T31]       Tainted: G     U              6.16.0-rc5-syzkaller-00038-g733923397fd9 #0
[ 1574.663091][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1574.692461][   T31] task:syz-executor    state:D stack:24168 pid:26567 tgid:26567 ppid:1      task_flags:0x400140 flags:0x00004004
[ 1574.726348][   T31] Call Trace:
[ 1574.729715][   T31]  <TASK>
[ 1574.740777][   T31]  __schedule+0x116a/0x5de0
[ 1574.746608][   T31]  ? __lock_acquire+0x622/0x1c90
[ 1574.754571][   T31]  ? __pfx___schedule+0x10/0x10
[ 1574.764784][   T31]  ? find_held_lock+0x2b/0x80
[ 1574.769582][   T31]  ? schedule+0x2d7/0x3a0
[ 1574.775623][   T31]  schedule+0xe7/0x3a0
[ 1574.811118][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1574.831212][   T31]  __mutex_lock+0x6c7/0xb90
[ 1574.835853][   T31]  ? nfsd_shutdown_threads+0x5b/0xf0
[ 1574.881060][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1574.886239][   T31]  ? net_generic+0xea/0x2a0
[ 1574.890840][   T31]  ? nfsd_shutdown_threads+0x5b/0xf0
[ 1574.941872][   T31]  nfsd_shutdown_threads+0x5b/0xf0
[ 1574.947104][   T31]  nfsd_umount+0x48/0xe0
[ 1574.981463][   T31]  deactivate_locked_super+0xc1/0x1a0
[ 1574.986976][   T31]  deactivate_super+0xde/0x100
[ 1575.001026][   T31]  cleanup_mnt+0x225/0x450
[ 1575.005576][   T31]  task_work_run+0x150/0x240
[ 1575.010271][   T31]  ? __pfx_task_work_run+0x10/0x10
[ 1575.031153][   T31]  ? __pfx___x64_sys_umount+0x10/0x10
[ 1575.036661][   T31]  exit_to_user_mode_loop+0xeb/0x110
[ 1575.051025][   T31]  do_syscall_64+0x3f6/0x490
[ 1575.055749][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1575.081049][   T31] RIP: 0033:0x7f414c18fc57
[ 1575.085574][   T31] RSP: 002b:00007ffe5c5e6d28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 1575.111008][   T31] RAX: 0000000000000000 RBX: 00007f414c210925 RCX: 00007f414c18fc57
[ 1575.119104][   T31] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe5c5e6de0
[ 1575.140999][   T31] RBP: 00007ffe5c5e6de0 R08: 0000000000000000 R09: 0000000000000000
[ 1575.150120][   T31] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe5c5e7e70
[ 1575.181020][   T31] R13: 00007f414c210925 R14: 000000000015ae2c R15: 00007ffe5c5e7eb0
[ 1575.189147][   T31]  </TASK>
[ 1575.201116][   T31] INFO: task syz.2.4547:26909 blocked for more than 144 seconds.
[ 1575.209397][   T31]       Tainted: G     U              6.16.0-rc5-syzkaller-00038-g733923397fd9 #0
[ 1575.250111][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1575.270643][   T31] task:syz.2.4547      state:D stack:28920 pid:26909 tgid:26908 ppid:20250  task_flags:0x400140 flags:0x00004004
[ 1575.291013][   T31] Call Trace:
[ 1575.296251][   T31]  <TASK>
[ 1575.299250][   T31]  __schedule+0x116a/0x5de0
[ 1575.311067][   T31]  ? __lock_acquire+0x622/0x1c90
[ 1575.316137][   T31]  ? __pfx___schedule+0x10/0x10
[ 1575.322071][   T31]  ? find_held_lock+0x2b/0x80
[ 1575.326930][   T31]  ? schedule+0x2d7/0x3a0
[ 1575.332637][   T31]  schedule+0xe7/0x3a0
[ 1575.336804][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1575.343364][   T31]  __mutex_lock+0x6c7/0xb90
[ 1575.347977][   T31]  ? nfsd_shutdown_threads+0x5b/0xf0
[ 1575.356851][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1575.362221][   T31]  ? net_generic+0xea/0x2a0
[ 1575.366830][   T31]  ? nfsd_shutdown_threads+0x5b/0xf0
[ 1575.375202][   T31]  nfsd_shutdown_threads+0x5b/0xf0
[ 1575.380561][   T31]  nfsd_umount+0x48/0xe0
[ 1575.385051][   T31]  deactivate_locked_super+0xc1/0x1a0
[ 1575.390512][   T31]  deactivate_super+0xde/0x100
[ 1575.395448][   T31]  cleanup_mnt+0x225/0x450
[ 1575.399936][   T31]  task_work_run+0x150/0x240
[ 1575.404826][   T31]  ? __pfx_task_work_run+0x10/0x10
[ 1575.410021][   T31]  ? __pfx___x64_sys_mount+0x10/0x10
[ 1575.415548][   T31]  exit_to_user_mode_loop+0xeb/0x110
[ 1575.421076][   T31]  do_syscall_64+0x3f6/0x490
[ 1575.425751][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1575.431806][   T31] RIP: 0033:0x7f7218b8e929
[ 1575.436275][   T31] RSP: 002b:00007f72169f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1575.444925][   T31] RAX: fffffffffffffffe RBX: 00007f7218db5fa0 RCX: 00007f7218b8e929
[ 1575.453802][   T31] RDX: 0000200000000140 RSI: 0000200000000100 RDI: 0000000000000000
[ 1575.462084][   T31] RBP: 00007f7218c10b39 R08: 0000000000000000 R09: 0000000000000000
[ 1575.470843][   T31] R10: 0000000000010001 R11: 0000000000000246 R12: 0000000000000000
[ 1575.481848][   T31] R13: 0000000000000000 R14: 00007f7218db5fa0 R15: 00007fff399acb38
[ 1575.489916][   T31]  </TASK>
[ 1575.570557][   T31] 
[ 1575.570557][   T31] Showing all locks held in the system:
[ 1575.601836][   T31] 1 lock held by pool_workqueue_/3:
[ 1575.607128][   T31]  #0: ffffffff8e5d02f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0
[ 1575.630767][   T31] 1 lock held by khungtaskd/31:
[ 1575.640558][   T31]  #0: ffffffff8e5c4d00 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[ 1575.651891][   T31] 2 locks held by kworker/0:5/5934:
[ 1575.657153][   T31] 2 locks held by syz-executor/16640:
[ 1575.663532][   T31]  #0: ffff88807f6dc0e0 (&type->s_umount_key#50){+.+.}-{4:4}, at: deactivate_super+0xd6/0x100
[ 1575.678427][   T31]  #1: ffffffff8e9de688 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0
[ 1575.689977][   T31] 2 locks held by kworker/u8:7/17963:
[ 1575.703419][   T31]  #0: ffff88801df37948 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[ 1575.715456][   T31]  #1: ffffc9000557fd10 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[ 1575.728097][   T31] 2 locks held by kworker/u8:13/17966:
[ 1575.736510][   T31]  #0: ffff88801df37948 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[ 1575.748327][   T31]  #1: ffffc90004e37d10 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[ 1575.761620][   T31] 4 locks held by kworker/u8:31/22426:
[ 1575.767155][   T31]  #0: ffff88801c6fe148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[ 1575.779002][   T31]  #1: ffffc9000400fd10 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[ 1575.793694][   T31]  #2: ffffffff9034e110 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x890
[ 1575.808250][   T31]  #3: ffffffff90364168 (rtnl_mutex){+.+.}-{4:4}, at: ops_undo_list+0x7e9/0xab0
[ 1575.819772][   T31] 2 locks held by syz-executor/26567:
[ 1575.826237][   T31]  #0: ffff8880233820e0 (&type->s_umount_key#50){+.+.}-{4:4}, at: deactivate_super+0xd6/0x100
[ 1575.837239][   T31]  #1: ffffffff8e9de688 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0
[ 1575.849410][   T31] 2 locks held by syz.0.4518/26744:
[ 1575.854743][   T31]  #0: ffffffff90408970 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1575.864297][   T31]  #1: ffffffff8e9de688 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x687/0xbc0
[ 1575.875173][   T31] 2 locks held by syz.2.4547/26909:
[ 1575.880614][   T31]  #0: ffff88805bc800e0 (&type->s_umount_key#50){+.+.}-{4:4}, at: deactivate_super+0xd6/0x100
[ 1575.893380][   T31]  #1: ffffffff8e9de688 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0
[ 1575.903612][   T31] 1 lock held by syz-executor/26963:
[ 1575.908947][   T31]  #0: ffffffff90364168 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230
[ 1575.918150][   T31] 2 locks held by syz.4.4596/27249:
[ 1575.923481][   T31]  #0: ffffffff90408970 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1575.933564][   T31]  #1: ffffffff8e9de688 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x687/0xbc0
[ 1575.944158][   T31] 1 lock held by syz-executor/27441:
[ 1575.949510][   T31]  #0: ffffffff90364168 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230
[ 1575.958736][   T31] 2 locks held by syz.7.4720/27832:
[ 1575.964017][   T31]  #0: ffffffff90408970 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1575.973455][   T31]  #1: ffffffff8e9de688 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x687/0xbc0
[ 1575.983654][   T31] 1 lock held by syz-executor/28092:
[ 1575.991399][   T31]  #0: ffffffff90364168 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230
[ 1576.000519][   T31] 2 locks held by getty/28539:
[ 1576.005414][   T31]  #0: ffff8880320750a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[ 1576.015334][   T31]  #1: ffffc9000219a2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[ 1576.025614][   T31] 1 lock held by syz.6.4951/28912:
[ 1576.030763][   T31]  #0: ffffffff8e5d02f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x284/0x3c0
[ 1576.041116][   T31] 
[ 1576.043491][   T31] =============================================
[ 1576.043491][   T31] 
[ 1576.063896][   T31] NMI backtrace for cpu 0
[ 1576.063932][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G     U              6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[ 1576.063982][   T31] Tainted: [U]=USER
[ 1576.063993][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1576.064015][   T31] Call Trace:
[ 1576.064027][   T31]  <TASK>
[ 1576.064041][   T31]  dump_stack_lvl+0x116/0x1f0
[ 1576.064102][   T31]  nmi_cpu_backtrace+0x27b/0x390
[ 1576.064139][   T31]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1576.064188][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1576.064237][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[ 1576.064280][   T31]  watchdog+0xf70/0x12c0
[ 1576.064340][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1576.064386][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1576.064436][   T31]  ? __kthread_parkme+0x19e/0x250
[ 1576.064480][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1576.064530][   T31]  kthread+0x3c2/0x780
[ 1576.064579][   T31]  ? __pfx_kthread+0x10/0x10
[ 1576.064629][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1576.064665][   T31]  ? __pfx_kthread+0x10/0x10
[ 1576.064714][   T31]  ret_from_fork+0x5d7/0x6f0
[ 1576.064759][   T31]  ? __pfx_kthread+0x10/0x10
[ 1576.064806][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1576.064859][   T31]  </TASK>
[ 1576.064873][   T31] Sending NMI from CPU 0 to CPUs 1:
[ 1576.203652][    C1] NMI backtrace for cpu 1
[ 1576.203676][    C1] CPU: 1 UID: 0 PID: 28912 Comm: syz.6.4951 Tainted: G     U              6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[ 1576.203719][    C1] Tainted: [U]=USER
[ 1576.203728][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1576.203747][    C1] RIP: 0010:debug_check_no_obj_freed+0x2dd/0x600
[ 1576.203786][    C1] Code: 00 00 ad de 49 89 56 08 48 89 c7 48 89 30 48 83 c6 22 48 89 70 08 e8 d2 c9 ff ff 4c 89 f0 48 89 c2 48 c1 ea 03 42 80 3c 22 00 <0f> 84 23 ff ff ff 48 89 c7 48 89 44 24 10 e8 c0 ba 42 fd 48 8b 44
[ 1576.203823][    C1] RSP: 0018:ffffc90004e6f850 EFLAGS: 00000046
[ 1576.203845][    C1] RAX: ffff888034512c78 RBX: 0000000000000012 RCX: ffffffff819861fc
[ 1576.203864][    C1] RDX: 1ffff110068a258f RSI: 0000000000000000 RDI: ffff8880358bc478
[ 1576.203882][    C1] RBP: ffffc90004e6f980 R08: 0000000000000001 R09: fffff520009cdef8
[ 1576.203899][    C1] R10: 0000000000000003 R11: 0000000000000001 R12: dffffc0000000000
[ 1576.203915][    C1] R13: ffff88806db4b000 R14: ffff888034512c78 R15: ffff88806db4c000
[ 1576.203933][    C1] FS:  0000000000000000(0000) GS:ffff888124821000(0000) knlGS:0000000000000000
[ 1576.203958][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1576.203976][    C1] CR2: 00005600f5efb000 CR3: 000000000e382000 CR4: 00000000003526f0
[ 1576.203995][    C1] Call Trace:
[ 1576.204003][    C1]  <TASK>
[ 1576.204012][    C1]  ? find_held_lock+0x2b/0x80
[ 1576.204046][    C1]  ? __pfx_debug_check_no_obj_freed+0x10/0x10
[ 1576.204077][    C1]  ? __page_table_check_zero+0x346/0x5d0
[ 1576.204123][    C1]  ? __pfx___page_table_check_zero+0x10/0x10
[ 1576.204173][    C1]  __free_frozen_pages+0x34a/0x1180
[ 1576.204215][    C1]  vfree+0x1fd/0xb50
[ 1576.204243][    C1]  ? find_held_lock+0x2b/0x80
[ 1576.204272][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1576.204300][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 1576.204338][    C1]  ? __pfx_kcov_close+0x10/0x10
[ 1576.204376][    C1]  kcov_close+0x34/0x60
[ 1576.204412][    C1]  __fput+0x402/0xb70
[ 1576.204439][    C1]  ? cleanup_mnt+0x262/0x450
[ 1576.204474][    C1]  task_work_run+0x150/0x240
[ 1576.204516][    C1]  ? __pfx_task_work_run+0x10/0x10
[ 1576.204564][    C1]  do_exit+0x86c/0x2bd0
[ 1576.204604][    C1]  ? __pfx_do_exit+0x10/0x10
[ 1576.204640][    C1]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1576.204682][    C1]  ? find_held_lock+0x2b/0x80
[ 1576.204711][    C1]  do_group_exit+0xd3/0x2a0
[ 1576.204749][    C1]  get_signal+0x2673/0x26d0
[ 1576.204780][    C1]  ? __call_rcu_common.constprop.0+0x3f0/0xa10
[ 1576.204834][    C1]  ? __pfx_get_signal+0x10/0x10
[ 1576.204871][    C1]  arch_do_signal_or_restart+0x8f/0x790
[ 1576.204904][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1576.204943][    C1]  ? __pfx___do_sys_close_range+0x10/0x10
[ 1576.204988][    C1]  exit_to_user_mode_loop+0x84/0x110
[ 1576.205032][    C1]  do_syscall_64+0x3f6/0x490
[ 1576.205075][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1576.205103][    C1] RIP: 0033:0x7fde24f8e929
[ 1576.205123][    C1] Code: Unable to access opcode bytes at 0x7fde24f8e8ff.
[ 1576.205137][    C1] RSP: 002b:00007fff5ac90f78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 1576.205162][    C1] RAX: 0000000000000000 RBX: 00007fde251b7ba0 RCX: 00007fde24f8e929
[ 1576.205180][    C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 1576.205198][    C1] RBP: 00007fde251b7ba0 R08: 0000000000035c44 R09: 0000001d5ac9126f
[ 1576.205216][    C1] R10: 00000000003ca194 R11: 0000000000000246 R12: 0000000000180720
[ 1576.205233][    C1] R13: 00007fde251b6080 R14: ffffffffffffffff R15: 00007fff5ac91090
[ 1576.205262][    C1]  </TASK>
[ 1576.207556][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1576.557407][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G     U              6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[ 1576.570832][   T31] Tainted: [U]=USER
[ 1576.574662][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1576.584751][   T31] Call Trace:
[ 1576.588056][   T31]  <TASK>
[ 1576.591275][   T31]  dump_stack_lvl+0x3d/0x1f0
[ 1576.595944][   T31]  panic+0x71c/0x800
[ 1576.599890][   T31]  ? __pfx_panic+0x10/0x10
[ 1576.604355][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1576.609786][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1576.615843][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1576.621350][   T31]  ? watchdog+0xdda/0x12c0
[ 1576.625814][   T31]  ? watchdog+0xdcd/0x12c0
[ 1576.630286][   T31]  watchdog+0xdeb/0x12c0
[ 1576.634587][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1576.639315][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1576.644570][   T31]  ? __kthread_parkme+0x19e/0x250
[ 1576.649648][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1576.654374][   T31]  kthread+0x3c2/0x780
[ 1576.658490][   T31]  ? __pfx_kthread+0x10/0x10
[ 1576.663134][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1576.667948][   T31]  ? __pfx_kthread+0x10/0x10
[ 1576.672587][   T31]  ret_from_fork+0x5d7/0x6f0
[ 1576.677226][   T31]  ? __pfx_kthread+0x10/0x10
[ 1576.681907][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1576.686752][   T31]  </TASK>
[ 1576.690048][   T31] Kernel Offset: disabled
[ 1576.694398][   T31] Rebooting in 86400 seconds..