Extracting prog: 4m1.165268955s
Minimizing prog: 8m38.560736628s
Simplifying prog options: 7m15.459660565s
Extracting C: 2m55.598030221s
Simplifying C: 0s


extracting reproducer from 24 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-sendfile$auto
detailed listing:
executing program 0:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd6/queue/scheduler\x00', 0x189002, 0x0)
sendfile$auto(r0, r0, 0x0, 0x3)

program did not crash
single: failed to extract reproducer
bisect: bisecting 24 programs with base timeout 30s
testing program (duration=36s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 29, 30, 29, 30, 3, 29, 2, 3, 30, 2, 30, 30, 3, 3, 29, 3, 30, 3, 3, 30, 2, 3, 29]
detailed listing:
executing program 2:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = socket(0x15, 0x5, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x3e38a2, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @private=0xa010102}, 0x6a)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0)
sysfs$auto(0x2, 0x2, 0x0)
unshare$auto(0x40000080)
mbind$auto(0x200, 0x10000100000003, 0x2000000000005, &(0x7f0000000000)=0xc4f5, 0x7fffffffffffffff, 0xe)
sendmsg$auto(r0, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0)
mmap$auto(0x6, 0x0, 0xdf, 0xeb1, 0x3fd, 0x8000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
mknod$auto(&(0x7f0000000080)=':,\x00', 0xcb, 0xfffffffa)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000)
pivot_root$auto(0x0, 0x0)
r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20b42, 0x0)
ioctl$auto(0xffffffffffffffff, 0x4b4e, 0xffffffffffffffff)
openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, 0x0, 0x80000, 0x0)
write$auto(r2, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
ioctl$auto_SNDCTL_DSP_SETFMT(r3, 0xc0045005, 0x0)
r4 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000980), r1)
sendmsg$auto_TIPC_NL_MEDIA_SET(r1, &(0x7f000000a4c0)={0x0, 0x0, &(0x7f000000a480)={&(0x7f0000009800)={0x20, r4, 0x1, 0x70bd29, 0x25dfdbff, {}, [@TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x18}}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x20000048)
write$auto(0xca, &(0x7f0000000140)='\x04>\x01\x01\b\x03\x00\x00\x00I}\xe8N\x94\xf2\xa2\x00\x00\f\x15\xd8a\xed\x84\xb7\f\x00\x00\x80\x00\x00\x00\x001.\xb0`W\xd3M\x00\xbf\xe9\x83\xea8\xd1\xda\xcf9\x02u@\xeb\xcd\xb2\tBAh\xf8', 0x3ff)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/iscsi_transport/iser/handle\x00', 0x123640, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket(0xa, 0x6, 0x0)
setsockopt$auto(0x4, 0x1, 0xf, &(0x7f00000002c0)='\x05\x00\x06J\xd4~&\xe3a\xe9\x14\x01\xdc\x85\r\x00\x00\x00\x00\x00\xee\xcc8\xe2\x7fi\x01\xaf\x06E\xff\xff\xff\xff\xff\xff\xff\xff\tL\xb9\x8dv\xf2\x93\x7f\xe18\b\x00\x00\x00\x00\x00\x00\x00\xbd\x94\x06\xc3\xac\xc0\xd9\xa1J2_\xe3\xae\x00\x00\x00\x00a\x93d$\x05\x8a\a\x00R\b\x0e\xfd\x06\xca`\xf6\xfc\x91 g\xa5m\x1a9H\x14\x14\x97\xc1\xc5\x94\x91 \x968C\xc1v!w\x0f\xcc\xf5\xb5!F$\xa4\x9e\xf7\x98~\x98\x88\x06\x14@N\xddM*\xfd\x85R\xb6koe\xe8\xfaF\xf0\\\x9c\x85\xc7+\x81\xa4+\x9f-\x00\xedS\xeb\x1c2\xffy\xaa\x14n#\x1f\xde\x02\xd4\x87I\xb5V(\x00\xa9E\x14\xe3\xf8*\xfd\xcc\x0e\xe4\xbc\xa0\nv\xd9n\xf3\xf9\xed\xc5\x95\fT\xe4\xd6\xfa\x99I\x81\xb4\xb2\xff\xa2\xb3BL\xc1\x9c\x80U\x88\xdb\xcap\xcf\v\x00\x00\x00\x00\x00\x9f\xcf\xa4?\x86\x8d\x10\\\xc7\xb6\x93\t\x98\x8f\xb9B\xdb\x11\xae\xef/\xd5f7ok\x84\xcbddf\xe3\x9c\x1b\x13\xf3\xbdv\x83\xa3\x95o@\xe6\xb8B\x06k\x83\xd4\xad\'\x8b\xa9\xb2\xd38\xe3\xb6\xfb\xa0x\x06\xc7B4\x9e12\\\xd6\xecD\x8bV7D\x8a\x97\xa5\x17\xf6HC\xe0\x03\x00\x00\x00\"S\xc9\x01&\xb0S+\xa0\xf4\xb07o\x12{Q\xe5\xeb\x9b\x9d\xc2\xee0\xa7Y\x12\x1d\xcd\xfb', 0xd)
sendmsg$auto_NL802154_CMD_NEW_INTERFACE(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x40000)
listen$auto(r5, 0x26da)
executing program 3:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = socket(0x2b, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xf}, 0x800009}, 0x3, 0x20000000)
write$auto(r0, 0x0, 0xfffffde9)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00'})
sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x4004080}, 0x48050)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
read$auto(r2, 0x0, 0x20)
r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r3, 0x0, 0x3)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x5c0701, 0x0)
r4 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, 0x0, 0x301802, 0x0)
r5 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/block/nbd11/sched/queued\x00', 0xa000, 0x0)
read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(r5, &(0x7f0000000040)=""/124, 0x7c)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
r6 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r6, 0x107, 0x14, 0x0, 0x4)
write$auto(r4, 0x0, 0x3)
r7 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ioctl$auto_SNDCTL_DSP_SETTRIGGER(r7, 0x40045010, &(0x7f00000006c0)="149bc0c3")
r8 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/auth.unix.ip/channel\x00', 0x48041, 0x0)
write$auto_proc_reg_file_ops_compat_inode(r8, 0x0, 0x0)
close_range$auto(0xffffffffffffffff, 0x8, 0x0)
unshare$auto(0x40000080)
executing program 2:
socket(0x2, 0x1, 0x106)
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
unshare$auto(0x40000080)
bind$auto(0x3, 0x0, 0x6a)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000)
shutdown$auto(0x200000003, 0x2)
socket(0xf, 0x3, 0x2)
r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000580)='/dev/audio\x00', 0x0, 0x0)
add_key$auto(0x0, 0x0, &(0x7f0000000080), 0xb, 0x2df)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
r3 = open(0x0, 0x22040, 0x75)
r4 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100)
copy_file_range$auto(r3, 0x0, r4, 0x0, 0x21c1, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x34, 0x0, 0x5, 0x10, r2, 0x7f)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
r5 = socketpair$auto(0x4, 0xffffffff, 0x8000000000000000, 0x0)
ioctl$auto(r5, 0x6, r5)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
capget$auto(0x0, 0xfffffffffffffffe)
socket(0x15, 0x5, 0x0)
socket(0x2, 0x6, 0x0)
executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/net/bond0/bonding/slaves\x00', 0x80002, 0x0)
write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000000040)="0b52b1f0788d", 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
io_uring_setup$auto(0x1, 0x0)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0)
ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$auto(0x3, 0x4048aec9, r2)
r4 = openat$auto_event_trigger_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/events/vmalloc/free_vmap_area_noflush/trigger\x00', 0x0, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sysfs$auto(0x2, 0x6, 0x0)
prctl$auto_PR_TIMER_CREATE_RESTORE_IDS(0x4d, 0x8, 0x8, 0x2, 0x401)
lsm_get_self_attr$auto(0x68, 0x0, 0x0, 0x0)
r5 = fsopen$auto(0x0, 0x785)
fsconfig$auto(r5, 0x1, &(0x7f0000000080)='\xa9rO\xe5\xebF*\x15\"@\x81\x15\a\xd8\xc6\xe3\x82< \xb9<j\xbe\x94Z\xdb1\xc9sV\xaf\xfe=\x91\x02o\x99\xfc\xcbm\\\x06,\x96\x16\xb1\xbeD\xd1\xb1\xc6\x1d\xe5\x1d\x88\xbc\x97e\xce\xb5', &(0x7f0000000280), 0x0)
readv$auto(r4, &(0x7f0000001080)={&(0x7f0000000080), 0x5c2}, 0x25)
mmap$auto(0x0, 0x20009, 0xb17a, 0xeb1, 0x3fd, 0x8000)
openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000100), 0x8002, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r6 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sda1\x00', 0x6dc1, 0x0)
ioctl$auto_IOC_PR_REGISTER(r6, 0x401870c8, 0x0)
fanotify_init$auto(0x401, 0x1)
socket(0x1, 0x1, 0x5)
setsockopt$auto(0x400000000000003, 0x29, 0xcc, 0x0, 0x567)
sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(r0, &(0x7f0000002f40)={0x0, 0x0, &(0x7f0000002f00)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c00010055874b759704ccb620be5c469c0000", @ANYRES16, @ANYBLOB="01002bbd7000fcdbdfa51b000000180001801400020077673100"/38], 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x0)
executing program 3:
mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000)
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/neigh/netdevsim2/proxy_delay\x00', 0x202, 0x0)
mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0x7, 0x28000)
mmap$auto(0x0, 0x4994, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/irq/3/smp_affinity_list\x00', 0x8f3b7a51b8162d21, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/bdi/43:384/max_bytes\x00', 0x181482, 0x0)
socketpair$auto(0xffff7fff, 0x4, 0x80000001, 0x0)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0)
ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0)
ioctl$auto_TIOCSTI2(r1, 0x5412, &(0x7f0000000280)="e971")
socket(0xa, 0x2, 0x73)
socket(0x23, 0x2, 0x0)
sendto$auto(0x4, 0x0, 0x8000, 0x0, &(0x7f0000000100)=@in={0x23}, 0x80)
write$auto(r0, &(0x7f0000000080)='\r0\x92@', 0x8)
openat$auto_ptdump_curusr_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0)
openat$auto_short_retry_limit_ops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy13/short_retry_limit\x00', 0x44200, 0x0)
openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/pcmC0D0c\x00', 0x0, 0x0)
r2 = socket(0x2, 0x801, 0x106)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x163340, 0x6a)
socket(0x2, 0x80802, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x4, @multicast2}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
setsockopt$auto(r2, 0x0, 0x13, 0x0, 0x8009)
executing program 3:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0)
ioctl$auto_CEC_S_MODE(r0, 0x40046109, &(0x7f0000002c40)=0xd0)
ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000040)={"a2e88999", 0x7fff, 0x0, 0x2, 0x9, 0x10000, "7207661b123ebfab150d5b41ec06a2", "daa98e20", "930a0c1a", "310f5514", ["f1448f541c30b99a96561625", "229d96ef5eac0e1bdb7b7eda", "105d6dc99314e86c9f351da7", "77ea06a4b734ff1c8eb66fe0"]})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000100)='/proc/kpageflags\x00', 0x2, 0x0)
r0 = socket(0xa, 0x2, 0x3a)
setsockopt$auto(r0, 0x29, 0x40, &(0x7f00000002c0)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\xff\x1b\x01\x1e\xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\xf2Vw\xbe\x1c$\xddm\x8a\x9d\x91_\vBj\x0eQ\xce\x16\'C\x8c\x01\x80\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\x00\x00\x00\x00\xe4\xa5\xfe\xb5h\xae\xec%\xf9\x94>\xd6,\xf3\x98\'\xb0\t~~\xb4\x98\xbb3=A\x9c\x17\xaa\xce\fh-M\xdb-\x15VX\xfe\xca+\xb5\x95\xb3JL\x0fl\xe84\xbd\xa3nO\x9f\xfa\xb1\x06$\b$i3\x83\xd7\x06\xd6\x1e\xdbB\x9bb\x1cXC\x8c\x8b\xd9\xff\xf2Bf\x99!Z\x13\xff\xca\xf3e\x015\x9b\x86\xd6$\x1a\r3\x91\xb7\x942\xeb\xadVA\xfc\x1f\xbf1\xb7T\xc1\xbf\xc0\xc2\xfc\xe8w\xd33\xb2,&\xd5z\xe6\x93\xb9\aE\x825\x94U\xbbNeb\xd2\xa9\x0f\xed\x8b\xea\xfa\x8a\x04.\xffMIw\x0f\xd6\xae^\xd2\xf1j\xcb\r\xa4\x1d0d\xca\x81\x9c\x80GL\x0e\xe6\x19\x8au\x1a7\xc5|\xf6\x1e\xe00\xc6\"\x83\x1c\xa2\x9e\a\x1c\xea\xa3\x9c\xe1BF\x05b\xf6\xdcf\x04\xd9B\xb9\x98\x9cq\xbd\xfb\xb5~\xf2\x8d\x9f`\xec\xd0\xafY\xcf\x84', 0x18000110)
read$auto(0x3, 0x0, 0x80)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0)
ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$auto_VHOST_SET_OWNER(r2, 0xaf01, 0x5)
r3 = socketpair$auto(0x1e, 0x3, 0xb4d, 0x0)
ioctl$auto(r2, 0x4008af03, r2)
close_range$auto(0x2, 0x8, 0x0)
close_range$auto(0x2, 0xffffffffffffffff, 0x3)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/tty/ttyx7/uevent\x00', 0x88300, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000080)=""/28, 0x1c)
socketpair$auto(0x3, 0x5, 0x7, 0x0)
connect$auto(0xffffffffffffffff, &(0x7f0000000000)=@rc={0x1f, @none, 0x6}, 0x7)
socket(0x2, 0x1, 0x84)
connect$auto(0x3, 0x0, 0x55)
listen$auto(0x3, 0x81)
accept$auto(0x3, 0x0, 0x0)
listen$auto(r3, 0xfffffff8)
pipe2$auto(0x0, 0x80)
setsockopt$auto(0x3, 0x1, 0xf, 0x0, 0x8)
r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r5, 0x4b48, 0x1)
listen$auto(0x3, 0x83)
executing program 3:
r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
write$auto_console_fops_tty_io(r0, &(0x7f0000000040)="e18d5f3331c28a0461e3c318bfd9800e9b72", 0x12)
executing program 2:
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC1\x00', 0x400, 0x0)
ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, &(0x7f0000000300)={{@inferred=r0, 0x0, 0x0, 0x9, "0582a820061b5c51a65a6dd72b0b15addbdf55cb4b0f2381f2673e3a1ebe21e1bf1b26f0db7b62b67bd764f9"}, 0x0, @integer64=@value=[0x2, 0x4, 0x7c, 0x401, 0x1ff, 0x0, 0x4000000007b, 0x1, 0x6, 0x8, 0xf, 0x5, 0x80000000, 0x4, 0x4, 0x8, 0x7, 0x7, 0x2, 0x1000, 0x8, 0x7, 0x4, 0x40, 0x61c, 0x9, 0x800, 0x6, 0x7, 0x810, 0x10000, 0x7, 0xffffff7f7fffffff, 0x100000000009, 0x8, 0x4, 0x8000000000000000, 0x5, 0x5, 0x1, 0x7fffffff, 0x10001, 0x768, 0xbd, 0x734, 0x7, 0x6, 0x5, 0x9, 0x1, 0x9f26, 0x9, 0xff, 0x86be, 0x3, 0x2000000000000002, 0x2, 0x8000000000000000, 0x3, 0xfffffffffffffffb, 0x6, 0xdbc2, 0x5, 0x7], "528d458095e72b72adda05ac2d45bdaacfc82245992af763188bf00ab57d5d73b094925aa92857fd2f672f85343241e93023ab4510269ed959a79a789527276d90375018fc08050559d8936b8d72087a5689d4338da78b8b8bdcea8188ca43202fb78dacb3fea12580748800009d75cd52751f9be959d90fa5c200"})
executing program 3:
socket(0x2, 0x1, 0x106)
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
unshare$auto(0x40000080)
bind$auto(0x3, 0x0, 0x6a)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000)
shutdown$auto(0x200000003, 0x2)
socket(0xf, 0x3, 0x2)
r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000580)='/dev/audio\x00', 0x0, 0x0)
add_key$auto(0x0, 0x0, &(0x7f0000000080), 0xb, 0x2df)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
r3 = open(0x0, 0x22040, 0x75)
r4 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100)
copy_file_range$auto(r3, 0x0, r4, 0x0, 0x21c1, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x34, 0x0, 0x5, 0x10, r2, 0x7f)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
r5 = socketpair$auto(0x4, 0xffffffff, 0x8000000000000000, 0x0)
ioctl$auto(r5, 0x6, r5)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
capget$auto(0x0, 0xfffffffffffffffe)
socket(0x15, 0x5, 0x0)
socket(0x2, 0x6, 0x0)
executing program 0:
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r0, 0x4b3a, r0)
executing program 0:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/fs/ext4/sda1/last_error_block\x00', 0x20880, 0x0)
unshare$auto(0x40000080)
prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2)
socket(0x3, 0x3, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0x0, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x8, 0x64, 0x80000001, 0x7, 0x1, 0x1000000000000009, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x630001, 0x0)
r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000004400)='/dev/dsp1\x00', 0x1, 0x0)
ioctl$auto_SNDCTL_DSP_GETTRIGGER(r3, 0x80045010, &(0x7f0000004440))
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x20005, 0xdf, 0xeb1, r1, 0x3)
r4 = open_by_handle_at$auto(r2, &(0x7f00000002c0)={0x1b, 0x136a, "8f42b1077e737d4629d7867bca48102625b1c2c21fa15504a19b9a"}, 0x7d)
setsockopt$auto(r4, 0x1, 0x1021, 0x0, 0xd)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x100000000, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
ioperm$auto(0x7, 0x6, 0x2)
close_range$auto(0x2, 0xa, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0)
r5 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0)
sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000300)={&(0x7f0000000500)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16], 0x64}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000)
read$auto(r5, 0x0, 0x1b4d3)
write$auto(0x3, 0x0, 0xffd8)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
close_range$auto(r0, r0, 0x0)
openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000580), 0x400, 0x0)
executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r3 = socket(0xa, 0x801, 0x84)
setresuid$auto(0x2, 0x7, 0x8080)
ioprio_get$auto(0x3, 0x2)
sendto$auto(r3, 0x0, 0x2000f, 0x20009, &(0x7f0000000000)=@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x2a}}, 0x1c)
ioctl$auto_XFS_IOC_FREESP(r2, 0x4030580b, &(0x7f0000000400)={0x3, 0x3, 0x5, 0x8, 0x3})
sendmsg$auto_NL80211_CMD_REGISTER_FRAME(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x4040040)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
mincore$auto(0x1000, 0x8001, 0x0)
r4 = gettid()
rt_tgsigqueueinfo$auto(0x0, r4, 0x21, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1cb842, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0)
mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
unshare$auto(0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000340), r5)
sendmsg$auto_TIPC_NL_NET_SET(r5, &(0x7f00000079c0)={0x0, 0x0, &(0x7f0000007980)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01002cbd7000ffdbdf250f0000000c00078008000200", @ANYRES32=0xee00, @ANYBLOB="d56e417a"], 0x20}, 0x1, 0x0, 0x0, 0x40010}, 0x2)
r7 = setfsuid$auto(0xee01)
keyctl$auto(0x1d, 0xffffffffffffffff, r7, 0x0, 0x6)
r8 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/softrepeat\x00', 0xc2481, 0x0)
write$auto(r8, 0x0, 0x81)
msgctl$auto_IPC_RMID(0xdda7, 0x0, 0x0)
sendmsg$auto_TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, 0x0, 0x10)
executing program 1:
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000280), 0x42440, 0x0)
r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x40044620, 0x0)
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0)
ioctl$auto_TUNSETVNETBE(r0, 0x400454de, &(0x7f0000000040)=0xcad)
write$auto(r0, &(0x7f0000000080)='\xb3\xe9\xf3\xb3\x80\xd3\x9cp\b~\xc2\x85cP\x12N\b\xfb\xa9\xe5\xe7[T\xf5?@\x03\xc7\xa4\x00\x00\x00\x00\x00\x00', 0x58c)
executing program 2:
r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0)
ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x6)
unshare$auto(0x40000080)
socket(0x1e, 0x1, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000005800), 0xffffffffffffffff)
sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(r2, &(0x7f0000006940)={0x0, 0x0, &(0x7f0000006900)={&(0x7f0000006980)={0x1240, r3, 0x1, 0x70bd29, 0x25dfdbff, {}, [@HWSIM_ATTR_PMSR_RESULT={0x122c, 0x1c, 0x0, 0x1, [@NL80211_PMSR_ATTR_PEERS={0x1084, 0x5, 0x0, 0x1, [{0x1080, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_RESP={0x24, 0x4, 0x0, 0x1, [@NL80211_PMSR_RESP_ATTR_STATUS={0x8, 0x2, 0x7}, @NL80211_PMSR_RESP_ATTR_HOST_TIME={0xc, 0x3, 0x5}, @NL80211_PMSR_RESP_ATTR_FINAL={0x4}, @NL80211_PMSR_RESP_ATTR_FINAL={0x4}, @NL80211_PMSR_RESP_ATTR_FINAL={0x4}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0x47, 0x1, "15498343c724307734086992dc1e25a2a9103e4bf48686438120218fc18eb8d92081607cef938d982b98b2ffabb3d4697d0e992a1ea9d3b471e918ae07e413f97503f8"}, @NL80211_PMSR_PEER_ATTR_RESP={0x4}, @NL80211_PMSR_PEER_ATTR_RESP={0x8, 0x4, 0x0, 0x1, [@NL80211_PMSR_RESP_ATTR_FINAL={0x4}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0x1004, 0x1, "1fb5becd41368ab779a0b29218e67556fc4604877ebfcbd398c11fb77c35a8bf6e74ddc9b04a9138098aecf779ea7e3d541edf3023425cada97c0dc587c6fa47716dd359907f0a162a0b886614c1a7e9546da002cc83e2ed566b0379129f985c460fbbf435e700a4b5580b8a56632571928f8f21f4d11364a0ef75b476ff3956f1c7da142f79c10a4876ffcc63f2d86a0e69b888fc4f296dee02ad8557cdbfb9f0235a183eca304867b40759629cbc72b1502c43b99766ba6d68b0c0ab3c3f028eac0d0571801e5df2a1d739c243a58bf16cfb3859743e905b7ba869f46438f8ae3034bf72d5e80c5484943de2b70c62ef38e5219cc8006f282faca545419374470f9a70397a1f81bc4623e08269594bbebf9b08b81b87ccaebf876dcaf1fa4562e3163b353cb8ff91dba36cfd929ec300388d9224fe45abcc42e157398da0642301b14d590dd9a490eeb4555c64ae48caedffd84b246834f69dfa63f173ce93ba2775a6f4aba2492fe9d62fcae89dab6719935a28c2d614d93e984df4b3a292e0e5d6754a30e52d52b951092a4df3b6abb5c8b74740d551a77c41d02f0ea667e8acb61eac844c20151dac7c08ae95aed291d11cd81365501d3fb0120e11566f94afe38fb008e05536f93364d00a43b8f486bd9aeed50d5a38947982f5f700f06aa7d6783f30abda22a3c9948a274bfae36f6a66c3229520089d65cbddde93a28dd2a72e93bc6c0d9b98f49c9d771f73b1d4dcb6c06829b15422f0c596401ba563a88ded070e2a05a79c8070085502fb3ca34fc767ff2d3b490bb9a6abc3019eefaa4bd9f345f6b94d597166754c5f95140dc5fa9ce51a7cc3257885d074c7cdfd88bb400fd6dbe2d4a830134967cacad9beaff366bf7e3b0a4fa0526473a70c1f44e343a5b9fadf9fc536113772f0f7b0bf16f9b7a7dd8eaa5f7fd9cf259565247f0e58375156005c30e25691d7f8fbd489af83a18f71a38b1996be1ca10bdcbe8d850603d9b81ba828c907753483e9ff23d1d861c36d8045acadaa640a61357fcf9aed13afdf56d13861dd74ce620e592230d3c8699e9adccf2920614ae13c1e3e88a830f36bfcd40ff7c767995044f2ba1661c5f977d9754c58a0d9dd7aad1fbfd94d36dfc61c532c5cb3093ccc0c125ee0e762469f8680500675d4404db12b7062c19c4f0c81c0de489b5eb725f1d7d4cbe7a1f4b51fe8faffb6a709c0a7a4ae7efe75bc66d6c2e705fbee29c0858d9891735c97a28aa15c16fa0444ac2caeeffae42f1fbf0f17adbc9ee40236a844add60741eb64c722811c6f9fd7d614f9620d6f07914b6e7d5eb5dc3d7d6d5f5323575a7c9f864d9d5793d4ca606ab3234930a32e44d8a08d624861a6b94c72f551e7adc8daee91594175bdba18c663ced5991c0846f1c03a96b5d8f858c10dea4886e12ee90186d2130891eb1b354abb1040dd571589b4b7884b31cff7f8b3cdef5a61bc9644883c852106d9be09e5f4d649c669a64fadd3a9b129ab1c956e33dd5ac7224439feb0ccae51aa092c36b4e8d720170d20c22a49e5919d203b312096d625e4316f141f26a9257af159b3c47e025fa40d0150b7dd969d2ec67c727b81653f679f6ebbf8b3ad9c3b0acf232d1b869982879c4a2722cc1e4f0740e9d0feb661e45c5b081ad0546761e6a025529086ca4d38a4b22193e792bbfe6ceb22be5ca954210d0f93f5e38550054b6ae80e64673158815af6cd6adc3b942b4371d33d9662ac80e3ef2eb4acd44ec66cb6d8948d67c3ba8e578f52ac30ab107723e5ce51c4e6d59b20ba7085fd8dbde58cf9a0bd3385e95db6b56a9a68e3160ad36a93e26dc8b915cd4e4767d3dbd3b74052f55e3a74b1edb1068c973a5ca70809c6aeab8ad627955a815315330c51153dcdcb6e77029b0a3712a9231f0c188659e5bb9f89b6a8fd91536a47db7e5d596fa93f0719502e442417ee11bfcb364c6ddadfc8581ce7779d107d6f7aa8739c3254ce9b1e2dbbc1e75566b6d80817e1820e02e8df220e1c9b2d98a15e9db86c5a32bf52b0f1de1be7636cb21e87d777fa1e7828be02578cac204a8e9c7ca6119aa0bdd165bbf7d0f799f0d2ae118bd9037982c1fed3e223b60cc86f21e8c1d9336cb76cb521bc9791abcd99af0bf70a198de0d678cc8bdc0f74fef28407bf09d93054d5e20f5452fad596ae036bec1109e4541d5cb9d287b5498934fad3963a53030dc2264668467716afee211f4dc8082800be3829050b2e26c447b001c076dda2e2b7f17c96612b0f594b6ef5193c5dc3affa5778896e1e40a3953e5557d39799c312b4126a6086dd85393ed3322a48ca0afb9e5dd96ac9461dc7cfc8b02a23b7a1486ea8c9bb204e39298b1017a67a8c1cf1e0582c6b8d95a611c0053eccc9592e1af600e4386680be35c29acfd9033058a4842006fe429188e6a4783a9bf5fd7d1c36c0530f6a42be785419ef2192ffe02470d376f084a4352cdc7e34b9f4891304499b1e0946832b187762d191d7e9cd9cc9112ad768e5132f804f304a9ba0572d0e1c7eac6ff606baf0f0f2e1c836d9a9f7f01fe748dd5ae7b34ed6d51f6e4c8575de14c8552026c4c82516080d919a706fa62958742cc2843ce88c04a19cb66781f2b75d9a81d3f4f2c078e35bacf3a69dc717b61c9c9557d82bdaa636fe80e37f41d63f2388da0b79555f2b3d2b7b30db6d2837aecd455814118a737d3d2845704f4b8a7156dd582477d0b9f0d2622b1f963d243c73646d35dd25547446fa94f47b63637e37b9c61ed88c97b185f9b8d09ffd768cd1c79ab31ff33e82423872f4b2642a1530a248b1dac5a776d5c5d6381e38f01fe8b23921c7b52175619bfe522c945e45ea5a0d35f35fb7c7f772f32657b8b936de258ab52fcf2bc4973c7d8da82d113bd59831b658c62b6913c9162f66a92bcdba85a33796028c8285083f65eec0168039af09f83e27d94fa22f4a595702cbd51d8f48ad8aff4a74c5fd50922b3eba0341c6718f34f3a59181722e330ccfc7d1997357fbb1c95213b082d6b6f119118bb24a98c2c53de48b8b1bdd9c51c88c89acbcd4de108fb32f4beda27743b4a04e5ebc677862da939c7dfc616e765b79b1359d8e5ae4eeae5cd38954a7b6f8693496bfd2624f1a83182440510d7de981a321ccf81b75ab23317598adcb3bff8454110a056ee64a3b088c3ed6d0cd1d2e7033f872106205e95f171e347f02d9583f59113e49386e30ad92537b577e9822f3ecfc1b1374bf2911f61168f30b8f1e3af513e8248409d25c1d3bc09e93a66fa2c4bb3caaf1f4bc28e730ffd78375136e8c32d9bc26b8958c62aa7912dcdf44bbb6668c872df81c6362a679e57860484f003506ab7e1bd7344261c761bc03a7a0167047c1c07e8e46e9af814ab2b93fbdd8536448ee939188ed5a79c6d5d962efe69afde6999a5d52d71090bcb11a1eacb07185f9f5199d44c9bb5c48a09b28cc10e3f84f04677c3052e57d5426d3f5fa852a8f4ed3c8495a4f79261bbf6d1405c9ee97fe3df651819907bf93e4bd0c0a7d2d454e7ba0e84eada5731bf373ae529a6a1f17f959c77931d2ae261b588e844e8c1deae11cf6bbc1433ecabd2715cca3c7471b6f8de376a72647f7bbe11659adb21af39f0b71ae0aaee207f1811cef018fc70717c38b14948f307302bebca0450c6d1670996a92eebe691e0f7395fc20c554a171472df72761fca5a73a242f15c39b7fe6e4c013d655cdd09e319727758beb367aaadf6e70bfef6f8fce3e7c3848279f88ebe8a10f00dfe8f4dd87f9437b8bfa4b7b1517902cc06887ec5a9b9eef923c0e72e9ff82226ae8bf7cef3b3cf91e0ff8408e62421a4d88875b9f6a9382722d42aaf8fea280198a23eda48f6ddc26411825dbfadd25301735d1f9c74f61b15d3b2181dc9d77a4115c7047b9c6520b55dd2fcf343c4f1cb7cf93c10c0e01e282f28cf54575924024819409c322dce701d88f78c94416ebf4c2275bac8c75299636f3a507b7f933c5e13d853725a5ce8f9ec33de647b87a1d0775d62dfa07fead5253cc18526b5ffd90312ff098b81dd01c59f882b0223e6cf768b2ee0d5e0e8d10a2f5c04aa3b97a3dc92e102b30d60f3f0ff5b6253e49d960bc6b8d3a5daf6f3f4c06fcaa315e8315fe71023875f318934414cfd10fd7625e084b132b1c37b1b3e10777c10a3f9c47cca710012a77bf342bd64ba5fb08e24908cbf07143a49c2acf74d0c4097b0a8c2efcb6dbda4433acd0f1e2ad24cbcb4462aa7ce3d12514d4aaaec95457ec06f197c0df614d484af7987458ed2e33552b7a1cf72a4c4b016e7a7399ef9998bd52f860d2ef0751e7e96ebc472af3e666f7778f8eedb12bbac921eac8436b31ab61d72c259a2473678d88743f0f768c1782ee4702646bf349308712ea8cbad36d90b5c770971a1ff70719cdfdeb01927a561fb67d7cb6a2feec1215bac6eeedfb930d3556b5547a7e1af3199de6929a745c5323dbc34624761bb1beff6508463a5b7cac6d1d0265c733cb609b8cdaa56042d29fb70fa58c64b1fed6028d3a2ee7d6f3046cd980bea9f9e1d82fd9beafe7d66cfcbdd49caa5ea4f43faca173cba614e02f407b5c791e460a3ee590b3780ad8cbab34ff0379cc1f947201e28d0cbfa9cc5beef86ecc7090eac13ff614bf73f24b335fcff38a57bce197f67a5816f3d11bb558f0485b4441fcddb6b33c211f19f263f35462349492e26d5fc8437e09539c06fd6b14f243e0a51cc7ed7482677c5a9e7c864b81ae890e6412b6b387e887c9a70e5470c0d17800bb4e39a971a30151c2d5717a9c1183fc5e43902b25130f5fe2d85a64b77a8e64dc59d0b1e3b022efb9c1cbdfebb071c0fbd09619577bb1e18b488091d5c239589805b8df254db031aaa7751bb0b71bffe4b307ebd8359271c2376f2c75a8bea9808725cca6254f89e211cae70dce4cefa123d29238ecb0057d28eeaaabea6e99ab64ebea4c2c62806e6a9e2bccb96a4d07e816ee378e094acee3a9f31b0d1033634310baef6bc7f5e0870a2f1f7f519861834935b1073f9a5c348a46b3be82932d3cf1823a60fb9d0b269b94e58614b5cca1bf2f47ad4e15a93fce9995e06583c41b84930fc26cfe19e9ce9028c7ed8f6f701ed97a74ff3d3affcacf957946fd675240ea08b362a4c1d15aa0722f4cec99aae7d167c49c6123b1ddc36285804044883676921d8b9feed089851e819b782c1fc4025c44874f1454e53e477838e6ff0a472331da69f8e4efb474db064a4b4325c08b4db60377a142c19512b7d1e9fdcfb599662e5448ef3fed112a62bad364467613c73a3385df9766446627c2658c87b56c069440d4e0406e1220c79c2c99116c3224a7a90fee8b6c04f3ff85cbe993c3bb4f7961a801dd893557cd0be736f17e3fa2c65ecc61b907c9d919612ac73a41f91d88733b5830d135a457b3c13fceb0bd294f412bde878315b32c91529b5d55383a1f79f949a8424865b474d784a7a89153b88fc7ec11589b01b9b1aece6585de4d6dbf329c09f35426525addf3e1aa57dddace18fdb219b5e4b32c29a24de709f180b6ff5578141158f467ee9f0cccb580e5b9929c59e47cc8ff27b8401a934769d99f26cc9a9f66ecd0879df8b5becf0cb9a41006396075455306059a7dce312f4e08c54d13bd5da696b32f2c8efbdaad768e372049a3a58bb8c6972d34f859c4ea29ec46aa7752f5d7e8bd3523a10de8b876cb1d61d143d55a1f343252f0927fd5d853b663a71dbb0fff6a7ff07f9cf1e1eb23e07009ffde16778c6f"}]}]}, @NL80211_PMSR_ATTR_PEERS={0x1a4, 0x5, 0x0, 0x1, [{0x138, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_RESP={0x80, 0x4, 0x0, 0x1, [@NL80211_PMSR_RESP_ATTR_STATUS={0x8, 0x2, 0xfffff7f7}, @NL80211_PMSR_RESP_ATTR_STATUS={0x8, 0x2, 0xffffffff}, @NL80211_PMSR_RESP_ATTR_DATA={0x64, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x5c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_RESP_ATTR_RX_RATE={0x1c, 0xc, 0x0, 0x1, [@HWSIM_RATE_INFO_ATTR_EHT_RU_ALLOC={0x5, 0xb, 0xb}, @HWSIM_RATE_INFO_ATTR_LEGACY={0x6, 0x3, 0x8}, @HWSIM_RATE_INFO_ATTR_EHT_GI={0x5, 0xa, 0x1}]}, @NL80211_PMSR_FTM_RESP_ATTR_DIST_SPREAD={0xc}, @NL80211_PMSR_FTM_RESP_ATTR_RTT_SPREAD={0xc, 0xf, 0xc}, @NL80211_PMSR_FTM_RESP_ATTR_RTT_VARIANCE={0xc}, @NL80211_PMSR_FTM_RESP_ATTR_NUM_FTMR_SUCCESSES={0x8, 0x4, 0x100}, @NL80211_PMSR_FTM_RESP_ATTR_CIVICLOC={0x6, 0x14, '+\x00'}, @NL80211_PMSR_FTM_RESP_ATTR_BURST_INDEX={0x6, 0x2, 0x9}]}, @NL80211_PMSR_TYPE_FTM={0x4}]}, @NL80211_PMSR_RESP_ATTR_FINAL={0x4}, @NL80211_PMSR_RESP_ATTR_FINAL={0x4}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0xb3, 0x1, "adcb04a58b3c2f134a15760485188573b1cab1d6ed2698c24fdf710d4b3aa02e3d7206d8e192d58f52ccb69d864b538b8c63b8931a461b0050253fe028240d8b51489a8d52d59f5088bc258b350f375c597e492406740eed2730170fcc3f336f8984bdd9509765de2517c0b82b11ee8c84f1bfcf02152e5664f172dd6025ddb37ce75221e11f3db64fbf6953ac9b5f7bf14ccddc2e65070aa3eecd7a88c038f6ae9bc539ca6b583f997fcbb21becf7"}]}, {0x68, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_RESP={0x48, 0x4, 0x0, 0x1, [@NL80211_PMSR_RESP_ATTR_HOST_TIME={0xc, 0x3, 0x9}, @NL80211_PMSR_RESP_ATTR_FINAL={0x4}, @NL80211_PMSR_RESP_ATTR_STATUS={0x8, 0x2, 0x4}, @NL80211_PMSR_RESP_ATTR_STATUS={0x8, 0x2, 0x628}, @NL80211_PMSR_RESP_ATTR_AP_TSF={0xc}, @NL80211_PMSR_RESP_ATTR_HOST_TIME={0xc, 0x3, 0x1}, @NL80211_PMSR_RESP_ATTR_AP_TSF={0xc, 0x4, 0x8}]}, @NL80211_PMSR_PEER_ATTR_RESP={0x1c, 0x4, 0x0, 0x1, [@NL80211_PMSR_RESP_ATTR_FINAL={0x4}, @NL80211_PMSR_RESP_ATTR_AP_TSF={0xc, 0x4, 0x2}, @NL80211_PMSR_RESP_ATTR_STATUS={0x8, 0x2, 0x1}]}]}]}]}]}, 0x1240}, 0x1, 0x0, 0x0, 0x20000041}, 0x800)
mmap$auto(0x0, 0x2020009, 0x8000000003, 0xeb1, 0xfffffffffffffffa, 0x8000)
syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e</\xfd\x9b\xe4\x99G\xeaS\x9a\xadu(:\x94:\xaf\x06c=3>1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x1, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/net\x00')
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x1, 0x8000)
prctl$auto(0x3f, 0x7ff, 0x0, 0x5, 0x5)
tgkill$auto(0x0, 0x1, 0x1)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
clone$auto(0x100000000021, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x4)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/memory/memory15/online\x00', 0xa001, 0x0)
write$auto(r4, &(0x7f0000000140)='0[.[\x00', 0xcd04)
r5 = socket(0x10, 0x2, 0x14)
sendmsg$auto_NLBL_MGMT_C_REMOVE(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="01002bbddbb0000000000000d311"], 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x400000c)
sysfs$auto(0x2, 0x101000000000007, 0x0)
keyctl$auto(0x2000000000000017, 0x8000, 0x2d, 0xc4, 0x20803)
bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3)
executing program 1:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
executing program 3:
unshare$auto(0x40000080)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x15, 0x5, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
setsockopt$auto(0x3, 0x114, 0xa, 0x0, 0x4)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/queues/tx-9/xps_rxqs\x00', 0x1a1842, 0x0)
unshare$auto(0x40000080)
r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
write$auto_console_fops_tty_io(r1, &(0x7f0000000e00)="51426572911c17e9dd66bf94ea32689283bb895dbc0a97721ed6e250c974356905898b7d48acecddf280cf6dd4ba18c1aa3928071c6585025ceab0e2f34f37ddec138ea587fc4def825608b0ab2a6ecac42062bd3c58ba606307b7471b20a40ffa168b91dde4727571c4ec94bfbde1df90ccb265ffda374c98ffb1ee22069af38a3f200532dbbe5e98f4455170e9a137517b9b7b8840359940ab00f37125c2bec0ac36606b6c69edb35967d723fb81a15faea2bd280d1581ad1ef597bb4dc09f6a5d53aaff1877b77c4e425761dc09d34498c1fce72c0ba1041a99b8748a37597b9567cda1de2cbf6962798e5ee11bf7cb2c70a9502f33c43b8e5dc54de743a2e24cb94c22d669b434888a7ce4cb16cd77b324258e07af32adc0cb38f8c622085783f6804edc3913fb9e98c55713fa0bf8101ad0f6f43407ce4be0001d1bb201bec283ade79ab23484c1076e703864629ac9a6031533dc956f705f89f0e0ef7d3109e46859d1f2ad1b8cb3cfcedf868a3be101e8b9acd75e39e6a27a541aa9fe86ad3119b7049c3fad2a901222eb948cabb4b5c3e5ba6ffc02a15bf7d550b00ab0f3dd3002924f7bd0701269ae293c4cb231b9127d1f6b38dd6fbb3429905384eed7eed9330a9c5e732bdd510169d9ca3e420ea2102be3770a0ab598c037b8f01e8910cf8b0942aafb156ac90724cf552df158a7f59c26e62f3fcf32d860c2259cb1b3118a773ff3cfbaf9c5b068dade5cd7778f1ea98700629b62534735fef3071c30afa6ea26f7e651ec140936c07d9e90f1c9faef3e05376b1e121af6a6691616c10e19fd4f16b1858b44d99e597908cda0e8fa8c21d8b700987d7723a4b5a4ff3c371f2d1cb9fb2f054abc58727239ba67a173f1431083fedc7c4304488c13c75e4995a58ac9de085377356ddc5338aeb44e7f3d06f82a5e0c846159c881a0395a3dbf32a9f2530a520721431a752b13b01a89bdf2b38387b72e8a533936623ec396f6ef94ddfcca047bf20a6fe450a03dedb36a57355e2519ff579b5c63095f48407ece8a7c6c4f5b2582616f0a6bba059810c0a28355fb08dceec9e290026452c3135f8ad93f9617f22e590122d43f6fdc1ea0f9ec12c551b5127108443bb081f7a89660034ea4f3c4305108428cc91918dbb28c2a117f09609e40903b13055e92a727afa767b1f97df335ee729686c0113e4cc18aa50f4ad82b1d403cc6c11ac3bf63415560417d7d488df01b69c925ca3fce60ca7ac767fd11df61caf62f3ab67dad043faf1cc334903e0f419c2e97553ecaad5814bf097192e76e9a16bc5c9be932718aba32cd7dbcc6bc634a463c6f709cc81963b39442e710c14c7e107b0aeb7b6a0e3f3757860d10dd741863277c43ce4dcec49f4558959b08f59182baf4f250aa045fee383ceaec280817bf222dfbeeca8c1ec8473176326c1ffd49ea072b5f3c73f36865b6052a1595c1bb76cfe37f976848fbcb408381ddeff9c318a2e6bbfe6c18ef16531fec3c47874a5391238c0d6b0e033db3fce94127cc9c98a4211e5d873f7b4810846d96be2d6cac532fce0ddee737e4d1ddb65b8b2449984a897e4090449ed4fb4006fb9d133e51396d4664a3f0c395c5b24781f8389979ccb565c6461b66db7134d15cff5ae8f935a5bcb23caace2edd2b37a726575e3cb0528de05edd9f03e30feb617767b6a557280a0a288b52af44a1607b6063867e5c9d8d56c44968fd509b5983fa06e6b1eefb2f8cee0c1cb49b8b569cf13b77adbc22ce972cd718167ac571ee41a446d13931f849d5636c729996b36ec84171fde260a4e01e9770cf687591a79833ae6473c51e12c0faab96ef093e6178d485526dbf775c94324c76bd4af2652e9036b1cc0d3df05c9232ee6eef7c4f46a6cf8ad160ad087aba6928bf156bf3ade1d135a965c4a2b283485737da67fe99227f2fbfb3baa74d75fe29122adfd82fcb9325b7ea826a52559654e76d494a374d9535facfcd4ab248e388c516bb8a0dc151b1557e418fd7c625c67ab1c50d6f05b97ba15c55631aeea44b21131aa93ead176f7bfd1418856e28782f004f272738827a64bb695f6b6a08cff8d1917be52a8851bd2bfd57d08bb0660e2ffc23792a419c2e9b006e3b0ad05044d99b97391fd2cceb86cf26acebe089a861340b04fd01e1baa70583032a30ea2e605217b80f7ee16d7e28be43d12bb2b67937dd26a8aeb84fef2f2d52f75232a400e7b279dcfc01953b0c46203477a50b5853e8f7b14b2ba31db742504bca6ed95b18846706c9fd85bf2a3a2642029b9ff2828bf0f7cbd96109a237961be8fe5c62f0fcc04c994f123f4a22f048403eac9308cfd2f2e4350c72e9ef83416ce973d3aa90d281a0275886dd3858b5869784ae58e257aa5af6d373dcc9cf520e364be748833adbb10daa6f6a334b51d27529d86ea5ce874562f9f93da45d244224b936fced3b658abbe7aa1f0d502fffce823f528ab47ea3540722f144733666229ae08cfc7e61247742ea4e3c180938ae7c7b81c1ee975c831f79672e044cefc49894c2ab73bba2580ac476cc0e56b6748b8edbb37a3f8dda7ffad4ec07abce7c4d10fc32e40d5a9db37f7b1e3a6eabedbefa9dd8eef189b92363d3391d384af26b7d47958d3d82845c9b668da5bcbd64058dc9e1c6d903ab5d2aa049d197116a11309a1abe9e5b3f9e7f1c623242b1d8089bc369d145a7070e8a9bdf543dbffe899ff9366009a3b0424a634681b530dad9ef23f136a10c7287068e57f3c2de45adf0a105c328e0035b97168f4c17aa4610b2e6e1a6ba0b71c06417b7a9497be4a009b19d7162adfd4d7b6490faf3782a920281333ad09b848ab5f4d15534b8c4e43dc9604b0630f8d349b2c80a98fde04693c31cbed7d460edfc0138dcc5d3974e682bbd555ac19625bf6e0607d8803391ec9c2dc41fc4e8bceae4f53507137324dd02914a067d52a577b812ddac4a34765c26a98839b3edb6290abff0c75991d6f8c1bd7540f38a7f25fec2f3539f894c938e1f3cf0ff1e6994d6a6ecc457a482f045ba712a85e8e31afd49c8e3480dc1c36d56ab2eceac6e5a847455d8ef4e3d45cd463c421bd1bce2ca57dd88f0e7ab3446cdfa8cb3914c240936f1738af7009e9131b240b59af55d7e38307b91fc8f00410cfdcfacaa341607a801afa63640091eb00b860700ea882878a8d9838f5597b970366be7d167ddebfe3c9253b5dbf7f30a67ee4d87dccb3c723c20200aa5fc036caf12811b19ce49c81ce328d7b24587353ecb99bafd327e33303cf447b36800d1bed8ee10df527d55c0d5f7506fb11cb1338074113579e665c6f3cffde5a8ee98a7bf3f8157986cf7c1c5dbdedaacbe3946b3d8809dec7387f006c062b93b6b481a806e5544ddeea7218fcc15c25a88164bfd0735e6290167cb2dbf4b4a317ba00b1fc27d203a6cff71ef8fe97a97d8e07af2ce1d0a0a2aa9ede7dd0572325075c83c2ecf866aa01654eff55ebe4e489e72152e6a3090e2348732704eb02997ffd23a63faabfbbbd1fb124cab606faed24a393058cea1c1286001ee5c0c1fa26b6a81ebdd4718a94cebdb45bfe812c771df398d3305da03d37ced9d0242b6da212dc9f5c14d7ff999bee20f6621792d1442e449eba8589a823e5e99c65fdffbaefe89e2e32406ec4cf574e335e2d288e4cdad56f4b1b57c364ed3e28809e480d6f410c7ebf43bd2a605d6a8c9facae6b7f8f2c56f792ae21fc0cc5dd9beae0cab3547ebb5467183c2f01bc315bd7bd191088886752dc5108093bdbc91348743440130f33d3dfa9c25490245e5fa904f8660e82253c826b7bea4e9a7a1c627e10c56d71878a644bd176016f29cf5398be14cc0fdec45c65e2b967aedb75212eed1eb05a44da62190009d1c08163b74813b82c27f1e6cd681a4b5150f967444b7bc930da68603fd706e96ba8663b2e50ef0a9b04e321a8a337b08fea7288a3fef5062c7e4c17ad3d490870d39c10b78a74eab25c993527e313a4f59d86de55aa9a8a63f734c2db556692fe993b0cd08e0ab5434c9ec02d5127354f55e6b5d5a7b61685d02edae21ece71d203abf7408211229a9ebbfdeffa2c0f38db274066d0706d80398c172e6daf4a0dce62c2287cbf0d30cfa313d7baf4e5caa18f594f0ab0d854f3cef76ff83e96fa49d0e0f8a47193b51a0a45aee2e1d9a5b372b8ee828f645a06979ec351d798480c7824e846028c02f58b5641acbae1e2079abd86182a662bb1642c9346d7fba628fb012da293acef33b8b76a8885c2e5d685348b6148c5b44409f58d8d5f29344fe8a2e4c2432ae622bb1912ea65d5574bff895025bd72cd780d59cbaa0886afd5d6676d2de6266903115525c075cc3f75ce9eba3787a890e1f758f0e502c4c9c0538dc942cf4e2d69742edeeddb66b1d459fcf6f744b2c40111104ab21fd4e99b4477e25cc5a9af59108c8b2f569d4ba227c754f294fdc1e6b383fd89861a203f4d4ee33814aeb21ee411a0d6918533aa2450b1e35c97ab6f01f3829c8a4c33fe0fbc81dd579bbdb44eda4f335d2bc512ca7f38f603c29033c94df2c9533f4422432f574a021e90a0fe3a4cf54", 0xcb6)
socket(0x5, 0x3, 0x0)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
mmap$auto(0x0, 0x2060009, 0x3, 0xeb2, r0, 0x8000)
mmap$auto(0xffff, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/ubifs/parameters/default_version\x00', 0xa041, 0x0)
write$auto(0x3, 0x0, 0xfdef)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x3, 0xa)
getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0)
writev$auto(0x1, &(0x7f0000000100)={0x0, 0xa}, 0x1)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0xa, 0x2, 0x73)
r2 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video54\x00', 0x80000, 0x0)
ioctl$auto(0x3, 0xc0285628, r2)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
read$auto(0xc8, 0x0, 0x200)
executing program 1:
close_range$auto(0x2, 0x8, 0x0)
pipe2$auto(&(0x7f00000000c0), 0x800)
writev$auto(0xca, &(0x7f0000000080)={&(0x7f00000000c0), 0x2}, 0x2000000000000003)
executing program 1:
r0 = socket(0x11, 0x3, 0x6)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x4a})
sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000180), 0x5ea}, 0x5, 0x0, 0x0, 0x1001}, 0x5}, 0x2, 0x140)
executing program 0:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
capget$auto(0x0, 0xfffffffffffffffe)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x4007, 0xb})
openat$auto_trace_options_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/options/blk_cgroup\x00', 0x5, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
faccessat2$auto(0x1, 0x0, 0x2, 0x1000)
mmap$auto(0x9, 0x1000, 0xff, 0x9b72, r0, 0x8000)
socket(0x11, 0x80003, 0x300)
r1 = socket(0x10, 0x2, 0x4)
r2 = io_uring_setup$auto(0x4bf15e08, &(0x7f0000000000)={0x401, 0x8, 0xfe, 0x6fb3, 0x8a, 0x40000009, <r3=>0xffffffffffffffff, [0x100, 0x9, 0x7f], {0x6, 0x7, 0x3032, 0xe, 0xf, 0x5, 0x5, 0xfffffff9, 0x5}, {0x0, 0xfc, 0x6, 0x1, 0x0, 0xf89, 0x9, 0x7fffffff, 0x8}})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto_XFS_IOC_READLINK_BY_HANDLE(r2, 0xc038586c, &(0x7f0000000200)={r3, &(0x7f00000002c0)="d6211c9d37028a5a8fa8e4966798daa26c28f06e6561563dba39cc5eb4f13685d76625d4fb5c00cbbb416eb0b036a8003bc682ec833c4b18de4bdcad262bc4fd58926c901d508bbba38a09e7aba713724d3cc1dc971a5062c4005e554468ceae833d19e4c02e6ff6b45f50073e2cfc5df28a4a754958f46295dd8c4f5993d079a0849c4dbcceb10829dd5b167082fbd28ca1814e54244bda8c53a366941c5efd45d1f2be5039714ecf60a4355e8e4c0f905940654cf4b7076928d216a2e66f05614219db603e80614c869d9ca89e92753d33c13bbd304364da0f79d8adeb497d574a33e0dba87b07171be8d19c574d8b08a06bde4b5abf99", 0x0, &(0x7f00000003c0)="b6bb2047d977bc1830e9564060f7257ab2dcf769cdd573aa501e947267ae735d5e2e73f0ca81d3b2a37e0706ea9509dff5b80eb463a2acd9b2c77ccc51de70bea0aae57500d33e3e15047eabd851352ee4b003ac72788631d0c1e4886895be505f6d743ec0affb84e04b060a166a26a648875e514b52b52ae5e54300adec0b959fb81a4fa5e8b5d84d8b7f4cfdde38b94d1db0a28e5d5e46786828a33f2cee62d635aa8e9c752fd12f54abd57ed781f913b0b6aea7c2e2a6be37caff48a174b754e2a3390de23ee866267bc0ef73fdf51ec7ea5a59c3ea508708ce10eabee43bbf04e688273122430b722d52f3a2e7bbb366b3ceb2", 0x2, &(0x7f00000000c0)='c;', &(0x7f00000001c0)=0x2})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'dummy0\x00'})
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/cgroup\x00')
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x2404c000)
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000004c0), r0)
sendmsg$auto_NL80211_CMD_UPDATE_OWE_INFO(r3, &(0x7f0000000580)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x30, r5, 0x20, 0x70bd25, 0x25dfdbfb, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x2b}, @NL80211_ATTR_IFNAME={0x14, 0x4, 'batadv_slave_0\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x200488c1)
write$auto(r1, &(0x7f0000000000)='-\x00', 0x2fb)
close_range$auto(0xffffffffffffffff, 0x5, 0x0)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x7, 0x72, 0x8b72, 0x8f1, 0x2000)
close_range$auto(0x2, 0x8, 0x0)
unshare$auto(0x40000080)
write$auto(0xca, &(0x7f0000000180)='\x04\x02\x00\r\xfb\xff\xf6\xdd\x90\x806\xc8\xbe\x94\xf2\xa2', 0x2d9)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0)
r6 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0x101500, 0x0)
readv$auto(r6, &(0x7f00000005c0)={&(0x7f0000000540), 0x200}, 0x6)
socket(0x2, 0x1, 0x0)
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x101000, 0x0)
executing program 1:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd6/queue/scheduler\x00', 0x189002, 0x0)
sendfile$auto(r0, r0, 0x0, 0x3)
executing program 0:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
rseq$auto(&(0x7f0000000340)={0xe, 0x401, 0x0, 0x806, 0xffffffff, 0x2}, 0x8000, 0x0, 0x8000006)
init_module$auto(0x0, 0x81, 0x0)
executing program 0:
capget$auto(0x0, 0xfffffffffffffffe)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x4007, 0xb})
openat$auto_trace_options_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/options/blk_cgroup\x00', 0x5, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
faccessat2$auto(0x1, 0x0, 0x2, 0x1000)
mmap$auto(0x9, 0x1000, 0xff, 0x9b72, r0, 0x8000)
socket(0x11, 0x80003, 0x300)
r1 = socket(0x10, 0x2, 0x4)
r2 = io_uring_setup$auto(0x4bf15e08, &(0x7f0000000000)={0x401, 0x8, 0xfe, 0x6fb3, 0x8a, 0x40000009, <r3=>0xffffffffffffffff, [0x100, 0x9, 0x7f], {0x6, 0x7, 0x3032, 0xe, 0xf, 0x5, 0x5, 0xfffffff9, 0x5}, {0x0, 0xfc, 0x6, 0x1, 0x0, 0xf89, 0x9, 0x7fffffff, 0x8}})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto_XFS_IOC_READLINK_BY_HANDLE(r2, 0xc038586c, &(0x7f0000000200)={r3, &(0x7f00000002c0)="d6211c9d37028a5a8fa8e4966798daa26c28f06e6561563dba39cc5eb4f13685d76625d4fb5c00cbbb416eb0b036a8003bc682ec833c4b18de4bdcad262bc4fd58926c901d508bbba38a09e7aba713724d3cc1dc971a5062c4005e554468ceae833d19e4c02e6ff6b45f50073e2cfc5df28a4a754958f46295dd8c4f5993d079a0849c4dbcceb10829dd5b167082fbd28ca1814e54244bda8c53a366941c5efd45d1f2be5039714ecf60a4355e8e4c0f905940654cf4b7076928d216a2e66f05614219db603e80614c869d9ca89e92753d33c13bbd304364da0f79d8adeb497d574a33e0dba87b07171be8d19c574d", 0x0, &(0x7f00000003c0)="b6bb2047d977bc1830e9564060f7257ab2dcf769cdd573aa501e947267ae735d5e2e73f0ca81d3b2a37e0706ea9509dff5b80eb463a2acd9b2c77ccc51de70bea0aae57500d33e3e15047eabd851352ee4b003ac72788631d0c1e4886895be505f6d743ec0affb84e04b060a166a26a648875e514b52b52ae5e54300adec0b959fb81a4fa5e8b5d84d8b7f4cfdde38b94d1db0a28e5d5e46786828a33f2cee62d635aa8e9c752fd12f54abd57ed781f913b0b6aea7c2e2a6be37caff48a174b754e2a3390de23ee866267bc0ef73fdf51ec7ea5a59c3ea508708ce10eabee43bbf04e688273122430b722d52f3a2e7bbb366b3ceb2", 0x2, &(0x7f00000000c0)='c;', &(0x7f00000001c0)=0x2})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'dummy0\x00'})
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/cgroup\x00')
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x2404c000)
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000004c0), r0)
sendmsg$auto_NL80211_CMD_UPDATE_OWE_INFO(r3, &(0x7f0000000580)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x30, r5, 0x20, 0x70bd25, 0x25dfdbfb, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x2b}, @NL80211_ATTR_IFNAME={0x14, 0x4, 'batadv_slave_0\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x200488c1)
write$auto(r1, &(0x7f0000000000)='-\x00', 0x2fb)
close_range$auto(0xffffffffffffffff, 0x5, 0x0)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x7, 0x72, 0x8b72, 0x8f1, 0x2000)
close_range$auto(0x2, 0x8, 0x0)
unshare$auto(0x40000080)
write$auto(0xca, &(0x7f0000000180)='\x04\x02\x00\r\xfb\xff\xf6\xdd\x90\x806\xc8\xbe\x94\xf2\xa2', 0x2d9)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0)
r6 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0x101500, 0x0)
readv$auto(r6, &(0x7f00000005c0)={&(0x7f0000000540), 0x200}, 0x6)
socket(0x2, 0x1, 0x0)
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x101000, 0x0)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-sendfile$auto
detailed listing:
executing program 0:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd6/queue/scheduler\x00', 0x189002, 0x0)
sendfile$auto(r0, r0, 0x0, 0x3)

program crashed: possible deadlock in elevator_change
single: successfully extracted reproducer
found reproducer with 2 syscalls
minimizing guilty program
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal
detailed listing:
executing program 0:
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd6/queue/scheduler\x00', 0x189002, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendfile$auto
detailed listing:
executing program 0:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-sendfile$auto
detailed listing:
executing program 0:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x189002, 0x0)
sendfile$auto(r0, r0, 0x0, 0x3)

program did not crash
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-sendfile$auto
program crashed: possible deadlock in pcpu_alloc_noprof
a never seen crash title: possible deadlock in pcpu_alloc_noprof, ignore
simplifying guilty program options
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-sendfile$auto
detailed listing:
executing program 0:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd6/queue/scheduler\x00', 0x189002, 0x0)
sendfile$auto(r0, r0, 0x0, 0x3)

program crashed: possible deadlock in elevator_change
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-sendfile$auto
program did not crash
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-sendfile$auto
detailed listing:
executing program 0:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd6/queue/scheduler\x00', 0x189002, 0x0)
sendfile$auto(r0, r0, 0x0, 0x3)

program crashed: possible deadlock in elevator_change
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-sendfile$auto
program did not crash
reproducing took 22m20.061082854s
repro crashed as (corrupted=false):
======================================================
WARNING: possible circular locking dependency detected
6.15.0-syzkaller-01958-g785cdec46e92 #0 Not tainted
------------------------------------------------------
syz.0.16/6041 is trying to acquire lock:
ffff888026e30fa8 (&q->elevator_lock){+.+.}-{4:4}, at: elevator_change+0x103/0x400 block/elevator.c:677

but task is already holding lock:
ffff888026e30a70 (&q->q_usage_counter(io)#55){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 block/blk-mq.c:205

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #3 (&q->q_usage_counter(io)#55){++++}-{0:0}:
       blk_alloc_queue+0x619/0x760 block/blk-core.c:461
       blk_mq_alloc_queue+0x175/0x290 block/blk-mq.c:4396
       __blk_mq_alloc_disk+0x29/0x120 block/blk-mq.c:4443
       nbd_dev_add+0x4a0/0xbc0 drivers/block/nbd.c:1933
       nbd_init+0x181/0x320 drivers/block/nbd.c:2670
       do_one_initcall+0x120/0x6e0 init/main.c:1257
       do_initcall_level init/main.c:1319 [inline]
       do_initcalls init/main.c:1335 [inline]
       do_basic_setup init/main.c:1354 [inline]
       kernel_init_freeable+0x5c2/0x900 init/main.c:1567
       kernel_init+0x1c/0x2b0 init/main.c:1457
       ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:148
       ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

-> #2 (fs_reclaim){+.+.}-{0:0}:
       __fs_reclaim_acquire mm/page_alloc.c:4060 [inline]
       fs_reclaim_acquire+0x102/0x150 mm/page_alloc.c:4074
       might_alloc include/linux/sched/mm.h:318 [inline]
       prepare_alloc_pages+0x162/0x610 mm/page_alloc.c:4742
       __alloc_frozen_pages_noprof+0x18b/0x23f0 mm/page_alloc.c:4963
       __alloc_pages_noprof+0xb/0x1b0 mm/page_alloc.c:5008
       __alloc_pages_node_noprof include/linux/gfp.h:284 [inline]
       alloc_pages_node_noprof include/linux/gfp.h:311 [inline]
       pcpu_alloc_pages mm/percpu-vm.c:95 [inline]
       pcpu_populate_chunk+0x110/0xb00 mm/percpu-vm.c:285
       pcpu_alloc_noprof+0x86a/0x1470 mm/percpu.c:1870
       xt_percpu_counter_alloc+0x13e/0x1b0 net/netfilter/x_tables.c:1931
       find_check_entry.constprop.0+0xbc/0x9b0 net/ipv4/netfilter/ip_tables.c:526
       translate_table+0xc98/0x1720 net/ipv4/netfilter/ip_tables.c:716
       ipt_register_table+0x102/0x430 net/ipv4/netfilter/ip_tables.c:1742
       iptable_mangle_table_init+0x40/0x60 net/ipv4/netfilter/iptable_mangle.c:92
       xt_find_table_lock+0x2e1/0x520 net/netfilter/x_tables.c:1260
       xt_request_find_table_lock+0x28/0xf0 net/netfilter/x_tables.c:1285
       get_info+0x190/0x610 net/ipv4/netfilter/ip_tables.c:963
       do_ipt_get_ctl+0x169/0xa10 net/ipv4/netfilter/ip_tables.c:1659
       nf_getsockopt+0x7c/0xe0 net/netfilter/nf_sockopt.c:116
       ip_getsockopt+0x18c/0x1e0 net/ipv4/ip_sockglue.c:1777
       tcp_getsockopt+0x9e/0x100 net/ipv4/tcp.c:4727
       do_sock_getsockopt+0x3ff/0x800 net/socket.c:2357
       __sys_getsockopt+0x123/0x1b0 net/socket.c:2386
       __do_sys_getsockopt net/socket.c:2393 [inline]
       __se_sys_getsockopt net/socket.c:2390 [inline]
       __x64_sys_getsockopt+0xbd/0x160 net/socket.c:2390
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xcd/0x230 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #1 (pcpu_alloc_mutex){+.+.}-{4:4}:
       __mutex_lock_common kernel/locking/mutex.c:601 [inline]
       __mutex_lock+0x199/0xb90 kernel/locking/mutex.c:746
       pcpu_alloc_noprof+0xb4a/0x1470 mm/percpu.c:1782
       init_alloc_hint lib/sbitmap.c:16 [inline]
       sbitmap_init_node+0x2fd/0x770 lib/sbitmap.c:126
       sbitmap_queue_init_node+0x41/0x560 lib/sbitmap.c:438
       bt_alloc block/blk-mq-tag.c:542 [inline]
       blk_mq_init_tags+0x12d/0x2b0 block/blk-mq-tag.c:565
       blk_mq_alloc_rq_map block/blk-mq.c:3538 [inline]
       blk_mq_alloc_map_and_rqs+0x237/0xf60 block/blk-mq.c:4094
       blk_mq_sched_alloc_map_and_rqs block/blk-mq-sched.c:386 [inline]
       blk_mq_init_sched+0x30c/0x610 block/blk-mq-sched.c:485
       elevator_switch+0x1e1/0x7f0 block/elevator.c:595
       elevator_change+0x2ac/0x400 block/elevator.c:679
       elevator_set_default+0x292/0x320 block/elevator.c:737
       blk_register_queue+0x393/0x4f0 block/blk-sysfs.c:879
       __add_disk+0x74a/0xf00 block/genhd.c:524
       add_disk_fwnode+0x13f/0x5d0 block/genhd.c:593
       add_disk include/linux/blkdev.h:764 [inline]
       nbd_dev_add+0x791/0xbc0 drivers/block/nbd.c:1963
       nbd_init+0x181/0x320 drivers/block/nbd.c:2670
       do_one_initcall+0x120/0x6e0 init/main.c:1257
       do_initcall_level init/main.c:1319 [inline]
       do_initcalls init/main.c:1335 [inline]
       do_basic_setup init/main.c:1354 [inline]
       kernel_init_freeable+0x5c2/0x900 init/main.c:1567
       kernel_init+0x1c/0x2b0 init/main.c:1457
       ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:148
       ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

-> #0 (&q->elevator_lock){+.+.}-{4:4}:
       check_prev_add kernel/locking/lockdep.c:3168 [inline]
       check_prevs_add kernel/locking/lockdep.c:3287 [inline]
       validate_chain kernel/locking/lockdep.c:3911 [inline]
       __lock_acquire+0x126f/0x1c90 kernel/locking/lockdep.c:5240
       lock_acquire kernel/locking/lockdep.c:5871 [inline]
       lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5828
       __mutex_lock_common kernel/locking/mutex.c:601 [inline]
       __mutex_lock+0x199/0xb90 kernel/locking/mutex.c:746
       elevator_change+0x103/0x400 block/elevator.c:677
       elv_iosched_store+0x2eb/0x3a0 block/elevator.c:792
       queue_attr_store+0x276/0x320 block/blk-sysfs.c:805
       sysfs_kf_write+0xf2/0x150 fs/sysfs/file.c:145
       kernfs_fop_write_iter+0x354/0x510 fs/kernfs/file.c:334
       iter_file_splice_write+0x91c/0x1150 fs/splice.c:738
       do_splice_from fs/splice.c:935 [inline]
       direct_splice_actor+0x18f/0x6c0 fs/splice.c:1158
       splice_direct_to_actor+0x342/0xa30 fs/splice.c:1102
       do_splice_direct_actor fs/splice.c:1201 [inline]
       do_splice_direct+0x174/0x240 fs/splice.c:1227
       do_sendfile+0xb06/0xe50 fs/read_write.c:1370
       __do_sys_sendfile64 fs/read_write.c:1431 [inline]
       __se_sys_sendfile64 fs/read_write.c:1417 [inline]
       __x64_sys_sendfile64+0x1d8/0x220 fs/read_write.c:1417
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xcd/0x230 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

other info that might help us debug this:

Chain exists of:
  &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#55

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&q->q_usage_counter(io)#55);
                               lock(fs_reclaim);
                               lock(&q->q_usage_counter(io)#55);
  lock(&q->elevator_lock);

 *** DEADLOCK ***

6 locks held by syz.0.16/6041:
 #0: ffff88803240c428 (sb_writers#7){.+.+}-{0:0}, at: splice_direct_to_actor+0x342/0xa30 fs/splice.c:1102
 #1: ffff888077108888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff888026d9bb48 (kn->active#60){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffff888026e3a988 (&set->update_nr_hwq_lock){.+.+}-{4:4}, at: elv_iosched_store+0x337/0x3a0 block/elevator.c:790
 #4: ffff888026e30a70 (&q->q_usage_counter(io)#55){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 block/blk-mq.c:205
 #5: ffff888026e30aa8 (&q->q_usage_counter(queue)#7){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 block/blk-mq.c:205

stack backtrace:
CPU: 0 UID: 0 PID: 6041 Comm: syz.0.16 Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_circular_bug+0x275/0x350 kernel/locking/lockdep.c:2046
 check_noncircular+0x14c/0x170 kernel/locking/lockdep.c:2178
 check_prev_add kernel/locking/lockdep.c:3168 [inline]
 check_prevs_add kernel/locking/lockdep.c:3287 [inline]
 validate_chain kernel/locking/lockdep.c:3911 [inline]
 __lock_acquire+0x126f/0x1c90 kernel/locking/lockdep.c:5240
 lock_acquire kernel/locking/lockdep.c:5871 [inline]
 lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5828
 __mutex_lock_common kernel/locking/mutex.c:601 [inline]
 __mutex_lock+0x199/0xb90 kernel/locking/mutex.c:746
 elevator_change+0x103/0x400 block/elevator.c:677
 elv_iosched_store+0x2eb/0x3a0 block/elevator.c:792
 queue_attr_store+0x276/0x320 block/blk-sysfs.c:805
 sysfs_kf_write+0xf2/0x150 fs/sysfs/file.c:145
 kernfs_fop_write_iter+0x354/0x510 fs/kernfs/file.c:334
 iter_file_splice_write+0x91c/0x1150 fs/splice.c:738
 do_splice_from fs/splice.c:935 [inline]
 direct_splice_actor+0x18f/0x6c0 fs/splice.c:1158
 splice_direct_to_actor+0x342/0xa30 fs/splice.c:1102
 do_splice_direct_actor fs/splice.c:1201 [inline]
 do_splice_direct+0x174/0x240 fs/splice.c:1227
 do_sendfile+0xb06/0xe50 fs/read_write.c:1370
 __do_sys_sendfile64 fs/read_write.c:1431 [inline]
 __se_sys_sendfile64 fs/read_write.c:1417 [inline]
 __x64_sys_sendfile64+0x1d8/0x220 fs/read_write.c:1417
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x230 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f27b1b8e969
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdded1e7b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f27b1db5fa0 RCX: 00007f27b1b8e969
RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003
RBP: 00007f27b1c10ab1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f27b1db5fa0 R14: 00007f27b1db5fa0 R15: 0000000000000004
 </TASK>

final repro crashed as (corrupted=false):
======================================================
WARNING: possible circular locking dependency detected
6.15.0-syzkaller-01958-g785cdec46e92 #0 Not tainted
------------------------------------------------------
syz.0.16/6041 is trying to acquire lock:
ffff888026e30fa8 (&q->elevator_lock){+.+.}-{4:4}, at: elevator_change+0x103/0x400 block/elevator.c:677

but task is already holding lock:
ffff888026e30a70 (&q->q_usage_counter(io)#55){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 block/blk-mq.c:205

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #3 (&q->q_usage_counter(io)#55){++++}-{0:0}:
       blk_alloc_queue+0x619/0x760 block/blk-core.c:461
       blk_mq_alloc_queue+0x175/0x290 block/blk-mq.c:4396
       __blk_mq_alloc_disk+0x29/0x120 block/blk-mq.c:4443
       nbd_dev_add+0x4a0/0xbc0 drivers/block/nbd.c:1933
       nbd_init+0x181/0x320 drivers/block/nbd.c:2670
       do_one_initcall+0x120/0x6e0 init/main.c:1257
       do_initcall_level init/main.c:1319 [inline]
       do_initcalls init/main.c:1335 [inline]
       do_basic_setup init/main.c:1354 [inline]
       kernel_init_freeable+0x5c2/0x900 init/main.c:1567
       kernel_init+0x1c/0x2b0 init/main.c:1457
       ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:148
       ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

-> #2 (fs_reclaim){+.+.}-{0:0}:
       __fs_reclaim_acquire mm/page_alloc.c:4060 [inline]
       fs_reclaim_acquire+0x102/0x150 mm/page_alloc.c:4074
       might_alloc include/linux/sched/mm.h:318 [inline]
       prepare_alloc_pages+0x162/0x610 mm/page_alloc.c:4742
       __alloc_frozen_pages_noprof+0x18b/0x23f0 mm/page_alloc.c:4963
       __alloc_pages_noprof+0xb/0x1b0 mm/page_alloc.c:5008
       __alloc_pages_node_noprof include/linux/gfp.h:284 [inline]
       alloc_pages_node_noprof include/linux/gfp.h:311 [inline]
       pcpu_alloc_pages mm/percpu-vm.c:95 [inline]
       pcpu_populate_chunk+0x110/0xb00 mm/percpu-vm.c:285
       pcpu_alloc_noprof+0x86a/0x1470 mm/percpu.c:1870
       xt_percpu_counter_alloc+0x13e/0x1b0 net/netfilter/x_tables.c:1931
       find_check_entry.constprop.0+0xbc/0x9b0 net/ipv4/netfilter/ip_tables.c:526
       translate_table+0xc98/0x1720 net/ipv4/netfilter/ip_tables.c:716
       ipt_register_table+0x102/0x430 net/ipv4/netfilter/ip_tables.c:1742
       iptable_mangle_table_init+0x40/0x60 net/ipv4/netfilter/iptable_mangle.c:92
       xt_find_table_lock+0x2e1/0x520 net/netfilter/x_tables.c:1260
       xt_request_find_table_lock+0x28/0xf0 net/netfilter/x_tables.c:1285
       get_info+0x190/0x610 net/ipv4/netfilter/ip_tables.c:963
       do_ipt_get_ctl+0x169/0xa10 net/ipv4/netfilter/ip_tables.c:1659
       nf_getsockopt+0x7c/0xe0 net/netfilter/nf_sockopt.c:116
       ip_getsockopt+0x18c/0x1e0 net/ipv4/ip_sockglue.c:1777
       tcp_getsockopt+0x9e/0x100 net/ipv4/tcp.c:4727
       do_sock_getsockopt+0x3ff/0x800 net/socket.c:2357
       __sys_getsockopt+0x123/0x1b0 net/socket.c:2386
       __do_sys_getsockopt net/socket.c:2393 [inline]
       __se_sys_getsockopt net/socket.c:2390 [inline]
       __x64_sys_getsockopt+0xbd/0x160 net/socket.c:2390
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xcd/0x230 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #1 (pcpu_alloc_mutex){+.+.}-{4:4}:
       __mutex_lock_common kernel/locking/mutex.c:601 [inline]
       __mutex_lock+0x199/0xb90 kernel/locking/mutex.c:746
       pcpu_alloc_noprof+0xb4a/0x1470 mm/percpu.c:1782
       init_alloc_hint lib/sbitmap.c:16 [inline]
       sbitmap_init_node+0x2fd/0x770 lib/sbitmap.c:126
       sbitmap_queue_init_node+0x41/0x560 lib/sbitmap.c:438
       bt_alloc block/blk-mq-tag.c:542 [inline]
       blk_mq_init_tags+0x12d/0x2b0 block/blk-mq-tag.c:565
       blk_mq_alloc_rq_map block/blk-mq.c:3538 [inline]
       blk_mq_alloc_map_and_rqs+0x237/0xf60 block/blk-mq.c:4094
       blk_mq_sched_alloc_map_and_rqs block/blk-mq-sched.c:386 [inline]
       blk_mq_init_sched+0x30c/0x610 block/blk-mq-sched.c:485
       elevator_switch+0x1e1/0x7f0 block/elevator.c:595
       elevator_change+0x2ac/0x400 block/elevator.c:679
       elevator_set_default+0x292/0x320 block/elevator.c:737
       blk_register_queue+0x393/0x4f0 block/blk-sysfs.c:879
       __add_disk+0x74a/0xf00 block/genhd.c:524
       add_disk_fwnode+0x13f/0x5d0 block/genhd.c:593
       add_disk include/linux/blkdev.h:764 [inline]
       nbd_dev_add+0x791/0xbc0 drivers/block/nbd.c:1963
       nbd_init+0x181/0x320 drivers/block/nbd.c:2670
       do_one_initcall+0x120/0x6e0 init/main.c:1257
       do_initcall_level init/main.c:1319 [inline]
       do_initcalls init/main.c:1335 [inline]
       do_basic_setup init/main.c:1354 [inline]
       kernel_init_freeable+0x5c2/0x900 init/main.c:1567
       kernel_init+0x1c/0x2b0 init/main.c:1457
       ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:148
       ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

-> #0 (&q->elevator_lock){+.+.}-{4:4}:
       check_prev_add kernel/locking/lockdep.c:3168 [inline]
       check_prevs_add kernel/locking/lockdep.c:3287 [inline]
       validate_chain kernel/locking/lockdep.c:3911 [inline]
       __lock_acquire+0x126f/0x1c90 kernel/locking/lockdep.c:5240
       lock_acquire kernel/locking/lockdep.c:5871 [inline]
       lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5828
       __mutex_lock_common kernel/locking/mutex.c:601 [inline]
       __mutex_lock+0x199/0xb90 kernel/locking/mutex.c:746
       elevator_change+0x103/0x400 block/elevator.c:677
       elv_iosched_store+0x2eb/0x3a0 block/elevator.c:792
       queue_attr_store+0x276/0x320 block/blk-sysfs.c:805
       sysfs_kf_write+0xf2/0x150 fs/sysfs/file.c:145
       kernfs_fop_write_iter+0x354/0x510 fs/kernfs/file.c:334
       iter_file_splice_write+0x91c/0x1150 fs/splice.c:738
       do_splice_from fs/splice.c:935 [inline]
       direct_splice_actor+0x18f/0x6c0 fs/splice.c:1158
       splice_direct_to_actor+0x342/0xa30 fs/splice.c:1102
       do_splice_direct_actor fs/splice.c:1201 [inline]
       do_splice_direct+0x174/0x240 fs/splice.c:1227
       do_sendfile+0xb06/0xe50 fs/read_write.c:1370
       __do_sys_sendfile64 fs/read_write.c:1431 [inline]
       __se_sys_sendfile64 fs/read_write.c:1417 [inline]
       __x64_sys_sendfile64+0x1d8/0x220 fs/read_write.c:1417
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xcd/0x230 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

other info that might help us debug this:

Chain exists of:
  &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#55

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&q->q_usage_counter(io)#55);
                               lock(fs_reclaim);
                               lock(&q->q_usage_counter(io)#55);
  lock(&q->elevator_lock);

 *** DEADLOCK ***

6 locks held by syz.0.16/6041:
 #0: ffff88803240c428 (sb_writers#7){.+.+}-{0:0}, at: splice_direct_to_actor+0x342/0xa30 fs/splice.c:1102
 #1: ffff888077108888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff888026d9bb48 (kn->active#60){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffff888026e3a988 (&set->update_nr_hwq_lock){.+.+}-{4:4}, at: elv_iosched_store+0x337/0x3a0 block/elevator.c:790
 #4: ffff888026e30a70 (&q->q_usage_counter(io)#55){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 block/blk-mq.c:205
 #5: ffff888026e30aa8 (&q->q_usage_counter(queue)#7){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 block/blk-mq.c:205

stack backtrace:
CPU: 0 UID: 0 PID: 6041 Comm: syz.0.16 Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_circular_bug+0x275/0x350 kernel/locking/lockdep.c:2046
 check_noncircular+0x14c/0x170 kernel/locking/lockdep.c:2178
 check_prev_add kernel/locking/lockdep.c:3168 [inline]
 check_prevs_add kernel/locking/lockdep.c:3287 [inline]
 validate_chain kernel/locking/lockdep.c:3911 [inline]
 __lock_acquire+0x126f/0x1c90 kernel/locking/lockdep.c:5240
 lock_acquire kernel/locking/lockdep.c:5871 [inline]
 lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5828
 __mutex_lock_common kernel/locking/mutex.c:601 [inline]
 __mutex_lock+0x199/0xb90 kernel/locking/mutex.c:746
 elevator_change+0x103/0x400 block/elevator.c:677
 elv_iosched_store+0x2eb/0x3a0 block/elevator.c:792
 queue_attr_store+0x276/0x320 block/blk-sysfs.c:805
 sysfs_kf_write+0xf2/0x150 fs/sysfs/file.c:145
 kernfs_fop_write_iter+0x354/0x510 fs/kernfs/file.c:334
 iter_file_splice_write+0x91c/0x1150 fs/splice.c:738
 do_splice_from fs/splice.c:935 [inline]
 direct_splice_actor+0x18f/0x6c0 fs/splice.c:1158
 splice_direct_to_actor+0x342/0xa30 fs/splice.c:1102
 do_splice_direct_actor fs/splice.c:1201 [inline]
 do_splice_direct+0x174/0x240 fs/splice.c:1227
 do_sendfile+0xb06/0xe50 fs/read_write.c:1370
 __do_sys_sendfile64 fs/read_write.c:1431 [inline]
 __se_sys_sendfile64 fs/read_write.c:1417 [inline]
 __x64_sys_sendfile64+0x1d8/0x220 fs/read_write.c:1417
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x230 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f27b1b8e969
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdded1e7b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f27b1db5fa0 RCX: 00007f27b1b8e969
RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003
RBP: 00007f27b1c10ab1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f27b1db5fa0 R14: 00007f27b1db5fa0 R15: 0000000000000004
 </TASK>