last executing test programs:

11.507687319s ago: executing program 3 (id=421):
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0)
write$auto(r0, &(0x7f0000000100)='\x00\x00\x00\x00\x00\x00\x00x \xec(\x1d\x98\xe9\xc4\xe8\xfc@6=\xab\xf4\x89\x01\x93\xdc\x19\xffv\'\xa1\xd5\x14\x06S\xae\xadB}\xdf]\x99\xc9\x9f4\xbb\xc5\x81\x9d\x8ak\xdeB\xcbd\xd3\x05\xe4P\x84\xcb\xb8#\x13\nYU\'\x95R\xc8\x9d\xb7*\xe0.\xd2\xdf\x1b\x88D\x8c{k\xcec\xe1\xa2j\xec\xc9\xd2\x98\x94I\x102h\x06\x8c\xa2\xc8\x8a7\xb7t', 0x7ef)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x82040, 0x0)
socket(0xa, 0x1, 0x100)
ioperm$auto(0x7, 0x5ad2, 0xc)
modify_ldt$auto(0x1, 0x0, 0x10)
r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
pread64$auto(r1, 0x0, 0x7ff, 0x400)
socket(0x2, 0x1, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x7, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x20000000003, 0x62, 0xfffffffffffffffd, 0x7, 0x3, 0x9, 0x2, 0x6]}, 0x0)
r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
mincore$auto(0x1000, 0x8001, 0x0)
fcntl$auto(0x8000000000000001, 0x26, 0x8)
sendfile$auto(r3, r3, 0x0, 0x0)
mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000)
unshare$auto(0x40000080)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001d40), 0xffffffffffffffff)
sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r4, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\a\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="c79f25bd7000ffdbdf2507000000"], 0x14}, 0x1, 0x0, 0x0, 0xc031}, 0x44)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
r6 = openat$auto_memtype_fops_memtype(0xffffffffffffff9c, &(0x7f0000000000), 0xa8200, 0x0)
pread64$auto(r6, &(0x7f0000000040)='\x00', 0x40b6, 0x5)
madvise$auto(0x0, 0x200007, 0x19)

11.389714052s ago: executing program 2 (id=422):
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0)
write$auto(r0, &(0x7f0000000100)='\x00\x00\x00\x00\x00\x00\x00x \xec(\x1d\x98\xe9\xc4\xe8\xfc@6=\xab\xf4\x89\x01\x93\xdc\x19\xffv\'\xa1\xd5\x14\x06S\xae\xadB}\xdf]\x99\xc9\x9f4\xbb\xc5\x81\x9d\x8ak\xdeB\xcbd\xd3\x05\xe4P\x84\xcb\xb8#\x13\nYU\'\x95R\xc8\x9d\xb7*\xe0.\xd2\xdf\x1b\x88D\x8c{k\xcec\xe1\xa2j\xec\xc9\xd2\x98\x94I\x102h\x06\x8c\xa2\xc8\x8a7\xb7t', 0x7ef)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0)
socket(0xa, 0x1, 0x100)
ioperm$auto(0x7, 0x5ad2, 0xc)
modify_ldt$auto(0x1, 0x0, 0x10)
r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
pread64$auto(r1, 0x0, 0x7ff, 0x400)
socket(0x2, 0x1, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x7, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x20000000003, 0x62, 0xfffffffffffffffd, 0x7, 0x3, 0x9, 0x2, 0x6]}, 0x0)
r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
mincore$auto(0x1000, 0x8001, 0x0)
fcntl$auto(0x8000000000000001, 0x26, 0x8)
sendfile$auto(r3, r3, 0x0, 0x0)
mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000)
unshare$auto(0x40000080)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001d40), 0xffffffffffffffff)
sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r4, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\a\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="c79f25bd7000ffdbdf2507000000"], 0x14}, 0x1, 0x0, 0x0, 0xc031}, 0x44)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
r6 = openat$auto_memtype_fops_memtype(0xffffffffffffff9c, &(0x7f0000000000), 0xa8200, 0x0)
pread64$auto(r6, &(0x7f0000000040)='\x00', 0x40b6, 0x5)
madvise$auto(0x0, 0x200007, 0x19)

9.522362173s ago: executing program 2 (id=426):
r0 = socket(0x2, 0x1, 0x106)
socket(0x18, 0x5, 0x2)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x6, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55)
setsockopt$auto(r0, 0x1, 0x9, 0x0, 0xeb66)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000180), 0xffffffffffffffff)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003140), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080)
r3 = open(&(0x7f0000000800)='./file0\x00', 0xe4201, 0x17c)
fcntl$auto(r3, 0x400, 0x1)
unshare$auto(0x40000080)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/ip6_mr_vif\x00', 0x0, 0x0)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/mm/transparent_hugepage/shrink_underused\x00', 0x0, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000140)=""/1, 0x1)
setsockopt$auto(0x400000000000003, 0x20000029, 0x21b, 0x0, 0x3)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd3/queue/iosched/write_expire\x00', 0x20681, 0x0)
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x30)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r5)
sendmsg$auto_NL80211_CMD_GET_WIPHY(r5, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000", @ANYRES16=r6, @ANYBLOB="810b25bd7080fbdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004)
recvmmsg$auto(r5, 0x0, 0x210a, 0x6, 0x0)
sendmsg$auto_OVS_CT_LIMIT_CMD_GET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000bc0)=ANY=[@ANYBLOB=' 6\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000fcdbdf25030000000400"], 0x3620}, 0x1, 0x0, 0x0, 0x20000055}, 0x200400d0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x1ad240, 0x1b1)
socket(0xa, 0x3, 0x3b)

9.302705182s ago: executing program 1 (id=427):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00', @ANYRES16=r1, @ANYBLOB="010031bd7000fddbdf250c002000180003b44148cb5e4c00000003801000b0800c000200657468746f6f49001800018014000200776c616e300000150000000000000000"], 0x44}}, 0x24048084)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/platform/dummy_udc.4/udc/dummy_udc.4/function\x00', 0x0, 0x0)
read$auto(r2, 0x0, 0x7)
r3 = socket(0x10, 0x2, 0x6)
openat$auto_cpu_latency_qos_fops_qos(0xffffffffffffff9c, &(0x7f0000000080), 0x10000, 0x0)
syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff)
lseek$auto(r3, 0x5, 0x2)
mmap$auto(0x0, 0x2020009, 0x80000000000003, 0xeb1, 0xffffffffffffffff, 0x8000)
r4 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
r5 = getpid()
r6 = gettid()
rt_tgsigqueueinfo$auto(r5, r6, 0x1e, &(0x7f0000000400)={@siginfo_0_0={0x3, 0x1c51, 0xfffffffa, @_sigsys={0x0, 0x2, 0x7}}})
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0x4)
socket(0x10, 0x3, 0x6)
r7 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="f0020000", @ANYRES16=r7, @ANYBLOB="01002dbd7000fedbdf2505000000da0203800800c000e000000204002a000400110008002e00", @ANYRES32, @ANYBLOB="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac4138553ecfbb1b32"], 0x2f0}, 0x1, 0x0, 0x0, 0x40000}, 0x50)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c003b"], 0x1ac}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000340), r0)
sendmsg$auto_NL80211_CMD_UPDATE_CONNECT_PARAMS(r4, 0x0, 0x48080)
r8 = getpid()
process_vm_readv$auto(r8, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000080), 0x1ffffffff}, 0x6, 0x0)
sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x805}, 0x20004001)

9.23628933s ago: executing program 3 (id=428):
mbind$auto(0x96, 0x8000000400000001, 0x2005, 0x0, 0xf8, 0x2)

8.994380193s ago: executing program 3 (id=429):
r0 = socket(0x2, 0x1, 0x106)
socket(0x18, 0x5, 0x2)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x6, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55)
setsockopt$auto(r0, 0x1, 0x9, 0x0, 0xeb66)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000180), 0xffffffffffffffff)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003140), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080)
r3 = open(&(0x7f0000000800)='./file0\x00', 0xe4201, 0x17c)
fcntl$auto(r3, 0x400, 0x1)
unshare$auto(0x40000080)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/mm/transparent_hugepage/shrink_underused\x00', 0x0, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000140)=""/1, 0x1)
setsockopt$auto(0x400000000000003, 0x20000029, 0x21b, 0x0, 0x3)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd3/queue/iosched/write_expire\x00', 0x20681, 0x0)
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x30)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r5)
sendmsg$auto_NL80211_CMD_GET_WIPHY(r5, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000", @ANYRES16=r6, @ANYBLOB="810b25bd7080fbdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004)
recvmmsg$auto(r5, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x6, 0x5}, 0x20000804}, 0x210a, 0x6, 0x0)
sendmsg$auto_OVS_CT_LIMIT_CMD_GET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000bc0)=ANY=[@ANYBLOB=' 6\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000fcdbdf25030000000400"], 0x3620}, 0x1, 0x0, 0x0, 0x20000055}, 0x200400d0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x1ad240, 0x1b1)
socket(0xa, 0x3, 0x3b)

8.85350078s ago: executing program 1 (id=430):
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0)
open(&(0x7f0000000280)='./cgroup\x00', 0x5d52c0, 0x0)
r0 = socket(0xa, 0x2, 0x3a)
open_by_handle_at$auto(r0, 0x0, 0xffffffff)
prctl$auto_PR_PAC_RESET_KEYS(0x36, 0x0, 0xffffffffffffffff, 0x9, 0x7)
write$auto(0xffffffffffffffff, 0x0, 0x4)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
socket(0xa, 0x801, 0x84)
r1 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x300, 0x0)
adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x3, 0x6, 0x0, 0x10000, 0x1, 0x2, {0x2100000000, 0x10000}, 0x3, 0x6, 0xffffffffffffffdd, 0x1008000, 0x0, 0x80000004, 0x83, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x1800})
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000ac0), 0xffffffffffffffff)
sendmsg$auto_TCP_METRICS_CMD_GET(r3, 0x0, 0x0)
openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/maps\x00', 0x21000, 0x0)
tgkill$auto(0x1, 0x1, 0x5)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
fstat$auto(r1, &(0x7f00000001c0)={0x0, 0x2, 0x6, 0x3, 0x0, 0x0, 0x0, 0xfff, 0x6, 0xffffffff, 0xfff, 0xae33, 0x4, 0x2, 0x316, 0x3, 0x7})
r4 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0)
ioctl$auto_UI_DEV_SETUP(r4, 0x405c5503, 0x0)
select$auto(0x1, &(0x7f0000000040)={[0xffffffff00000001, 0xfffffffffffffff7, 0x100, 0x7fff, 0x75, 0x3, 0x9, 0x6, 0xa80d, 0x8000000010000, 0x0, 0x7c43, 0x9, 0x0, 0x4, 0xd133]}, 0x0, 0x0, &(0x7f00000000c0)={0x100})
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
write$auto(0x3, 0x0, 0xfffffdef)
write$auto(0x3, 0x0, 0xfffffdef)
r5 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_TIPC_NL_MON_PEER_GET(r6, &(0x7f0000006140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, r5, 0x711, 0x70b52c, 0x25dfdbfe, {}, [@TIPC_NLA_MON={0x18, 0x9, 0x0, 0x1, [@typed={0x14, 0x2, 0x0, 0x0, @ipv6=@local}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4405}, 0x4c848)

7.354156504s ago: executing program 1 (id=431):
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0)
write$auto(r0, 0x0, 0x7ef)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0)
socket(0xa, 0x1, 0x100)
ioperm$auto(0x7, 0x5ad2, 0xc)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
socket(0x2, 0x6, 0x240000)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socketpair$auto(0x800001e, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
socket(0xa, 0x1, 0x84)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x51)
setsockopt$auto(0x3, 0x10000000084, 0x1e, 0x0, 0x8)
setsockopt$auto(0x3, 0x10000000084, 0x1e, 0x0, 0x8)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x4, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0)
mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
keyctl$auto(0xb, 0xfffffffd, 0x0, 0x0, 0x9)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
madvise$auto(0x0, 0x200007, 0x19)
openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)

7.352927726s ago: executing program 0 (id=439):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x1, 0x106)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a)
sendmsg$auto_IPVS_CMD_GET_INFO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000580)={&(0x7f0000000cc0)={0x24, 0x0, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xad}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x40980)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
openat$dir(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
bind$auto(0x3, 0x0, 0x6a)
openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0)
openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'wlan0\x00'})
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
fcntl$auto(0xffffffffffffffff, 0x402, 0x0)
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x0)
select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x8000001f, 0x40007, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0)
sendmsg$auto(0xffffffffffffffff, 0x0, 0xfff)
select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x400000000000006, 0x3, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, &(0x7f0000000280)={0x6, 0xc8})
recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
write$auto(0x3, 0x0, 0xfffffdef)
ioctl$auto(0xffffffffffffffff, 0x900064b5, 0xc14)
msgctl$auto(0x3ff, 0xf8, &(0x7f00000001c0)={{0x8, 0xee00, <r1=>0x0, 0x4, 0xa771, 0x7, 0x9}, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x1, 0x1c28a, 0x5f52, 0x3, 0x9, 0x8, 0x2cce, 0xfffc, 0x6, @inferred=<r2=>0x0, @inferred=0xffffffffffffffff})
sendmsg$auto_MACSEC_CMD_UPD_RXSC(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="ca16b48700bc39b8eae35193c846ec9f6af8f2a872d633eec862046c889bc239ccef5dc68bc053c64452c7a6eda2fbd95f290beecb447136eb6f260010cce9e0f9c4ced184528f53561dc28784e93701ae1b1a78d6454eeea27caca1197d7aec2b937353c6ca8ce98e1e5ddd2c040900000000000000a517ff4bd1fe909f21a8c51d25122f39b5e83f83e82d8b61107bbca509cf3934ad3cf37bee507b3548f3879038706267946576c18758581ccae354928b3edb95dc8fe2f395d2ed72b1a4fc86cf60d3fb", @ANYRES16=0x0, @ANYBLOB="01022abd7000fedbdf25030000000c00028008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB], 0x28}}, 0x48010)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f00000027c0)={&(0x7f00000000c0), 0xc, &(0x7f0000002780)={&(0x7f00000009c0)=ANY=[@ANYBLOB="06fd6491cebca78beafc4b687ed8f3666c5a6d88c7f09791cdd11c597f22290fb5c9bd51421da568156e5fdc5918efbcb4c2ff5cb5ff2ca078cec1061a5dc8c7512d6a4f506f55f59e4b394709cd8b73734f2ce3e79d", @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0f0003002f6465762f616473703100001e020480ce0044800400750004006880d1506bbd2b1ebe4d19b0d1c0ab9c296454e83f6f917ac6b0097c35d5df5abbc18838f7a7f3b46966c809d12efc3a7a069afe67a71d5567097f060e60e752058afe2f21dd8e61df70ef93aeeebfdb2433f6f4fc2a08eaf6e20011cc4749ac9c02feb7059988773029c0283338878bcccdc09ee6318737f2af18d42604ad6bba937d6dd2f5a7d9c92e8f08d40b3f052e083a9bb7bf59ad99a2501b8622414a1400400000000000000000000000ffff0a010100040057800c000400070000000000000000003700ab80040012800400238008006900ffffffff04005f800800d000", @ANYRESDEC=r1, @ANYBLOB="0c007c0002000000000000000400908079d31828245d1d00a100e6809a9ee0a2123a8fa92a4224c5e320835bc1df4b86308f1eb106b640770860908a7ee198191bec22d0e1fe7b49b4428100781fc9231baa218eb9dff6587e85758d2557a569379b8216c1a1a193109a24a6cbf4ca980e8cd518672d8170bfc296672040c805d2805a666b2c10da076637bada153ac529599e829086c0d426fe1187195bc35fd30700a5007d2b00000800d8000a01010008003f00", @ANYRES32=r2, @ANYBLOB="0000000800b6006401010178679f385b78dc0f0041002f6465762f6164737031000034dbb4a18fb580bda46a26cb741baeb66648b73e16593e6280ab1f493bdceced1b1cb8e704a055f6ba30c848e10359186bdac20f914fc3e87ed1e9d944940d1af2861a7aa210570710731e24a2b60c000004000a8008000100050000000800090000000000"], 0x260}, 0x1, 0x0, 0x0, 0xd5}, 0x4000040)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20002, 0x0)
sendmsg$auto_MACSEC_CMD_UPD_RXSC(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01022abd7000fe01344a9701fa550cd6636ff75adb7cd800"/36, @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB], 0x28}}, 0x48010)

6.066748583s ago: executing program 0 (id=432):
openat$auto_minstrel_ht_stat_fops_rc80211_minstrel_ht_debugfs(0xffffffffffffff9c, &(0x7f00000009c0)='/sys/kernel/debug/ieee80211/phy4/netdev:wlan1/stations/08:02:11:00:00:00/rc_stats\x00', 0x20080, 0x0)

6.050816789s ago: executing program 3 (id=433):
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0)
write$auto(r0, &(0x7f0000000100)='\x00\x00\x00\x00\x00\x00\x00x \xec(\x1d\x98\xe9\xc4\xe8\xfc@6=\xab\xf4\x89\x01\x93\xdc\x19\xffv\'\xa1\xd5\x14\x06S\xae\xadB}\xdf]\x99\xc9\x9f4\xbb\xc5\x81\x9d\x8ak\xdeB\xcbd\xd3\x05\xe4P\x84\xcb\xb8#\x13\nYU\'\x95R\xc8\x9d\xb7*\xe0.\xd2\xdf\x1b\x88D\x8c{k\xcec\xe1\xa2j\xec\xc9\xd2\x98\x94I\x102h\x06\x8c\xa2\xc8\x8a7\xb7t', 0x7ef)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0)
socket(0x2c, 0x5, 0x40000100)
ioperm$auto(0x7, 0x5ad2, 0xc)
r1 = openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/projid_map\x00', 0x80000, 0x0)
write$auto_proc_projid_map_operations_base(r1, &(0x7f00000001c0)="44f0e9fbc01fd062b62161bd72061e01c07586fd74bf853907a01ebd1a3cbc31b4801ebfcbaafda55783688acd1fc6f172a3467a", 0x34)
modify_ldt$auto(0x1, 0x0, 0x10)
r2 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
pread64$auto(r2, 0x0, 0x7ff, 0x400)
socket(0x2a, 0x1, 0x40000000)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/dummy_hcd.5/usb6/power/autosuspend_delay_ms\x00', 0x88b02, 0x0)
sendfile$auto(r4, r4, 0x0, 0x3)
select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0)
write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xa, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x20000003, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0)
r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0)
sendfile$auto(r5, r5, 0x0, 0x0)
mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
madvise$auto(0x0, 0x200007, 0x19)
openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
setsockopt$auto_SO_INCOMING_CPU(r2, 0x72, 0x31, &(0x7f0000000040)='\x00', 0x81)
close_range$auto(0x2, 0x8, 0x0)

5.898404021s ago: executing program 0 (id=434):
r0 = socket(0x2, 0x1, 0x106)
socket(0x18, 0x5, 0x2)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x6, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55)
setsockopt$auto(r0, 0x1, 0x9, 0x0, 0xeb66)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000180), 0xffffffffffffffff)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003140), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080)
r3 = open(&(0x7f0000000800)='./file0\x00', 0xe4201, 0x17c)
fcntl$auto(r3, 0x400, 0x1)
unshare$auto(0x40000080)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/ip6_mr_vif\x00', 0x0, 0x0)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/mm/transparent_hugepage/shrink_underused\x00', 0x0, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000140)=""/1, 0x1)
setsockopt$auto(0x400000000000003, 0x20000029, 0x21b, 0x0, 0x3)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd3/queue/iosched/write_expire\x00', 0x20681, 0x0)
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x30)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r5)
sendmsg$auto_NL80211_CMD_GET_WIPHY(r5, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)=ANY=[@ANYBLOB="1800", @ANYRES16=r6, @ANYBLOB="810b25bd7080fbdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004)
recvmmsg$auto(r5, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x6, 0x5}, 0x20000804}, 0x210a, 0x6, 0x0)
sendmsg$auto_OVS_CT_LIMIT_CMD_GET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000bc0)=ANY=[@ANYBLOB=' 6\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000fcdbdf25030000000400"], 0x3620}, 0x1, 0x0, 0x0, 0x20000055}, 0x200400d0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x1ad240, 0x1b1)
socket(0xa, 0x3, 0x3b)

5.572876677s ago: executing program 2 (id=435):
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0)
write$auto(r0, &(0x7f0000000100)='\x00\x00\x00\x00\x00\x00\x00x \xec(\x1d\x98\xe9\xc4\xe8\xfc@6=\xab\xf4\x89\x01\x93\xdc\x19\xffv\'\xa1\xd5\x14\x06S\xae\xadB}\xdf]\x99\xc9\x9f4\xbb\xc5\x81\x9d\x8ak\xdeB\xcbd\xd3\x05\xe4P\x84\xcb\xb8#\x13\nYU\'\x95R\xc8\x9d\xb7*\xe0.\xd2\xdf\x1b\x88D\x8c{k\xcec\xe1\xa2j\xec\xc9\xd2\x98\x94I\x102h\x06\x8c\xa2\xc8\x8a7\xb7t', 0x7ef)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0)
socket(0xa, 0x1, 0x100)
ioperm$auto(0x7, 0x5ad2, 0xc)
modify_ldt$auto(0x1, 0x0, 0x10)
r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
pread64$auto(r1, 0x0, 0x7ff, 0x400)
socket(0x2, 0x1, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x7, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x20000000003, 0x62, 0xfffffffffffffffd, 0x7, 0x3, 0x9, 0x2, 0x6]}, 0x0)
r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
mincore$auto(0x1000, 0x8001, 0x0)
fcntl$auto(0x8000000000000001, 0x26, 0x8)
sendfile$auto(r3, r3, 0x0, 0x0)
mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000)
unshare$auto(0x40000080)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001d40), 0xffffffffffffffff)
sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r4, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\a\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="c79f25bd7000ffdbdf2507000000"], 0x14}, 0x1, 0x0, 0x0, 0xc031}, 0x44)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
r6 = openat$auto_memtype_fops_memtype(0xffffffffffffff9c, &(0x7f0000000000), 0xa8200, 0x0)
pread64$auto(r6, &(0x7f0000000040)='\x00', 0x40b6, 0x5)
madvise$auto(0x0, 0x200007, 0x19)

4.781398641s ago: executing program 0 (id=436):
futex_wake$auto(0x0, 0xffffffffffffffff, 0xfffffffb, 0x2)

4.522407253s ago: executing program 1 (id=437):
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0)
write$auto(r0, &(0x7f0000000100)='\x00\x00\x00\x00\x00\x00\x00x \xec(\x1d\x98\xe9\xc4\xe8\xfc@6=\xab\xf4\x89\x01\x93\xdc\x19\xffv\'\xa1\xd5\x14\x06S\xae\xadB}\xdf]\x99\xc9\x9f4\xbb\xc5\x81\x9d\x8ak\xdeB\xcbd\xd3\x05\xe4P\x84\xcb\xb8#\x13\nYU\'\x95R\xc8\x9d\xb7*\xe0.\xd2\xdf\x1b\x88D\x8c{k\xcec\xe1\xa2j\xec\xc9\xd2\x98\x94I\x102h\x06\x8c\xa2\xc8\x8a7\xb7t', 0x7ef)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0)
socket(0xa, 0x1, 0x100)
ioperm$auto(0x7, 0x5ad2, 0xc)
modify_ldt$auto(0x1, 0x0, 0x10)
r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0)
pread64$auto(r1, 0x0, 0x7ff, 0x400)
socket(0x2, 0x1, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x7, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x20000000003, 0x62, 0xfffffffffffffffd, 0x7, 0x3, 0x9, 0x2, 0x6]}, 0x0)
r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
mincore$auto(0x1000, 0x8001, 0x0)
fcntl$auto(0x8000000000000001, 0x26, 0x8)
sendfile$auto(r3, r3, 0x0, 0x0)
mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000)
unshare$auto(0x40000080)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001d40), 0xffffffffffffffff)
sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r4, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\a\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="c79f25bd7000ffdbdf2507000000"], 0x14}, 0x1, 0x0, 0x0, 0xc031}, 0x44)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
r6 = openat$auto_memtype_fops_memtype(0xffffffffffffff9c, &(0x7f0000000000), 0xa8200, 0x0)
pread64$auto(r6, &(0x7f0000000040)='\x00', 0x40b6, 0x5)
madvise$auto(0x0, 0x200007, 0x19)

4.461132849s ago: executing program 0 (id=438):
r0 = socket(0x2, 0x1, 0x106)
socket(0x18, 0x5, 0x2)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x6, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55)
setsockopt$auto(r0, 0x1, 0x9, 0x0, 0xeb66)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000180), 0xffffffffffffffff)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003140), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080)
r3 = open(&(0x7f0000000800)='./file0\x00', 0xe4201, 0x17c)
fcntl$auto(r3, 0x400, 0x1)
unshare$auto(0x40000080)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/ip6_mr_vif\x00', 0x0, 0x0)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/mm/transparent_hugepage/shrink_underused\x00', 0x0, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r4, 0x0, 0x0)
setsockopt$auto(0x400000000000003, 0x20000029, 0x21b, 0x0, 0x3)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd3/queue/iosched/write_expire\x00', 0x20681, 0x0)
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x30)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r5)
sendmsg$auto_NL80211_CMD_GET_WIPHY(r5, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000", @ANYRES16=r6, @ANYBLOB="810b25bd7080fbdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004)
recvmmsg$auto(r5, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x6, 0x5}, 0x20000804}, 0x210a, 0x6, 0x0)
sendmsg$auto_OVS_CT_LIMIT_CMD_GET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000bc0)=ANY=[@ANYBLOB=' 6\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000fcdbdf25030000000400"], 0x3620}, 0x1, 0x0, 0x0, 0x20000055}, 0x200400d0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x1ad240, 0x1b1)
socket(0xa, 0x3, 0x3b)

4.102271094s ago: executing program 2 (id=440):
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0)
write$auto(r0, &(0x7f0000000100)='\x00\x00\x00\x00\x00\x00\x00x \xec(\x1d\x98\xe9\xc4\xe8\xfc@6=\xab\xf4\x89\x01\x93\xdc\x19\xffv\'\xa1\xd5\x14\x06S\xae\xadB}\xdf]\x99\xc9\x9f4\xbb\xc5\x81\x9d\x8ak\xdeB\xcbd\xd3\x05\xe4P\x84\xcb\xb8#\x13\nYU\'\x95R\xc8\x9d\xb7*\xe0.\xd2\xdf\x1b\x88D\x8c{k\xcec\xe1\xa2j\xec\xc9\xd2\x98\x94I\x102h\x06\x8c\xa2\xc8\x8a7\xb7t', 0x7ef)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x82040, 0x0)
socket(0xa, 0x1, 0x100)
ioperm$auto(0x7, 0x5ad2, 0xc)
modify_ldt$auto(0x1, 0x0, 0x10)
r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
pread64$auto(r1, 0x0, 0x7ff, 0x400)
socket(0x2, 0x1, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x7, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x20000000003, 0x62, 0xfffffffffffffffd, 0x7, 0x3, 0x9, 0x2, 0x6]}, 0x0)
r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
mincore$auto(0x1000, 0x8001, 0x0)
fcntl$auto(0x8000000000000001, 0x26, 0x8)
sendfile$auto(r3, r3, 0x0, 0x0)
mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000)
unshare$auto(0x40000080)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001d40), 0xffffffffffffffff)
sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r4, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\a\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="c79f25bd7000ffdbdf2507000000"], 0x14}, 0x1, 0x0, 0x0, 0xc031}, 0x44)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
r6 = openat$auto_memtype_fops_memtype(0xffffffffffffff9c, &(0x7f0000000000), 0xa8200, 0x0)
pread64$auto(r6, &(0x7f0000000040)='\x00', 0x40b6, 0x5)
madvise$auto(0x0, 0x200007, 0x19)

3.968425267s ago: executing program 3 (id=441):
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0)
open(&(0x7f0000000280)='./cgroup\x00', 0x5d52c0, 0x0)
r0 = socket(0xa, 0x2, 0x3a)
open_by_handle_at$auto(r0, 0x0, 0xffffffff)
prctl$auto_PR_PAC_RESET_KEYS(0x36, 0x0, 0xffffffffffffffff, 0x9, 0x7)
write$auto(0xffffffffffffffff, 0x0, 0x4)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
socket(0xa, 0x801, 0x84)
r1 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x300, 0x0)
adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x3, 0x6, 0x0, 0x10000, 0x1, 0x2, {0x2100000000, 0x10000}, 0x3, 0x6, 0xffffffffffffffdd, 0x1008000, 0x0, 0x80000004, 0x83, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x1800})
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000ac0), 0xffffffffffffffff)
sendmsg$auto_TCP_METRICS_CMD_GET(r3, 0x0, 0x0)
openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/maps\x00', 0x21000, 0x0)
tgkill$auto(0x1, 0x1, 0x5)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
fstat$auto(r1, &(0x7f00000001c0)={0x0, 0x2, 0x6, 0x3, 0x0, 0x0, 0x0, 0xfff, 0x6, 0xffffffff, 0xfff, 0xae33, 0x4, 0x2, 0x316, 0x3, 0x7})
r4 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0)
ioctl$auto_UI_DEV_SETUP(r4, 0x405c5503, 0x0)
select$auto(0x1, &(0x7f0000000040)={[0xffffffff00000001, 0xfffffffffffffff7, 0x100, 0x7fff, 0x75, 0x3, 0x9, 0x6, 0xa80d, 0x8000000010000, 0x0, 0x7c43, 0x9, 0x0, 0x4, 0xd133]}, 0x0, 0x0, &(0x7f00000000c0)={0x100})
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
write$auto(0x3, 0x0, 0xfffffdef)
write$auto(0x3, 0x0, 0xfffffdef)
r5 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_TIPC_NL_MON_PEER_GET(r6, &(0x7f0000006140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, r5, 0x711, 0x70b52c, 0x25dfdbfe, {}, [@TIPC_NLA_MON={0x18, 0x9, 0x0, 0x1, [@typed={0x14, 0x2, 0x0, 0x0, @ipv6=@local}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4405}, 0x4c848)

1.437806154s ago: executing program 1 (id=442):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x1, 0x106)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a)
sendmsg$auto_IPVS_CMD_GET_INFO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000580)={&(0x7f0000000cc0)={0x24, 0x0, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xad}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x40980)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
openat$dir(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
bind$auto(0x3, 0x0, 0x6a)
openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0)
openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'wlan0\x00'})
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
fcntl$auto(0xffffffffffffffff, 0x402, 0x0)
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x0)
select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x8000001f, 0x40007, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0)
sendmsg$auto(0xffffffffffffffff, 0x0, 0xfff)
select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x400000000000006, 0x3, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, &(0x7f0000000280)={0x6, 0xc8})
recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
write$auto(0x3, 0x0, 0xfffffdef)
ioctl$auto(0xffffffffffffffff, 0x900064b5, 0xc14)
msgctl$auto(0x3ff, 0xf8, &(0x7f00000001c0)={{0x8, 0xee00, <r1=>0x0, 0x4, 0xa771, 0x7, 0x9}, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x1, 0x1c28a, 0x5f52, 0x3, 0x9, 0x8, 0x2cce, 0xfffc, 0x6, @inferred=<r2=>0x0, @inferred=0xffffffffffffffff})
sendmsg$auto_MACSEC_CMD_UPD_RXSC(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="ca16b48700bc39b8eae35193c846ec9f6af8f2a872d633eec862046c889bc239ccef5dc68bc053c64452c7a6eda2fbd95f290beecb447136eb6f260010cce9e0f9c4ced184528f53561dc28784e93701ae1b1a78d6454eeea27caca1197d7aec2b937353c6ca8ce98e1e5ddd2c040900000000000000a517ff4bd1fe909f21a8c51d25122f39b5e83f83e82d8b61107bbca509cf3934ad3cf37bee507b3548f3879038706267946576c18758581ccae354928b3edb95dc8fe2f395d2ed72b1a4fc86cf60d3fb", @ANYRES16=0x0, @ANYBLOB="01022abd7000fedbdf25030000000c00028008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB], 0x28}}, 0x48010)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f00000027c0)={&(0x7f00000000c0), 0xc, &(0x7f0000002780)={&(0x7f00000009c0)=ANY=[@ANYBLOB="06fd6491cebca78beafc4b687ed8f3666c5a6d88c7f09791cdd11c597f22290fb5c9bd51421da568156e5fdc5918efbcb4c2ff5cb5ff2ca078cec1061a5dc8c7512d6a4f506f55f59e4b394709cd8b73734f2ce3e79d", @ANYBLOB="00022dbd7000fcdbdf", @ANYRES32=0x0, @ANYBLOB="0f0003002f6465762f616473703100001e020480ce0044800400750004006880d1506bbd2b1ebe4d19b0d1c0ab9c296454e83f6f917ac6b0097c35d5df5abbc18838f7a7f3b46966c809d12efc3a7a069afe67a71d5567097f060e60e752058afe2f21dd8e61df70ef93aeeebfdb2433f6f4fc2a08eaf6e20011cc4749ac9c02feb7059988773029c0283338878bcccdc09ee6318737f2af18d42604ad6bba937d6dd2f5a7d9c92e8f08d40b3f052e083a9bb7bf59ad99a2501b8622414a1400400000000000000000000000ffff0a010100040057800c000400070000000000000000003700ab80040012800400238008006900ffffffff04005f800800d000", @ANYRESDEC=r1, @ANYBLOB="0c007c0002000000000000000400908079d31828245d1d00a100e6809a9ee0a2123a8fa92a4224c5e320835bc1df4b86308f1eb106b640770860908a7ee198191bec22d0e1fe7b49b4428100781fc9231baa218eb9dff6587e85758d2557a569379b8216c1a1a193109a24a6cbf4ca980e8cd518672d8170bfc296672040c805d2805a666b2c10da076637bada153ac529599e829086c0d426fe1187195bc35fd30700a5007d2b00000800d8000a01010008003f00", @ANYRES32=r2, @ANYBLOB="0000000800b6006401010178679f385b78dc0f0041002f6465762f6164737031000034dbb4a18fb580bda46a26cb741baeb66648b73e16593e6280ab1f493bdceced1b1cb8e704a055f6ba30c848e10359186bdac20f914fc3e87ed1e9d944940d1af2861a7aa210570710731e24a2b60c000004000a8008000100050000000800090000000000"], 0x260}, 0x1, 0x0, 0x0, 0xd5}, 0x4000040)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20002, 0x0)
sendmsg$auto_MACSEC_CMD_UPD_RXSC(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01022abd7000fe01344a9701fa550cd6636ff75adb7cd800"/36, @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB], 0x28}}, 0x48010)

1.371663691s ago: executing program 3 (id=443):
r0 = socket(0x2, 0x1, 0x106)
socket(0x18, 0x5, 0x2)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x6, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55)
setsockopt$auto(r0, 0x1, 0x9, 0x0, 0xeb66)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000180), 0xffffffffffffffff)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003140), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080)
r3 = open(&(0x7f0000000800)='./file0\x00', 0xe4201, 0x17c)
fcntl$auto(r3, 0x400, 0x1)
unshare$auto(0x40000080)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/mm/transparent_hugepage/shrink_underused\x00', 0x0, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000140)=""/1, 0x1)
setsockopt$auto(0x400000000000003, 0x20000029, 0x21b, 0x0, 0x3)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd3/queue/iosched/write_expire\x00', 0x20681, 0x0)
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x30)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r5)
sendmsg$auto_NL80211_CMD_GET_WIPHY(r5, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000", @ANYRES16=r6, @ANYBLOB="810b25bd7080fbdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004)
recvmmsg$auto(r5, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x6, 0x5}, 0x20000804}, 0x210a, 0x6, 0x0)
sendmsg$auto_OVS_CT_LIMIT_CMD_GET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000bc0)=ANY=[@ANYBLOB=' 6\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000fcdbdf25030000000400"], 0x3620}, 0x1, 0x0, 0x0, 0x20000055}, 0x200400d0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x1ad240, 0x1b1)
socket(0xa, 0x3, 0x3b)

265.877623ms ago: executing program 2 (id=444):
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0)
ioctl$auto(0x3, 0x80000541b, 0x38)

155.952302ms ago: executing program 2 (id=445):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/block/loop5/queue/scheduler\x00', 0x20a42, 0x0)
write$auto(r0, &(0x7f0000000080)='/\xe4ev/auYio\x00', 0x4)

38.982345ms ago: executing program 0 (id=446):
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0)
write$auto(r0, &(0x7f0000000100)='\x00\x00\x00\x00\x00\x00\x00x \xec(\x1d\x98\xe9\xc4\xe8\xfc@6=\xab\xf4\x89\x01\x93\xdc\x19\xffv\'\xa1\xd5\x14\x06S\xae\xadB}\xdf]\x99\xc9\x9f4\xbb\xc5\x81\x9d\x8ak\xdeB\xcbd\xd3\x05\xe4P\x84\xcb\xb8#\x13\nYU\'\x95R\xc8\x9d\xb7*\xe0.\xd2\xdf\x1b\x88D\x8c{k\xcec\xe1\xa2j\xec\xc9\xd2\x98\x94I\x102h\x06\x8c\xa2\xc8\x8a7\xb7t', 0x7ef)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0)
socket(0xa, 0x1, 0x100)
ioperm$auto(0x7, 0x5ad2, 0xc)
modify_ldt$auto(0x1, 0x0, 0x10)
r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0)
pread64$auto(r1, 0x0, 0x7ff, 0x400)
socket(0x2, 0x1, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x7, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x20000000003, 0x62, 0xfffffffffffffffd, 0x7, 0x3, 0x9, 0x2, 0x6]}, 0x0)
r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
mincore$auto(0x1000, 0x8001, 0x0)
fcntl$auto(0x8000000000000001, 0x26, 0x8)
sendfile$auto(r3, r3, 0x0, 0x0)
mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000)
unshare$auto(0x40000080)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001d40), 0xffffffffffffffff)
sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r4, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\a\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="c79f25bd7000ffdbdf2507000000"], 0x14}, 0x1, 0x0, 0x0, 0xc031}, 0x44)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
r6 = openat$auto_memtype_fops_memtype(0xffffffffffffff9c, &(0x7f0000000000), 0xa8200, 0x0)
pread64$auto(r6, &(0x7f0000000040)='\x00', 0x40b6, 0x5)
madvise$auto(0x0, 0x200007, 0x19)

0s ago: executing program 1 (id=447):
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0)
write$auto(r0, 0x0, 0x7ef)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0)
socket(0xa, 0x1, 0x100)
ioperm$auto(0x7, 0x5ad2, 0xc)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
socket(0x2, 0x6, 0x240000)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socketpair$auto(0x800001e, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
socket(0xa, 0x1, 0x84)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x51)
setsockopt$auto(0x3, 0x10000000084, 0x1e, 0x0, 0x8)
setsockopt$auto(0x3, 0x10000000084, 0x1e, 0x0, 0x8)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x4, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0)
mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
keyctl$auto(0xb, 0xfffffffd, 0x0, 0x0, 0x9)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
madvise$auto(0x0, 0x200007, 0x19)
openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.184' (ED25519) to the list of known hosts.
[   98.092131][ T5826] cgroup: Unknown subsys name 'net'
[   98.213102][ T5826] cgroup: Unknown subsys name 'cpuset'
[   98.223226][ T5826] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  100.059161][ T5826] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  102.089899][  T978] cfg80211: failed to load regulatory.db
[  102.416317][ T5842] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  102.426057][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  102.433433][ T5845] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  102.436674][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  102.443098][ T5845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  102.449194][ T5842] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  102.456595][ T5845] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  102.464548][ T5842] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  102.470454][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  102.477324][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  102.486012][ T5845] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  102.512800][ T5842] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  102.512989][ T5845] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  102.529439][ T5842] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  102.557047][ T5842] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  102.573531][ T5155] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  102.584025][ T5155] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  102.591662][ T5155] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  102.601700][ T5846] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  102.613149][ T5846] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  103.185240][ T5836] chnl_net:caif_netlink_parms(): no params data found
[  103.327029][ T5847] chnl_net:caif_netlink_parms(): no params data found
[  103.359403][ T5837] chnl_net:caif_netlink_parms(): no params data found
[  103.438015][ T5838] chnl_net:caif_netlink_parms(): no params data found
[  103.541664][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.549010][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.556802][ T5836] bridge_slave_0: entered allmulticast mode
[  103.565745][ T5836] bridge_slave_0: entered promiscuous mode
[  103.627749][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.635317][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.642599][ T5836] bridge_slave_1: entered allmulticast mode
[  103.650072][ T5836] bridge_slave_1: entered promiscuous mode
[  103.705162][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.712818][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.720165][ T5847] bridge_slave_0: entered allmulticast mode
[  103.727517][ T5847] bridge_slave_0: entered promiscuous mode
[  103.742283][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.750035][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.757246][ T5837] bridge_slave_0: entered allmulticast mode
[  103.765076][ T5837] bridge_slave_0: entered promiscuous mode
[  103.787287][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.794582][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.802208][ T5847] bridge_slave_1: entered allmulticast mode
[  103.809647][ T5847] bridge_slave_1: entered promiscuous mode
[  103.825248][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.833010][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.840606][ T5837] bridge_slave_1: entered allmulticast mode
[  103.847971][ T5837] bridge_slave_1: entered promiscuous mode
[  103.858276][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.927368][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.967284][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  104.011940][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  104.022120][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.029473][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.036738][ T5838] bridge_slave_0: entered allmulticast mode
[  104.045136][ T5838] bridge_slave_0: entered promiscuous mode
[  104.057559][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  104.075759][ T5836] team0: Port device team_slave_0 added
[  104.084737][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  104.095291][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.102626][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.110048][ T5838] bridge_slave_1: entered allmulticast mode
[  104.117742][ T5838] bridge_slave_1: entered promiscuous mode
[  104.154892][ T5836] team0: Port device team_slave_1 added
[  104.233801][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  104.246761][ T5837] team0: Port device team_slave_0 added
[  104.271712][ T5847] team0: Port device team_slave_0 added
[  104.278846][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0
[  104.285847][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.312223][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.326505][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  104.337658][ T5837] team0: Port device team_slave_1 added
[  104.347053][ T5847] team0: Port device team_slave_1 added
[  104.354137][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.361152][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.387167][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.470729][ T5838] team0: Port device team_slave_0 added
[  104.507825][ T5838] team0: Port device team_slave_1 added
[  104.515030][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0
[  104.522047][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.548414][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.559888][ T5840] Bluetooth: hci0: command tx timeout
[  104.562731][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.572489][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.598563][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.623262][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0
[  104.630371][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.639178][ T5846] Bluetooth: hci1: command tx timeout
[  104.657200][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.662721][ T5840] Bluetooth: hci2: command tx timeout
[  104.675467][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.685811][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.712487][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.723220][ T5846] Bluetooth: hci3: command tx timeout
[  104.794723][ T5836] hsr_slave_0: entered promiscuous mode
[  104.801934][ T5836] hsr_slave_1: entered promiscuous mode
[  104.844676][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0
[  104.851711][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.878699][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.925800][ T5847] hsr_slave_0: entered promiscuous mode
[  104.932633][ T5847] hsr_slave_1: entered promiscuous mode
[  104.939704][ T5847] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  104.947459][ T5847] Cannot create hsr debugfs directory
[  104.967853][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.975213][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.001278][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  105.041759][ T5837] hsr_slave_0: entered promiscuous mode
[  105.048465][ T5837] hsr_slave_1: entered promiscuous mode
[  105.054667][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  105.062371][ T5837] Cannot create hsr debugfs directory
[  105.215897][ T5838] hsr_slave_0: entered promiscuous mode
[  105.223131][ T5838] hsr_slave_1: entered promiscuous mode
[  105.229783][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  105.237369][ T5838] Cannot create hsr debugfs directory
[  105.644935][ T5836] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  105.674207][ T5836] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  105.685678][ T5836] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  105.707060][ T5836] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  105.775320][ T5847] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  105.787192][ T5847] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  105.815428][ T5847] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  105.832441][ T5847] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  105.901546][ T5837] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  105.925871][ T5837] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  105.949188][ T5837] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  105.989192][ T5837] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  106.063673][ T5838] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  106.075634][ T5838] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  106.107481][ T5838] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  106.141325][ T5838] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  106.165239][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.259822][ T5836] 8021q: adding VLAN 0 to HW filter on device team0
[  106.307334][ T3060] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.314668][ T3060] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.342554][ T3060] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.349754][ T3060] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.364826][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.397635][ T5847] 8021q: adding VLAN 0 to HW filter on device team0
[  106.435032][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.445821][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.453075][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.483889][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.491226][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.530937][ T5837] 8021q: adding VLAN 0 to HW filter on device team0
[  106.575274][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.586650][ T1162] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.593867][ T1162] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.621409][ T3060] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.628710][ T3060] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.639527][ T5846] Bluetooth: hci0: command tx timeout
[  106.705741][ T5838] 8021q: adding VLAN 0 to HW filter on device team0
[  106.719213][ T5846] Bluetooth: hci1: command tx timeout
[  106.724689][ T5846] Bluetooth: hci2: command tx timeout
[  106.799111][ T5846] Bluetooth: hci3: command tx timeout
[  106.810693][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.817905][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.865790][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.873066][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.031516][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.202741][ T5836] veth0_vlan: entered promiscuous mode
[  107.251988][ T5836] veth1_vlan: entered promiscuous mode
[  107.360274][ T5836] veth0_macvtap: entered promiscuous mode
[  107.392294][ T5836] veth1_macvtap: entered promiscuous mode
[  107.444818][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0
[  107.474334][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1
[  107.533131][ T5836] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  107.555257][ T5836] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  107.564956][ T5836] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  107.575474][ T5836] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  107.645237][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.699269][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.734186][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.784210][ T3060] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.809573][ T3060] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.874194][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.883232][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.925855][ T5847] veth0_vlan: entered promiscuous mode
[  107.952374][ T5838] veth0_vlan: entered promiscuous mode
[  107.975317][ T5837] veth0_vlan: entered promiscuous mode
[  108.016670][ T5836] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  108.034916][ T5847] veth1_vlan: entered promiscuous mode
[  108.046473][ T5837] veth1_vlan: entered promiscuous mode
[  108.054936][ T5838] veth1_vlan: entered promiscuous mode
[  108.162774][ T5838] veth0_macvtap: entered promiscuous mode
[  108.203801][ T5837] veth0_macvtap: entered promiscuous mode
[  108.216782][ T5847] veth0_macvtap: entered promiscuous mode
[  108.234463][ T5838] veth1_macvtap: entered promiscuous mode
[  108.252597][ T5847] veth1_macvtap: entered promiscuous mode
[  108.265715][ T5837] veth1_macvtap: entered promiscuous mode
[  108.294948][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.306457][ T5904] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  108.306457][ T5904] The task syz.3.4 (5904) triggered the difference, watch for misbehavior.
[  108.343393][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.357363][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1
[  108.385052][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1
[  108.402798][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.426562][ T5838] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.435892][ T5838] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.444812][ T5838] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.455295][ T5838] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.476361][ T5847] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.487142][ T5847] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.497045][ T5847] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.505841][ T5847] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.520811][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1
[  108.555956][ T5837] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.566848][ T5837] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.575846][ T5837] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.585821][ T5837] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.719862][ T5846] Bluetooth: hci0: command tx timeout
[  108.798523][ T5846] Bluetooth: hci2: command tx timeout
[  108.798970][ T5840] Bluetooth: hci1: command tx timeout
[  108.847723][ T1003] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.868711][ T1003] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.879064][ T5840] Bluetooth: hci3: command tx timeout
[  108.953493][ T5026] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.976576][ T5026] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.082336][ T1162] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.093395][ T1162] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.165698][ T1162] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.175094][ T1162] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.216570][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.230286][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.308680][ T5026] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.321228][ T5026] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.338382][    T0] NOHZ tick-stop error: local softirq work is pending, handler #340!!!
[  110.418384][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  110.439252][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  110.799848][ T5840] Bluetooth: hci0: command tx timeout
[  110.883895][ T5840] Bluetooth: hci1: command tx timeout
[  110.883913][ T5846] Bluetooth: hci2: command tx timeout
[  110.958286][ T5840] Bluetooth: hci3: command tx timeout
[  111.022916][ T5925] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  111.171871][ T5925] Format for linking two devices is "netnsfd_a:ifidx_a netnsfd_b:ifidx_b" (int uint int uint).
[  111.248161][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  111.257168][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  111.288477][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  111.297488][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  111.368643][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  111.377608][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  111.386736][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  113.031951][ T5946] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT
[  113.996819][ T5957] FAULT_INJECTION: forcing a failure.
[  113.996819][ T5957] name failslab, interval 1, probability 0, space 0, times 1
[  114.010014][ T5957] CPU: 1 UID: 0 PID: 5957 Comm: syz.0.9 Not tainted 6.15.0-syzkaller-12141-gec7714e49479 #0 PREEMPT(full) 
[  114.010058][ T5957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  114.010082][ T5957] Call Trace:
[  114.010097][ T5957]  <TASK>
[  114.010113][ T5957]  dump_stack_lvl+0x16c/0x1f0
[  114.010172][ T5957]  should_fail_ex+0x512/0x640
[  114.010226][ T5957]  ? __kmalloc_noprof+0xbf/0x510
[  114.010345][ T5957]  ? cache_create_net+0x9d/0x220
[  114.010387][ T5957]  should_failslab+0xc2/0x120
[  114.010417][ T5957]  __kmalloc_noprof+0xd2/0x510
[  114.010471][ T5957]  cache_create_net+0x9d/0x220
[  114.010514][ T5957]  ? __pfx_rpcsec_gss_init_net+0x10/0x10
[  114.010559][ T5957]  gss_svc_init_net+0x69/0x660
[  114.010598][ T5957]  ? __pfx_canbcm_pernet_init+0x10/0x10
[  114.010629][ T5957]  ? __pfx_rpcsec_gss_init_net+0x10/0x10
[  114.010672][ T5957]  ops_init+0x1e2/0x5f0
[  114.010713][ T5957]  ? setup_net+0x1cc/0x510
[  114.010759][ T5957]  setup_net+0x1ff/0x510
[  114.010801][ T5957]  ? lockdep_init_map_type+0x5c/0x280
[  114.010842][ T5957]  ? __pfx_setup_net+0x10/0x10
[  114.010888][ T5957]  ? debug_mutex_init+0x37/0x70
[  114.010920][ T5957]  copy_net_ns+0x2a6/0x5f0
[  114.010951][ T5957]  create_new_namespaces+0x3ea/0xa90
[  114.010991][ T5957]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  114.011028][ T5957]  ksys_unshare+0x45b/0xa40
[  114.011071][ T5957]  ? __pfx_ksys_unshare+0x10/0x10
[  114.011115][ T5957]  ? xfd_validate_state+0x61/0x180
[  114.011167][ T5957]  __x64_sys_unshare+0x31/0x40
[  114.011209][ T5957]  do_syscall_64+0xcd/0x490
[  114.011277][ T5957]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.011308][ T5957] RIP: 0033:0x7fca35d8e929
[  114.011353][ T5957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  114.011383][ T5957] RSP: 002b:00007fca36b7d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  114.011412][ T5957] RAX: ffffffffffffffda RBX: 00007fca35fb6160 RCX: 00007fca35d8e929
[  114.011432][ T5957] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  114.011450][ T5957] RBP: 00007fca35e10b39 R08: 0000000000000000 R09: 0000000000000000
[  114.011468][ T5957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  114.011485][ T5957] R13: 0000000000000000 R14: 00007fca35fb6160 R15: 00007ffcc0c5da98
[  114.011589][ T5957]  </TASK>
[  115.580294][ T5983] ubi0: attaching mtd0
[  115.586412][ T5983] ubi0: scanning is finished
[  115.632811][ T5983] ubi0: empty MTD device detected
[  115.736532][ T5983] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record
[  115.936344][ T5985] Invalid ELF header magic: != ELF
[  116.118997][ T5983] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22
[  116.309754][ T5996] process 'syz.1.15' launched './file0' with NULL argv: empty string added
[  116.476295][ T5983] Invalid ELF header magic: != ELF
[  118.007811][ T6021] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5
[  118.900112][ T6022] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6
[  119.369927][ T6037] svc: failed to register nfsdv3 RPC service (errno 111).
[  119.379802][ T6037] svc: failed to register nfsaclv3 RPC service (errno 111).
[  119.614542][ T6041] vivid-007: =================  START STATUS  =================
[  119.631564][ T6041] vivid-007: Generate PTS: true
[  119.642717][ T6041] vivid-007: Generate SCR: true
[  119.659226][ T6041] tpg source WxH: 320x240 (Y'CbCr)
[  119.696580][ T6041] tpg field: 1
[  119.713424][ T6041] tpg crop: (0,0)/320x240
[  119.725078][ T6041] tpg compose: (0,0)/320x240
[  119.755771][ T6041] tpg colorspace: 8
[  119.795455][ T6041] tpg transfer function: 0/0
[  119.838992][ T6041] tpg Y'CbCr encoding: 0/0
[  119.851412][ T6041] tpg quantization: 0/0
[  119.866525][ T6041] tpg RGB range: 0/2
[  119.881202][ T6041] vivid-007: ==================  END STATUS  ==================
[  120.103594][ T6046] FAULT_INJECTION: forcing a failure.
[  120.103594][ T6046] name failslab, interval 1, probability 0, space 0, times 0
[  120.135880][ T6046] CPU: 1 UID: 0 PID: 6046 Comm: syz.2.26 Not tainted 6.15.0-syzkaller-12141-gec7714e49479 #0 PREEMPT(full) 
[  120.135929][ T6046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  120.135949][ T6046] Call Trace:
[  120.135960][ T6046]  <TASK>
[  120.135974][ T6046]  dump_stack_lvl+0x16c/0x1f0
[  120.136028][ T6046]  should_fail_ex+0x512/0x640
[  120.136080][ T6046]  ? __kvmalloc_node_noprof+0x124/0x620
[  120.136149][ T6046]  should_failslab+0xc2/0x120
[  120.136184][ T6046]  __kvmalloc_node_noprof+0x137/0x620
[  120.136237][ T6046]  ? io_alloc_cache_init+0x33/0x170
[  120.136298][ T6046]  ? io_alloc_cache_init+0x33/0x170
[  120.136347][ T6046]  io_alloc_cache_init+0x33/0x170
[  120.136402][ T6046]  io_uring_setup+0x675/0x2080
[  120.136453][ T6046]  ? __pfx_io_uring_setup+0x10/0x10
[  120.136498][ T6046]  ? do_futex+0x122/0x350
[  120.136540][ T6046]  ? __pfx_do_futex+0x10/0x10
[  120.136578][ T6046]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  120.136654][ T6046]  ? xfd_validate_state+0x61/0x180
[  120.136710][ T6046]  ? __pfx_do_writev+0x10/0x10
[  120.136784][ T6046]  __x64_sys_io_uring_setup+0xc2/0x170
[  120.136834][ T6046]  do_syscall_64+0xcd/0x490
[  120.136884][ T6046]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.136917][ T6046] RIP: 0033:0x7fadb858e929
[  120.136944][ T6046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  120.136977][ T6046] RSP: 002b:00007fadb931e038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[  120.137008][ T6046] RAX: ffffffffffffffda RBX: 00007fadb87b5fa0 RCX: 00007fadb858e929
[  120.137030][ T6046] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  120.137050][ T6046] RBP: 00007fadb8610b39 R08: 0000000000000000 R09: 0000000000000000
[  120.137070][ T6046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  120.137090][ T6046] R13: 0000000000000000 R14: 00007fadb87b5fa0 R15: 00007ffdb6289cb8
[  120.137139][ T6046]  </TASK>
[  121.492940][ T6046] ubi0: attaching mtd0
[  121.558429][ T6046] ubi0: scanning is finished
[  121.563066][ T6046] ubi0: empty MTD device detected
[  121.964741][ T6046] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  122.010751][ T6046] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  122.058208][ T6046] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  122.065198][ T6046] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  122.097747][ T6046] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  122.105517][ T6046] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  122.128348][ T6046] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1318107368
[  122.199977][ T6046] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  122.267207][ T6077] ubi0: background thread "ubi_bgt0d" started, PID 6077
[  126.880802][ T6116] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7
[  126.981401][ T5840] Bluetooth: hci0: unexpected subevent 0x03 length: 253 > 9
[  127.750371][ T6120] futex_wake_op: syz.1.38 tries to shift op by -9; fix this program
[  128.596800][ T6122] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8
[  128.619606][ T6133] FAULT_INJECTION: forcing a failure.
[  128.619606][ T6133] name failslab, interval 1, probability 0, space 0, times 0
[  128.672816][ T6133] CPU: 0 UID: 0 PID: 6133 Comm: syz.3.40 Not tainted 6.15.0-syzkaller-12141-gec7714e49479 #0 PREEMPT(full) 
[  128.672865][ T6133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  128.672886][ T6133] Call Trace:
[  128.672897][ T6133]  <TASK>
[  128.672909][ T6133]  dump_stack_lvl+0x16c/0x1f0
[  128.672964][ T6133]  should_fail_ex+0x512/0x640
[  128.673016][ T6133]  ? __kvmalloc_node_noprof+0x124/0x620
[  128.673072][ T6133]  should_failslab+0xc2/0x120
[  128.673107][ T6133]  __kvmalloc_node_noprof+0x137/0x620
[  128.673160][ T6133]  ? io_alloc_cache_init+0x33/0x170
[  128.673222][ T6133]  ? io_alloc_cache_init+0x33/0x170
[  128.673272][ T6133]  io_alloc_cache_init+0x33/0x170
[  128.673329][ T6133]  io_uring_setup+0x63b/0x2080
[  128.673382][ T6133]  ? __pfx_io_uring_setup+0x10/0x10
[  128.673436][ T6133]  ? do_futex+0x122/0x350
[  128.673479][ T6133]  ? __pfx_do_futex+0x10/0x10
[  128.673518][ T6133]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  128.673594][ T6133]  ? xfd_validate_state+0x61/0x180
[  128.673636][ T6133]  ? __pfx_do_writev+0x10/0x10
[  128.673692][ T6133]  __x64_sys_io_uring_setup+0xc2/0x170
[  128.673743][ T6133]  do_syscall_64+0xcd/0x490
[  128.673795][ T6133]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.673829][ T6133] RIP: 0033:0x7fe6dc78e929
[  128.673855][ T6133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  128.673887][ T6133] RSP: 002b:00007fe6dd5ed038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[  128.673920][ T6133] RAX: ffffffffffffffda RBX: 00007fe6dc9b5fa0 RCX: 00007fe6dc78e929
[  128.673942][ T6133] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  128.673962][ T6133] RBP: 00007fe6dc810b39 R08: 0000000000000000 R09: 0000000000000000
[  128.673982][ T6133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  128.674002][ T6133] R13: 0000000000000000 R14: 00007fe6dc9b5fa0 R15: 00007fffd04f5e58
[  128.674044][ T6133]  </TASK>
[  129.619721][ T6140] ubi: mtd0 is already attached to ubi0
[  132.114195][ T6169] bridge0: port 3(vlan1) entered blocking state
[  132.123318][ T6169] bridge0: port 3(vlan1) entered disabled state
[  132.173344][ T6177] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.44'.
[  132.192365][ T6169] vlan1: entered allmulticast mode
[  132.217476][ T6169] veth0_vlan: entered allmulticast mode
[  132.235690][ T6169] vlan1: entered promiscuous mode
[  132.270934][ T6169] bridge0: port 3(vlan1) entered blocking state
[  132.277400][ T6169] bridge0: port 3(vlan1) entered forwarding state
[  132.784775][ T6186] netlink: 13832 bytes leftover after parsing attributes in process `syz.3.46'.
[  137.389548][ T6245] Zero length message leads to an empty skb
[  138.265497][ T6255] syz.3.55 uses obsolete (PF_INET,SOCK_PACKET)
[  139.880299][ T6278] netlink: 13832 bytes leftover after parsing attributes in process `syz.1.59'.
[  141.591698][ T6299] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.63'.
[  142.432788][ T6316] netlink: 13832 bytes leftover after parsing attributes in process `syz.1.64'.
[  142.618362][ T6321] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.67'.
[  143.043797][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  143.050434][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  146.772310][ T6371] netlink: 13832 bytes leftover after parsing attributes in process `syz.2.73'.
[  146.784981][ T6375] netlink: 13832 bytes leftover after parsing attributes in process `syz.1.74'.
[  146.853502][ T6379] netlink: 13832 bytes leftover after parsing attributes in process `syz.3.75'.
[  148.212991][ T6391] [U] 
[  148.334979][ T6404] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.78'.
[  149.105855][ T6416] Invalid ELF header magic: != ELF
[  152.812977][ T6466] netlink: 13832 bytes leftover after parsing attributes in process `syz.1.87'.
[  153.968830][ T6483] netlink: 13832 bytes leftover after parsing attributes in process `syz.1.90'.
[  155.064376][ T6492] nbd: socks must be embedded in a SOCK_ITEM attr
[  155.574780][ T6502] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.94'.
[  155.831005][ T6504] FAULT_INJECTION: forcing a failure.
[  155.831005][ T6504] name failslab, interval 1, probability 0, space 0, times 0
[  155.844048][ T6504] CPU: 0 UID: 0 PID: 6504 Comm: syz.1.95 Not tainted 6.15.0-syzkaller-12141-gec7714e49479 #0 PREEMPT(full) 
[  155.844090][ T6504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  155.844109][ T6504] Call Trace:
[  155.844118][ T6504]  <TASK>
[  155.844130][ T6504]  dump_stack_lvl+0x16c/0x1f0
[  155.844181][ T6504]  should_fail_ex+0x512/0x640
[  155.844231][ T6504]  ? __kvmalloc_node_noprof+0x124/0x620
[  155.844285][ T6504]  should_failslab+0xc2/0x120
[  155.844326][ T6504]  __kvmalloc_node_noprof+0x137/0x620
[  155.844378][ T6504]  ? io_alloc_cache_init+0x33/0x170
[  155.844439][ T6504]  ? io_alloc_cache_init+0x33/0x170
[  155.844489][ T6504]  io_alloc_cache_init+0x33/0x170
[  155.844542][ T6504]  io_uring_setup+0x63b/0x2080
[  155.844593][ T6504]  ? __pfx_io_uring_setup+0x10/0x10
[  155.844639][ T6504]  ? do_futex+0x122/0x350
[  155.844681][ T6504]  ? __pfx_do_futex+0x10/0x10
[  155.844719][ T6504]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  155.844795][ T6504]  ? xfd_validate_state+0x61/0x180
[  155.844837][ T6504]  ? __pfx_do_writev+0x10/0x10
[  155.844891][ T6504]  __x64_sys_io_uring_setup+0xc2/0x170
[  155.844942][ T6504]  do_syscall_64+0xcd/0x490
[  155.844993][ T6504]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.845026][ T6504] RIP: 0033:0x7faa0db8e929
[  155.845051][ T6504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  155.845085][ T6504] RSP: 002b:00007faa0e915038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[  155.845115][ T6504] RAX: ffffffffffffffda RBX: 00007faa0ddb5fa0 RCX: 00007faa0db8e929
[  155.845137][ T6504] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  155.845157][ T6504] RBP: 00007faa0dc10b39 R08: 0000000000000000 R09: 0000000000000000
[  155.845177][ T6504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  155.845196][ T6504] R13: 0000000000000000 R14: 00007faa0ddb5fa0 R15: 00007ffe8918d348
[  155.845238][ T6504]  </TASK>
[  156.657508][ T6506] ubi: mtd0 is already attached to ubi0
[  158.390930][ T6530] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x78004
[  158.401904][ T6530] memcg:ffff888034359a02
[  158.406302][ T6530] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  158.414807][ T6530] page_type: f2(table)
[  158.424650][ T6530] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  158.433704][ T6530] raw: ffff888000000000 ffff88807eec86c0 00000001f2000000 ffff888034359a02
[  158.442599][ T6530] page dumped because: unmovable page
[  158.463194][ T6530] page_owner tracks the page as allocated
[  158.472946][ T6530] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x440dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO|__GFP_COMP), pid 5838, tgid 5838 (syz-executor), ts 157546430262, free_ts 155689403023
[  158.492071][ T6530]  post_alloc_hook+0x1c0/0x230
[  158.496977][ T6530]  get_page_from_freelist+0x1321/0x3890
[  158.533435][ T6530]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  158.539820][ T6530]  alloc_pages_mpol+0x1fb/0x550
[  158.544834][ T6530]  alloc_pages_noprof+0x131/0x390
[  158.550453][ T6530]  pte_alloc_one+0x1c/0x3a0
[  158.555073][ T6530]  __pte_alloc+0x6d/0x3c0
[  158.559995][ T6530]  copy_page_range+0x3c54/0x5d90
[  158.565053][ T6530]  dup_mmap+0xe88/0x21d0
[  158.573460][ T6530]  copy_process+0x4081/0x76a0
[  158.578566][ T6530]  kernel_clone+0xfc/0x960
[  158.584688][ T6530]  __do_sys_clone+0xce/0x120
[  158.604992][ T6546] netlink: 13832 bytes leftover after parsing attributes in process `syz.2.100'.
[  158.630563][ T6547] netlink: 13832 bytes leftover after parsing attributes in process `syz.1.99'.
[  158.643533][ T6532] could not allocate digest TFM handle binfmt_misc
[  158.654201][ T6530]  do_syscall_64+0xcd/0x490
[  158.676382][ T6530]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.685234][ T6530] page last free pid 23 tgid 23 stack trace:
[  158.692551][ T6530]  __free_frozen_pages+0x7fe/0x1180
[  158.729450][ T6530]  tlb_remove_table_rcu+0x116/0x1a0
[  158.784988][ T6530]  rcu_core+0x79c/0x14e0
[  158.803076][ T6530]  handle_softirqs+0x219/0x8e0
[  158.818382][ T6530]  run_ksoftirqd+0x3a/0x60
[  158.822909][ T6530]  smpboot_thread_fn+0x3f7/0xae0
[  158.833173][ T6530]  kthread+0x3c2/0x780
[  158.837428][ T6530]  ret_from_fork+0x5d7/0x6f0
[  158.842514][ T6530]  ret_from_fork_asm+0x1a/0x30
[  160.346623][ T6569] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.103'.
[  161.671930][ T6592] netlink: 13832 bytes leftover after parsing attributes in process `syz.1.107'.

syzkaller
syzkaller login: [  162.948831][ T6615] netlink: 13832 bytes leftover after parsing attributes in process `syz.2.110'.
[  164.688921][ T6637] netlink: 13832 bytes leftover after parsing attributes in process `syz.1.113'.
[  165.328489][ T6648] netlink: 13832 bytes leftover after parsing attributes in process `syz.3.114'.
[  165.621823][ T6646] mmap: syz.2.115 (6646) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  166.393671][ T6660] random: crng reseeded on system resumption
	

	
		
	

	
		
	

	


	

	
		

								


	

	
		



		


		





















	
	


	
				



	





































	
		




		




	





	














	


	



	


		





	


		
	

	
		
	
	
	
	

	


	


	
		
	
	
	

		




	


				
		
							
	

	
		
	

	
		

				
	

	
		

		
		

	
		

	


	
	

		
	
		
	
	



			








	

	








			




		

			

			
		

		


		


















	










	




	




		






				


				
		
							
	

	
		
	

	
		
	




	
				
	




	
				
	

	
		

				

	

	
		
	




	
				
	




	
				
	

	
		

	
		

	


	

	

		
	
		
	
	



			








	

	












	
	
	
		

		

		

	







	






	

	
	

	

	






	








	









		











	
		

	


	
	

		
	
		
	
	



			








	

	














			



		

			

			
		

		


		


















	










	






	






		







	

	
		
			

	


			

	


	
	
	
	
	
	
		



	
	

	
		

	



	
		

	


	
	

		
	
		
	
	



			








	





	





		
		

		
		
		
		

		


		

























	








	








		









	

	
		

				

	

	
		
	

	
		
	

	
		
	

	
		
	

	
		
	

	
		
	

	
		
	

	
		
	

	

	

	
		
	

	
		
	

	
		
	

	
		
	

	
		
	

	
		
	

	
		
		





	

	
		
	

	
		



	

	
	
	
	
	
	
	
	

				

	

	
		
	

	
		
	

	
		

	
	

	

	

	
		
	

	
		
	

	
		
	

	
		
	
	

	



	
	
	

	
		
	

	
		
	

	
		
	

	
		
	
	
			

	
	

	
	
	

	
		
	
				
	



			




		
	
				
	



			



		
	
				
	



			



		
	
				
	



			


		


		



		



	





[  252.214214][ T7779] netlink: 28 bytes leftover after parsing attributes in process `syz.0.291'.
[  252.243000][ T7771] netlink: 13832 bytes leftover after parsing attributes in process `syz.2.290'.
[  252.278392][ T7779] ipvlan1: entered allmulticast mode
[  252.283758][ T7779] veth0_vlan: entered allmulticast mode
[  252.442128][ T7779] netlink: 28 bytes leftover after parsing attributes in process `syz.0.291'.
[  252.502091][ T7779] netlink: 28 bytes leftover after parsing attributes in process `syz.0.291'.
[  253.192643][ T7797] netlink: 13832 bytes leftover after parsing attributes in process `syz.2.295'.

syzkaller
syzkaller login: [  254.137539][ T7811] kAFS: Invalid Command on /proc/fs/afs/cells file
[  254.470323][ T7819] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  255.847385][ T7812] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  255.855005][ T7812] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  255.913233][ T7812] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  255.924749][ T7812] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  256.006478][ T7812] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  256.017132][ T7812] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  256.030590][ T7812] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  256.036611][ T7812] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  256.639802][ T7427] Bluetooth: hci0: command 0x0406 tx timeout
[  256.823188][ T7845] can: request_module (can-proto-0) failed.
[  257.409193][ T7858] netlink: 13832 bytes leftover after parsing attributes in process `syz.1.305'.
[  258.001122][ T7427] Bluetooth: hci1: command 0x0406 tx timeout
[  258.078237][ T7427] Bluetooth: hci3: command 0x0406 tx timeout
[  258.085146][ T7427] Bluetooth: hci2: command 0x0406 tx timeout
[  258.734166][ T7427] Bluetooth: hci0: command 0x0406 tx timeout
[  259.842667][ T7898] netlink: 13832 bytes leftover after parsing attributes in process `syz.3.311'.
[  260.078406][ T7427] Bluetooth: hci1: command 0x0406 tx timeout
[  260.171134][ T7427] Bluetooth: hci2: command 0x0406 tx timeout
[  260.171182][ T7427] Bluetooth: hci3: command 0x0406 tx timeout
[  261.191279][ T6724] Bluetooth: hci1: Unable to find connection for big 0xd2
[  261.512059][ T7915] ubi: mtd0 is already attached to ubi0
[  262.412706][ T7936] netlink: 13832 bytes leftover after parsing attributes in process `syz.3.316'.
[  262.580943][ T7937] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.317'.
[  262.704648][ T7944] netlink: 13832 bytes leftover after parsing attributes in process `syz.1.318'.
[  264.089826][ T7960] netlink: 'syz.3.319': attribute type 2 has an invalid length.
[  265.925656][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  265.932114][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  266.673752][ T7986] zswap: compressor  not available
[  266.719598][ T7982] Setting dangerous option i915.mitigations - tainting kernel
[  269.961063][ T8023] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  269.967593][ T8023] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  269.987877][ T8023] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  270.004049][ T8023] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  270.558309][ T6724] Bluetooth: hci0: command 0x0406 tx timeout
[  270.785079][ T8052] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.331'.
[  271.999286][ T6724] Bluetooth: hci2: command 0x0406 tx timeout
[  272.005340][ T6724] Bluetooth: hci1: command 0x0406 tx timeout
[  272.080079][ T6724] Bluetooth: hci3: command 0x0406 tx timeout
[  272.722366][ T8075] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  272.800720][ T8075] CIFS mount error: No usable UNC path provided in device string!
[  272.800720][ T8075] 
[  272.871840][ T8075] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  273.473770][ T8084] FAULT_INJECTION: forcing a failure.
[  273.473770][ T8084] name failslab, interval 1, probability 0, space 0, times 0
[  273.518890][ T8084] CPU: 1 UID: 0 PID: 8084 Comm: syz.1.337 Tainted: G     U              6.15.0-syzkaller-12141-gec7714e49479 #0 PREEMPT(full) 
[  273.518944][ T8084] Tainted: [U]=USER
[  273.518955][ T8084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  273.518987][ T8084] Call Trace:
[  273.519000][ T8084]  <TASK>
[  273.519014][ T8084]  dump_stack_lvl+0x16c/0x1f0
[  273.519052][ T8084]  should_fail_ex+0x512/0x640
[  273.519088][ T8084]  ? __kmalloc_noprof+0xbf/0x510
[  273.519126][ T8084]  ? __register_sysctl_table+0xea2/0x1900
[  273.519147][ T8084]  should_failslab+0xc2/0x120
[  273.519170][ T8084]  __kmalloc_noprof+0xd2/0x510
[  273.519204][ T8084]  ? __register_sysctl_table+0xe8e/0x1900
[  273.519231][ T8084]  __register_sysctl_table+0xea2/0x1900
[  273.519260][ T8084]  ? __pfx___register_sysctl_table+0x10/0x10
[  273.519281][ T8084]  ? is_module_address+0x69/0xf0
[  273.519312][ T8084]  ? register_net_sysctl_sz+0x228/0x3e0
[  273.519351][ T8084]  ? __asan_memcpy+0x3c/0x60
[  273.519384][ T8084]  xfrm6_net_init+0xf0/0x1c0
[  273.519417][ T8084]  ? __pfx_xfrm6_net_init+0x10/0x10
[  273.519447][ T8084]  ops_init+0x1e2/0x5f0
[  273.519485][ T8084]  setup_net+0x1ff/0x510
[  273.519518][ T8084]  ? lockdep_init_map_type+0x5c/0x280
[  273.519550][ T8084]  ? __pfx_setup_net+0x10/0x10
[  273.519587][ T8084]  ? debug_mutex_init+0x37/0x70
[  273.519612][ T8084]  copy_net_ns+0x2a6/0x5f0
[  273.519636][ T8084]  create_new_namespaces+0x3ea/0xa90
[  273.519668][ T8084]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  273.519696][ T8084]  ksys_unshare+0x45b/0xa40
[  273.519727][ T8084]  ? __pfx_ksys_unshare+0x10/0x10
[  273.519765][ T8084]  ? xfd_validate_state+0x61/0x180
[  273.519805][ T8084]  __x64_sys_unshare+0x31/0x40
[  273.519835][ T8084]  do_syscall_64+0xcd/0x490
[  273.519872][ T8084]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  273.519895][ T8084] RIP: 0033:0x7faa0db8e929
[  273.519936][ T8084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  273.519967][ T8084] RSP: 002b:00007faa0b9d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  273.519998][ T8084] RAX: ffffffffffffffda RBX: 00007faa0ddb6160 RCX: 00007faa0db8e929
[  273.520020][ T8084] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  273.520040][ T8084] RBP: 00007faa0dc10b39 R08: 0000000000000000 R09: 0000000000000000
[  273.520061][ T8084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  273.520079][ T8084] R13: 0000000000000000 R14: 00007faa0ddb6160 R15: 00007ffe8918d348
[  273.520109][ T8084]  </TASK>
[  273.520119][ T8084] sysctl could not get directory: 
[  273.722049][    C1] vkms_vblank_simulate: vblank timer overrun
[  273.785780][ T8084] /net/ipv6 -12
[  274.130123][ T8086] zswap: compressor  not available
[  274.138185][ T8089] Setting dangerous option i915.mitigations - tainting kernel
[  274.719778][ T8101] netlink: 13832 bytes leftover after parsing attributes in process `syz.1.340'.
[  275.125111][ T8098] Invalid ELF header magic: != ELF
[  276.460484][ T8117] Invalid ELF header magic: != ELF
[  276.776543][ T8122] FAULT_INJECTION: forcing a failure.
[  276.776543][ T8122] name failslab, interval 1, probability 0, space 0, times 0
[  276.950382][ T8122] CPU: 1 UID: 0 PID: 8122 Comm: syz.3.344 Tainted: G     U              6.15.0-syzkaller-12141-gec7714e49479 #0 PREEMPT(full) 
[  276.950437][ T8122] Tainted: [U]=USER
[  276.950447][ T8122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  276.950465][ T8122] Call Trace:
[  276.950475][ T8122]  <TASK>
[  276.950487][ T8122]  dump_stack_lvl+0x16c/0x1f0
[  276.950540][ T8122]  should_fail_ex+0x512/0x640
[  276.950591][ T8122]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  276.950651][ T8122]  should_failslab+0xc2/0x120
[  276.950684][ T8122]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  276.950749][ T8122]  ? devinet_init_net+0xeb/0x910
[  276.950792][ T8122]  kmemdup_noprof+0x29/0x60
[  276.950863][ T8122]  devinet_init_net+0xeb/0x910
[  276.950904][ T8122]  ? __pfx_devinet_init_net+0x10/0x10
[  276.950941][ T8122]  ops_init+0x1e2/0x5f0
[  276.950997][ T8122]  setup_net+0x1ff/0x510
[  276.951045][ T8122]  ? lockdep_init_map_type+0x5c/0x280
[  276.951091][ T8122]  ? __pfx_setup_net+0x10/0x10
[  276.951157][ T8122]  ? debug_mutex_init+0x37/0x70
[  276.951193][ T8122]  copy_net_ns+0x2a6/0x5f0
[  276.951227][ T8122]  create_new_namespaces+0x3ea/0xa90
[  276.951273][ T8122]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  276.951313][ T8122]  ksys_unshare+0x45b/0xa40
[  276.951357][ T8122]  ? __pfx_ksys_unshare+0x10/0x10
[  276.951402][ T8122]  ? xfd_validate_state+0x61/0x180
[  276.951455][ T8122]  __x64_sys_unshare+0x31/0x40
[  276.951498][ T8122]  do_syscall_64+0xcd/0x490
[  276.951548][ T8122]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.951580][ T8122] RIP: 0033:0x7fe6dc78e929
[  276.951605][ T8122] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  276.951637][ T8122] RSP: 002b:00007fe6dd5cc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  276.951666][ T8122] RAX: ffffffffffffffda RBX: 00007fe6dc9b6080 RCX: 00007fe6dc78e929
[  276.951687][ T8122] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  276.951705][ T8122] RBP: 00007fe6dc810b39 R08: 0000000000000000 R09: 0000000000000000
[  276.951725][ T8122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  276.951749][ T8122] R13: 0000000000000000 R14: 00007fe6dc9b6080 R15: 00007fffd04f5e58
[  276.951790][ T8122]  </TASK>
[  277.181606][    C1] vkms_vblank_simulate: vblank timer overrun
[  278.098372][ T8132] netlink: 13832 bytes leftover after parsing attributes in process `syz.1.345'.
[  280.003208][ T8156] netlink: 48 bytes leftover after parsing attributes in process `syz.0.350'.
[  280.650104][ T8163] netlink: 13832 bytes leftover after parsing attributes in process `syz.1.347'.
[  281.694279][ T8177] capability: warning: `syz.0.352' uses 32-bit capabilities (legacy support in use)
[  282.417796][ T8184] netlink: 'syz.1.351': attribute type 2 has an invalid length.
[  285.361400][ T8194] netlink: 13832 bytes leftover after parsing attributes in process `syz.1.353'.
[  286.487868][ T8214] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.355'.
[  286.667516][ T8215] netlink: 13832 bytes leftover after parsing attributes in process `syz.2.356'.
[  287.430784][ T8223] netlink: 13832 bytes leftover after parsing attributes in process `syz.1.357'.
[  290.092756][ T8252] zswap: compressor  not available
[  290.108254][ T8258] Setting dangerous option i915.mitigations - tainting kernel
[  293.061883][ T8296] netlink: 'syz.2.364': attribute type 2 has an invalid length.
[  294.479949][ T8306] can: request_module (can-proto-0) failed.
[  295.273196][   T30] audit: type=1806 audit(6044095591.593:2): xattr="." res=0
[  295.668602][ T8340] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.369'.
[  297.385178][ T8357] FAULT_INJECTION: forcing a failure.
[  297.385178][ T8357] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  297.438112][ T8357] CPU: 1 UID: 0 PID: 8357 Comm: syz.0.372 Tainted: G     U              6.15.0-syzkaller-12141-gec7714e49479 #0 PREEMPT(full) 
[  297.438164][ T8357] Tainted: [U]=USER
[  297.438175][ T8357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  297.438193][ T8357] Call Trace:
[  297.438204][ T8357]  <TASK>
[  297.438216][ T8357]  dump_stack_lvl+0x16c/0x1f0
[  297.438267][ T8357]  should_fail_ex+0x512/0x640
[  297.438325][ T8357]  should_fail_alloc_page+0xe7/0x130
[  297.438363][ T8357]  prepare_alloc_pages+0x3c2/0x610
[  297.438403][ T8357]  ? rcu_is_watching+0x12/0xc0
[  297.438441][ T8357]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  297.438499][ T8357]  ? stack_trace_save+0x8e/0xc0
[  297.438534][ T8357]  ? __pfx_stack_trace_save+0x10/0x10
[  297.438570][ T8357]  ? stack_depot_save_flags+0x28/0xa40
[  297.438625][ T8357]  ? __kernel_text_address+0xd/0x40
[  297.438680][ T8357]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  297.438736][ T8357]  ? __lock_acquire+0x622/0x1c90
[  297.438788][ T8357]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.438840][ T8357]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  297.438894][ T8357]  ? policy_nodemask+0xea/0x4e0
[  297.438930][ T8357]  alloc_pages_mpol+0x1fb/0x550
[  297.438963][ T8357]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  297.439010][ T8357]  alloc_pages_noprof+0x131/0x390
[  297.439043][ T8357]  alloc_pages_exact_noprof+0x37/0xe0
[  297.439086][ T8357]  ? __asan_memset+0x23/0x50
[  297.439123][ T8357]  snd_pcm_attach_substream+0x4bb/0xd60
[  297.439167][ T8357]  snd_pcm_open_substream+0x8d/0x17f0
[  297.439205][ T8357]  ? __pfx_snd_pcm_open_substream+0x10/0x10
[  297.439249][ T8357]  snd_pcm_oss_open+0x735/0x1400
[  297.439289][ T8357]  ? __pfx_snd_pcm_oss_open+0x10/0x10
[  297.439318][ T8357]  ? __lock_acquire+0xb8a/0x1c90
[  297.439353][ T8357]  ? __pfx_default_wake_function+0x10/0x10
[  297.439384][ T8357]  ? __lock_acquire+0xb8a/0x1c90
[  297.439426][ T8357]  ? do_raw_spin_lock+0x12c/0x2b0
[  297.439470][ T8357]  ? soundcore_open+0x35a/0x580
[  297.439512][ T8357]  ? __pfx_snd_pcm_oss_open+0x10/0x10
[  297.439541][ T8357]  soundcore_open+0x409/0x580
[  297.439584][ T8357]  ? __pfx_soundcore_open+0x10/0x10
[  297.439624][ T8357]  chrdev_open+0x234/0x6a0
[  297.439648][ T8357]  ? __pfx_apparmor_file_open+0x10/0x10
[  297.439684][ T8357]  ? __pfx_chrdev_open+0x10/0x10
[  297.439711][ T8357]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  297.439755][ T8357]  do_dentry_open+0x741/0x1c10
[  297.439797][ T8357]  ? __pfx_chrdev_open+0x10/0x10
[  297.439835][ T8357]  vfs_open+0x82/0x3f0
[  297.439889][ T8357]  path_openat+0x1de4/0x2cb0
[  297.439943][ T8357]  ? __pfx_path_openat+0x10/0x10
[  297.439987][ T8357]  ? __lock_acquire+0xb8a/0x1c90
[  297.440028][ T8357]  do_filp_open+0x20b/0x470
[  297.440072][ T8357]  ? __pfx_do_filp_open+0x10/0x10
[  297.440139][ T8357]  ? alloc_fd+0x471/0x7d0
[  297.440187][ T8357]  do_sys_openat2+0x11b/0x1d0
[  297.440220][ T8357]  ? __pfx_do_sys_openat2+0x10/0x10
[  297.440254][ T8357]  ? __sys_sendmsg+0x18c/0x220
[  297.440303][ T8357]  __x64_sys_openat+0x174/0x210
[  297.440337][ T8357]  ? __pfx___x64_sys_openat+0x10/0x10
[  297.440384][ T8357]  do_syscall_64+0xcd/0x490
[  297.440428][ T8357]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.440456][ T8357] RIP: 0033:0x7fca35d8e929
[  297.440479][ T8357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  297.440506][ T8357] RSP: 002b:00007fca36bbf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  297.440533][ T8357] RAX: ffffffffffffffda RBX: 00007fca35fb5fa0 RCX: 00007fca35d8e929
[  297.440551][ T8357] RDX: 0000000000020b42 RSI: 00002000000000c0 RDI: ffffffffffffff9c
[  297.440569][ T8357] RBP: 00007fca35e10b39 R08: 0000000000000000 R09: 0000000000000000
[  297.440586][ T8357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  297.440602][ T8357] R13: 0000000000000000 R14: 00007fca35fb5fa0 R15: 00007ffcc0c5da98
[  297.440637][ T8357]  </TASK>
[  298.959563][ T8373] Invalid ELF header magic: != ELF
[  299.895891][ T8384] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.375'.
[  300.906037][ T8398] netlink: 8 bytes leftover after parsing attributes in process `syz.2.379'.
[  301.403315][ T8409] netlink: 13832 bytes leftover after parsing attributes in process `syz.3.385'.
[  302.462921][ T8414] netlink: 'syz.0.377': attribute type 2 has an invalid length.
[  304.308600][ T8433] can: request_module (can-proto-0) failed.
[  305.453736][ T8450] netlink: 48 bytes leftover after parsing attributes in process `syz.3.382'.
[  306.397374][ T8456] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.393'.
[  307.105044][ T8469] netlink: 13832 bytes leftover after parsing attributes in process `syz.3.386'.
[  311.840595][ T8528] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.398'.
[  312.108753][ T8527] Invalid ELF header magic: != ELF
[  313.108602][ T8520] FAULT_INJECTION: forcing a failure.
[  313.108602][ T8520] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  313.130291][ T8520] CPU: 1 UID: 0 PID: 8520 Comm: syz.1.395 Tainted: G     U              6.15.0-syzkaller-12141-gec7714e49479 #0 PREEMPT(full) 
[  313.130343][ T8520] Tainted: [U]=USER
[  313.130353][ T8520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  313.130372][ T8520] Call Trace:
[  313.130382][ T8520]  <TASK>
[  313.130394][ T8520]  dump_stack_lvl+0x16c/0x1f0
[  313.130446][ T8520]  should_fail_ex+0x512/0x640
[  313.130504][ T8520]  should_fail_alloc_page+0xe7/0x130
[  313.130541][ T8520]  prepare_alloc_pages+0x3c2/0x610
[  313.130592][ T8520]  ? rcu_is_watching+0x12/0xc0
[  313.130631][ T8520]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  313.130690][ T8520]  ? stack_trace_save+0x8e/0xc0
[  313.130727][ T8520]  ? __pfx_stack_trace_save+0x10/0x10
[  313.130764][ T8520]  ? stack_depot_save_flags+0x28/0xa40
[  313.130819][ T8520]  ? __kernel_text_address+0xd/0x40
[  313.130875][ T8520]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  313.130930][ T8520]  ? __lock_acquire+0x622/0x1c90
[  313.130983][ T8520]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.131028][ T8520]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  313.131082][ T8520]  ? policy_nodemask+0xea/0x4e0
[  313.131128][ T8520]  alloc_pages_mpol+0x1fb/0x550
[  313.131161][ T8520]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  313.131204][ T8520]  alloc_pages_noprof+0x131/0x390
[  313.131236][ T8520]  alloc_pages_exact_noprof+0x37/0xe0
[  313.131276][ T8520]  ? __asan_memset+0x23/0x50
[  313.131318][ T8520]  snd_pcm_attach_substream+0x4bb/0xd60
[  313.131370][ T8520]  snd_pcm_open_substream+0x8d/0x17f0
[  313.131412][ T8520]  ? __pfx_snd_pcm_open_substream+0x10/0x10
[  313.131464][ T8520]  snd_pcm_oss_open+0x735/0x1400
[  313.131512][ T8520]  ? __pfx_snd_pcm_oss_open+0x10/0x10
[  313.131542][ T8520]  ? __pfx___schedule+0x10/0x10
[  313.131594][ T8520]  ? __pfx_default_wake_function+0x10/0x10
[  313.131631][ T8520]  ? mark_held_locks+0x49/0x80
[  313.131701][ T8520]  ? preempt_schedule_thunk+0x16/0x30
[  313.131747][ T8520]  ? __pfx_snd_pcm_oss_open+0x10/0x10
[  313.131783][ T8520]  soundcore_open+0x409/0x580
[  313.131837][ T8520]  ? __pfx_soundcore_open+0x10/0x10
[  313.131888][ T8520]  chrdev_open+0x234/0x6a0
[  313.131917][ T8520]  ? __pfx_apparmor_file_open+0x10/0x10
[  313.131962][ T8520]  ? __pfx_chrdev_open+0x10/0x10
[  313.131995][ T8520]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  313.132049][ T8520]  do_dentry_open+0x741/0x1c10
[  313.132101][ T8520]  ? __pfx_chrdev_open+0x10/0x10
[  313.132139][ T8520]  vfs_open+0x82/0x3f0
[  313.132181][ T8520]  path_openat+0x1de4/0x2cb0
[  313.132245][ T8520]  ? __pfx_path_openat+0x10/0x10
[  313.132297][ T8520]  ? __lock_acquire+0xb8a/0x1c90
[  313.132345][ T8520]  do_filp_open+0x20b/0x470
[  313.132396][ T8520]  ? __pfx_do_filp_open+0x10/0x10
[  313.132476][ T8520]  ? alloc_fd+0x471/0x7d0
[  313.132534][ T8520]  do_sys_openat2+0x11b/0x1d0
[  313.132573][ T8520]  ? __pfx_do_sys_openat2+0x10/0x10
[  313.132633][ T8520]  ? __sys_sendmsg+0x18c/0x220
[  313.132693][ T8520]  __x64_sys_openat+0x174/0x210
[  313.132734][ T8520]  ? __pfx___x64_sys_openat+0x10/0x10
[  313.132791][ T8520]  do_syscall_64+0xcd/0x490
[  313.132842][ T8520]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.132876][ T8520] RIP: 0033:0x7faa0db8e929
[  313.132901][ T8520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  313.132933][ T8520] RSP: 002b:00007faa0e915038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  313.132962][ T8520] RAX: ffffffffffffffda RBX: 00007faa0ddb5fa0 RCX: 00007faa0db8e929
[  313.132984][ T8520] RDX: 0000000000020b42 RSI: 00002000000000c0 RDI: ffffffffffffff9c
[  313.133004][ T8520] RBP: 00007faa0dc10b39 R08: 0000000000000000 R09: 0000000000000000
[  313.133023][ T8520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  313.133042][ T8520] R13: 0000000000000000 R14: 00007faa0ddb5fa0 R15: 00007ffe8918d348
[  313.133083][ T8520]  </TASK>
[  314.392244][ T8556] netlink: 13832 bytes leftover after parsing attributes in process `syz.2.400'.
[  314.494375][ T8559] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.401'.
[  317.104083][ T8583] nbd: socks must be embedded in a SOCK_ITEM attr
[  318.895315][ T8616] netlink: 13832 bytes leftover after parsing attributes in process `syz.3.409'.
[  321.488216][ T8636] can: request_module (can-proto-0) failed.
[  321.830003][ T8641] netlink: 13832 bytes leftover after parsing attributes in process `syz.2.412'.
[  323.130736][ T8651] Invalid ELF header magic: != ELF
[  326.433123][ T8673] netlink: 'syz.3.417': attribute type 2 has an invalid length.
[  327.362854][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  327.437427][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  329.387985][ T8711] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.424'.
[  329.876600][ T8712] Invalid ELF header magic: != ELF
[  330.666965][ T8731] netlink: 504 bytes leftover after parsing attributes in process `syz.1.427'.
[  330.683680][ T8731] netlink: 350 bytes leftover after parsing attributes in process `syz.1.427'.
[  330.842781][ T8741] netlink: 13832 bytes leftover after parsing attributes in process `syz.2.426'.
[  331.694617][ T8752] netlink: 13832 bytes leftover after parsing attributes in process `syz.3.429'.
[  334.312863][ T8785] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.434'.
[  335.791509][ T8808] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.438'.
[  337.616207][ T8819] netlink: 'syz.3.441': attribute type 2 has an invalid length.
[  338.978494][ T8835] netlink: 13832 bytes leftover after parsing attributes in process `syz.3.443'.
[  339.459603][ T8839] random: crng reseeded on system resumption
[  339.691940][ T8841] 
[  339.694337][ T8841] ======================================================
[  339.701381][ T8841] WARNING: possible circular locking dependency detected
[  339.708431][ T8841] 6.15.0-syzkaller-12141-gec7714e49479 #0 Tainted: G     U             
[  339.716854][ T8841] ------------------------------------------------------
[  339.723878][ T8841] syz.2.445/8841 is trying to acquire lock:
[  339.729777][ T8841] ffff888142b85420 (&q->elevator_lock){+.+.}-{4:4}, at: elevator_change+0x103/0x400
[  339.739221][ T8841] 
[  339.739221][ T8841] but task is already holding lock:
[  339.746591][ T8841] ffff888142b84ee8 (&q->q_usage_counter(io)#22){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  339.757878][ T8841] 
[  339.757878][ T8841] which lock already depends on the new lock.
[  339.757878][ T8841] 
[  339.768306][ T8841] 
[  339.768306][ T8841] the existing dependency chain (in reverse order) is:
[  339.777324][ T8841] 
[  339.777324][ T8841] -> #3 (&q->q_usage_counter(io)#22){++++}-{0:0}:
[  339.785957][ T8841]        blk_alloc_queue+0x619/0x760
[  339.791274][ T8841]        blk_mq_alloc_queue+0x175/0x290
[  339.796865][ T8841]        __blk_mq_alloc_disk+0x29/0x120
[  339.802459][ T8841]        loop_add+0x49e/0xb70
[  339.807156][ T8841]        loop_init+0x164/0x270
[  339.811942][ T8841]        do_one_initcall+0x120/0x6e0
[  339.817249][ T8841]        kernel_init_freeable+0x5c2/0x900
[  339.822992][ T8841]        kernel_init+0x1c/0x2b0
[  339.827858][ T8841]        ret_from_fork+0x5d7/0x6f0
[  339.832997][ T8841]        ret_from_fork_asm+0x1a/0x30
[  339.838304][ T8841] 
[  339.838304][ T8841] -> #2 (fs_reclaim){+.+.}-{0:0}:
[  339.845567][ T8841]        fs_reclaim_acquire+0x102/0x150
[  339.851147][ T8841]        prepare_alloc_pages+0x162/0x610
[  339.856796][ T8841]        __alloc_frozen_pages_noprof+0x18b/0x23f0
[  339.863247][ T8841]        __alloc_pages_noprof+0xb/0x1b0
[  339.868863][ T8841]        pcpu_populate_chunk+0x110/0xb00
[  339.874526][ T8841]        pcpu_alloc_noprof+0x86a/0x1470
[  339.880101][ T8841]        xt_percpu_counter_alloc+0x13e/0x1b0
[  339.886105][ T8841]        find_check_entry.constprop.0+0xbf/0xa20
[  339.892450][ T8841]        translate_table+0xd0b/0x17b0
[  339.897836][ T8841]        ip6t_register_table+0x102/0x430
[  339.903491][ T8841]        ip6table_raw_table_init+0x63/0x90
[  339.909324][ T8841]        xt_find_table_lock+0x2e1/0x520
[  339.914892][ T8841]        xt_request_find_table_lock+0x28/0xf0
[  339.920979][ T8841]        get_info+0x190/0x620
[  339.925671][ T8841]        do_ip6t_get_ctl+0x169/0xa50
[  339.930996][ T8841]        nf_getsockopt+0x7c/0xe0
[  339.935948][ T8841]        ipv6_getsockopt+0x1f7/0x280
[  339.941249][ T8841]        tcp_getsockopt+0x9e/0x100
[  339.946391][ T8841]        do_sock_getsockopt+0x3fc/0x800
[  339.951955][ T8841]        __sys_getsockopt+0x123/0x1b0
[  339.957348][ T8841]        __x64_sys_getsockopt+0xbd/0x160
[  339.963002][ T8841]        do_syscall_64+0xcd/0x490
[  339.968051][ T8841]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.974476][ T8841] 
[  339.974476][ T8841] -> #1 (pcpu_alloc_mutex){+.+.}-{4:4}:
[  339.982232][ T8841]        __mutex_lock+0x199/0xb90
[  339.987276][ T8841]        pcpu_alloc_noprof+0xb4c/0x1470
[  339.992845][ T8841]        sbitmap_init_node+0x2fd/0x770
[  339.998326][ T8841]        sbitmap_queue_init_node+0x41/0x560
[  340.004257][ T8841]        blk_mq_init_tags+0x12d/0x2b0
[  340.009652][ T8841]        blk_mq_alloc_map_and_rqs+0x237/0xf60
[  340.015767][ T8841]        blk_mq_init_sched+0x30c/0x610
[  340.021257][ T8841]        elevator_switch+0x1e1/0x7f0
[  340.026588][ T8841]        elevator_change+0x2ac/0x400
[  340.031919][ T8841]        elevator_set_default+0x292/0x320
[  340.037675][ T8841]        blk_register_queue+0x393/0x4f0
[  340.043276][ T8841]        __add_disk+0x74a/0xf00
[  340.048160][ T8841]        add_disk_fwnode+0x13f/0x5d0
[  340.053469][ T8841]        nbd_dev_add+0x791/0xbc0
[  340.058451][ T8841]        nbd_init+0x181/0x320
[  340.063160][ T8841]        do_one_initcall+0x120/0x6e0
[  340.068459][ T8841]        kernel_init_freeable+0x5c2/0x900
[  340.074199][ T8841]        kernel_init+0x1c/0x2b0
[  340.079060][ T8841]        ret_from_fork+0x5d7/0x6f0
[  340.084194][ T8841]        ret_from_fork_asm+0x1a/0x30
[  340.089506][ T8841] 
[  340.089506][ T8841] -> #0 (&q->elevator_lock){+.+.}-{4:4}:
[  340.097433][ T8841]        __lock_acquire+0x126f/0x1c90
[  340.102843][ T8841]        lock_acquire+0x179/0x350
[  340.107888][ T8841]        __mutex_lock+0x199/0xb90
[  340.112942][ T8841]        elevator_change+0x103/0x400
[  340.118248][ T8841]        elv_iosched_store+0x2eb/0x3a0
[  340.123736][ T8841]        queue_attr_store+0x279/0x320
[  340.129221][ T8841]        sysfs_kf_write+0xef/0x150
[  340.134365][ T8841]        kernfs_fop_write_iter+0x354/0x510
[  340.140193][ T8841]        vfs_write+0x6c4/0x1150
[  340.145076][ T8841]        ksys_write+0x12a/0x250
[  340.149960][ T8841]        do_syscall_64+0xcd/0x490
[  340.155015][ T8841]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  340.161446][ T8841] 
[  340.161446][ T8841] other info that might help us debug this:
[  340.161446][ T8841] 
[  340.171681][ T8841] Chain exists of:
[  340.171681][ T8841]   &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#22
[  340.171681][ T8841] 
[  340.185461][ T8841]  Possible unsafe locking scenario:
[  340.185461][ T8841] 
[  340.192958][ T8841]        CPU0                    CPU1
[  340.198329][ T8841]        ----                    ----
[  340.203699][ T8841]   lock(&q->q_usage_counter(io)#22);
[  340.209095][ T8841]                                lock(fs_reclaim);
[  340.215612][ T8841]                                lock(&q->q_usage_counter(io)#22);
[  340.223537][ T8841]   lock(&q->elevator_lock);
[  340.228161][ T8841] 
[  340.228161][ T8841]  *** DEADLOCK ***
[  340.228161][ T8841] 
[  340.236319][ T8841] 7 locks held by syz.2.445/8841:
[  340.241348][ T8841]  #0: ffff8880290a9438 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370
[  340.250547][ T8841]  #1: ffff888032b06428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  340.259579][ T8841]  #2: ffff88803387a888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  340.269363][ T8841]  #3: ffff888142bb6788 (kn->active#111){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[  340.279507][ T8841]  #4: ffff888142b9c368 (&set->update_nr_hwq_lock){.+.+}-{4:4}, at: elv_iosched_store+0x337/0x3a0
[  340.290169][ T8841]  #5: ffff888142b84ee8 (&q->q_usage_counter(io)#22){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  340.301889][ T8841]  #6: ffff888142b84f20 (&q->q_usage_counter(queue)#21){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  340.313859][ T8841] 
[  340.313859][ T8841] stack backtrace:
[  340.319757][ T8841] CPU: 0 UID: 0 PID: 8841 Comm: syz.2.445 Tainted: G     U              6.15.0-syzkaller-12141-gec7714e49479 #0 PREEMPT(full) 
[  340.319792][ T8841] Tainted: [U]=USER
[  340.319799][ T8841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  340.319814][ T8841] Call Trace:
[  340.319823][ T8841]  <TASK>
[  340.319832][ T8841]  dump_stack_lvl+0x116/0x1f0
[  340.319867][ T8841]  print_circular_bug+0x275/0x350
[  340.319899][ T8841]  check_noncircular+0x14c/0x170
[  340.319949][ T8841]  __lock_acquire+0x126f/0x1c90
[  340.319987][ T8841]  lock_acquire+0x179/0x350
[  340.320019][ T8841]  ? elevator_change+0x103/0x400
[  340.320051][ T8841]  ? __pfx___might_resched+0x10/0x10
[  340.320098][ T8841]  __mutex_lock+0x199/0xb90
[  340.320136][ T8841]  ? elevator_change+0x103/0x400
[  340.320169][ T8841]  ? elevator_change+0x103/0x400
[  340.320203][ T8841]  ? __pfx___mutex_lock+0x10/0x10
[  340.320245][ T8841]  ? blk_mq_cancel_work_sync+0xd8/0x110
[  340.320287][ T8841]  ? __pfx_blk_mq_cancel_work_sync+0x10/0x10
[  340.320332][ T8841]  ? elevator_change+0x103/0x400
[  340.320364][ T8841]  elevator_change+0x103/0x400
[  340.320398][ T8841]  elv_iosched_store+0x2eb/0x3a0
[  340.320434][ T8841]  ? __pfx_elv_iosched_store+0x10/0x10
[  340.320491][ T8841]  ? __mutex_trylock_common+0xe9/0x250
[  340.320529][ T8841]  ? __pfx_elv_iosched_store+0x10/0x10
[  340.320564][ T8841]  queue_attr_store+0x279/0x320
[  340.320590][ T8841]  ? __pfx_queue_attr_store+0x10/0x10
[  340.320613][ T8841]  ? __lock_acquire+0x622/0x1c90
[  340.320655][ T8841]  ? find_held_lock+0x2b/0x80
[  340.320680][ T8841]  ? sysfs_file_kobj+0xe4/0x290
[  340.320714][ T8841]  ? __pfx_queue_attr_store+0x10/0x10
[  340.320740][ T8841]  sysfs_kf_write+0xef/0x150
[  340.320773][ T8841]  kernfs_fop_write_iter+0x354/0x510
[  340.320801][ T8841]  ? __pfx_sysfs_kf_write+0x10/0x10
[  340.320835][ T8841]  vfs_write+0x6c4/0x1150
[  340.320875][ T8841]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  340.320905][ T8841]  ? __pfx___mutex_lock+0x10/0x10
[  340.320943][ T8841]  ? __pfx_vfs_write+0x10/0x10
[  340.320991][ T8841]  ksys_write+0x12a/0x250
[  340.321030][ T8841]  ? __pfx_ksys_write+0x10/0x10
[  340.321074][ T8841]  do_syscall_64+0xcd/0x490
[  340.321125][ T8841]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  340.321151][ T8841] RIP: 0033:0x7fadb858e929
[  340.321172][ T8841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  340.321196][ T8841] RSP: 002b:00007fadb931e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  340.321218][ T8841] RAX: ffffffffffffffda RBX: 00007fadb87b5fa0 RCX: 00007fadb858e929
[  340.321235][ T8841] RDX: 0000000000000004 RSI: 0000200000000080 RDI: 0000000000000003
[  340.321250][ T8841] RBP: 00007fadb8610b39 R08: 0000000000000000 R09: 0000000000000000
[  340.321265][ T8841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  340.321280][ T8841] R13: 0000000000000000 R14: 00007fadb87b5fa0 R15: 00007ffdb6289cb8
[  340.321303][ T8841]  </TASK>